Analysis Overview
SHA256
3c3c4b39f9355765dc75b7a893bbe52469f83afb9e5d609b7b74d9edfa415609
Threat Level: Known bad
The file 690c89ef69c176f31c2010e75c365ac5_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Cerber
Deletes shadow copies
Contacts a large (517) amount of remote hosts
Blocklisted process makes network request
Loads dropped DLL
Reads user/profile data of web browsers
Deletes itself
Executes dropped EXE
Suspicious use of SetThreadContext
Sets desktop wallpaper using registry
Drops file in Program Files directory
Unsigned PE
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
Program crash
Uses Volume Shadow Copy service COM API
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Suspicious behavior: MapViewOfSection
Runs ping.exe
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Kills process with taskkill
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious use of SendNotifyMessage
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-05-22 23:48
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral6
Detonation Overview
Submitted
2024-05-22 23:48
Reported
2024-05-22 23:51
Platform
win10v2004-20240426-en
Max time kernel
134s
Max time network
105s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1524 wrote to memory of 540 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1524 wrote to memory of 540 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1524 wrote to memory of 540 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\InstallOptions.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\InstallOptions.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 540 -ip 540
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 636
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 242.137.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-05-22 23:48
Reported
2024-05-22 23:51
Platform
win7-20240508-en
Max time kernel
118s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d032cea3a2acda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422583585" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CEFC2ED1-1895-11EF-8C89-6200E4292AD7} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000003352d6775eb53c573dc6dad26ed573937727d6a11dd71fba228d919050db7b50000000000e80000000020000200000002ca7e2d994f688ce4c428ab48293a0319fa13a02f6219121c5164755fb583a2c90000000f1f2236ca2518a610e4f75669ca64db6551d44adda743a791b96dbcb62d7281258d1e45d72219fddc8f4d1799bbed3418d9d6f5b42f6e471d07fb50a8ad43ea28a206d16bacf12644a9ad486c21bca50c6040bb66750f8154fe81fbf506a7448bdb498379a472675ee91b12b57a0ce731d4d59fae178234ef28ebc9cfec952da71e756a4a631c4298f0fb17b9089061b400000006c801675fe50f51753bce6224e75e26d1ae9c8a28c1ac49ec255970668fe354687cdc7bd35b9a7f57ff7706b7dd6a816cb9b0a354b696b983111da6637da9ae2 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000009630426e1e9c194ef1200ee79cac7c994efa7bf4e1ce749cf964877948384aa6000000000e80000000020000200000006d518a358078b98427f977130d74bf8100aeb28f5356550aef773e1556234958200000006324c246b5809a90b34bb79b8ad17e6239803b8552aa178bbabb8d932486cd80400000000e76c23c7732a8ccbe9e3ca2a15381a4a045b9c05c3e64ac736cde52e6fdb660819fab7f7456b7cfbbbd053524a0d79842024cc35fe31b3f488064c6ea96b687 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2232 wrote to memory of 2832 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2232 wrote to memory of 2832 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2232 wrote to memory of 2832 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2232 wrote to memory of 2832 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2611067143.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2232 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.028jiaxiao.net | udp |
| US | 202.5.18.17:80 | www.028jiaxiao.net | tcp |
| US | 202.5.18.17:80 | www.028jiaxiao.net | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab3C09.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar3C99.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 235bd48635f71635aea378c0398d6a54 |
| SHA1 | 7ee54793980b6aaba821ab8bb7580c8966fde6fe |
| SHA256 | 2d0cfa321e0d1c58eb189f944eda231c72a6eb1cbf3ebdaaac26cf9094957e49 |
| SHA512 | d0e8c53968d4fa36d651bee361f868e304efc8536a7e3b98b7b26e7b87070289889611c7959acd14c72318bb453d47c8d9e988eb3d9943e8c7e0a7ce55e6d644 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f77e1d508fdd106cdde9ef5559e6a4f9 |
| SHA1 | ea3939c53248c4e157f965af948e3b951f4da978 |
| SHA256 | bcfc8be07a8ab3b7d3d8e54d9b1ef2e51e7fe4b3595c9d02ff13f9a064c7ebaf |
| SHA512 | 8891576f032dd5f3782db21ecf345a0d699d128d261c67d57c4d3e75935aaaa8dd02758da0ea4cbf79aa4dcfe1498539227d08d7b5c122ace5ba288380a18cbf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e5d8f349b5347a007eea4a7a161e23a5 |
| SHA1 | 649e9188162fb4a11d579e2b594fe3455eba5799 |
| SHA256 | d048be248c2b865ae9d982d21866fde19358c8c119d3f8e7566b0e17573338a4 |
| SHA512 | 8e4cf34e1bd40c60d83e02fbe1508de9ae4cc3eaa4ebf24c54532f81b19938eb8186accc5031edfa642540e534461ca265cccaac3692592eb896e5344423af78 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 34faced15f296e71d195ee3833950fd2 |
| SHA1 | 3529a175943578451a185dcabb29b1cd83b3750e |
| SHA256 | a0b0021a25b84b8190b3ff9bdc8479c3a333c2f7a0689d498372b5b7861611cf |
| SHA512 | 0c3d1d465a8dc0899d317b0186ebda02e7c117f5182e69ec776a1a4c499effa3ea078e580dca783153181f44fd9756bebe31263049679509b44603d21fdc4fe0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31d6563713a30f1f1fc20ed139341663 |
| SHA1 | 5e2f42f4523e54f5ac025b8a9774056c563e0ef9 |
| SHA256 | 9003c017bb58b8d41e291a3dda07520fc974734becf96b1555784924377dca58 |
| SHA512 | 1be75677672a016dcc705c3af71548d3bfb48dcbc733833ac5aa90f4d8cdf159f27b825cc58cc4c00f9ec5772686818b3a87143a74ec763c5469e1e7a67a3fc3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed8b0a0018f38e630c4c41900e021bde |
| SHA1 | 22618261fae0d8b1d2faeb942816ae45e7a55145 |
| SHA256 | 05e1f37b829271ee4dfb66d0cd509cc411201fe3322738ff555f47a328ad6c97 |
| SHA512 | a2a9a871a4dc160e608f76e03ea3209a7d407363c3a8de63647956e51f05c2b37b23a7e31e9ee611e6917ade7fe362d19c8da0b6cb2061ef32b1b11f1b15c623 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed744c8f8371654e06e2fb1c84baf4b0 |
| SHA1 | e5be542526455c6341e9ff7c29e0753831ccd052 |
| SHA256 | 1b26ca3b4e59fcebacb9b7138bf0b045f6ebff56653ee7682aef229e7383f16d |
| SHA512 | 5453a76d912a55b5bb67c6688ec4609ad31000f7cb2c795cfb908fe2c1fc1b56ec22ff13df884ebf934ed9970899200713037aa7112a869ccd33486f45465593 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d00d0fec8bd9f21a2194542979950e4 |
| SHA1 | 7802fdffb04914a870b601d92720792bc87b3047 |
| SHA256 | df4a39fadb20c7bb715a9dbdb26060d69bb0664d765327593aceb7682acb04a4 |
| SHA512 | 50973f6529717a4c78597d5ac9c48f695d448e9770d12b07ba8ec4256c87d3e9c540307013a7b3b13af173901e24e3fa456cb6e7853d4e267b77d458041ee062 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e476d63680d39b25e817a36b0d7aa05 |
| SHA1 | d3d7349b78cf549bb4c22e48ac746ce778d996d4 |
| SHA256 | 6d261e3c678e72bacf93f8433ac5b00a335113919a0487fde2372c10fc734f0c |
| SHA512 | 08f20b1747d12b299aef8149a89d6ebbfdd160337fdaaab99e956064bedc0e97fa038518312021ad93a1a9b7176d9ccf66b06f833c996064b0944be876b732aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a871f0b1e0c394fa7cbd50d266498f49 |
| SHA1 | 4353cd824fe7c35bcc9351ee097d356b0e331853 |
| SHA256 | 2857715d1335a5f3c6edab2922f82f87c3ac8e9e90a6bb9f4033f0095dc441fc |
| SHA512 | 427f2f44603f98af149c098b61c499ed48b6ba6f3064ed1e81d2b45720b5e2c9b6bd1b6b0e3dae02875ea63744a6207ac197e4093f26e52b3fea0fa5d775033f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac63d16ae63228aa2b02a1f0a5e65ffe |
| SHA1 | 16eec55b3902c861954f6e9c254a7a4765770481 |
| SHA256 | cd7a557ec02f28b4bc388e3736724cff5776b7fab9eff626a177c55037cfc50b |
| SHA512 | f987394ec9aded74c657b716aa04aec0c9532696be5ae5352dfd94dd86a024129907cee969695e7ad57cc90fcee8dcf340d1e33d6a650292df0776f5ecc44e34 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e011cb01935c7c9b9df50e1577ce54b |
| SHA1 | 5b1d3038d182103ecfca7ae592d3c297ca07b06d |
| SHA256 | cf48bfd1c85137979280cd08ed9202f138bf0a2d3b3d35e19936201a8473e122 |
| SHA512 | cb86c967fdb7fe7fdfb3ff1057d28646f63f7b41759752ef40a62df071693930497def327d8a74a26953b18276edcdd401f2551b3d8596a606a10aff597efd03 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 37316a316cb65af2509406c0805f994f |
| SHA1 | 45d230b17517ccf0f4822e93fd46deb0ea37392a |
| SHA256 | a2f0c59397d7da3840c60bc153d71fadeb6ad547b2d1f0defa134bb8624a834b |
| SHA512 | 655e7fc90383cb0270bad626f2e5a5298283a752cb44ab510f1db7653f1b3535bfbd97c88c522f54b35f5a3abf17eaf80a4828053944cc445e7c28f57afe79f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6731d248a8cfc866409b0a99b1892bfc |
| SHA1 | 626f29b131e1e5d3bec1c0e7046889bc95f345bd |
| SHA256 | 3b6329a75ad34d767654ba23766af128fd2ba830ad2d41e15147c09b11ecb2dd |
| SHA512 | 7ce40f8ce6150548297e22a32d4fb9ed57be9475a6e406f1e9a7158620a429dc63ab17d7db69eb74392b62e025bdae6fb48e3a608859dbb483fee791592d56d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 001aeea3f8bb2a6b66421aaf34e85095 |
| SHA1 | 61fbff66ca218c5feac3ff1b5387860c89c1ac87 |
| SHA256 | 139fc3816ec1c9de5b45c16e06e6c43f53fb3f25c9ee20a49179404678e39316 |
| SHA512 | 25d69e44397eb2a9fb00492fa6ad1965716add43f8414ed97b4418a689a9497432b13a70170c61d9a4c75fb7977ed016bcffa37793315d83d9131ac094887288 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c2e6dc5ab0babb0f2a8b465a8b1bb32 |
| SHA1 | 23808461d0c19918418235befe879a5e50d5f4df |
| SHA256 | 23e9500c067fee96323b133f4bdc3e31409766c60317686aa3dbddbcea115d93 |
| SHA512 | 5628c28c63c7553eba2a6dd5c818610a0a646edf20ef455d9e08fafb086becd09260184c582d1a5d9fa55d65c845c0b662b3469febef2f37b8dd1f03c67bc34f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 15ff5de7ed163868e8a2c23c005d6992 |
| SHA1 | dbcece30a5d5d4ead99231ee9fcf9937fa48c297 |
| SHA256 | a796e59d0ee526b0b2372b63f438bd29ba3a9a4be805396c2986f45a1e1a8a10 |
| SHA512 | d9edf171ffff85cba24997248e9a5c8872715bda11fc543e3fbf0dd98dd98dc7ff30210c4c9e1b4a320e037bdf65e82157c9ae33ac967ed6bb9b05a4aa90f76d |
Analysis: behavioral10
Detonation Overview
Submitted
2024-05-22 23:48
Reported
2024-05-22 23:51
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
146s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2611067143.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe5a3e46f8,0x7ffe5a3e4708,0x7ffe5a3e4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,6619666733602169334,8370479112290208283,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,6619666733602169334,8370479112290208283,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,6619666733602169334,8370479112290208283,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6619666733602169334,8370479112290208283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6619666733602169334,8370479112290208283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,6619666733602169334,8370479112290208283,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,6619666733602169334,8370479112290208283,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6619666733602169334,8370479112290208283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6619666733602169334,8370479112290208283,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6619666733602169334,8370479112290208283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6619666733602169334,8370479112290208283,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,6619666733602169334,8370479112290208283,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3084 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.028jiaxiao.net | udp |
| US | 202.5.18.17:80 | www.028jiaxiao.net | tcp |
| US | 8.8.8.8:53 | 51.242.123.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.18.5.202.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.138.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ea98e583ad99df195d29aa066204ab56 |
| SHA1 | f89398664af0179641aa0138b337097b617cb2db |
| SHA256 | a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6 |
| SHA512 | e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4f7152bc5a1a715ef481e37d1c791959 |
| SHA1 | c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7 |
| SHA256 | 704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc |
| SHA512 | 2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c |
\??\pipe\LOCAL\crashpad_2124_QGOFJOSODQXFLCEP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b275d7025ec319e937f7a9d4a0b0d82c |
| SHA1 | 59d7fad222be82dfc7854626465d83140d705d13 |
| SHA256 | c8349ab9daa0baca63144d77260f9637afe4aaea648bc2356a650d15382f4324 |
| SHA512 | 41150fd7d22057ba0f4d38b35ed0dc40cf0442ab6f6d854cb878f16a2fd8392a8be761c8107b20c5dd3241e6ed67c97a36d09fc9021cd564f66dd4039bc29e25 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b82d18682b2664edd98cb626181a304d |
| SHA1 | 628787226dd4fe3224470cd05aa9e5d1b8c0e4c0 |
| SHA256 | b25dfac4eff81974dcb3a87ee5acb6cbfb057f01cf5f974670562cfd47a14d58 |
| SHA512 | 852f2d1feba99d79e51313346f5709d839e5b6c225c54b8eec3f081adb65776ea30c56f1448d420092ef8cead54bc6f7432482e58ca8a9283f093fab1cf465e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 966e1156e701c19f53461184c55954d6 |
| SHA1 | 608f0473c40afce8bcfef7f9a429cadb5a4064cb |
| SHA256 | 66c2037d11c9c1c4592e4fb8b185b4a66e015f95c56aa7880d209cef8692da72 |
| SHA512 | 1c97cc5fe4e23c46f3ce094268e63d8d8cc57435138dbd03b12c7d457a866eb60813cb8bb6c7ad6644edcb94b511f6e9f8ed54638b3b55d5099f56e8e91ad6e4 |
Analysis: behavioral15
Detonation Overview
Submitted
2024-05-22 23:48
Reported
2024-05-22 23:51
Platform
win7-20240220-en
Max time kernel
121s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f82d62e7823635439c896d3dfcd423700000000002000000000010660000000100002000000098a860861c56b7d05eaa63449b220068d3a9b4b0055b42c24856c3c688e2d8e8000000000e8000000002000020000000407cc1eec1246c31233828222d728e67e8d39b559b2da866c29536ae494df4de2000000092e35c4baf81d2854cc0a181bb68bad0663a3e4a020def81069ddb4250839e61400000006d882e5ef02f05b4356e1219d3ae973921e7026cf2a7bd37e51cd1ad86f3e243d04249153ab90cad0d0663037b91135875aa6c85c5e7525ff96501df67df7961 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CEFA0421-1895-11EF-9ED8-52FE85537310} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422583585" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80d8d6a9a2acda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f82d62e7823635439c896d3dfcd423700000000002000000000010660000000100002000000088b1972e9622972cd37d1ae1c357e8abf4c78616c3fd0a709e8e51fd8be2fd77000000000e8000000002000020000000f7592a20c3ac265e176439547750fd2c44aa731f81ffde56febf1863f0daf2ba9000000065258c091ce03480b54fc5234b86c77f6d4b22708f5c3e3d9b6efe69c4f5777cc4c58b527a987d306bf2a86dc2fcbeb32cc98c83973a37f630046bdb04f0daf7b2928aa8d09e4897fd7add2952753cbc36dff3bcb1ee8480ce94310a05cf50525eb8a756e9f6a05994601010265d164f98b6031ad6ff25fca8fff0afcdf6166f8710ae184ab3d206cc859463c0b7d7644000000018c04f56a5ffb48c8ed99907014cf2398f352f9ce3997b444a1c9e019d49675cbdd5ea5688e3ba74d366d8284daaa972c8457ca5291483421c494bb328caa9a1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3028 wrote to memory of 2508 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3028 wrote to memory of 2508 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3028 wrote to memory of 2508 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3028 wrote to memory of 2508 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\home1099482986.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3028 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.twimg.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| GB | 199.232.56.159:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| GB | 199.232.56.159:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| GB | 199.232.56.159:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Tar27FF.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab27ED.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 82ebc86fe5764e91b63ac071d8bc223a |
| SHA1 | a5c2036f93d86dd4e2d9568bca2d017008000e18 |
| SHA256 | cde791733e78f1a537282c9a0266f459b99da86ce11cca5ca42aa1ed767bab5b |
| SHA512 | b02baab129ccd7ca9661c0b34a4c8d2d782cde7400c216475a0f89caf09ff8b61df2b781871f5dcea5e83d1da8926410a75578792f26f8993fa8899863998c61 |
C:\Users\Admin\AppData\Local\Temp\Tar294C.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f81e2dae958b98d4f405640874f20e3f |
| SHA1 | 17f3c6e97e83d897e107350b5708b8b0567327f9 |
| SHA256 | 8dd38b05ca88b8690a57aec1795ea1775f852e4f653c8cea80a0379759a19c8c |
| SHA512 | ef9e6cce968f04bc2563a8e1fc45797f716d48875df4d904304ad7b8849544d3c7ab8cdce60c515540edecca308e73700c87488a5d2c02aef9f3ca233b292684 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 77d5043f2b35e4b0cddc47513a616209 |
| SHA1 | 2185a84d033e554ccf936073c138e3f731ea0eaa |
| SHA256 | 256573dd4a2152f059385da75a11edb9f72c67a44a6f6ad9f2b5548d1256f638 |
| SHA512 | 853381cb1b9135d2bdc025c835f74286f3f1e0de026b4ee71abd770aa66af4de3f23e08d9edff1c55e81cbcc2b33a42ef64a2aa7485bd2850381461610dacb16 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 50ea4d822bc0e9f3f4ee5a658eaad29c |
| SHA1 | 2f23a2a470e5d2e6559cd6f84d87adadf026a283 |
| SHA256 | ef25e120f6e965c4534771cad65a460f6b11adf23f86d04dfd598f29208ea36f |
| SHA512 | 640007b358d40f21b544a2154db72c6bc215496c2f04238ddbb38979497e8b375f92bfb93686744c0c3a0b95a660762ede198b4674856861fcd83469d210eee7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 73199985e2eb23afc2aa7ed12de78cb2 |
| SHA1 | bae33a654499c775c54523318dfbdbc44685dee2 |
| SHA256 | 30a248b7f58492d0fccd60c70ca4bf9929352db71003ef8ea09f0f9bf87ac6df |
| SHA512 | 1a8ed3d784faf8619e62ab40e50c3086363ccdbb24a7d9af7079f1340ebbe7280dd1c24d57b8273e9cd6b58d192c3b033d834f5e9cabf3a6c548edfd564e8e93 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c48014020476d3ba5c2b89b0e9180811 |
| SHA1 | 3041e517ec5dc956697f3ea426759b606e6a440d |
| SHA256 | 6211a31ab8167d2588bbd21de882877d6d84d86c53fc76d900b6059bf475ba1c |
| SHA512 | 4266daa39e1834c5d8cc4ffb6ba89a26b1fd269a0f1edddd25dd01e582cde705a3745c9722f4630ef9bd9a48076cb2a80691cc2f5f3586175dbc37643027feac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c699330297e803ebeb4790f6d2d7dd32 |
| SHA1 | 69e507a0994ea15c69e2e56719fe1fa2ddeded2c |
| SHA256 | cbbd5d837ab6a660debae4c7603a2c50bee20b9cdf6695585242fadc4d911bbb |
| SHA512 | 70a603a8e8dc8a144495ddd21fc64b94ecacd8cb9b341704b0e545a6b228f7210a8bf77bcec59fc3eb1d6dbaf7940a6e8fcd6d24b7688ce2c8462539322aff2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91c512ceba6c6218a97e55948e93f37b |
| SHA1 | d5055dc5ec3b9e02169ba473a40655fbcc2ac3aa |
| SHA256 | 912bf9f6c45ecdad4ce5bfdf7b5ca2bbf226ff3cd38ede9c41cd80eebb022612 |
| SHA512 | de292e180c4505b69242d081dde1a71944f84ff94dc23405a28573aacb45ca4cae3b7ba81bc698984f6e29d06cbb5c237e9ab93263cff398ea8ed9555a26a24d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae53092cd892f4e8580073a497b77e13 |
| SHA1 | 10f0948ecd7add1f3447e6d5be55bb68e05cb626 |
| SHA256 | 084780a5ff84f6d9d63434528e8c038fde45c6ba1365aa27f9855c953363f456 |
| SHA512 | daa6c28b218cb62b30bab785b2226c6cf49a86eec3e9efa6dd6e9173f3962b26388e03c11f7ea595626b98719cd8541d39416c1cb0806c63b0ff9489370b3c3b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | adbb8578f6d9cbd551fecf2ca8b0ca8f |
| SHA1 | 6490f2d891559825a288d92795ccb4b863905428 |
| SHA256 | 7b6886843f230a66618fbbfbfc6b47886c44582968ecc4454717ac2d1fff9216 |
| SHA512 | f548e5f6912efc3e07e093fb23c74e0a7614de52202e334d2a14844eae1bef9d0ee87654f9b25ddbd1df0f8f8c32474bd99314e00784cbccd6b83998c8221fef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76d33d2f446da6eee9281caa4352fcc7 |
| SHA1 | 4f76476d36c6ad4302c8714a84571683fafae2cd |
| SHA256 | 323219d980f6d87dc525bcdd73a2cf26fae954041c7e5c0edb9702bdf780362b |
| SHA512 | ad13ff187ae1217580138e9c97fe352e4d0b2d2b542d6b0ba55e73b1bb6e9c646d381097ab22c033be05349004579d5364eea6d80587f7e02883621e52bb1021 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08fbe11f44677e0333e060bc156e7e76 |
| SHA1 | 052c725a7cc64fb8e2e9ff765a8f11a0aaadeeca |
| SHA256 | 2029cbbc3f1efaacb5e7c376a5ecaca43aa87340f89831e4a543dbdaca48db64 |
| SHA512 | 12eb9cffde1afe4b573a471e475cc04efbacf4f61c96d938b7b81e65571b95e4186e1315b4917d217e983cd7f92581ae5a919fc36151d80707bebbda21e3ea8c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 82f4acd1b15ccd022f35d34e5207706a |
| SHA1 | 86a7c696565aef5e90e1fa86cbbb89f922051422 |
| SHA256 | 0638d06e1987c1e5ce45bf2f32537a67a65797ef31143a1b56dc36e7dfcb2f6c |
| SHA512 | ca75a332dc111ce76ab3efcc1c099bb1e3b2bab231c908b7a97fc814b182cabac5658cc28b6a7ee8ffb21845ee33441a2baaa1cd787961187bf01ed383c7d83e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c5e4c695439f6c2657193776b632a21 |
| SHA1 | 8e1f10098e5b06859a415177671650413ba23d1d |
| SHA256 | 7692fb691ce5ec2c55fa945e0ba32ca9c02f4f1e5f5f667032457125f1a92e66 |
| SHA512 | 0b5f6c0d6b905d32d4a14d67a691de8e20fd5d5a49f31fc9acdf781f13b1e08aad6d5a31f480b3e035a69bcadc06aa5e4ff5c9bd1ac4c0cb01e1e1d91c5e2c61 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a0df0059251943a0eeca9757ea5ead0 |
| SHA1 | ce4a7f64598c732ebf3d72efdc41691dbd860a25 |
| SHA256 | 3186d84f7ea5b990fbe558129fa827e0bf83edc6c70c05c32ad1b5dda0a6f4b9 |
| SHA512 | ab52a293dcb1e5bead10697f5cd4fcdcd821dcfedb5f58d196de7a38276f718eb9b715195ed8cff0c5690e67b750e1a4700857b4606b24825fde6219a5c265c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 33be2d94164029825e9263e28611bd88 |
| SHA1 | 4a82199ee6a22a543342fe3043c63577e3b9fe83 |
| SHA256 | 435e950246945b0d46a8c9df40e79233b0d7c8741a7e5ff1870e3af922d89bfb |
| SHA512 | 046c66e68d229dfda682b40e426895f9f7f2584f14c2c68fff7a695d7512354f7b5839140ca5195d4f8fed571c39344ebab0fdf07eecd7dcb64e022e452ca579 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22112157b80f8107721897a3d524ad56 |
| SHA1 | 7376e4441c57249eae726af9ef3e3298aaf8e963 |
| SHA256 | 233fcf72d786a481abf8c8db33d08a68b12f4b2377119061b71029942a159dc8 |
| SHA512 | c7bfaeb5726429eea0a884fcb47e2a85f9e2bccd274200b322c5320c64f8269562a9e9bacc0ea0ff320878d1afb942a5889b6e1b1c1defcf15cdd4d648d697c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e0766037ab384010721a5bcb61e2ee1 |
| SHA1 | d7115801a77828e5eaf12fb462c345cd3560209e |
| SHA256 | 08dca91cb564551046810f068ac48e4439450d4451a2195b042b9ae8fc9decc8 |
| SHA512 | b8d4b425e5e1b24ec16fb3c4442865c51fb07909af190f06bb4cb38aae33ef40678016b91162666b6b76af2ae34fb721b1f62227e6cb2c723ea5e6029d6cac95 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc704f9087a59cdd4545e8639fec1cc4 |
| SHA1 | c235f5f59846c4acaee7aec97db9015470742eb0 |
| SHA256 | 3f9235312989dd22754a43562bc1b5bce70f39dcc5d28c144e1d143c094d92d6 |
| SHA512 | b51ad956ee5a24db3e2285a10a26b7782cee5e7264f0a910e424156cb1d3b04f45ce163b2f489a6b8c4cccc8dcb08ff1d822deaec4ca4e388277620deb8f37f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb9e5352fb64ba0c5a44cbedfcf07ad6 |
| SHA1 | 78b6cb91b568835d121f7595a42fc455d907bfc2 |
| SHA256 | 43d9bd4bcacf9decac08526cd7880832cf53ebaf60e1d2426fc924b05e489b9f |
| SHA512 | f913676144fed7c73ff76a6d18332888d5a8b53b5a0ebc26409bdd9b6e8270fa276588937f523396bd7a136b5c96df00400e8f74d1f221d3114d92875514a51b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e7051fd6d290fd0e890fd30d8567efc |
| SHA1 | 3f0389905a542231851d4ecae24918adc8c0d18c |
| SHA256 | b4652f3e3c832e6632c1f1cd12dc19217a458d9660c8bcd3fde1c0242153958f |
| SHA512 | 9748c41512104293e5cf2b14f255a3ff553caa2362b2c7444a3bd76c6235951782ec84a86dc0460c9acddbbb61ce098e53255a0620bf4098125050ca628d4768 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f661f57f34e85145bea4f3f4610339ce |
| SHA1 | 76473ba891fb619d65d60914543813ca4bf905b9 |
| SHA256 | cbcb920d34003ed44eedab0fe0a6782e3814d1047fb2c3b8f936002a916d78b5 |
| SHA512 | 469c5106bd12fa61eeb1e907db63800381e5332dda65f764c717b5d47098cb6533273b8fbe72a9bf0db825918b57bd031c0742ae52decb35c9cecfa5eefe2267 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d33292be909cea6ec5f3377eade1690 |
| SHA1 | 68e927398c32c9354a772e3fc130ae755748494e |
| SHA256 | e82940b702378ff47663c868a91a0b3fb5a049e6dd62edaefe1bcf97bd5e64f1 |
| SHA512 | adf16e3ecb1db5da81f66199317ad3b1b6b332f02bb4cbff6382162586a0444b2a17139be7b887e4e485a139ab0834bc6c2fe712812bcd5e4532d4fb5650a56d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f2f7a6b8b2408ee728111f7dd702a1e9 |
| SHA1 | dc54fe6efa0563b0202cc988b657459969aab795 |
| SHA256 | dcdaca78de2125d7d78dee465525021703c4dacf64728a1287565a44cf17ba11 |
| SHA512 | 5a84a78d55e2a6a5b87f2e3adcc57cd45fada95fcb975bb8ceb57a38a5255a27bc57cb26a7abf4b212ac72c532fd82100486ce71839865fa2a98c7aad1e1a4a5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc02cba17b25521630b8f8acb7e6ab83 |
| SHA1 | bebadff611317e3fc3a0d28a6d916dd813f2ac9c |
| SHA256 | 520af7150f1b20e7abbeb7a5e56f18d9d94b7b464dd58e1a7218487fa64d5a17 |
| SHA512 | 14f63ef4267074d97f5fb644030123c8dab8fc293b20e523d53f6d7fbcbbecbcef7b6b8c47ea85f5537d9308f75aea467b3fe90ed59cf9dddd61026f3587be65 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5bb3d6f37f1676255b7b72072ae0fe28 |
| SHA1 | d525f6967df7a6da00db0b16e9828a0d8760a893 |
| SHA256 | 010d66fb47b2decb4232b46ec1be6b0b89bf9e2463feb453ed49129827d3bcd9 |
| SHA512 | 1c7bba282ecabe3bd6c18ae1bb96cd78ed298e967da5d2777920229134c33658312ebd34b5729d6fa119dcdbbcacec6f9e3c6dc277055d7faf4d322190bf77fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef13e7fc2a9e37063d51b106c1ceb647 |
| SHA1 | 2613695209ab937a97d753b6dea645aad3d5487e |
| SHA256 | 5e879994b072d44d575efc4bd97e64278843e0a2a3ff2120dc4aa9c690e03b84 |
| SHA512 | 8842703e38c9f76e4c191dc1480817f50f03d8aea79ae6f54d7e14ac28f469eb0c48c87e0d5878df42963b82abcf9721618d12b3920074a07fb3e2606e0fc94e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a8e7e0cbe2793533105d0d44e43b379 |
| SHA1 | f1a432a8f6331ebffef5792c849b602ca3393cfd |
| SHA256 | 3fee05ffccbd4ff2430af4a939f42d8d2333b6b6d03c3b303f62ba26e9c25759 |
| SHA512 | 913040a26bfa96258f8a268ae8c94d6f91a364a57fb54f20ef2b66442bdcc85941bdec547e39e481ed0beaaa0a8c08fead0822e618da7d06eb6d2a14e6aef9ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e91b00c308cacec95aab58c2d7b4320 |
| SHA1 | bea8fcd186fa721e8f8faa589972248767828920 |
| SHA256 | a1b617161ff411bf7259ddfe5d08e1d90fda1ffdba0e15fe113f4984c5fdc0d8 |
| SHA512 | 37e476221a5b4e00a3fea47d19c5bfd7f8436bd59000ef9ca50e5d34996dc4383721cc0140d8599eacf2e7560531009a8957e820cf3bfb8d00406e40f51489ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a64a42d8c33e8e690b2c3f567b724862 |
| SHA1 | a5a43452ad6945ffa554b9285d3aec08b65dfbc8 |
| SHA256 | d543516c09f4ba7174c88243d0e359ae2201f7575e88d55eccef4d90a47acb51 |
| SHA512 | 02edfb140ec73001017d35aadc9530f057836cb983009ae484f729b0b7ee807a3e63ee583916d23512b377d60dcb87e0002a92139cbb7b7dd9375ef196f8acfd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 53b980804fccabe6062ee8e46bd9f994 |
| SHA1 | 8e23968a5aa38b4a2b5f941148fe8c41385ed87a |
| SHA256 | 7ba62a923fc1f97b709801240309b423806840ad94f8080f6e4ecca7fba827c0 |
| SHA512 | c393ab337ce9a10c65afba54928260090a3b7bb76e9a5b44f989a84804e91d54b7d2cb0d6d53044a962ecd3aa79fc3156db86606a8b95666f01629c2dddf2f68 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 901f29780f6c14ac60fe46437adc7ffc |
| SHA1 | e2bde4eb53b003f39d1e64f5deae139c5f9c6f7e |
| SHA256 | 447968211195b6e968ee70f0e0467ff22ec0b1a7f3c80933d85ce428593cf590 |
| SHA512 | 790050bd253bc8265df6b60f73945c8019fd60e9411ce4db5f3884cb59670a198f96e861fbc5bfbb2db2e8f18c3f78f4042db4c3b0e58ba1493c51d22a6715e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d0a8b76170f10ff3d5ede4cb06094517 |
| SHA1 | d97188f874b6629fa756e603aebce23ae79607a3 |
| SHA256 | 7a9c36e311f1e5c83f06c4602eb3bcc1ef1439a8e50e90becda19f1c37aef151 |
| SHA512 | ebd4a1b00391accd85128f6e4b34ee48dbddbcfb5751778991cbb669a3526f6d7eadc2983879fa1546329d2a6fec9d0720c0f61563dd25579685f1c0a3ff4c09 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a36de19587ef365b8d3027fc1e5e2a56 |
| SHA1 | f6540f4088f63b9766f83452b58bc46c523ade0d |
| SHA256 | 8062718ffe5acb9c8c1236b6947beb6b13959d600947bdff8d95b343f2dd21c8 |
| SHA512 | c5008bfbf01163531e37068fc2d3cfae9298424ecdbace9e21fa4655ca5a665a8e97acd03c7106a6ce841809c9db489cce1ce7953b0381f1e55249b66c85e779 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bea038897bb8756e9cc031ed6a55050a |
| SHA1 | 5f34fd645abb227ff79cdff37a64d55762c7f2c5 |
| SHA256 | 70e6df9326b7dd155922e90fa565c42f222719c1c01eecb66038aa2e3a92e8e9 |
| SHA512 | ad17d1a705aa2b9390973ad57f41d37573a58df9b2b1c61067634206fa6b49adfd139e935f9e3f6247b9c0064baddb9813525078c57b106b3428d50f3d6ed526 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b2bfaa10ff83742dd65b4d1f7187143 |
| SHA1 | 48198f24875ae2b1a1bae10e57a19aa9aa27dc43 |
| SHA256 | 1a4543227dc6f05a454696d5bbfda01e73a3fd48bb8c4bd9676e835f04df7018 |
| SHA512 | 4983b02c08e31142fd105a1f4fd454ab671bb5d8b498933003bcb68cb9878d82e057f9fcc8933df800270b7676ee907b4b34fbc6df482ca5efaedf4c34789a4e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d80c7fcebe86b0bb3a18527de9b86d6b |
| SHA1 | e9a40db0a297adbd6ea97014a3e1137568b78a62 |
| SHA256 | b67dfeb340513b83bf18d5ef14df2fd021c6565a77779c69be34cf2026f29ff1 |
| SHA512 | 958bf070368bf9c7fdecee43a5fcfbbcbe0ada144f173707632e5bb5b7aafcc0b9d35bc4f41d0c584a440b6d5741f2d3946a66495804724c2c0a56f47bdb0722 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d6376ee692b26b53c7ec0d513821ac2 |
| SHA1 | 16b4ebd028af5716b91e68380ef4cc875c890ec3 |
| SHA256 | 145820a67109390984956b8479056d8c9f465d09f808f5a2cb0c1ee22b09b86b |
| SHA512 | 4a057c5467dc3c61feaf9c7687dd85a98a402f420feb65ef8f6044ec3c86c53ee6747d65781741b118541f18e7f27d6a4032027ae9f55cf9d5c9781420ab0881 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 72390371f0200fa2c2ea9dbb03a4434e |
| SHA1 | 0ab488a640cb732da456afa49c95dec9a995719b |
| SHA256 | cf3056b72c202e0e7266fb9da840f2a9d9c7bfe1ce56d63d783d6456c1a1362a |
| SHA512 | a68ea8dec05bf051d9e0b9a6be3985e4b1291e48863bd935e1255d455acf4ddc330b89096e790efd515f838f93f0fadf7133e20bafb5b21aff5798bdd584accd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 71551ec3d7f477cbd86c624430336c4d |
| SHA1 | de4e05f4eedebf11aca2bc9090fc761283ba9fa4 |
| SHA256 | 395f9c472c4ea464e87a36a293f70d461edd50454a369e9b4b2866c007c55573 |
| SHA512 | d871ae7137310730d4ece72310131136af2dc7c68f221198a16dfec17ad797a48c786c02c8679cd23eb4f0c9de16383eff21297f995570d82fe35737c0c02987 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7414b9c2e4bc08cb5ce9f3b0cb7a3385 |
| SHA1 | daae6038d07d4b82492f3365e8227bca9288a282 |
| SHA256 | 72506ab1cb4104ca12ed22527f3fb76b4621fc9678ea316994bfd90e8d8e573e |
| SHA512 | b9c7d55cb05ead7d8c845c5abe2024fce3c298b3b67a8e33bd2842cb689f04d48d6d0d9d67414567553d938f3fa862900a932546b222f5c21b97d1237f19593a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10546f9e9918941ed508efc913fbf84b |
| SHA1 | 917d44a7d37473a4d987dad88661a102cade87cf |
| SHA256 | 4eb7077777c44692b8e45ab059315f1c11751704e21d1497114c15e157be43ab |
| SHA512 | 5a6bbe5145d73e4a433439403a057d2dc855f1a24e110a3fb8839e49de7942400c8a7cc6f5c1015b9e23901406cb12b6054cfba67df49502bb0ff0bad19455a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5866e0f917e271fe749bee8a7301258e |
| SHA1 | ba7c43dfdaa03dd6ce948966f0127c6b974cd326 |
| SHA256 | 495d9b4c86ccd945c802d69612af677ef194722f1f89cf0df1f08c8a83e3f476 |
| SHA512 | bc26ecdbaf8027972aca2f4a65e819276479da588e5f8b7e37a489c82bf2912b98274251cdf05462c1af0652821788c85abc482e270914713cad66cb32f50e46 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2cce70c2f90a698b76f581ba1c327e2a |
| SHA1 | 5192f40db708f5198b8118a913f6b57aef9a0004 |
| SHA256 | 95a997a5087fde52d144e87ffbeb07ab28e84c338e9ece78514e373e5d5441d6 |
| SHA512 | 8a0d0e80fd3b33f036805967528ee15c23ee00d2ec07bdf904d50b70def6e64a75196dd80c58e91c3d5da872188d56d65298d65e6a1655a3495dc19973022974 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b98b3e5fad5bb753473af3930da091e5 |
| SHA1 | 45cf424ff1c3bc32eb250a3ff5afa9e561d66d6b |
| SHA256 | 4a61d79527bafd39422cac628a685047444dfc350abcdd503ff1353c1b5faf7c |
| SHA512 | 16d1c5de67a544bf0701a640df92b87dd44b0e25904f0a41cb12ce9ad1e6af6abb0fe136a904173f01838a309254179323b4d935453e8898c4f2e56b50af693a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ceb162534f7fb0629295f0f9c192ae51 |
| SHA1 | 5a6c1f244d9b5c2117e58e586420c7d22c4f9edc |
| SHA256 | fce7875f3f98fa0ddada40e2bf0bb12ee0233ac8f6ebba2f60f4674effe364ac |
| SHA512 | f3c05e4f46cf6768f78c6d2e6c33093225f2b9edeaf36362994f672e15a4acab6bd1642eaef336270e58df2e7520838581f49ba3503e069fb25fc4bd6505564a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cda4e47b51c0524b0b943899262bb68d |
| SHA1 | 24b2bb91c92de8e9cc3926e82a327ee32f62c4db |
| SHA256 | 73c4b90ade624ba1a00534d241354fdd3cb4190f9258a1f06e13009ceae279e0 |
| SHA512 | 0e78f8a36e3001271625cdb554bbb05ff6f54a5b8580cc8b05223d8985bfb58697f4e37c997a6b1e2ceca425cefc99f61fac862caeb229805363feb675c0004f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 56e1eb1e4664381a404652d4cd10304f |
| SHA1 | e2e406ba9393391227182d0bbb0fc613335be3ce |
| SHA256 | de684e04e77287cf3771592a36c84659ebc27bea672f59f593eea7f90c692f0c |
| SHA512 | af05f4e393483feb6a668bb98afb254550290b08f51e0eefb9ecaa6ea9b81297f25de45ee89e246315f19932358eef18c7f1ed0635b9ca7ac6f34ef8182e44c5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91a5ffd455a8d30db41214571b5dd19f |
| SHA1 | f5ea768d8297e2a4d397e5e3a0aa6b2b6e2b315d |
| SHA256 | 7ad9f8e58fd17d0dd59180c5ae1a0b49fedeb5734e27f457299111a71b2816ef |
| SHA512 | abd95617916ed2c74268b0eb24ce542b98058ba401558ea9ef5f56e837c7806b424df12b4a48a963118679d9d155072b21572a9ee523494447451f23d241047e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b1ed9ffafed3d5ab4dac019dfd8f5c8 |
| SHA1 | ed4eb0e0ee7de7656391f668ed45b28730b34294 |
| SHA256 | ce228ef338d2e32e12a4a61a7883e99a21af8c0c1412e2cbe20fd4271716fd83 |
| SHA512 | 20e8069d86e9a0da6708835b4d981c0281122d11361f586f0b639cf5c4eded9a40f86d7531393f53570b21c477c3f1382f224adeab34458c13b3bdf0f8094203 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 26405fb01e25ef6657403fec82cb9ad2 |
| SHA1 | dc71b0ff6c67ec72c51619bb03b84e1c100e7db2 |
| SHA256 | 7a19dc76cdc9d4e9dbcdfd11a0579bf0f8d24639c3f99a1b6e6eb86fff54cdd9 |
| SHA512 | dfa0761b5f75b5c1493be5dff77a6d2d0065cba2eac8eb59eb83ca5688977254cc25bccce3e54e11c02c97264bd8418c7a3d4de2269b1776a463ac84530a1873 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 72e8e297f7f13342ecb8bd95535e85eb |
| SHA1 | 3bde45f63d7d0d256278f6a399a4bdbb359a1e4f |
| SHA256 | 60fc5dfa2c91a4a227a1dc2d9177835f11361dcd49101b9c681797a0d1d68e8b |
| SHA512 | 9c3098056c0f5d8feb653a534833bc4c49df22a9b10d57ec7706c1fecdac2e44a8cb337bdbea53c17571fe54ca4d165e85f98c58e17dc49f87e52245251a9bed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0293a5c6aa3d6a6c70dc058b0f1cc562 |
| SHA1 | 411c7f8a7438296988a48f3c396acc666e53fcf7 |
| SHA256 | 408569a8084c9a36bd2830b1f381a0382aac18fb9f9f5a3edd3e6a83fb702170 |
| SHA512 | 787cf8e78e4ca291ec4f5f4a4cfc41dcf43f459240a598c850ac93c0c66a75401294113d2d67d3cec03638072035757eb824da765aafb1b1c7392ecf5f04bc66 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ddbaf03252b4d1802d7cb9eb8abde922 |
| SHA1 | c4307f75769e18eeef49a6aea8b9ce175432cf65 |
| SHA256 | ba76e3ab48f1cef8abbefc3ffe129247b0b07af935ae20565cfc0f2e8660ea04 |
| SHA512 | 26f6ae9a9136edf1e77d8a338c3bc1a242c3e1c230a23103030e3e8536c3de420fd4317e8589f4f91682805ac6125ea874d59c382472a6e224c930bee4a6e981 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 96e326836c6dea7cdbc98d3887c11bbe |
| SHA1 | 88f5cd88de6dc78e9295271ce14d47738e996f44 |
| SHA256 | 44e564510b164a69ff1abb6cd95991404fdcb77269b5da899e00e6c22d46dd53 |
| SHA512 | 28bf0a259bab3a0602c5d06ce0dcb78ca96b573af1b1320d04f089e948163c69954285a010119643922f1b9583fc341fe3c5bdd13c93988549c26aad54befa63 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 321f7990628f4c539281ec989248cfe9 |
| SHA1 | b2cdae4e066b726d112fd7ab9163bf195cc70976 |
| SHA256 | 5bfdb33bb3d5aff5ecc18ea973cfc073eb4706dbc105fa532629397c1662ebd1 |
| SHA512 | 750b4784de674bc6d57ac1714a1e13345fc73dc07f8cc3a9e1acacf4e0f7ad1e98d29524b0308076544c3539f1d8a92f928f9786c8cc5f646e8ee55ed4a5d68a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c3f9d4b61c2ff7513a8504673ccc6ed8 |
| SHA1 | 18a16d66f3b63614f368a0da9764a69471d0f327 |
| SHA256 | d99b835ac5171a8a46d0ebb192ec5ebd1915bd73b5396c8db6a19338a48bc49a |
| SHA512 | 19a0484fc70b81fab9ac6ed08f655ed821d8317ea261c1e3e9588e9e2032ee3a2c88b8125c2fe70b57139b70cae8d2b839d7eb63d63f5acaccc88459574179b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fadc47f2954712195090ae6ee6cd51ca |
| SHA1 | f6d33d0d96ac83f97952c70f438324dcf402006e |
| SHA256 | c2944e4727135fa386a29ef1de51f806258d4f0f668c2610f830cacd84bcec48 |
| SHA512 | b8b62e5f5b5d07fd74d408c95885cf205bc3ca23e17f466fb5a3c24c5d0050cad61aa318b45d1648496ece0abeedae2e8556a03d3d0b4349b8a3ae019e5aee2b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab3fbc573fa853e5e231b2a3c8c0b82c |
| SHA1 | 6a9a2655af7ebeb47519c263cb21b75a6977de95 |
| SHA256 | 7ef449c3e0f37ff5e5676fc27f794fc8e0f9963e538fa8f7965f4a7c3525c8b2 |
| SHA512 | 09c1756b830de992b45b1458d9a18d62630a8428e07ed87c3ad6752e06fd802948e08d3e21a4bbac1c592e945cd4dc315e3aafd2ad915a6eb455b50487668ba2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c3c904331e2513cd1ce44e32cec59f7 |
| SHA1 | 52816053f572e180db5470752312600931e96cb8 |
| SHA256 | f96827fe5860ad77a3e5ea3eab68aa08d1a18c2cb177e2119365ed037061cfa7 |
| SHA512 | 77196261f059c14b32a7b7e1c6758089e7b2bd17e27efebbc397bfb3fab1d435ea30c8d93514acae790752634c941135719884322a861285cc2e4a39119ace88 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c1aa34bb97af81676aac2a32a56344d3 |
| SHA1 | 9906d9060397137a40c09591bbff40c987785517 |
| SHA256 | 15a5548cdad138b8ec91aa2ea7a64018150db5126513561b4ae693f33dbc21d5 |
| SHA512 | 595dacd928990a1aefa1ff6eee1281e7e7ec29daf707cae25c2ae49b36b648d20ea843d35cc0994934d6996d6b730e2aa61ce9fe928537f991372b49dd69bb7f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e6133c0ff3ce4afa033732e8716468f |
| SHA1 | ec078f50d4f1f20716e329d63e5d88fc64b74b3e |
| SHA256 | 99f5416727b36db93365c97c3d3ef6c34edec94fb681b072e7d79100300c2bc1 |
| SHA512 | a67ac9df8bd5a8d907da47d4ac3bc350179b425801a455fd215f9048ef9cf9cc2b096eea653aff8e9d2dd1c39f9278b76c4ed4d66dcbe8cca7b1982848611012 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25f01e65a3dcc7b108ead4eb345b7903 |
| SHA1 | 3a84ee5f1a4666e3feef40ba11e4ab86799d9411 |
| SHA256 | 4c84d988361755f8dd2b05f7989fa2153f72eb61eb50ebd22223bf5262d8a4c8 |
| SHA512 | 372774ac23402ecca47631b11585764a8968cd1c4e3eca97248fa9df8fdc721b47dd85400ea7bb6d382fe62894b3ab544fb33e18377ec872938d4b8bd8978cfc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e62205bf00c1cc85a887b0fb628bbbb0 |
| SHA1 | c6433b8951a716b0dcf4d6eaaba0c1d4a4f1ae64 |
| SHA256 | 74740a1c1ef7de8b6882ae63fbd333ede9fb6872ffeaee98d7d8cf9c9e3b850f |
| SHA512 | 8f894eb26e69ad00cfb760d9b4b7795259c1c29207618ae7b8bb5848ec6711af917f88ab13788a153c78fdc121a2485e475f40dd7d16e5c85a0ec458a273e7f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 361c163698a94bdc18467463d3c0f59b |
| SHA1 | 981fe5b6872ab9b56a82b5bbf316c12a794438d1 |
| SHA256 | 1a36b0355ae2547275c6bfdf78bc354d5b1987a5f219301b978ce0b2452f158a |
| SHA512 | 40d67e6f44820b0a398d1a80373d44ce7a63ce4fef29cafd31b6fbf71976a23500a50d5f421654099195c8ebfa622b8cea4d2d5d79121c9ead5522ca0c3962e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f8e348cb56f69a5fce2d54a1526749f |
| SHA1 | fb0ae1349d30e84509054f369b3946ae680504e5 |
| SHA256 | 2420f5cf964c043c0f205821e3ad570360273d69735aa1ce993c2e3b9265432a |
| SHA512 | 5d5d5b1ddea16d4017d078a425070a8c69a29173952974aedfe57bbf6d3851035310a855e8b2493fb41d70540e2dbb4d2bdcaf396dac770a83a891b5b900fea5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23b939996f62a3e88932844e7d65306b |
| SHA1 | 0661239dfb3be82bfd6a202d86832923c3f0e9db |
| SHA256 | c1611b03a49745c43368dcb627aea547b5f87f0866e165d1e984c289d4fea338 |
| SHA512 | 57ef92a53ddd16401bec23a6e5b1505daaead90a66a732324c83800aa4f4bdd74726b99cc3c37024fcd1087f700bb08db3f72bf3aa1344f816bbacd255f6d9d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 956ad261bd6bc76ac5b313f3c44ab4c5 |
| SHA1 | 53c4ed126ffef8d33d8cda995d7ef616001842f1 |
| SHA256 | e5720f391d317db1bd121c94f044f97480423708d6afc8618ec09f6e368bba55 |
| SHA512 | 5ef956e9fcf0c70be6640aa4fe13ffd35c134bff4f9c08db9c4219b3a68a5fe908a84406573aeec2d71f717e8aa0a81eff286a35667709ed9ff5c91ed1e3c140 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3afb0a51f8f82e91a26b64a20001e31e |
| SHA1 | 4435c243e6b61bc6a01b5ee1aa3d51d26f2a8628 |
| SHA256 | 131cdd4fd3b002cfb34aa0248c13e17dcdc365e46a1167f57f9a759eb54188a6 |
| SHA512 | 788bd7f5fb5329487452dc004feccdbd4e063d4ab57b1e34be022a7624dccfcbde7e3061f1e7ebe9f5fb6c14fab9c9bed3a56223284069e61398b58b83f975a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 96965c5f702e8cac04e57b0d1376c1ac |
| SHA1 | 59aa837751559af21b79b8155c511afba07aeef4 |
| SHA256 | 59790c0214a091adbe04b6f540e35bbf1849d0cd4fdf7e13e432c260355f7d0d |
| SHA512 | 0b9e01574565e93a6cff5d0a00706ac72477bd90f62bd7eb7bb3c38f78f9eb03a1eb841607b91fb13e9b4ad4a21be4a33ab485110cd936509fb44125f2185db3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5325bb47b28b570a466bf11e38523bfc |
| SHA1 | ca973c7338335b02291870b2cb671b42f593d9a5 |
| SHA256 | db4546caddb537d057b100580ae5f031e440c66cf9f1342fa7941cafcd72e694 |
| SHA512 | 7d2b9fb340b7464c7114d2d4abe7e0ffe563c6530b8cd381081d23ca6f5eebace0386f5367dc50e6e7109dd8d1f14c4ce54ff9fc2a53d5818e7dee9f5fe3021b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b4b601c0ab86dd05b937e513c5554e8 |
| SHA1 | e60fa91e46484c80e3c3946f6b95f5ac52a51e7c |
| SHA256 | 5b02ca47ec084a8f720b97cc54819a1e3785a9cc30676c6352fd6a2a52ed97da |
| SHA512 | 9735ef0529b7a5863e8d36200b0f12b9c31655b90350168debb4e4908839eed9a2b53fc3861799457d98302a934131af450752db90125f91f57de200eebbce14 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e9cbdf0effb660f4e733b34e5297699a |
| SHA1 | 2cd5b7acbbcb5720a95828628f235000db1f463f |
| SHA256 | 41c9eb278f048f511b95ec87cb2c21ba58a3b438ee7414b80d2b5f6eaf03beb5 |
| SHA512 | 856d7650128f74463a61aee4f56b3d187500aff39ee801b4edc1b65764fa328c4868310702e7c01a1150b14111c38409b7ab526ebe23e7dc1d7e3f6a02a792b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2e4ad07930edef268cb06fd94cd49c7 |
| SHA1 | b15f9581bec4c6adad2ed5f1f3b7a754b9e93b54 |
| SHA256 | 8013f3eb43dc4abb0094c57eb962ca27fca1cd10ed706aa3fa21127dbcd2c7f4 |
| SHA512 | 3c30d75c81a5f8cb750caf2c1dd3feb544087381991c6456073f01babf8541049fde591088907ad600599456a29d1989c48aa6d9ebb7919c4a8d545c51036598 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76def7b1030c398141a5aee0f72176db |
| SHA1 | 5ff3cfdb75306577945fb12d1c13da75ac78d34c |
| SHA256 | 8ec4f9a0ffb5ca0e8233f17e06a2c410f0cfe57971f26a2779903447e6d1cb51 |
| SHA512 | 036d2f44167e3d3d65416f890f83b7263a8790e4a8895c370a2f93def867ec4aa096eb0b660b9c4235ec46ae9c47df96d2e1eb017d4bd90e62d43a44717cee6a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3874baebba76bc419e95e9ea8f6f55dc |
| SHA1 | 3fca2a44b1f82b89bfbe96d84808fde8d07ddd52 |
| SHA256 | fe4470682c05f0ebcc1a5b1215a55a26e170a4039051527401e28108e50e076f |
| SHA512 | 52b5e77c3e5b3100d8a9248ac9b4e8a9f7f1e134ec9dbbfff0e9246688ceb9d5a16aef05b5dd197224aa6b935ce630562807a5686247a5347f00a7d899b88c9f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b97c72307d8203b608d9b80462b0b9c4 |
| SHA1 | ca9e4437ee67b0597aae5587b6af8ab67e7f6295 |
| SHA256 | abf78c67a88579148b125908ec27e893c65c9c2f1eea3d13589509143c2f457d |
| SHA512 | a9eff7025dac509510e7e1c497f8a4b62f2f630865490125b8ae26787521c201f2c71a4e2a170b232fc9b498f72c3cce65740fc17324e10dbd7b38c64ec42b5a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 68986f36abba4deafbd1a9e6f72698e2 |
| SHA1 | c00e59a1c197cb73ea6513a88822990b493c0d70 |
| SHA256 | ec1a3426ee8975834bc9a8482053c71a442141dbef801d0c9e32fd4ca08eec2d |
| SHA512 | 13547c2e3668076ecfca92558535d8999fbca3bc4e3f7fe61c30d662a558e7740d5b73dd91c0e09e82020a6adcfea71126db02a0a27478d5135e7bc79be5c643 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 669cc44f6a1eb3ab32508a14bc31bc38 |
| SHA1 | 24539517fa5d7b58587c1fe6a02100a8f3ba031e |
| SHA256 | 68839daf720277e46b88e1e1e7ef6a512c822b6c486753efa5f9e3aca1e7679f |
| SHA512 | dc03fe402741a47e8f8239da305a59175dd67eef9775a5d1be0d9f33ec1f32ee6d0f246c15a261fad8a0c22e2ffd049c011353581f749d32178be46772ef7709 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ffd5f55c47db5141a0e78e2b524f1fc7 |
| SHA1 | a848f65a6e7c84ad8017e24d4ab5806d697ba574 |
| SHA256 | 10f59e003b9c2f8a2ef33ff3aa0f1d885455be74f84c204161c12938bc8faef0 |
| SHA512 | ec4793669d32088f0c04f11a147aeacebf34657fb721dfc83ea97d591e92c9f6c272475f2411ea3c317f1145c04fa027bf4e689663ec053b28c01b2f3ddbab13 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7a6a81f4232999e5ced32b416f846ed |
| SHA1 | dbdbde5b7ad31bdf9111918cd7ec45e1cb6a4e13 |
| SHA256 | f69e8b9660d2a68f0ab18a9888714dc5d61ed09b50d040dc7fe5f7b1e173bb95 |
| SHA512 | d57e45c3217427d8324d8e3f7916557271445db23c333bd2cb05295cbe6342d9d590721954f9ec1b0b90e7b783c2ae3e1c9c299f2d0408b4a74174f2e3d07509 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f6ae9d1e4cdc03e9705c6c47284d08cb |
| SHA1 | 210de5222cf999c876ea63f58e13a3e9df1a54d4 |
| SHA256 | 2b7f6176b692e9d4bce151fbe255ef85ac875e6246b0c1439ca4851ba06ac00f |
| SHA512 | a6af6ce5fd35c72f1779a26045daf7b34873bbe00af75f77d1f1d0cb141b5fa240da2cafaf5b80f7145d72c555227163155a0e8385dd53fa3f78a6d8a9715818 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7df2525ababdabadce7ad6919df4888a |
| SHA1 | 84d38e06a0c661e44c37d03ccedfec5cd009e74d |
| SHA256 | 93c336500c424bbdab77359aeabbff8ab5f7379583ddd45e055e0c52d9952945 |
| SHA512 | 404c1896ddcf732a2eff09800ce0ce952ef665d8e739e0cbf333ac926f10e99bb4dd883084809e6d0084b4394a194dc394d0d0a9372451d5956d1cda8cb76eae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9774f38c587242c21f809866ee38e328 |
| SHA1 | 8bb2d9020cceea5ccef05257788afeb89c14a3dc |
| SHA256 | d42351ce4a33412c7fc7c33acf6969a87084b668434cc3fa085eb8c3d2fee0c3 |
| SHA512 | cf77a158706ed023aa990708a1e7531d620184ca6b8b54e4430fa2070ac394e7a080722719f7006336a3f4bb4ca297230737fc8d64c4df68cb8134ef3d61782f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6ec0da67256bed9d8e270e83579e620f |
| SHA1 | 1b9f21583a1a8028fb15b335cf031c5946e4a853 |
| SHA256 | 3a497e170497d60d103ae55e674e9782228d1eccd179f265b656e454a37cd2ce |
| SHA512 | f99b6249527c27ca8d59139e3dbf76fdcd1ef8a7f28d94ec4da70708a1947209012d561d734fee39e91924ed15da2830eb53174a2cb36576d233442760322fb4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ace57066361844c8e9d91b544bf3de2b |
| SHA1 | e8e88ece0afdd9b580777271e615a2bea442732a |
| SHA256 | ddae640d7899db95806d4ab0d5c851017d2196e3b0ef2854ba557b144cde525d |
| SHA512 | 0a30fb172a7c00e04726ed319757fb52f6f547afe22cb914537f5d18635f6cc94097ef4bc5ac761737c8841236376c26a11bbcd33d6eabb898260a125cb56267 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db2fc49d00682f3a0854f5f370231f35 |
| SHA1 | a06e5fa7b0175d8b383be450c8dbd9d18aff4e48 |
| SHA256 | 8eb31a06dd2dddb86e104383f022b7aed570750a26be9377afc0b0b9d12587b1 |
| SHA512 | 5aa883ccdddaa56f11f0856b3fa768f64b0341e03a653d8d6e04b0fe09220ff9b5fa6a92d34957caf429c5d7ba0e139e80be3c86d52753e9f9444698631449fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 03e4ea508f6ab1a5e9100dfe378ba2fa |
| SHA1 | 40af9c33039b453ce997090b71fd0a29d00bbd0b |
| SHA256 | ee99ba6c24e8babaaba923248d829c5e7c6316a4c0078414ddcaa51c00406cb2 |
| SHA512 | 0c476e2b6134bc3005fa6c5c7b6753dc57117e14510eb04329cf0eb758180c351c160295ec577090d3c23bb2913afd12946ddaefa744bd7084fc8fde0805641b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4973a1a0245fc2ac013f94bcf58c45f9 |
| SHA1 | 3b35aefb582bd6f94eca9d057a7099abc900483a |
| SHA256 | 1e12048ee3b8931218407d0c82315d1d93fff563daba2ed8bb932417e9727b31 |
| SHA512 | 020fdd5dabc237bcee729e3e619da132b66854fa2286a20f32786d8fad5a8847c82fcc56c0805e07a233632d3de70bb4d24a7789b74840b100adaa32d8253cf9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 225aa79dbce7dc2e1f56c3163ad59e51 |
| SHA1 | d03d869ea87132b386463c3b51bc490df2e24316 |
| SHA256 | c26f8709848e3d202ec84cf85859268c18966e4b35c4c811b3399ee7820dd21b |
| SHA512 | 68d0516931a612e41eee1c72e467f5586d01a5c7fc7d9fa580695ab67a9ad276da187cc415aeece5ef6e1851f98ce481afeb45fabf19a529452f5549e235282f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dfd36f4fcdfb723d356c57eccc55b939 |
| SHA1 | 8619b0c79ed0c0c77b8d088b27900749b03207a7 |
| SHA256 | 9041b8b431c57e85107bee35e5e59453e4489fe814ada279973268153b4630ac |
| SHA512 | a6b1c79045f8692920d886244a996812e873916f3aab97219f8237060ce31abba5dd9971f153e81b53ad4ebe3703a062ae700132c20664d771a3026968bfea8c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 48b9c16c66b0a6a2e8d13c49fe0b4cf2 |
| SHA1 | b6df14399b66bcbff73053f9c23299f78788c34f |
| SHA256 | 01e4323b216ac63820e30f71b5d1883bfb7a6e1d31bc4244f7f2b67602b6b2ec |
| SHA512 | fe082b160fa37bfcf5af38d7621338a5f5e87768567ccf0350b7c4e301cf7afb024a06918510358b73a768c998dda7e87616de3b6ad8a6cdc267c4c121c22603 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e20470780b2ef98d5b96271ad0cd1dcf |
| SHA1 | c906e2fd6515f97fef1256cfdc177c511e2023eb |
| SHA256 | 23a027b485b0e0a5d0ad6acc86ec9c0d4c0c7e9562e9277e0405fb5a0797bbe5 |
| SHA512 | d0fd8f4424f77c1f60793bfd7f8a2efec69229b75025472aae634d261d5f7aebf437a231bd8c16c9c89adce50de508f98a351a78b85d5b5886f2b3c9666b0db8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 825e9e16263b0d1802610a0bc0c5bd6c |
| SHA1 | a1d918b92b49a6410a3bcb5bb351974dbe0fef76 |
| SHA256 | ee4c64588ea25c872992a9a9bd77dc6bad37e5dc82412f84601144ea9e76ad24 |
| SHA512 | 7e4aa3c6102ffe1d8678ce8ea35cdc087c7a4a6a657cca1dcb370ab4775cd5bc7828c6973e959b71c4e69692dad80364d67547ca8815f5a2605bffd7568b5d4c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0fbca5e4aefd8c4cfc6d0e44b4361b57 |
| SHA1 | 14e8ff8f96ac2fcfc079c57a2bf5e21be8b0a6bd |
| SHA256 | f44e5e58cb7fd117409b4ce35a13cad9bca25270311687bd24e78fb5b6cdd185 |
| SHA512 | 92e9e35de3c4b24482c132872a462df328633c0ccf94f4a5b3e8e68112c685f0db89215a48ff904a4474439248de8f44e26bc106039c60fc5acf657b9f3d2bb7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 65c52c7d2bc01bedcd4ce09393c61d90 |
| SHA1 | 30e938e7cee1b15477f7c6d38e8a6912f1d4650c |
| SHA256 | 4bc8f2049b655a1d3bdc481cb5ac71f9540ca17e272c48734e8e611ade4c6564 |
| SHA512 | 64c08794d3411c66ce132c5a0bec39a1ef41927e957c0f904bd78d65e7b210c1a21f1c2d5995eaaac16515c4d9a676be286bea690f4e5ec33daaa8ba33773ce8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e8dab7527afc9645cd456066de5fe2fd |
| SHA1 | 3e6c9a0912b1bdfe474d7e3be61228b45366f123 |
| SHA256 | 8d6c527684c6c8c6bfd1cb95e5ee44c7b7ff0a746f9fe682cde61c9958aa4faa |
| SHA512 | 6a17965466d9aba8112137d023fc572eb812368c3801d747938cb4f0c305922a60b2fe8b64577d96d8a9c51a6686f60916c8c459df3f508a3f7e718f8d1000bf |
Analysis: behavioral19
Detonation Overview
Submitted
2024-05-22 23:48
Reported
2024-05-22 23:51
Platform
win7-20240221-en
Max time kernel
117s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422583589" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D0A840C1-1895-11EF-8C27-FA5112F1BCBF} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000933fe494fc43a745a6ec09c2aa5dd99300000000020000000000106600000001000020000000a519277972f246dd20f678313b7b445c5951317a9e41bfae6713fc6922823bfb000000000e800000000200002000000057fb9c0296cf1dae3a8143a64bb6170508d51027655eb5e605e314e7182905c120000000608a2748e0e557c392d7d5c247bbfe5a03f8ae3400503a604896a6a03ba7afff400000002683e9b26b1984b8753e11f4ccf72a060f5dbdaabc3dc2c77a6874835d1ee324c94e7036dbe5a425050fe1fc1c3d970ce7b529c5c8e6604323774c48efec0bf5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000933fe494fc43a745a6ec09c2aa5dd99300000000020000000000106600000001000020000000f8d2abfec8aab4be63ad60a4a61c7190d2db8d458ada5b08a821ea840e114355000000000e800000000200002000000023ff153fae8d53a56c34a4e43e3cade99dedda2ba68fb09c8df424f1173dd7fd90000000db962dc644774d9f426e4176fda0ba1fc9f53fff606c644f9e29485cfe03a93b4bcf11664638dad645c1db6944505de35a0aac37e80e70ec74d2b0d41ea16b1c62f46966847606da67015db5a2c2d0ce373e28a7a1f45c1328498d296ab572f92871b2fe22ab50bd5179c1372ea105e4b74799a92fc893a1630349e6c1e51c776def704d1671840568967c4b31201abd4000000023f691cc33e6dc596d32f283e2ba6b42c9e64552f9b5ea2907e4b35cb2bffc6f345b25a091bed8fc927518857194a810ce2955c2c56a97a96ee7850739d7b9f5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20afb9a5a2acda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3048 wrote to memory of 2564 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3048 wrote to memory of 2564 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3048 wrote to memory of 2564 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3048 wrote to memory of 2564 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\index1449123078.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3048 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab9669.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar9769.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9fefae5338e6c1218c42f8cd2deb490f |
| SHA1 | 584ca974d772604159a3fb91b18fb20d204dcdfc |
| SHA256 | 4281bcf981f2c5dcb610d7784a1c63ab0e6d562d7594f889d16b300340fcdeea |
| SHA512 | e0f2f908a68053ace53f730a17bca353d2eb7732a016564e6a68816830668afd9e5fe42fcb191139f76ab90f39daacfe6be0575aa6ead2317a9f30b76450b601 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b0246b0bbd8af0fee1449a78d661539 |
| SHA1 | 231558b86c77fedf9727342dbbfdd3816f0ee16f |
| SHA256 | a742dc6ba1518c8f5554c2365bf96292f4f98e039b713f2b0a6f4689e8077b05 |
| SHA512 | 8b128b902acc45d01f78c6eeeff406ee48f3458bb50d9d426ddc6b3b0c154c82126e61300ac23406f909904bf2a4d4ad572ee21bb2eabdee5292567df3e0cf7c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a21b881678ad8267a90ccc5112577bf |
| SHA1 | 0ed9c19eaaf441836f744ccf60fb81881f05fcb9 |
| SHA256 | 999b14cf57949434534d1a77a99c68afe4f3510794d46224069128a429e5496c |
| SHA512 | b9d9561959e05c7d13f55ad0761cf3d8aeab681a2f20b3cfebd2d001415027eab73d6064f066e47ba6d288a170db408a0b325ed2abaad4dab764e7e463c15137 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6150e99267d027e6751bc7ca126b64b0 |
| SHA1 | cd8a20451e1c4f9cb755d13ff83f293de189a4f7 |
| SHA256 | 3d7c75c5f4e23bd218ec4aa020d87df6328158f445c59a11dce07f0776a950dd |
| SHA512 | fbe8853711252c3cc9871b06168dd3720ba8aee2bfa7e45f54a5e1bfbbe4497fb7be08a68bef02f1c3b131ce8b875e32cf31ac244c0afb6f3c08a66179fc48d4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6618781e1b71936f589bed1a54bac416 |
| SHA1 | 610b64b5331fdff2aacab78598d538f3bd831e23 |
| SHA256 | bdb4ebd838d8b42f191b8637ae518c1e43aaa06c73323aa952119f05ade906eb |
| SHA512 | cefd0e8915098dd80507e8fa4b2b70c1c4e451208242311b540b47085396540019bc0c9b4d2777437e6f53593457a7d2dbc0aab7ce791d5b4aa5f2de9b5176d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1d7118ddc2c24ceb5303b1931d74e39d |
| SHA1 | e76e426e0c4334f3584b2939e3f4d7fc26ed5a0e |
| SHA256 | 6496f93912657fea61c690b8fe865d8a7e1ae30056b22839450fa0c2622cfae8 |
| SHA512 | 07f55f254d9e05475dcc383c3fed9aae6a34aa3cbaea24dd109d742c3ab52a6e64276e84c54b6bb57ffc1cd58d38749fdfe0bcd786695d5f2fa23c35bad6926d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 668e03aa3835fc4dcf7ae7cb6abb593c |
| SHA1 | a9942a75420fe6a24d5b96663c3a5fc15fe0c9e3 |
| SHA256 | 7ad7a0980dd58889914d1915936ce5f1f72a6916e0bbc76acbdd1ecca4aef30a |
| SHA512 | a56e5afb997825ad94553fd60d76ab7be0f14db81ad3dcd0244d09531e4678a29f26ac421053485bf11f54fea1910a6f730d5db6df5ba92ee666a9da8f18c512 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b60d4e361b24007c96af23180f01ecc |
| SHA1 | 262860be39d8bdf07e6760c54be91965854c12f2 |
| SHA256 | aa2bfc7aa7ba06d69c3a2de3d343962d463cb817334e5f4bd30a3e67b61035d1 |
| SHA512 | 06338f58bfceb10d9fb7ffa9df4cba0aa31f98949d9b772f83e62acb071da8f999e5c8b0c2784fe5ad86514e5e1ed8bdf5399c2a557cf972a801398d2ba2a342 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ef8c3cac500570444e5335ca0c26fb0 |
| SHA1 | 1e32852ee1795ee782eb8a11e8236b570d2ba993 |
| SHA256 | 7c67245ed168e842461d303d79b0a8aa8073be26ea0e703a47acaadc92f5b922 |
| SHA512 | 16c0dd54a301fcbc6e54c88fdf2b1756c6ea94b96fb822f53c57f121af05c54e06443fe8e2c0ea164e678a4b7292e8408474da5925256ba1a8be3a852d07226e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e578ceeb30604422cff2216bfb31427 |
| SHA1 | 31d15db5f8d44f97cb1b88a75cbc3fb0ffa61994 |
| SHA256 | 47f29a38a10529c915c2fec9a5c0c88f5a2a9c41f5a111319f199bdad9a0ed01 |
| SHA512 | 6fc23ba37124ff1be85ccf29bf517340fd4d9d0708388416b152961f3e9c42d372020ec9d9b5a99478abf5af462714bdd311a2d2548692a6444829c70b79eff9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd057d14a00a310f1265fbbcb873f8f1 |
| SHA1 | b0c77641cd9c1842e28965cc3dbac5e9cbe19638 |
| SHA256 | ef754527ccd895f34c695279bbb333fa6ec60d192af7565fd5d5b778c1d18c33 |
| SHA512 | ec29f956271afe3e5430e5b5cfea130a95231ad3bb80b1f9f457e07d972f30c89646da5a6a9ef3751fc08a36442b7162c66cf074048df6bfbdd86c3bd219485b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e8007223d5cf5e4dd7396e1e8e23dacc |
| SHA1 | 0bd1bef260e4d76aa52243c129410e6f61c08c40 |
| SHA256 | 8eb87552040970bd5343d4bf20a7384d66992ea455dce55ce80623139d56ca8d |
| SHA512 | f3abf6515126c353fb634ecb9275d385e50ce2911ec7103d085287a87821fb224966d1be6359a8b389471674dc94a4a9f0d04a84edcfecd697057d22dbfea8cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a77c6e26434ccd5a8e67f52fe1d5b9a9 |
| SHA1 | 98d5998290c124f521dfd0824370cc08fa276bcd |
| SHA256 | 98f24e1ac497c4d23678c9236349b87037c6c04360ee001354518fd5f170a651 |
| SHA512 | 5c6434967c2c027076e23bf0490643d0a732d471629f64071fd05484fe78b33a215e8dcf4bf7fda696fd25e5f901fb58dc7fa702375c0bc04324b9b75f54523a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cedfc0bb355084f19e7552e46758ee6f |
| SHA1 | 6202a377a0c8b11584d9e505a455e437807ed8c4 |
| SHA256 | 4c32ab9656e1f3e3a2867551175e29d8bf0414c37a1823eddc84ec9774b0cbb4 |
| SHA512 | 497cde0dc0ae65e153555e53f7c529c651cc47f018d5d5b6d22582566b6db6c4327a47eae5131604b520c18165873c5afe1200c1601addb8d6f352612487ed09 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc6bc881db8710dcca57501c1f22a38c |
| SHA1 | 02e73e5ed5ff86dc547763b367fc09f952f1a655 |
| SHA256 | c0d5ce364f0fe76f2121eb95fc6cd289909218d911536086cfaa37b0fe1fd6ec |
| SHA512 | 89c1f40fb7f2ec6396168ace30c763702c83e06593927636ccb8f73a5acd57b5528fdf61b6104ac1a5fd25dcc55360ad558feb117af002c11ba589a4971b1e3f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e0e36cfa3686abf5948bce69b50a087 |
| SHA1 | 911f91899adbaa65cb0e79f3468bbda5e4274737 |
| SHA256 | 2712c1f2b3dbadc2583d84709dddf140719e61763a803e43ccc5a2f1a44b51a0 |
| SHA512 | cbc14d5e7e37b15ea65ee44a9bce30e841ca8839f2163e53113656217184ebb418699723c5459e9648b5457fb1ef53cde7728e2b0d22994babf37cf326282d0a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67894192922cb5856be064348851d81c |
| SHA1 | 423c58fa93332529a5ee4d6d847ceee002e6cfbc |
| SHA256 | 738a9482d2b17ccfbe49fc967fa786a3a049c57c439c55c845e611f14180d473 |
| SHA512 | 27abb2fee8bcd1684be1751e805ef9e9b666cc8653e058b0d1d6b75f4fc55fcb2a27f3b12eb22b3faa6d0dabb0a2e910d9414f25327880af9a7af926132569b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee864ba9de17b1ae0c60d12cb626adc6 |
| SHA1 | f0045d945953acf48ab75f126289cc997bf5c3c5 |
| SHA256 | a5b3864f174f63b0eacea7e96a4e93ec0606a699d66cca521d8185f6c2b68123 |
| SHA512 | 34fff5d9c9cc92f65f16d5caf6f504877226e6df2f06664e9cb303c9a52aa3e1aadbd351e70198e6b9da780853138f7e36d7f3c6d65146213727b611d5110c16 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8a9bd68a56d672277812a2bf70e63c5 |
| SHA1 | 24d554a66c2cf6b22d2455ce65f28000445b00b1 |
| SHA256 | 53c3dabe3ad9d3799d6ef0f148361707e156715405edebe6f2ec297bdd78374f |
| SHA512 | 388ac56a4e9ce5fd9c5030d596b68a6dad9adddd8beff5d0f39824c0d6c19a2932baeae477d967acce09ba309e2aad7266333c2a4c01e5aa2e9eea23b8da5ed8 |
Analysis: behavioral8
Detonation Overview
Submitted
2024-05-22 23:48
Reported
2024-05-22 23:51
Platform
win10v2004-20240426-en
Max time kernel
133s
Max time network
103s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2508 wrote to memory of 3740 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2508 wrote to memory of 3740 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2508 wrote to memory of 3740 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3740 -ip 3740
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 612
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-05-22 23:48
Reported
2024-05-22 23:51
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
142s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\contact-domains-org.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c0ef46f8,0x7ff8c0ef4708,0x7ff8c0ef4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,8113145307534721754,18192615540224719244,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,8113145307534721754,18192615540224719244,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2496 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,8113145307534721754,18192615540224719244,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8113145307534721754,18192615540224719244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8113145307534721754,18192615540224719244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8113145307534721754,18192615540224719244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,8113145307534721754,18192615540224719244,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,8113145307534721754,18192615540224719244,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8113145307534721754,18192615540224719244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8113145307534721754,18192615540224719244,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8113145307534721754,18192615540224719244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8113145307534721754,18192615540224719244,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,8113145307534721754,18192615540224719244,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4812 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.domains.org | udp |
| US | 50.28.32.168:80 | www.domains.org | tcp |
| US | 50.28.32.168:80 | www.domains.org | tcp |
| US | 50.28.32.168:80 | www.domains.org | tcp |
| US | 50.28.32.168:80 | www.domains.org | tcp |
| US | 50.28.32.168:80 | www.domains.org | tcp |
| US | 50.28.32.168:80 | www.domains.org | tcp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| BE | 104.68.81.91:80 | s7.addthis.com | tcp |
| BE | 104.68.81.91:443 | s7.addthis.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 91.81.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.32.28.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | domains.org | udp |
| US | 50.28.32.168:80 | domains.org | tcp |
| US | 50.28.32.168:80 | domains.org | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 50.28.32.168:80 | domains.org | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_4848_XZYESRJUPILBNGQA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 95cff97b69db31a3062f8234f9eed75f |
| SHA1 | b154bdaf45f4251d54feb7e5c174b403433b3d2a |
| SHA256 | a00dbfa98c6077f68530c6949efb32ee3f1ac9e357406d54371f4f3b52b88b28 |
| SHA512 | c491ec59c661306eeac109326aa988264b628165a9d8124255cde67ab7de404a5c2af9bccbb47a91c875259682944d6f753deb34b519d56463a5573394a30d0b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9f60a1cfa6725abef15bd7dd93f69f39 |
| SHA1 | 853142f08aae7952f166630a3345a1a0c72ccd2d |
| SHA256 | 3e8519a3cf40624936db488121e28c07f99286e3f60cf4e3a7aa346ea3620e33 |
| SHA512 | 58d41491afa31640aa1faf8501b95118a0fc6147e230db3aa6bdcb502dda5c8bdcf75d4f50d1ce1b0e47dc48e630e6d781fe7a631c6ae6430704755040789e55 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 22be65a6496e8bbba5687bdd2096dec4 |
| SHA1 | ba32a6f98c1c48e202eff35ce92e33514d3c4d5b |
| SHA256 | f55c188f85582158fe19a7eac3ee17ee47e62358bd02121af756a6d890b7507b |
| SHA512 | 86476ba47d3db16d9e79a485fa238d2d047e024ed77ac67f8e8304dde130d9214bbcd0116ad9fe8a39a6ef178aece05797d39aa339b4eff0514e3a3fc2ea57ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 95f2ef5eed597010934ef88e1b739320 |
| SHA1 | 3d97bc7a6bb2456c8f2d3b6a5af8b54e618607fe |
| SHA256 | 3e7eb0ea1be3bb4425a42722722d587e23f1d8ebed6fea413c7e7cb542a4520a |
| SHA512 | b7d7af57f35c65ee06acf1c1322eb5e46190bcd0a3b5a051767ec143e9ae5a2be0212a9149913357c6f919d2a608df4678ec2800e688c72671d1f0ce8b92cdae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2718d288201f62dc53fc1dae2bcfe7f2 |
| SHA1 | bd682dfe44db0d9f2c06e5900d583ea2e16aa123 |
| SHA256 | b3f44be26253b2b77821451b03b90e9da9ffafb37ccd9bb1c9179318be948530 |
| SHA512 | 269c8ea19da0150462a8e5d9481aa825f4a60e0e216317dc986037b0b71d8977bb957e67890f43c8eca78f0db7dd01c1f05284affce6d38c2c0dda95c7745e0a |
Analysis: behavioral20
Detonation Overview
Submitted
2024-05-22 23:48
Reported
2024-05-22 23:51
Platform
win10v2004-20240226-en
Max time kernel
143s
Max time network
152s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\index1449123078.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5080 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4668 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5744 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=4508 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5752 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2536 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 2.17.251.21:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | 56.94.73.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.96.87.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.6.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| GB | 216.58.213.14:445 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| GB | 216.58.213.14:139 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.189.173.21:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 21.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 13.107.253.64:443 | tcp | |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.178.89.13.in-addr.arpa | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-22 23:48
Reported
2024-05-22 23:51
Platform
win7-20240221-en
Max time kernel
122s
Max time network
143s
Command Line
Signatures
Cerber
Deletes shadow copies
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
Contacts a large (517) amount of remote hosts
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\cmd.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe | N/A |
Reads user/profile data of web browsers
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmpE206.bmp" | C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2320 set thread context of 2032 | N/A | C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe | C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\BUSINESS.ONE | C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\DESIGNER.ONE | C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\PLANNERS.ONE | C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\ACADEMIC.ONE | C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\README.hta | C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\BLANK.ONE | C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe | N/A |
Enumerates physical storage devices
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SysWOW64\mshta.exe | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\system32\wbem\WMIC.exe
C:\Windows\system32\wbem\wmic.exe shadowcopy delete
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Local\Temp\README.hta"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\system32\taskkill.exe
taskkill /f /im "690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe"
C:\Windows\system32\PING.EXE
ping -n 1 127.0.0.1
Network
| Country | Destination | Domain | Proto |
| AM | 31.184.234.0:6892 | udp | |
| AM | 31.184.234.1:6892 | udp | |
| AM | 31.184.234.2:6892 | udp | |
| AM | 31.184.234.3:6892 | udp | |
| AM | 31.184.234.4:6892 | udp | |
| AM | 31.184.234.5:6892 | udp | |
| AM | 31.184.234.6:6892 | udp | |
| AM | 31.184.234.7:6892 | udp | |
| AM | 31.184.234.8:6892 | udp | |
| AM | 31.184.234.9:6892 | udp | |
| AM | 31.184.234.10:6892 | udp | |
| AM | 31.184.234.11:6892 | udp | |
| AM | 31.184.234.12:6892 | udp | |
| AM | 31.184.234.13:6892 | udp | |
| AM | 31.184.234.14:6892 | udp | |
| AM | 31.184.234.15:6892 | udp | |
| AM | 31.184.234.16:6892 | udp | |
| AM | 31.184.234.17:6892 | udp | |
| AM | 31.184.234.18:6892 | udp | |
| AM | 31.184.234.19:6892 | udp | |
| AM | 31.184.234.20:6892 | udp | |
| AM | 31.184.234.21:6892 | udp | |
| AM | 31.184.234.22:6892 | udp | |
| AM | 31.184.234.23:6892 | udp | |
| AM | 31.184.234.24:6892 | udp | |
| AM | 31.184.234.25:6892 | udp | |
| AM | 31.184.234.26:6892 | udp | |
| AM | 31.184.234.27:6892 | udp | |
| AM | 31.184.234.28:6892 | udp | |
| AM | 31.184.234.29:6892 | udp | |
| AM | 31.184.234.30:6892 | udp | |
| AM | 31.184.234.31:6892 | udp | |
| AM | 31.184.234.32:6892 | udp | |
| AM | 31.184.234.33:6892 | udp | |
| AM | 31.184.234.34:6892 | udp | |
| AM | 31.184.234.35:6892 | udp | |
| AM | 31.184.234.36:6892 | udp | |
| AM | 31.184.234.37:6892 | udp | |
| AM | 31.184.234.38:6892 | udp | |
| AM | 31.184.234.39:6892 | udp | |
| AM | 31.184.234.40:6892 | udp | |
| AM | 31.184.234.41:6892 | udp | |
| AM | 31.184.234.42:6892 | udp | |
| AM | 31.184.234.43:6892 | udp | |
| AM | 31.184.234.44:6892 | udp | |
| AM | 31.184.234.45:6892 | udp | |
| AM | 31.184.234.46:6892 | udp | |
| AM | 31.184.234.47:6892 | udp | |
| AM | 31.184.234.48:6892 | udp | |
| AM | 31.184.234.49:6892 | udp | |
| AM | 31.184.234.50:6892 | udp | |
| AM | 31.184.234.51:6892 | udp | |
| AM | 31.184.234.52:6892 | udp | |
| AM | 31.184.234.53:6892 | udp | |
| AM | 31.184.234.54:6892 | udp | |
| AM | 31.184.234.55:6892 | udp | |
| AM | 31.184.234.56:6892 | udp | |
| AM | 31.184.234.57:6892 | udp | |
| AM | 31.184.234.58:6892 | udp | |
| AM | 31.184.234.59:6892 | udp | |
| AM | 31.184.234.60:6892 | udp | |
| AM | 31.184.234.61:6892 | udp | |
| AM | 31.184.234.62:6892 | udp | |
| AM | 31.184.234.63:6892 | udp | |
| AM | 31.184.234.64:6892 | udp | |
| AM | 31.184.234.65:6892 | udp | |
| AM | 31.184.234.66:6892 | udp | |
| AM | 31.184.234.67:6892 | udp | |
| AM | 31.184.234.68:6892 | udp | |
| AM | 31.184.234.69:6892 | udp | |
| AM | 31.184.234.70:6892 | udp | |
| AM | 31.184.234.71:6892 | udp | |
| AM | 31.184.234.72:6892 | udp | |
| AM | 31.184.234.73:6892 | udp | |
| AM | 31.184.234.74:6892 | udp | |
| AM | 31.184.234.75:6892 | udp | |
| AM | 31.184.234.76:6892 | udp | |
| AM | 31.184.234.77:6892 | udp | |
| AM | 31.184.234.78:6892 | udp | |
| AM | 31.184.234.79:6892 | udp | |
| AM | 31.184.234.80:6892 | udp | |
| AM | 31.184.234.81:6892 | udp | |
| AM | 31.184.234.82:6892 | udp | |
| AM | 31.184.234.83:6892 | udp | |
| AM | 31.184.234.84:6892 | udp | |
| AM | 31.184.234.85:6892 | udp | |
| AM | 31.184.234.86:6892 | udp | |
| AM | 31.184.234.87:6892 | udp | |
| AM | 31.184.234.88:6892 | udp | |
| AM | 31.184.234.89:6892 | udp | |
| AM | 31.184.234.90:6892 | udp | |
| AM | 31.184.234.91:6892 | udp | |
| AM | 31.184.234.92:6892 | udp | |
| AM | 31.184.234.93:6892 | udp | |
| AM | 31.184.234.94:6892 | udp | |
| AM | 31.184.234.95:6892 | udp | |
| AM | 31.184.234.96:6892 | udp | |
| AM | 31.184.234.97:6892 | udp | |
| AM | 31.184.234.98:6892 | udp | |
| AM | 31.184.234.99:6892 | udp | |
| AM | 31.184.234.100:6892 | udp | |
| AM | 31.184.234.101:6892 | udp | |
| AM | 31.184.234.102:6892 | udp | |
| AM | 31.184.234.103:6892 | udp | |
| AM | 31.184.234.104:6892 | udp | |
| AM | 31.184.234.105:6892 | udp | |
| AM | 31.184.234.106:6892 | udp | |
| AM | 31.184.234.107:6892 | udp | |
| AM | 31.184.234.108:6892 | udp | |
| AM | 31.184.234.109:6892 | udp | |
| AM | 31.184.234.110:6892 | udp | |
| AM | 31.184.234.111:6892 | udp | |
| AM | 31.184.234.112:6892 | udp | |
| AM | 31.184.234.113:6892 | udp | |
| AM | 31.184.234.114:6892 | udp | |
| AM | 31.184.234.115:6892 | udp | |
| AM | 31.184.234.116:6892 | udp | |
| AM | 31.184.234.117:6892 | udp | |
| AM | 31.184.234.118:6892 | udp | |
| AM | 31.184.234.119:6892 | udp | |
| AM | 31.184.234.120:6892 | udp | |
| AM | 31.184.234.121:6892 | udp | |
| AM | 31.184.234.122:6892 | udp | |
| AM | 31.184.234.123:6892 | udp | |
| AM | 31.184.234.124:6892 | udp | |
| AM | 31.184.234.125:6892 | udp | |
| AM | 31.184.234.126:6892 | udp | |
| AM | 31.184.234.127:6892 | udp | |
| AM | 31.184.234.128:6892 | udp | |
| AM | 31.184.234.129:6892 | udp | |
| AM | 31.184.234.130:6892 | udp | |
| AM | 31.184.234.131:6892 | udp | |
| AM | 31.184.234.132:6892 | udp | |
| AM | 31.184.234.133:6892 | udp | |
| AM | 31.184.234.134:6892 | udp | |
| AM | 31.184.234.135:6892 | udp | |
| AM | 31.184.234.136:6892 | udp | |
| AM | 31.184.234.137:6892 | udp | |
| AM | 31.184.234.138:6892 | udp | |
| AM | 31.184.234.139:6892 | udp | |
| AM | 31.184.234.140:6892 | udp | |
| AM | 31.184.234.141:6892 | udp | |
| AM | 31.184.234.142:6892 | udp | |
| AM | 31.184.234.143:6892 | udp | |
| AM | 31.184.234.144:6892 | udp | |
| AM | 31.184.234.145:6892 | udp | |
| AM | 31.184.234.146:6892 | udp | |
| AM | 31.184.234.147:6892 | udp | |
| AM | 31.184.234.148:6892 | udp | |
| AM | 31.184.234.149:6892 | udp | |
| AM | 31.184.234.150:6892 | udp | |
| AM | 31.184.234.151:6892 | udp | |
| AM | 31.184.234.152:6892 | udp | |
| AM | 31.184.234.153:6892 | udp | |
| AM | 31.184.234.154:6892 | udp | |
| AM | 31.184.234.155:6892 | udp | |
| AM | 31.184.234.156:6892 | udp | |
| AM | 31.184.234.157:6892 | udp | |
| AM | 31.184.234.158:6892 | udp | |
| AM | 31.184.234.159:6892 | udp | |
| AM | 31.184.234.160:6892 | udp | |
| AM | 31.184.234.161:6892 | udp | |
| AM | 31.184.234.162:6892 | udp | |
| AM | 31.184.234.163:6892 | udp | |
| AM | 31.184.234.164:6892 | udp | |
| AM | 31.184.234.165:6892 | udp | |
| AM | 31.184.234.166:6892 | udp | |
| AM | 31.184.234.167:6892 | udp | |
| AM | 31.184.234.168:6892 | udp | |
| AM | 31.184.234.169:6892 | udp | |
| AM | 31.184.234.170:6892 | udp | |
| AM | 31.184.234.171:6892 | udp | |
| AM | 31.184.234.172:6892 | udp | |
| AM | 31.184.234.173:6892 | udp | |
| AM | 31.184.234.174:6892 | udp | |
| AM | 31.184.234.175:6892 | udp | |
| AM | 31.184.234.176:6892 | udp | |
| AM | 31.184.234.177:6892 | udp | |
| AM | 31.184.234.178:6892 | udp | |
| AM | 31.184.234.179:6892 | udp | |
| AM | 31.184.234.180:6892 | udp | |
| AM | 31.184.234.181:6892 | udp | |
| AM | 31.184.234.182:6892 | udp | |
| AM | 31.184.234.183:6892 | udp | |
| AM | 31.184.234.184:6892 | udp | |
| AM | 31.184.234.185:6892 | udp | |
| AM | 31.184.234.186:6892 | udp | |
| AM | 31.184.234.187:6892 | udp | |
| AM | 31.184.234.188:6892 | udp | |
| AM | 31.184.234.189:6892 | udp | |
| AM | 31.184.234.190:6892 | udp | |
| AM | 31.184.234.191:6892 | udp | |
| AM | 31.184.234.192:6892 | udp | |
| AM | 31.184.234.193:6892 | udp | |
| AM | 31.184.234.194:6892 | udp | |
| AM | 31.184.234.195:6892 | udp | |
| AM | 31.184.234.196:6892 | udp | |
| AM | 31.184.234.197:6892 | udp | |
| AM | 31.184.234.198:6892 | udp | |
| AM | 31.184.234.199:6892 | udp | |
| AM | 31.184.234.200:6892 | udp | |
| AM | 31.184.234.201:6892 | udp | |
| AM | 31.184.234.202:6892 | udp | |
| AM | 31.184.234.203:6892 | udp | |
| AM | 31.184.234.204:6892 | udp | |
| AM | 31.184.234.205:6892 | udp | |
| AM | 31.184.234.206:6892 | udp | |
| AM | 31.184.234.207:6892 | udp | |
| AM | 31.184.234.208:6892 | udp | |
| AM | 31.184.234.209:6892 | udp | |
| AM | 31.184.234.210:6892 | udp | |
| AM | 31.184.234.211:6892 | udp | |
| AM | 31.184.234.212:6892 | udp | |
| AM | 31.184.234.213:6892 | udp | |
| AM | 31.184.234.214:6892 | udp | |
| AM | 31.184.234.215:6892 | udp | |
| AM | 31.184.234.216:6892 | udp | |
| AM | 31.184.234.217:6892 | udp | |
| AM | 31.184.234.218:6892 | udp | |
| AM | 31.184.234.219:6892 | udp | |
| AM | 31.184.234.220:6892 | udp | |
| AM | 31.184.234.221:6892 | udp | |
| AM | 31.184.234.222:6892 | udp | |
| AM | 31.184.234.223:6892 | udp | |
| AM | 31.184.234.224:6892 | udp | |
| AM | 31.184.234.225:6892 | udp | |
| AM | 31.184.234.226:6892 | udp | |
| AM | 31.184.234.227:6892 | udp | |
| AM | 31.184.234.228:6892 | udp | |
| AM | 31.184.234.229:6892 | udp | |
| AM | 31.184.234.230:6892 | udp | |
| AM | 31.184.234.231:6892 | udp | |
| AM | 31.184.234.232:6892 | udp | |
| AM | 31.184.234.233:6892 | udp | |
| AM | 31.184.234.234:6892 | udp | |
| AM | 31.184.234.235:6892 | udp | |
| AM | 31.184.234.236:6892 | udp | |
| AM | 31.184.234.237:6892 | udp | |
| AM | 31.184.234.238:6892 | udp | |
| AM | 31.184.234.239:6892 | udp | |
| AM | 31.184.234.240:6892 | udp | |
| AM | 31.184.234.241:6892 | udp | |
| AM | 31.184.234.242:6892 | udp | |
| AM | 31.184.234.243:6892 | udp | |
| AM | 31.184.234.244:6892 | udp | |
| AM | 31.184.234.245:6892 | udp | |
| AM | 31.184.234.246:6892 | udp | |
| AM | 31.184.234.247:6892 | udp | |
| AM | 31.184.234.248:6892 | udp | |
| AM | 31.184.234.249:6892 | udp | |
| AM | 31.184.234.250:6892 | udp | |
| AM | 31.184.234.251:6892 | udp | |
| AM | 31.184.234.252:6892 | udp | |
| AM | 31.184.234.253:6892 | udp | |
| AM | 31.184.234.254:6892 | udp | |
| AM | 31.184.234.255:6892 | udp | |
| AM | 31.184.235.0:6892 | udp | |
| AM | 31.184.235.1:6892 | udp | |
| AM | 31.184.235.2:6892 | udp | |
| AM | 31.184.235.3:6892 | udp | |
| AM | 31.184.235.4:6892 | udp | |
| AM | 31.184.235.5:6892 | udp | |
| AM | 31.184.235.6:6892 | udp | |
| AM | 31.184.235.7:6892 | udp | |
| AM | 31.184.235.8:6892 | udp | |
| AM | 31.184.235.9:6892 | udp | |
| AM | 31.184.235.10:6892 | udp | |
| AM | 31.184.235.11:6892 | udp | |
| AM | 31.184.235.12:6892 | udp | |
| AM | 31.184.235.13:6892 | udp | |
| AM | 31.184.235.14:6892 | udp | |
| AM | 31.184.235.15:6892 | udp | |
| AM | 31.184.235.16:6892 | udp | |
| AM | 31.184.235.17:6892 | udp | |
| AM | 31.184.235.18:6892 | udp | |
| AM | 31.184.235.19:6892 | udp | |
| AM | 31.184.235.20:6892 | udp | |
| AM | 31.184.235.21:6892 | udp | |
| AM | 31.184.235.22:6892 | udp | |
| AM | 31.184.235.23:6892 | udp | |
| AM | 31.184.235.24:6892 | udp | |
| AM | 31.184.235.25:6892 | udp | |
| AM | 31.184.235.26:6892 | udp | |
| AM | 31.184.235.27:6892 | udp | |
| AM | 31.184.235.28:6892 | udp | |
| AM | 31.184.235.29:6892 | udp | |
| AM | 31.184.235.30:6892 | udp | |
| AM | 31.184.235.31:6892 | udp | |
| AM | 31.184.235.32:6892 | udp | |
| AM | 31.184.235.33:6892 | udp | |
| AM | 31.184.235.34:6892 | udp | |
| AM | 31.184.235.35:6892 | udp | |
| AM | 31.184.235.36:6892 | udp | |
| AM | 31.184.235.37:6892 | udp | |
| AM | 31.184.235.38:6892 | udp | |
| AM | 31.184.235.39:6892 | udp | |
| AM | 31.184.235.40:6892 | udp | |
| AM | 31.184.235.41:6892 | udp | |
| AM | 31.184.235.42:6892 | udp | |
| AM | 31.184.235.43:6892 | udp | |
| AM | 31.184.235.44:6892 | udp | |
| AM | 31.184.235.45:6892 | udp | |
| AM | 31.184.235.46:6892 | udp | |
| AM | 31.184.235.47:6892 | udp | |
| AM | 31.184.235.48:6892 | udp | |
| AM | 31.184.235.49:6892 | udp | |
| AM | 31.184.235.50:6892 | udp | |
| AM | 31.184.235.51:6892 | udp | |
| AM | 31.184.235.52:6892 | udp | |
| AM | 31.184.235.53:6892 | udp | |
| AM | 31.184.235.54:6892 | udp | |
| AM | 31.184.235.55:6892 | udp | |
| AM | 31.184.235.56:6892 | udp | |
| AM | 31.184.235.57:6892 | udp | |
| AM | 31.184.235.58:6892 | udp | |
| AM | 31.184.235.59:6892 | udp | |
| AM | 31.184.235.60:6892 | udp | |
| AM | 31.184.235.61:6892 | udp | |
| AM | 31.184.235.62:6892 | udp | |
| AM | 31.184.235.63:6892 | udp | |
| AM | 31.184.235.64:6892 | udp | |
| AM | 31.184.235.65:6892 | udp | |
| AM | 31.184.235.66:6892 | udp | |
| AM | 31.184.235.67:6892 | udp | |
| AM | 31.184.235.68:6892 | udp | |
| AM | 31.184.235.69:6892 | udp | |
| AM | 31.184.235.70:6892 | udp | |
| AM | 31.184.235.71:6892 | udp | |
| AM | 31.184.235.72:6892 | udp | |
| AM | 31.184.235.73:6892 | udp | |
| AM | 31.184.235.74:6892 | udp | |
| AM | 31.184.235.75:6892 | udp | |
| AM | 31.184.235.76:6892 | udp | |
| AM | 31.184.235.77:6892 | udp | |
| AM | 31.184.235.78:6892 | udp | |
| AM | 31.184.235.79:6892 | udp | |
| AM | 31.184.235.80:6892 | udp | |
| AM | 31.184.235.81:6892 | udp | |
| AM | 31.184.235.82:6892 | udp | |
| AM | 31.184.235.83:6892 | udp | |
| AM | 31.184.235.84:6892 | udp | |
| AM | 31.184.235.85:6892 | udp | |
| AM | 31.184.235.86:6892 | udp | |
| AM | 31.184.235.87:6892 | udp | |
| AM | 31.184.235.88:6892 | udp | |
| AM | 31.184.235.89:6892 | udp | |
| AM | 31.184.235.90:6892 | udp | |
| AM | 31.184.235.91:6892 | udp | |
| AM | 31.184.235.92:6892 | udp | |
| AM | 31.184.235.93:6892 | udp | |
| AM | 31.184.235.94:6892 | udp | |
| AM | 31.184.235.95:6892 | udp | |
| AM | 31.184.235.96:6892 | udp | |
| AM | 31.184.235.97:6892 | udp | |
| AM | 31.184.235.98:6892 | udp | |
| AM | 31.184.235.99:6892 | udp | |
| AM | 31.184.235.100:6892 | udp | |
| AM | 31.184.235.101:6892 | udp | |
| AM | 31.184.235.102:6892 | udp | |
| AM | 31.184.235.103:6892 | udp | |
| AM | 31.184.235.104:6892 | udp | |
| AM | 31.184.235.105:6892 | udp | |
| AM | 31.184.235.106:6892 | udp | |
| AM | 31.184.235.107:6892 | udp | |
| AM | 31.184.235.108:6892 | udp | |
| AM | 31.184.235.109:6892 | udp | |
| AM | 31.184.235.110:6892 | udp | |
| AM | 31.184.235.111:6892 | udp | |
| AM | 31.184.235.112:6892 | udp | |
| AM | 31.184.235.113:6892 | udp | |
| AM | 31.184.235.114:6892 | udp | |
| AM | 31.184.235.115:6892 | udp | |
| AM | 31.184.235.116:6892 | udp | |
| AM | 31.184.235.117:6892 | udp | |
| AM | 31.184.235.118:6892 | udp | |
| AM | 31.184.235.119:6892 | udp | |
| AM | 31.184.235.120:6892 | udp | |
| AM | 31.184.235.121:6892 | udp | |
| AM | 31.184.235.122:6892 | udp | |
| AM | 31.184.235.123:6892 | udp | |
| AM | 31.184.235.124:6892 | udp | |
| AM | 31.184.235.125:6892 | udp | |
| AM | 31.184.235.126:6892 | udp | |
| AM | 31.184.235.127:6892 | udp | |
| AM | 31.184.235.128:6892 | udp | |
| AM | 31.184.235.129:6892 | udp | |
| AM | 31.184.235.130:6892 | udp | |
| AM | 31.184.235.131:6892 | udp | |
| AM | 31.184.235.132:6892 | udp | |
| AM | 31.184.235.133:6892 | udp | |
| AM | 31.184.235.134:6892 | udp | |
| AM | 31.184.235.135:6892 | udp | |
| AM | 31.184.235.136:6892 | udp | |
| AM | 31.184.235.137:6892 | udp | |
| AM | 31.184.235.138:6892 | udp | |
| AM | 31.184.235.139:6892 | udp | |
| AM | 31.184.235.140:6892 | udp | |
| AM | 31.184.235.141:6892 | udp | |
| AM | 31.184.235.142:6892 | udp | |
| AM | 31.184.235.143:6892 | udp | |
| AM | 31.184.235.144:6892 | udp | |
| AM | 31.184.235.145:6892 | udp | |
| AM | 31.184.235.146:6892 | udp | |
| AM | 31.184.235.147:6892 | udp | |
| AM | 31.184.235.148:6892 | udp | |
| AM | 31.184.235.149:6892 | udp | |
| AM | 31.184.235.150:6892 | udp | |
| AM | 31.184.235.151:6892 | udp | |
| AM | 31.184.235.152:6892 | udp | |
| AM | 31.184.235.153:6892 | udp | |
| AM | 31.184.235.154:6892 | udp | |
| AM | 31.184.235.155:6892 | udp | |
| AM | 31.184.235.156:6892 | udp | |
| AM | 31.184.235.157:6892 | udp | |
| AM | 31.184.235.158:6892 | udp | |
| AM | 31.184.235.159:6892 | udp | |
| AM | 31.184.235.160:6892 | udp | |
| AM | 31.184.235.161:6892 | udp | |
| AM | 31.184.235.162:6892 | udp | |
| AM | 31.184.235.163:6892 | udp | |
| AM | 31.184.235.164:6892 | udp | |
| AM | 31.184.235.165:6892 | udp | |
| AM | 31.184.235.166:6892 | udp | |
| AM | 31.184.235.167:6892 | udp | |
| AM | 31.184.235.168:6892 | udp | |
| AM | 31.184.235.169:6892 | udp | |
| AM | 31.184.235.170:6892 | udp | |
| AM | 31.184.235.171:6892 | udp | |
| AM | 31.184.235.172:6892 | udp | |
| AM | 31.184.235.173:6892 | udp | |
| AM | 31.184.235.174:6892 | udp | |
| AM | 31.184.235.175:6892 | udp | |
| AM | 31.184.235.176:6892 | udp | |
| AM | 31.184.235.177:6892 | udp | |
| AM | 31.184.235.178:6892 | udp | |
| AM | 31.184.235.179:6892 | udp | |
| AM | 31.184.235.180:6892 | udp | |
| AM | 31.184.235.181:6892 | udp | |
| AM | 31.184.235.182:6892 | udp | |
| AM | 31.184.235.183:6892 | udp | |
| AM | 31.184.235.184:6892 | udp | |
| AM | 31.184.235.185:6892 | udp | |
| AM | 31.184.235.186:6892 | udp | |
| AM | 31.184.235.187:6892 | udp | |
| AM | 31.184.235.188:6892 | udp | |
| AM | 31.184.235.189:6892 | udp | |
| AM | 31.184.235.190:6892 | udp | |
| AM | 31.184.235.191:6892 | udp | |
| AM | 31.184.235.192:6892 | udp | |
| AM | 31.184.235.193:6892 | udp | |
| AM | 31.184.235.194:6892 | udp | |
| AM | 31.184.235.195:6892 | udp | |
| AM | 31.184.235.196:6892 | udp | |
| AM | 31.184.235.197:6892 | udp | |
| AM | 31.184.235.198:6892 | udp | |
| AM | 31.184.235.199:6892 | udp | |
| AM | 31.184.235.200:6892 | udp | |
| AM | 31.184.235.201:6892 | udp | |
| AM | 31.184.235.202:6892 | udp | |
| AM | 31.184.235.203:6892 | udp | |
| AM | 31.184.235.204:6892 | udp | |
| AM | 31.184.235.205:6892 | udp | |
| AM | 31.184.235.206:6892 | udp | |
| AM | 31.184.235.207:6892 | udp | |
| AM | 31.184.235.208:6892 | udp | |
| AM | 31.184.235.209:6892 | udp | |
| AM | 31.184.235.210:6892 | udp | |
| AM | 31.184.235.211:6892 | udp | |
| AM | 31.184.235.212:6892 | udp | |
| AM | 31.184.235.213:6892 | udp | |
| AM | 31.184.235.214:6892 | udp | |
| AM | 31.184.235.215:6892 | udp | |
| AM | 31.184.235.216:6892 | udp | |
| AM | 31.184.235.217:6892 | udp | |
| AM | 31.184.235.218:6892 | udp | |
| AM | 31.184.235.219:6892 | udp | |
| AM | 31.184.235.220:6892 | udp | |
| AM | 31.184.235.221:6892 | udp | |
| AM | 31.184.235.222:6892 | udp | |
| AM | 31.184.235.223:6892 | udp | |
| AM | 31.184.235.224:6892 | udp | |
| AM | 31.184.235.225:6892 | udp | |
| AM | 31.184.235.226:6892 | udp | |
| AM | 31.184.235.227:6892 | udp | |
| AM | 31.184.235.228:6892 | udp | |
| AM | 31.184.235.229:6892 | udp | |
| AM | 31.184.235.230:6892 | udp | |
| AM | 31.184.235.231:6892 | udp | |
| AM | 31.184.235.232:6892 | udp | |
| AM | 31.184.235.233:6892 | udp | |
| AM | 31.184.235.234:6892 | udp | |
| AM | 31.184.235.235:6892 | udp | |
| AM | 31.184.235.236:6892 | udp | |
| AM | 31.184.235.237:6892 | udp | |
| AM | 31.184.235.238:6892 | udp | |
| AM | 31.184.235.239:6892 | udp | |
| AM | 31.184.235.240:6892 | udp | |
| AM | 31.184.235.241:6892 | udp | |
| AM | 31.184.235.242:6892 | udp | |
| AM | 31.184.235.243:6892 | udp | |
| AM | 31.184.235.244:6892 | udp | |
| AM | 31.184.235.245:6892 | udp | |
| AM | 31.184.235.246:6892 | udp | |
| AM | 31.184.235.247:6892 | udp | |
| AM | 31.184.235.248:6892 | udp | |
| AM | 31.184.235.249:6892 | udp | |
| AM | 31.184.235.250:6892 | udp | |
| AM | 31.184.235.251:6892 | udp | |
| AM | 31.184.235.252:6892 | udp | |
| AM | 31.184.235.253:6892 | udp | |
| AM | 31.184.235.254:6892 | udp | |
| AM | 31.184.235.255:6892 | udp | |
| AM | 31.184.234.0:6892 | udp | |
| AM | 31.184.234.1:6892 | udp | |
| AM | 31.184.234.2:6892 | udp | |
| AM | 31.184.234.3:6892 | udp | |
| AM | 31.184.234.4:6892 | udp | |
| AM | 31.184.234.5:6892 | udp | |
| AM | 31.184.234.6:6892 | udp | |
| AM | 31.184.234.7:6892 | udp | |
| AM | 31.184.234.8:6892 | udp | |
| AM | 31.184.234.9:6892 | udp | |
| AM | 31.184.234.10:6892 | udp | |
| AM | 31.184.234.11:6892 | udp | |
| AM | 31.184.234.12:6892 | udp | |
| AM | 31.184.234.13:6892 | udp | |
| AM | 31.184.234.14:6892 | udp | |
| AM | 31.184.234.15:6892 | udp | |
| AM | 31.184.234.16:6892 | udp | |
| AM | 31.184.234.17:6892 | udp | |
| AM | 31.184.234.18:6892 | udp | |
| AM | 31.184.234.19:6892 | udp | |
| AM | 31.184.234.20:6892 | udp | |
| AM | 31.184.234.21:6892 | udp | |
| AM | 31.184.234.22:6892 | udp | |
| AM | 31.184.234.23:6892 | udp | |
| AM | 31.184.234.24:6892 | udp | |
| AM | 31.184.234.25:6892 | udp | |
| AM | 31.184.234.26:6892 | udp | |
| AM | 31.184.234.27:6892 | udp | |
| AM | 31.184.234.28:6892 | udp | |
| AM | 31.184.234.29:6892 | udp | |
| AM | 31.184.234.30:6892 | udp | |
| AM | 31.184.234.31:6892 | udp | |
| AM | 31.184.234.32:6892 | udp | |
| AM | 31.184.234.33:6892 | udp | |
| AM | 31.184.234.34:6892 | udp | |
| AM | 31.184.234.35:6892 | udp | |
| AM | 31.184.234.36:6892 | udp | |
| AM | 31.184.234.37:6892 | udp | |
| AM | 31.184.234.38:6892 | udp | |
| AM | 31.184.234.39:6892 | udp | |
| AM | 31.184.234.40:6892 | udp | |
| AM | 31.184.234.41:6892 | udp | |
| AM | 31.184.234.42:6892 | udp | |
| AM | 31.184.234.43:6892 | udp | |
| AM | 31.184.234.44:6892 | udp | |
| AM | 31.184.234.45:6892 | udp | |
| AM | 31.184.234.46:6892 | udp | |
| AM | 31.184.234.47:6892 | udp | |
| AM | 31.184.234.48:6892 | udp | |
| AM | 31.184.234.49:6892 | udp | |
| AM | 31.184.234.50:6892 | udp | |
| AM | 31.184.234.51:6892 | udp | |
| AM | 31.184.234.52:6892 | udp | |
| AM | 31.184.234.53:6892 | udp | |
| AM | 31.184.234.54:6892 | udp | |
| AM | 31.184.234.55:6892 | udp | |
| AM | 31.184.234.56:6892 | udp | |
| AM | 31.184.234.57:6892 | udp | |
| AM | 31.184.234.58:6892 | udp | |
| AM | 31.184.234.59:6892 | udp | |
| AM | 31.184.234.60:6892 | udp | |
| AM | 31.184.234.61:6892 | udp | |
| AM | 31.184.234.62:6892 | udp | |
| AM | 31.184.234.63:6892 | udp | |
| AM | 31.184.234.64:6892 | udp | |
| AM | 31.184.234.65:6892 | udp | |
| AM | 31.184.234.66:6892 | udp | |
| AM | 31.184.234.67:6892 | udp | |
| AM | 31.184.234.68:6892 | udp | |
| AM | 31.184.234.69:6892 | udp | |
| AM | 31.184.234.70:6892 | udp | |
| AM | 31.184.234.71:6892 | udp | |
| AM | 31.184.234.72:6892 | udp | |
| AM | 31.184.234.73:6892 | udp | |
| AM | 31.184.234.74:6892 | udp | |
| AM | 31.184.234.75:6892 | udp | |
| AM | 31.184.234.76:6892 | udp | |
| AM | 31.184.234.77:6892 | udp | |
| AM | 31.184.234.78:6892 | udp | |
| AM | 31.184.234.79:6892 | udp | |
| AM | 31.184.234.80:6892 | udp | |
| AM | 31.184.234.81:6892 | udp | |
| AM | 31.184.234.82:6892 | udp | |
| AM | 31.184.234.83:6892 | udp | |
| AM | 31.184.234.84:6892 | udp | |
| AM | 31.184.234.85:6892 | udp | |
| AM | 31.184.234.86:6892 | udp | |
| AM | 31.184.234.87:6892 | udp | |
| AM | 31.184.234.88:6892 | udp | |
| AM | 31.184.234.89:6892 | udp | |
| AM | 31.184.234.90:6892 | udp | |
| AM | 31.184.234.91:6892 | udp | |
| AM | 31.184.234.92:6892 | udp | |
| AM | 31.184.234.93:6892 | udp | |
| AM | 31.184.234.94:6892 | udp | |
| AM | 31.184.234.95:6892 | udp | |
| AM | 31.184.234.96:6892 | udp | |
| AM | 31.184.234.97:6892 | udp | |
| AM | 31.184.234.98:6892 | udp | |
| AM | 31.184.234.99:6892 | udp | |
| AM | 31.184.234.100:6892 | udp | |
| AM | 31.184.234.101:6892 | udp | |
| AM | 31.184.234.102:6892 | udp | |
| AM | 31.184.234.103:6892 | udp | |
| AM | 31.184.234.104:6892 | udp | |
| AM | 31.184.234.105:6892 | udp | |
| AM | 31.184.234.106:6892 | udp | |
| AM | 31.184.234.107:6892 | udp | |
| AM | 31.184.234.108:6892 | udp | |
| AM | 31.184.234.109:6892 | udp | |
| AM | 31.184.234.110:6892 | udp | |
| AM | 31.184.234.111:6892 | udp | |
| AM | 31.184.234.112:6892 | udp | |
| AM | 31.184.234.113:6892 | udp | |
| AM | 31.184.234.114:6892 | udp | |
| AM | 31.184.234.115:6892 | udp | |
| AM | 31.184.234.116:6892 | udp | |
| AM | 31.184.234.117:6892 | udp | |
| AM | 31.184.234.118:6892 | udp | |
| AM | 31.184.234.119:6892 | udp | |
| AM | 31.184.234.120:6892 | udp | |
| AM | 31.184.234.121:6892 | udp | |
| AM | 31.184.234.122:6892 | udp | |
| AM | 31.184.234.123:6892 | udp | |
| AM | 31.184.234.124:6892 | udp | |
| AM | 31.184.234.125:6892 | udp | |
| AM | 31.184.234.126:6892 | udp | |
| AM | 31.184.234.127:6892 | udp | |
| AM | 31.184.234.128:6892 | udp | |
| AM | 31.184.234.129:6892 | udp | |
| AM | 31.184.234.130:6892 | udp | |
| AM | 31.184.234.131:6892 | udp | |
| AM | 31.184.234.132:6892 | udp | |
| AM | 31.184.234.133:6892 | udp | |
| AM | 31.184.234.134:6892 | udp | |
| AM | 31.184.234.135:6892 | udp | |
| AM | 31.184.234.136:6892 | udp | |
| AM | 31.184.234.137:6892 | udp | |
| AM | 31.184.234.138:6892 | udp | |
| AM | 31.184.234.139:6892 | udp | |
| AM | 31.184.234.140:6892 | udp | |
| AM | 31.184.234.141:6892 | udp | |
| AM | 31.184.234.142:6892 | udp | |
| AM | 31.184.234.143:6892 | udp | |
| AM | 31.184.234.144:6892 | udp | |
| AM | 31.184.234.145:6892 | udp | |
| AM | 31.184.234.146:6892 | udp | |
| AM | 31.184.234.147:6892 | udp | |
| AM | 31.184.234.148:6892 | udp | |
| AM | 31.184.234.149:6892 | udp | |
| AM | 31.184.234.150:6892 | udp | |
| AM | 31.184.234.151:6892 | udp | |
| AM | 31.184.234.152:6892 | udp | |
| AM | 31.184.234.153:6892 | udp | |
| AM | 31.184.234.154:6892 | udp | |
| AM | 31.184.234.155:6892 | udp | |
| AM | 31.184.234.156:6892 | udp | |
| AM | 31.184.234.157:6892 | udp | |
| AM | 31.184.234.158:6892 | udp | |
| AM | 31.184.234.159:6892 | udp | |
| AM | 31.184.234.160:6892 | udp | |
| AM | 31.184.234.161:6892 | udp | |
| AM | 31.184.234.162:6892 | udp | |
| AM | 31.184.234.163:6892 | udp | |
| AM | 31.184.234.164:6892 | udp | |
| AM | 31.184.234.165:6892 | udp | |
| AM | 31.184.234.166:6892 | udp | |
| AM | 31.184.234.167:6892 | udp | |
| AM | 31.184.234.168:6892 | udp | |
| AM | 31.184.234.169:6892 | udp | |
| AM | 31.184.234.170:6892 | udp | |
| AM | 31.184.234.171:6892 | udp | |
| AM | 31.184.234.172:6892 | udp | |
| AM | 31.184.234.173:6892 | udp | |
| AM | 31.184.234.174:6892 | udp | |
| AM | 31.184.234.175:6892 | udp | |
| AM | 31.184.234.176:6892 | udp | |
| AM | 31.184.234.177:6892 | udp | |
| AM | 31.184.234.178:6892 | udp | |
| AM | 31.184.234.179:6892 | udp | |
| AM | 31.184.234.180:6892 | udp | |
| AM | 31.184.234.181:6892 | udp | |
| AM | 31.184.234.182:6892 | udp | |
| AM | 31.184.234.183:6892 | udp | |
| AM | 31.184.234.184:6892 | udp | |
| AM | 31.184.234.185:6892 | udp | |
| AM | 31.184.234.186:6892 | udp | |
| AM | 31.184.234.187:6892 | udp | |
| AM | 31.184.234.188:6892 | udp | |
| AM | 31.184.234.189:6892 | udp | |
| AM | 31.184.234.190:6892 | udp | |
| AM | 31.184.234.191:6892 | udp | |
| AM | 31.184.234.192:6892 | udp | |
| AM | 31.184.234.193:6892 | udp | |
| AM | 31.184.234.194:6892 | udp | |
| AM | 31.184.234.195:6892 | udp | |
| AM | 31.184.234.196:6892 | udp | |
| AM | 31.184.234.197:6892 | udp | |
| AM | 31.184.234.198:6892 | udp | |
| AM | 31.184.234.199:6892 | udp | |
| AM | 31.184.234.200:6892 | udp | |
| AM | 31.184.234.201:6892 | udp | |
| AM | 31.184.234.202:6892 | udp | |
| AM | 31.184.234.203:6892 | udp | |
| AM | 31.184.234.204:6892 | udp | |
| AM | 31.184.234.205:6892 | udp | |
| AM | 31.184.234.206:6892 | udp | |
| AM | 31.184.234.207:6892 | udp | |
| AM | 31.184.234.208:6892 | udp | |
| AM | 31.184.234.209:6892 | udp | |
| AM | 31.184.234.210:6892 | udp | |
| AM | 31.184.234.211:6892 | udp | |
| AM | 31.184.234.212:6892 | udp | |
| AM | 31.184.234.213:6892 | udp | |
| AM | 31.184.234.214:6892 | udp | |
| AM | 31.184.234.215:6892 | udp | |
| AM | 31.184.234.216:6892 | udp | |
| AM | 31.184.234.217:6892 | udp | |
| AM | 31.184.234.218:6892 | udp | |
| AM | 31.184.234.219:6892 | udp | |
| AM | 31.184.234.220:6892 | udp | |
| AM | 31.184.234.221:6892 | udp | |
| AM | 31.184.234.222:6892 | udp | |
| AM | 31.184.234.223:6892 | udp | |
| AM | 31.184.234.224:6892 | udp | |
| AM | 31.184.234.225:6892 | udp | |
| AM | 31.184.234.226:6892 | udp | |
| AM | 31.184.234.227:6892 | udp | |
| AM | 31.184.234.228:6892 | udp | |
| AM | 31.184.234.229:6892 | udp | |
| AM | 31.184.234.230:6892 | udp | |
| AM | 31.184.234.231:6892 | udp | |
| AM | 31.184.234.232:6892 | udp | |
| AM | 31.184.234.233:6892 | udp | |
| AM | 31.184.234.234:6892 | udp | |
| AM | 31.184.234.235:6892 | udp | |
| AM | 31.184.234.236:6892 | udp | |
| AM | 31.184.234.237:6892 | udp | |
| AM | 31.184.234.238:6892 | udp | |
| AM | 31.184.234.239:6892 | udp | |
| AM | 31.184.234.240:6892 | udp | |
| AM | 31.184.234.241:6892 | udp | |
| AM | 31.184.234.242:6892 | udp | |
| AM | 31.184.234.243:6892 | udp | |
| AM | 31.184.234.244:6892 | udp | |
| AM | 31.184.234.245:6892 | udp | |
| AM | 31.184.234.246:6892 | udp | |
| AM | 31.184.234.247:6892 | udp | |
| AM | 31.184.234.248:6892 | udp | |
| AM | 31.184.234.249:6892 | udp | |
| AM | 31.184.234.250:6892 | udp | |
| AM | 31.184.234.251:6892 | udp | |
| AM | 31.184.234.252:6892 | udp | |
| AM | 31.184.234.253:6892 | udp | |
| AM | 31.184.234.254:6892 | udp | |
| AM | 31.184.234.255:6892 | udp | |
| AM | 31.184.235.0:6892 | udp | |
| AM | 31.184.235.1:6892 | udp | |
| AM | 31.184.235.2:6892 | udp | |
| AM | 31.184.235.3:6892 | udp | |
| AM | 31.184.235.4:6892 | udp | |
| AM | 31.184.235.5:6892 | udp | |
| AM | 31.184.235.6:6892 | udp | |
| AM | 31.184.235.7:6892 | udp | |
| AM | 31.184.235.8:6892 | udp | |
| AM | 31.184.235.9:6892 | udp | |
| AM | 31.184.235.10:6892 | udp | |
| AM | 31.184.235.11:6892 | udp | |
| AM | 31.184.235.12:6892 | udp | |
| AM | 31.184.235.13:6892 | udp | |
| AM | 31.184.235.14:6892 | udp | |
| AM | 31.184.235.15:6892 | udp | |
| AM | 31.184.235.16:6892 | udp | |
| AM | 31.184.235.17:6892 | udp | |
| AM | 31.184.235.18:6892 | udp | |
| AM | 31.184.235.19:6892 | udp | |
| AM | 31.184.235.20:6892 | udp | |
| AM | 31.184.235.21:6892 | udp | |
| AM | 31.184.235.22:6892 | udp | |
| AM | 31.184.235.23:6892 | udp | |
| AM | 31.184.235.24:6892 | udp | |
| AM | 31.184.235.25:6892 | udp | |
| AM | 31.184.235.26:6892 | udp | |
| AM | 31.184.235.27:6892 | udp | |
| AM | 31.184.235.28:6892 | udp | |
| AM | 31.184.235.29:6892 | udp | |
| AM | 31.184.235.30:6892 | udp | |
| AM | 31.184.235.31:6892 | udp | |
| AM | 31.184.235.32:6892 | udp | |
| AM | 31.184.235.33:6892 | udp | |
| AM | 31.184.235.34:6892 | udp | |
| AM | 31.184.235.35:6892 | udp | |
| AM | 31.184.235.36:6892 | udp | |
| AM | 31.184.235.37:6892 | udp | |
| AM | 31.184.235.38:6892 | udp | |
| AM | 31.184.235.39:6892 | udp | |
| AM | 31.184.235.40:6892 | udp | |
| AM | 31.184.235.41:6892 | udp | |
| AM | 31.184.235.42:6892 | udp | |
| AM | 31.184.235.43:6892 | udp | |
| AM | 31.184.235.44:6892 | udp | |
| AM | 31.184.235.45:6892 | udp | |
| AM | 31.184.235.46:6892 | udp | |
| AM | 31.184.235.47:6892 | udp | |
| AM | 31.184.235.48:6892 | udp | |
| AM | 31.184.235.49:6892 | udp | |
| AM | 31.184.235.50:6892 | udp | |
| AM | 31.184.235.51:6892 | udp | |
| AM | 31.184.235.52:6892 | udp | |
| AM | 31.184.235.53:6892 | udp | |
| AM | 31.184.235.54:6892 | udp | |
| AM | 31.184.235.55:6892 | udp | |
| AM | 31.184.235.56:6892 | udp | |
| AM | 31.184.235.57:6892 | udp | |
| AM | 31.184.235.58:6892 | udp | |
| AM | 31.184.235.59:6892 | udp | |
| AM | 31.184.235.60:6892 | udp | |
| AM | 31.184.235.61:6892 | udp | |
| AM | 31.184.235.62:6892 | udp | |
| AM | 31.184.235.63:6892 | udp | |
| AM | 31.184.235.64:6892 | udp | |
| AM | 31.184.235.65:6892 | udp | |
| AM | 31.184.235.66:6892 | udp | |
| AM | 31.184.235.67:6892 | udp | |
| AM | 31.184.235.68:6892 | udp | |
| AM | 31.184.235.69:6892 | udp | |
| AM | 31.184.235.70:6892 | udp | |
| AM | 31.184.235.71:6892 | udp | |
| AM | 31.184.235.72:6892 | udp | |
| AM | 31.184.235.73:6892 | udp | |
| AM | 31.184.235.74:6892 | udp | |
| AM | 31.184.235.75:6892 | udp | |
| AM | 31.184.235.76:6892 | udp | |
| AM | 31.184.235.77:6892 | udp | |
| AM | 31.184.235.78:6892 | udp | |
| AM | 31.184.235.79:6892 | udp | |
| AM | 31.184.235.80:6892 | udp | |
| AM | 31.184.235.81:6892 | udp | |
| AM | 31.184.235.82:6892 | udp | |
| AM | 31.184.235.83:6892 | udp | |
| AM | 31.184.235.84:6892 | udp | |
| AM | 31.184.235.85:6892 | udp | |
| AM | 31.184.235.86:6892 | udp | |
| AM | 31.184.235.87:6892 | udp | |
| AM | 31.184.235.88:6892 | udp | |
| AM | 31.184.235.89:6892 | udp | |
| AM | 31.184.235.90:6892 | udp | |
| AM | 31.184.235.91:6892 | udp | |
| AM | 31.184.235.92:6892 | udp | |
| AM | 31.184.235.93:6892 | udp | |
| AM | 31.184.235.94:6892 | udp | |
| AM | 31.184.235.95:6892 | udp | |
| AM | 31.184.235.96:6892 | udp | |
| AM | 31.184.235.97:6892 | udp | |
| AM | 31.184.235.98:6892 | udp | |
| AM | 31.184.235.99:6892 | udp | |
| AM | 31.184.235.100:6892 | udp | |
| AM | 31.184.235.101:6892 | udp | |
| AM | 31.184.235.102:6892 | udp | |
| AM | 31.184.235.103:6892 | udp | |
| AM | 31.184.235.104:6892 | udp | |
| AM | 31.184.235.105:6892 | udp | |
| AM | 31.184.235.106:6892 | udp | |
| AM | 31.184.235.107:6892 | udp | |
| AM | 31.184.235.108:6892 | udp | |
| AM | 31.184.235.109:6892 | udp | |
| AM | 31.184.235.110:6892 | udp | |
| AM | 31.184.235.111:6892 | udp | |
| AM | 31.184.235.112:6892 | udp | |
| AM | 31.184.235.113:6892 | udp | |
| AM | 31.184.235.114:6892 | udp | |
| AM | 31.184.235.115:6892 | udp | |
| AM | 31.184.235.116:6892 | udp | |
| AM | 31.184.235.117:6892 | udp | |
| AM | 31.184.235.118:6892 | udp | |
| AM | 31.184.235.119:6892 | udp | |
| AM | 31.184.235.120:6892 | udp | |
| AM | 31.184.235.121:6892 | udp | |
| AM | 31.184.235.122:6892 | udp | |
| AM | 31.184.235.123:6892 | udp | |
| AM | 31.184.235.124:6892 | udp | |
| AM | 31.184.235.125:6892 | udp | |
| AM | 31.184.235.126:6892 | udp | |
| AM | 31.184.235.127:6892 | udp | |
| AM | 31.184.235.128:6892 | udp | |
| AM | 31.184.235.129:6892 | udp | |
| AM | 31.184.235.130:6892 | udp | |
| AM | 31.184.235.131:6892 | udp | |
| AM | 31.184.235.132:6892 | udp | |
| AM | 31.184.235.133:6892 | udp | |
| AM | 31.184.235.134:6892 | udp | |
| AM | 31.184.235.135:6892 | udp | |
| AM | 31.184.235.136:6892 | udp | |
| AM | 31.184.235.137:6892 | udp | |
| AM | 31.184.235.138:6892 | udp | |
| AM | 31.184.235.139:6892 | udp | |
| AM | 31.184.235.140:6892 | udp | |
| AM | 31.184.235.141:6892 | udp | |
| AM | 31.184.235.142:6892 | udp | |
| AM | 31.184.235.143:6892 | udp | |
| AM | 31.184.235.144:6892 | udp | |
| AM | 31.184.235.145:6892 | udp | |
| AM | 31.184.235.146:6892 | udp | |
| AM | 31.184.235.147:6892 | udp | |
| AM | 31.184.235.148:6892 | udp | |
| AM | 31.184.235.149:6892 | udp | |
| AM | 31.184.235.150:6892 | udp | |
| AM | 31.184.235.151:6892 | udp | |
| AM | 31.184.235.152:6892 | udp | |
| AM | 31.184.235.153:6892 | udp | |
| AM | 31.184.235.154:6892 | udp | |
| AM | 31.184.235.155:6892 | udp | |
| AM | 31.184.235.156:6892 | udp | |
| AM | 31.184.235.157:6892 | udp | |
| AM | 31.184.235.158:6892 | udp | |
| AM | 31.184.235.159:6892 | udp | |
| AM | 31.184.235.160:6892 | udp | |
| AM | 31.184.235.161:6892 | udp | |
| AM | 31.184.235.162:6892 | udp | |
| AM | 31.184.235.163:6892 | udp | |
| AM | 31.184.235.164:6892 | udp | |
| AM | 31.184.235.165:6892 | udp | |
| AM | 31.184.235.166:6892 | udp | |
| AM | 31.184.235.167:6892 | udp | |
| AM | 31.184.235.168:6892 | udp | |
| AM | 31.184.235.169:6892 | udp | |
| AM | 31.184.235.170:6892 | udp | |
| AM | 31.184.235.171:6892 | udp | |
| AM | 31.184.235.172:6892 | udp | |
| AM | 31.184.235.173:6892 | udp | |
| AM | 31.184.235.174:6892 | udp | |
| AM | 31.184.235.175:6892 | udp | |
| AM | 31.184.235.176:6892 | udp | |
| AM | 31.184.235.177:6892 | udp | |
| AM | 31.184.235.178:6892 | udp | |
| AM | 31.184.235.179:6892 | udp | |
| AM | 31.184.235.180:6892 | udp | |
| AM | 31.184.235.181:6892 | udp | |
| AM | 31.184.235.182:6892 | udp | |
| AM | 31.184.235.183:6892 | udp | |
| AM | 31.184.235.184:6892 | udp | |
| AM | 31.184.235.185:6892 | udp | |
| AM | 31.184.235.186:6892 | udp | |
| AM | 31.184.235.187:6892 | udp | |
| AM | 31.184.235.188:6892 | udp | |
| AM | 31.184.235.189:6892 | udp | |
| AM | 31.184.235.190:6892 | udp | |
| AM | 31.184.235.191:6892 | udp | |
| AM | 31.184.235.192:6892 | udp | |
| AM | 31.184.235.193:6892 | udp | |
| AM | 31.184.235.194:6892 | udp | |
| AM | 31.184.235.195:6892 | udp | |
| AM | 31.184.235.196:6892 | udp | |
| AM | 31.184.235.197:6892 | udp | |
| AM | 31.184.235.198:6892 | udp | |
| AM | 31.184.235.199:6892 | udp | |
| AM | 31.184.235.200:6892 | udp | |
| AM | 31.184.235.201:6892 | udp | |
| AM | 31.184.235.202:6892 | udp | |
| AM | 31.184.235.203:6892 | udp | |
| AM | 31.184.235.204:6892 | udp | |
| AM | 31.184.235.205:6892 | udp | |
| AM | 31.184.235.206:6892 | udp | |
| AM | 31.184.235.207:6892 | udp | |
| AM | 31.184.235.208:6892 | udp | |
| AM | 31.184.235.209:6892 | udp | |
| AM | 31.184.235.210:6892 | udp | |
| AM | 31.184.235.211:6892 | udp | |
| AM | 31.184.235.212:6892 | udp | |
| AM | 31.184.235.213:6892 | udp | |
| AM | 31.184.235.214:6892 | udp | |
| AM | 31.184.235.215:6892 | udp | |
| AM | 31.184.235.216:6892 | udp | |
| AM | 31.184.235.217:6892 | udp | |
| AM | 31.184.235.218:6892 | udp | |
| AM | 31.184.235.219:6892 | udp | |
| AM | 31.184.235.220:6892 | udp | |
| AM | 31.184.235.221:6892 | udp | |
| AM | 31.184.235.222:6892 | udp | |
| AM | 31.184.235.223:6892 | udp | |
| AM | 31.184.235.224:6892 | udp | |
| AM | 31.184.235.225:6892 | udp | |
| AM | 31.184.235.226:6892 | udp | |
| AM | 31.184.235.227:6892 | udp | |
| AM | 31.184.235.228:6892 | udp | |
| AM | 31.184.235.229:6892 | udp | |
| AM | 31.184.235.230:6892 | udp | |
| AM | 31.184.235.231:6892 | udp | |
| AM | 31.184.235.232:6892 | udp | |
| AM | 31.184.235.233:6892 | udp | |
| AM | 31.184.235.234:6892 | udp | |
| AM | 31.184.235.235:6892 | udp | |
| AM | 31.184.235.236:6892 | udp | |
| AM | 31.184.235.237:6892 | udp | |
| AM | 31.184.235.238:6892 | udp | |
| AM | 31.184.235.239:6892 | udp | |
| AM | 31.184.235.240:6892 | udp | |
| AM | 31.184.235.241:6892 | udp | |
| AM | 31.184.235.242:6892 | udp | |
| AM | 31.184.235.243:6892 | udp | |
| AM | 31.184.235.244:6892 | udp | |
| AM | 31.184.235.245:6892 | udp | |
| AM | 31.184.235.246:6892 | udp | |
| AM | 31.184.235.247:6892 | udp | |
| AM | 31.184.235.248:6892 | udp | |
| AM | 31.184.235.249:6892 | udp | |
| AM | 31.184.235.250:6892 | udp | |
| AM | 31.184.235.251:6892 | udp | |
| AM | 31.184.235.252:6892 | udp | |
| AM | 31.184.235.253:6892 | udp | |
| AM | 31.184.235.254:6892 | udp | |
| AM | 31.184.235.255:6892 | udp | |
| AM | 31.184.234.0:6892 | udp | |
| AM | 31.184.234.1:6892 | udp | |
| AM | 31.184.234.2:6892 | udp | |
| AM | 31.184.234.3:6892 | udp | |
| AM | 31.184.234.4:6892 | udp | |
| AM | 31.184.234.5:6892 | udp | |
| AM | 31.184.234.6:6892 | udp | |
| AM | 31.184.234.7:6892 | udp | |
| AM | 31.184.234.8:6892 | udp | |
| AM | 31.184.234.9:6892 | udp | |
| AM | 31.184.234.10:6892 | udp | |
| AM | 31.184.234.11:6892 | udp | |
| AM | 31.184.234.12:6892 | udp | |
| AM | 31.184.234.13:6892 | udp | |
| AM | 31.184.234.14:6892 | udp | |
| AM | 31.184.234.15:6892 | udp | |
| AM | 31.184.234.16:6892 | udp | |
| AM | 31.184.234.17:6892 | udp | |
| AM | 31.184.234.18:6892 | udp | |
| AM | 31.184.234.19:6892 | udp | |
| AM | 31.184.234.20:6892 | udp | |
| AM | 31.184.234.21:6892 | udp | |
| AM | 31.184.234.22:6892 | udp | |
| AM | 31.184.234.23:6892 | udp | |
| AM | 31.184.234.24:6892 | udp | |
| AM | 31.184.234.25:6892 | udp | |
| AM | 31.184.234.26:6892 | udp | |
| AM | 31.184.234.27:6892 | udp | |
| AM | 31.184.234.28:6892 | udp | |
| AM | 31.184.234.29:6892 | udp | |
| AM | 31.184.234.30:6892 | udp | |
| AM | 31.184.234.31:6892 | udp | |
| AM | 31.184.234.32:6892 | udp | |
| AM | 31.184.234.33:6892 | udp | |
| AM | 31.184.234.34:6892 | udp | |
| AM | 31.184.234.35:6892 | udp | |
| AM | 31.184.234.36:6892 | udp | |
| AM | 31.184.234.37:6892 | udp | |
| AM | 31.184.234.38:6892 | udp | |
| AM | 31.184.234.39:6892 | udp | |
| AM | 31.184.234.40:6892 | udp | |
| AM | 31.184.234.41:6892 | udp | |
| AM | 31.184.234.42:6892 | udp | |
| AM | 31.184.234.43:6892 | udp | |
| AM | 31.184.234.44:6892 | udp | |
| AM | 31.184.234.45:6892 | udp | |
| AM | 31.184.234.46:6892 | udp | |
| AM | 31.184.234.47:6892 | udp | |
| AM | 31.184.234.48:6892 | udp | |
| AM | 31.184.234.49:6892 | udp | |
| AM | 31.184.234.50:6892 | udp | |
| AM | 31.184.234.51:6892 | udp | |
| AM | 31.184.234.52:6892 | udp | |
| AM | 31.184.234.53:6892 | udp | |
| AM | 31.184.234.54:6892 | udp | |
| AM | 31.184.234.55:6892 | udp | |
| AM | 31.184.234.56:6892 | udp | |
| AM | 31.184.234.57:6892 | udp | |
| AM | 31.184.234.58:6892 | udp | |
| AM | 31.184.234.59:6892 | udp | |
| AM | 31.184.234.60:6892 | udp | |
| AM | 31.184.234.61:6892 | udp | |
| AM | 31.184.234.62:6892 | udp | |
| AM | 31.184.234.63:6892 | udp | |
| AM | 31.184.234.64:6892 | udp | |
| AM | 31.184.234.65:6892 | udp | |
| AM | 31.184.234.66:6892 | udp | |
| AM | 31.184.234.67:6892 | udp | |
| AM | 31.184.234.68:6892 | udp | |
| AM | 31.184.234.69:6892 | udp | |
| AM | 31.184.234.70:6892 | udp | |
| AM | 31.184.234.71:6892 | udp | |
| AM | 31.184.234.72:6892 | udp | |
| AM | 31.184.234.73:6892 | udp | |
| AM | 31.184.234.74:6892 | udp | |
| AM | 31.184.234.75:6892 | udp | |
| AM | 31.184.234.76:6892 | udp | |
| AM | 31.184.234.77:6892 | udp | |
| AM | 31.184.234.78:6892 | udp | |
| AM | 31.184.234.79:6892 | udp | |
| AM | 31.184.234.80:6892 | udp | |
| AM | 31.184.234.81:6892 | udp | |
| AM | 31.184.234.82:6892 | udp | |
| AM | 31.184.234.83:6892 | udp | |
| AM | 31.184.234.84:6892 | udp | |
| AM | 31.184.234.85:6892 | udp | |
| AM | 31.184.234.86:6892 | udp | |
| AM | 31.184.234.87:6892 | udp | |
| AM | 31.184.234.88:6892 | udp | |
| AM | 31.184.234.89:6892 | udp | |
| AM | 31.184.234.90:6892 | udp | |
| AM | 31.184.234.91:6892 | udp | |
| AM | 31.184.234.92:6892 | udp | |
| AM | 31.184.234.93:6892 | udp | |
| AM | 31.184.234.94:6892 | udp | |
| AM | 31.184.234.95:6892 | udp | |
| AM | 31.184.234.96:6892 | udp | |
| AM | 31.184.234.97:6892 | udp | |
| AM | 31.184.234.98:6892 | udp | |
| AM | 31.184.234.99:6892 | udp | |
| AM | 31.184.234.100:6892 | udp | |
| AM | 31.184.234.101:6892 | udp | |
| AM | 31.184.234.102:6892 | udp | |
| AM | 31.184.234.103:6892 | udp | |
| AM | 31.184.234.104:6892 | udp | |
| AM | 31.184.234.105:6892 | udp | |
| AM | 31.184.234.106:6892 | udp | |
| AM | 31.184.234.107:6892 | udp | |
| AM | 31.184.234.108:6892 | udp | |
| AM | 31.184.234.109:6892 | udp | |
| AM | 31.184.234.110:6892 | udp | |
| AM | 31.184.234.111:6892 | udp | |
| AM | 31.184.234.112:6892 | udp | |
| AM | 31.184.234.113:6892 | udp | |
| AM | 31.184.234.114:6892 | udp | |
| AM | 31.184.234.115:6892 | udp | |
| AM | 31.184.234.116:6892 | udp | |
| AM | 31.184.234.117:6892 | udp | |
| AM | 31.184.234.118:6892 | udp | |
| AM | 31.184.234.119:6892 | udp | |
| AM | 31.184.234.120:6892 | udp | |
| AM | 31.184.234.121:6892 | udp | |
| AM | 31.184.234.122:6892 | udp | |
| AM | 31.184.234.123:6892 | udp | |
| AM | 31.184.234.124:6892 | udp | |
| AM | 31.184.234.125:6892 | udp | |
| AM | 31.184.234.126:6892 | udp | |
| AM | 31.184.234.127:6892 | udp | |
| AM | 31.184.234.128:6892 | udp | |
| AM | 31.184.234.129:6892 | udp | |
| AM | 31.184.234.130:6892 | udp | |
| AM | 31.184.234.131:6892 | udp | |
| AM | 31.184.234.132:6892 | udp | |
| AM | 31.184.234.133:6892 | udp | |
| AM | 31.184.234.134:6892 | udp | |
| AM | 31.184.234.135:6892 | udp | |
| AM | 31.184.234.136:6892 | udp | |
| AM | 31.184.234.137:6892 | udp | |
| AM | 31.184.234.138:6892 | udp | |
| AM | 31.184.234.139:6892 | udp | |
| AM | 31.184.234.140:6892 | udp | |
| AM | 31.184.234.141:6892 | udp | |
| AM | 31.184.234.142:6892 | udp | |
| AM | 31.184.234.143:6892 | udp | |
| AM | 31.184.234.144:6892 | udp | |
| AM | 31.184.234.145:6892 | udp | |
| AM | 31.184.234.146:6892 | udp | |
| AM | 31.184.234.147:6892 | udp | |
| AM | 31.184.234.148:6892 | udp | |
| AM | 31.184.234.149:6892 | udp | |
| AM | 31.184.234.150:6892 | udp | |
| AM | 31.184.234.151:6892 | udp | |
| AM | 31.184.234.152:6892 | udp | |
| AM | 31.184.234.153:6892 | udp | |
| AM | 31.184.234.154:6892 | udp | |
| AM | 31.184.234.155:6892 | udp | |
| AM | 31.184.234.156:6892 | udp | |
| AM | 31.184.234.157:6892 | udp | |
| AM | 31.184.234.158:6892 | udp | |
| AM | 31.184.234.159:6892 | udp | |
| AM | 31.184.234.160:6892 | udp | |
| AM | 31.184.234.161:6892 | udp | |
| AM | 31.184.234.162:6892 | udp | |
| AM | 31.184.234.163:6892 | udp | |
| AM | 31.184.234.164:6892 | udp | |
| AM | 31.184.234.165:6892 | udp | |
| AM | 31.184.234.166:6892 | udp | |
| AM | 31.184.234.167:6892 | udp | |
| AM | 31.184.234.168:6892 | udp | |
| AM | 31.184.234.169:6892 | udp | |
| AM | 31.184.234.170:6892 | udp | |
| AM | 31.184.234.171:6892 | udp | |
| AM | 31.184.234.172:6892 | udp | |
| AM | 31.184.234.173:6892 | udp | |
| AM | 31.184.234.174:6892 | udp | |
| AM | 31.184.234.175:6892 | udp | |
| AM | 31.184.234.176:6892 | udp | |
| AM | 31.184.234.177:6892 | udp | |
| AM | 31.184.234.178:6892 | udp | |
| AM | 31.184.234.179:6892 | udp | |
| AM | 31.184.234.180:6892 | udp | |
| AM | 31.184.234.181:6892 | udp | |
| AM | 31.184.234.182:6892 | udp | |
| AM | 31.184.234.183:6892 | udp | |
| AM | 31.184.234.184:6892 | udp | |
| AM | 31.184.234.185:6892 | udp | |
| AM | 31.184.234.186:6892 | udp | |
| AM | 31.184.234.187:6892 | udp | |
| AM | 31.184.234.188:6892 | udp | |
| AM | 31.184.234.189:6892 | udp | |
| AM | 31.184.234.190:6892 | udp | |
| AM | 31.184.234.191:6892 | udp | |
| AM | 31.184.234.192:6892 | udp | |
| AM | 31.184.234.193:6892 | udp | |
| AM | 31.184.234.194:6892 | udp | |
| AM | 31.184.234.195:6892 | udp | |
| AM | 31.184.234.196:6892 | udp | |
| AM | 31.184.234.197:6892 | udp | |
| AM | 31.184.234.198:6892 | udp | |
| AM | 31.184.234.199:6892 | udp | |
| AM | 31.184.234.200:6892 | udp | |
| AM | 31.184.234.201:6892 | udp | |
| AM | 31.184.234.202:6892 | udp | |
| AM | 31.184.234.203:6892 | udp | |
| AM | 31.184.234.204:6892 | udp | |
| AM | 31.184.234.205:6892 | udp | |
| AM | 31.184.234.206:6892 | udp | |
| AM | 31.184.234.207:6892 | udp | |
| AM | 31.184.234.208:6892 | udp | |
| AM | 31.184.234.209:6892 | udp | |
| AM | 31.184.234.210:6892 | udp | |
| AM | 31.184.234.211:6892 | udp | |
| AM | 31.184.234.212:6892 | udp | |
| AM | 31.184.234.213:6892 | udp | |
| AM | 31.184.234.214:6892 | udp | |
| AM | 31.184.234.215:6892 | udp | |
| AM | 31.184.234.216:6892 | udp | |
| AM | 31.184.234.217:6892 | udp | |
| AM | 31.184.234.218:6892 | udp | |
| AM | 31.184.234.219:6892 | udp | |
| AM | 31.184.234.220:6892 | udp | |
| AM | 31.184.234.221:6892 | udp | |
| AM | 31.184.234.222:6892 | udp | |
| AM | 31.184.234.223:6892 | udp | |
| AM | 31.184.234.224:6892 | udp | |
| AM | 31.184.234.225:6892 | udp | |
| AM | 31.184.234.226:6892 | udp | |
| AM | 31.184.234.227:6892 | udp | |
| AM | 31.184.234.228:6892 | udp | |
| AM | 31.184.234.229:6892 | udp | |
| AM | 31.184.234.230:6892 | udp | |
| AM | 31.184.234.231:6892 | udp | |
| AM | 31.184.234.232:6892 | udp | |
| AM | 31.184.234.233:6892 | udp | |
| AM | 31.184.234.234:6892 | udp | |
| AM | 31.184.234.235:6892 | udp | |
| AM | 31.184.234.236:6892 | udp | |
| AM | 31.184.234.237:6892 | udp | |
| AM | 31.184.234.238:6892 | udp | |
| AM | 31.184.234.239:6892 | udp | |
| AM | 31.184.234.240:6892 | udp | |
| AM | 31.184.234.241:6892 | udp | |
| AM | 31.184.234.242:6892 | udp | |
| AM | 31.184.234.243:6892 | udp | |
| AM | 31.184.234.244:6892 | udp | |
| AM | 31.184.234.245:6892 | udp | |
| AM | 31.184.234.246:6892 | udp | |
| AM | 31.184.234.247:6892 | udp | |
| AM | 31.184.234.248:6892 | udp | |
| AM | 31.184.234.249:6892 | udp | |
| AM | 31.184.234.250:6892 | udp | |
| AM | 31.184.234.251:6892 | udp | |
| AM | 31.184.234.252:6892 | udp | |
| AM | 31.184.234.253:6892 | udp | |
| AM | 31.184.234.254:6892 | udp | |
| AM | 31.184.234.255:6892 | udp | |
| AM | 31.184.235.0:6892 | udp | |
| AM | 31.184.235.1:6892 | udp | |
| AM | 31.184.235.2:6892 | udp | |
| AM | 31.184.235.3:6892 | udp | |
| AM | 31.184.235.4:6892 | udp | |
| AM | 31.184.235.5:6892 | udp | |
| AM | 31.184.235.6:6892 | udp | |
| AM | 31.184.235.7:6892 | udp | |
| AM | 31.184.235.8:6892 | udp | |
| AM | 31.184.235.9:6892 | udp | |
| AM | 31.184.235.10:6892 | udp | |
| AM | 31.184.235.11:6892 | udp | |
| AM | 31.184.235.12:6892 | udp | |
| AM | 31.184.235.13:6892 | udp | |
| AM | 31.184.235.14:6892 | udp | |
| AM | 31.184.235.15:6892 | udp | |
| AM | 31.184.235.16:6892 | udp | |
| AM | 31.184.235.17:6892 | udp | |
| AM | 31.184.235.18:6892 | udp | |
| AM | 31.184.235.19:6892 | udp | |
| AM | 31.184.235.20:6892 | udp | |
| AM | 31.184.235.21:6892 | udp | |
| AM | 31.184.235.22:6892 | udp | |
| AM | 31.184.235.23:6892 | udp | |
| AM | 31.184.235.24:6892 | udp | |
| AM | 31.184.235.25:6892 | udp | |
| AM | 31.184.235.26:6892 | udp | |
| AM | 31.184.235.27:6892 | udp | |
| AM | 31.184.235.28:6892 | udp | |
| AM | 31.184.235.29:6892 | udp | |
| AM | 31.184.235.30:6892 | udp | |
| AM | 31.184.235.31:6892 | udp | |
| AM | 31.184.235.32:6892 | udp | |
| AM | 31.184.235.33:6892 | udp | |
| AM | 31.184.235.34:6892 | udp | |
| AM | 31.184.235.35:6892 | udp | |
| AM | 31.184.235.36:6892 | udp | |
| AM | 31.184.235.37:6892 | udp | |
| AM | 31.184.235.38:6892 | udp | |
| AM | 31.184.235.39:6892 | udp | |
| AM | 31.184.235.40:6892 | udp | |
| AM | 31.184.235.41:6892 | udp | |
| AM | 31.184.235.42:6892 | udp | |
| AM | 31.184.235.43:6892 | udp | |
| AM | 31.184.235.44:6892 | udp | |
| AM | 31.184.235.45:6892 | udp | |
| AM | 31.184.235.46:6892 | udp | |
| AM | 31.184.235.47:6892 | udp | |
| AM | 31.184.235.48:6892 | udp | |
| AM | 31.184.235.49:6892 | udp | |
| AM | 31.184.235.50:6892 | udp | |
| AM | 31.184.235.51:6892 | udp | |
| AM | 31.184.235.52:6892 | udp | |
| AM | 31.184.235.53:6892 | udp | |
| AM | 31.184.235.54:6892 | udp | |
| AM | 31.184.235.55:6892 | udp | |
| AM | 31.184.235.56:6892 | udp | |
| AM | 31.184.235.57:6892 | udp | |
| AM | 31.184.235.58:6892 | udp | |
| AM | 31.184.235.59:6892 | udp | |
| AM | 31.184.235.60:6892 | udp | |
| AM | 31.184.235.61:6892 | udp | |
| AM | 31.184.235.62:6892 | udp | |
| AM | 31.184.235.63:6892 | udp | |
| AM | 31.184.235.64:6892 | udp | |
| AM | 31.184.235.65:6892 | udp | |
| AM | 31.184.235.66:6892 | udp | |
| AM | 31.184.235.67:6892 | udp | |
| AM | 31.184.235.68:6892 | udp | |
| AM | 31.184.235.69:6892 | udp | |
| AM | 31.184.235.70:6892 | udp | |
| AM | 31.184.235.71:6892 | udp | |
| AM | 31.184.235.72:6892 | udp | |
| AM | 31.184.235.73:6892 | udp | |
| AM | 31.184.235.74:6892 | udp | |
| AM | 31.184.235.75:6892 | udp | |
| AM | 31.184.235.76:6892 | udp | |
| AM | 31.184.235.77:6892 | udp | |
| AM | 31.184.235.78:6892 | udp | |
| AM | 31.184.235.79:6892 | udp | |
| AM | 31.184.235.80:6892 | udp | |
| AM | 31.184.235.81:6892 | udp | |
| AM | 31.184.235.82:6892 | udp | |
| AM | 31.184.235.83:6892 | udp | |
| AM | 31.184.235.84:6892 | udp | |
| AM | 31.184.235.85:6892 | udp | |
| AM | 31.184.235.86:6892 | udp | |
| AM | 31.184.235.87:6892 | udp | |
| AM | 31.184.235.88:6892 | udp | |
| AM | 31.184.235.89:6892 | udp | |
| AM | 31.184.235.90:6892 | udp | |
| AM | 31.184.235.91:6892 | udp | |
| AM | 31.184.235.92:6892 | udp | |
| AM | 31.184.235.93:6892 | udp | |
| AM | 31.184.235.94:6892 | udp | |
| AM | 31.184.235.95:6892 | udp | |
| AM | 31.184.235.96:6892 | udp | |
| AM | 31.184.235.97:6892 | udp | |
| AM | 31.184.235.98:6892 | udp | |
| AM | 31.184.235.99:6892 | udp | |
| AM | 31.184.235.100:6892 | udp | |
| AM | 31.184.235.101:6892 | udp | |
| AM | 31.184.235.102:6892 | udp | |
| AM | 31.184.235.103:6892 | udp | |
| AM | 31.184.235.104:6892 | udp | |
| AM | 31.184.235.105:6892 | udp | |
| AM | 31.184.235.106:6892 | udp | |
| AM | 31.184.235.107:6892 | udp | |
| AM | 31.184.235.108:6892 | udp | |
| AM | 31.184.235.109:6892 | udp | |
| AM | 31.184.235.110:6892 | udp | |
| AM | 31.184.235.111:6892 | udp | |
| AM | 31.184.235.112:6892 | udp | |
| AM | 31.184.235.113:6892 | udp | |
| AM | 31.184.235.114:6892 | udp | |
| AM | 31.184.235.115:6892 | udp | |
| AM | 31.184.235.116:6892 | udp | |
| AM | 31.184.235.117:6892 | udp | |
| AM | 31.184.235.118:6892 | udp | |
| AM | 31.184.235.119:6892 | udp | |
| AM | 31.184.235.120:6892 | udp | |
| AM | 31.184.235.121:6892 | udp | |
| AM | 31.184.235.122:6892 | udp | |
| AM | 31.184.235.123:6892 | udp | |
| AM | 31.184.235.124:6892 | udp | |
| AM | 31.184.235.125:6892 | udp | |
| AM | 31.184.235.126:6892 | udp | |
| AM | 31.184.235.127:6892 | udp | |
| AM | 31.184.235.128:6892 | udp | |
| AM | 31.184.235.129:6892 | udp | |
| AM | 31.184.235.130:6892 | udp | |
| AM | 31.184.235.131:6892 | udp | |
| AM | 31.184.235.132:6892 | udp | |
| AM | 31.184.235.133:6892 | udp | |
| AM | 31.184.235.134:6892 | udp | |
| AM | 31.184.235.135:6892 | udp | |
| AM | 31.184.235.136:6892 | udp | |
| AM | 31.184.235.137:6892 | udp | |
| AM | 31.184.235.138:6892 | udp | |
| AM | 31.184.235.139:6892 | udp | |
| AM | 31.184.235.140:6892 | udp | |
| AM | 31.184.235.141:6892 | udp | |
| AM | 31.184.235.142:6892 | udp | |
| AM | 31.184.235.143:6892 | udp | |
| AM | 31.184.235.144:6892 | udp | |
| AM | 31.184.235.145:6892 | udp | |
| AM | 31.184.235.146:6892 | udp | |
| AM | 31.184.235.147:6892 | udp | |
| AM | 31.184.235.148:6892 | udp | |
| AM | 31.184.235.149:6892 | udp | |
| AM | 31.184.235.150:6892 | udp | |
| AM | 31.184.235.151:6892 | udp | |
| AM | 31.184.235.152:6892 | udp | |
| AM | 31.184.235.153:6892 | udp | |
| AM | 31.184.235.154:6892 | udp | |
| AM | 31.184.235.155:6892 | udp | |
| AM | 31.184.235.156:6892 | udp | |
| AM | 31.184.235.157:6892 | udp | |
| AM | 31.184.235.158:6892 | udp | |
| AM | 31.184.235.159:6892 | udp | |
| AM | 31.184.235.160:6892 | udp | |
| AM | 31.184.235.161:6892 | udp | |
| AM | 31.184.235.162:6892 | udp | |
| AM | 31.184.235.163:6892 | udp | |
| AM | 31.184.235.164:6892 | udp | |
| AM | 31.184.235.165:6892 | udp | |
| AM | 31.184.235.166:6892 | udp | |
| AM | 31.184.235.167:6892 | udp | |
| AM | 31.184.235.168:6892 | udp | |
| AM | 31.184.235.169:6892 | udp | |
| AM | 31.184.235.170:6892 | udp | |
| AM | 31.184.235.171:6892 | udp | |
| AM | 31.184.235.172:6892 | udp | |
| AM | 31.184.235.173:6892 | udp | |
| AM | 31.184.235.174:6892 | udp | |
| AM | 31.184.235.175:6892 | udp | |
| AM | 31.184.235.176:6892 | udp | |
| AM | 31.184.235.177:6892 | udp | |
| AM | 31.184.235.178:6892 | udp | |
| AM | 31.184.235.179:6892 | udp | |
| AM | 31.184.235.180:6892 | udp | |
| AM | 31.184.235.181:6892 | udp | |
| AM | 31.184.235.182:6892 | udp | |
| AM | 31.184.235.183:6892 | udp | |
| AM | 31.184.235.184:6892 | udp | |
| AM | 31.184.235.185:6892 | udp | |
| AM | 31.184.235.186:6892 | udp | |
| AM | 31.184.235.187:6892 | udp | |
| AM | 31.184.235.188:6892 | udp | |
| AM | 31.184.235.189:6892 | udp | |
| AM | 31.184.235.190:6892 | udp | |
| AM | 31.184.235.191:6892 | udp | |
| AM | 31.184.235.192:6892 | udp | |
| AM | 31.184.235.193:6892 | udp | |
| AM | 31.184.235.194:6892 | udp | |
| AM | 31.184.235.195:6892 | udp | |
| AM | 31.184.235.196:6892 | udp | |
| AM | 31.184.235.197:6892 | udp | |
| AM | 31.184.235.198:6892 | udp | |
| AM | 31.184.235.199:6892 | udp | |
| AM | 31.184.235.200:6892 | udp | |
| AM | 31.184.235.201:6892 | udp | |
| AM | 31.184.235.202:6892 | udp | |
| AM | 31.184.235.203:6892 | udp | |
| AM | 31.184.235.204:6892 | udp | |
| AM | 31.184.235.205:6892 | udp | |
| AM | 31.184.235.206:6892 | udp | |
| AM | 31.184.235.207:6892 | udp | |
| AM | 31.184.235.208:6892 | udp | |
| AM | 31.184.235.209:6892 | udp | |
| AM | 31.184.235.210:6892 | udp | |
| AM | 31.184.235.211:6892 | udp | |
| AM | 31.184.235.212:6892 | udp | |
| AM | 31.184.235.213:6892 | udp | |
| AM | 31.184.235.214:6892 | udp | |
| AM | 31.184.235.215:6892 | udp | |
| AM | 31.184.235.216:6892 | udp | |
| AM | 31.184.235.217:6892 | udp | |
| AM | 31.184.235.218:6892 | udp | |
| AM | 31.184.235.219:6892 | udp | |
| AM | 31.184.235.220:6892 | udp | |
| AM | 31.184.235.221:6892 | udp | |
| AM | 31.184.235.222:6892 | udp | |
| AM | 31.184.235.223:6892 | udp | |
| AM | 31.184.235.224:6892 | udp | |
| AM | 31.184.235.225:6892 | udp | |
| AM | 31.184.235.226:6892 | udp | |
| AM | 31.184.235.227:6892 | udp | |
| AM | 31.184.235.228:6892 | udp | |
| AM | 31.184.235.229:6892 | udp | |
| AM | 31.184.235.230:6892 | udp | |
| AM | 31.184.235.231:6892 | udp | |
| AM | 31.184.235.232:6892 | udp | |
| AM | 31.184.235.233:6892 | udp | |
| AM | 31.184.235.234:6892 | udp | |
| AM | 31.184.235.235:6892 | udp | |
| AM | 31.184.235.236:6892 | udp | |
| AM | 31.184.235.237:6892 | udp | |
| AM | 31.184.235.238:6892 | udp | |
| AM | 31.184.235.239:6892 | udp | |
| AM | 31.184.235.240:6892 | udp | |
| AM | 31.184.235.241:6892 | udp | |
| AM | 31.184.235.242:6892 | udp | |
| AM | 31.184.235.243:6892 | udp | |
| AM | 31.184.235.244:6892 | udp | |
| AM | 31.184.235.245:6892 | udp | |
| AM | 31.184.235.246:6892 | udp | |
| AM | 31.184.235.247:6892 | udp | |
| AM | 31.184.235.248:6892 | udp | |
| AM | 31.184.235.249:6892 | udp | |
| AM | 31.184.235.250:6892 | udp | |
| AM | 31.184.235.251:6892 | udp | |
| AM | 31.184.235.252:6892 | udp | |
| AM | 31.184.235.253:6892 | udp | |
| AM | 31.184.235.254:6892 | udp | |
| AM | 31.184.235.255:6892 | udp | |
| US | 8.8.8.8:53 | xrhwryizf5mui7a5.pax3rg.bid | udp |
| US | 8.8.8.8:53 | btc.blockr.io | udp |
| US | 8.8.8.8:53 | api.blockcypher.com | udp |
| US | 104.20.98.10:80 | api.blockcypher.com | tcp |
| US | 8.8.8.8:53 | chain.so | udp |
| US | 172.67.40.90:443 | chain.so | tcp |
Files
\Users\Admin\AppData\Local\Temp\nsy28A8.tmp\System.dll
| MD5 | 3e6bf00b3ac976122f982ae2aadb1c51 |
| SHA1 | caab188f7fdc84d3fdcb2922edeeb5ed576bd31d |
| SHA256 | 4ff9b2678d698677c5d9732678f9cf53f17290e09d053691aac4cc6e6f595cbe |
| SHA512 | 1286f05e6a7e6b691f6e479638e7179897598e171b52eb3a3dc0e830415251069d29416b6d1ffc6d7dce8da5625e1479be06db9b7179e7776659c5c1ad6aa706 |
memory/2320-15-0x0000000001E20000-0x0000000001E23000-memory.dmp
memory/2032-17-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2320-19-0x0000000001E20000-0x0000000001E23000-memory.dmp
memory/2032-20-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2032-21-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2032-26-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2032-27-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2032-31-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2032-30-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\README.hta
| MD5 | 036e206cbbd69617f5c7f52148e368b0 |
| SHA1 | f329bf0d57e4690e1460fb1e07a8b64bc2c1b35b |
| SHA256 | fdcff08c49563415bfec6b559e7a4aa77b2aab3c089b24d7ded855112222a0df |
| SHA512 | e6022ab5dab604931705e59cf0e80eece879178c4e368a222b304b76df9cfbb11af97465cce9b25e45d62388cb89f1b180a9bd38b7827671bc9421d6f68fdf92 |
memory/2032-320-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2032-329-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2032-332-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2032-335-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2032-338-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2032-341-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2032-344-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2032-347-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2032-350-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2032-353-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2032-356-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2032-359-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2032-362-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2032-365-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2032-368-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2032-371-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2032-374-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2032-381-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2032-393-0x0000000000400000-0x0000000000431000-memory.dmp
Analysis: behavioral5
Detonation Overview
Submitted
2024-05-22 23:48
Reported
2024-05-22 23:51
Platform
win7-20240221-en
Max time kernel
118s
Max time network
123s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\InstallOptions.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\InstallOptions.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 248
Network
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-05-22 23:48
Reported
2024-05-22 23:51
Platform
win7-20240221-en
Max time kernel
121s
Max time network
122s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 360 -s 224
Network
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-05-22 23:48
Reported
2024-05-22 23:51
Platform
win7-20240508-en
Max time kernel
119s
Max time network
120s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\home.js
Network
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-05-22 23:48
Reported
2024-05-22 23:51
Platform
win10v2004-20240426-en
Max time kernel
148s
Max time network
152s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\home1259317828.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec2bb46f8,0x7ffec2bb4708,0x7ffec2bb4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,12393897735741497437,1185543721076974191,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,12393897735741497437,1185543721076974191,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,12393897735741497437,1185543721076974191,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12393897735741497437,1185543721076974191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12393897735741497437,1185543721076974191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12393897735741497437,1185543721076974191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,12393897735741497437,1185543721076974191,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,12393897735741497437,1185543721076974191,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12393897735741497437,1185543721076974191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12393897735741497437,1185543721076974191,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12393897735741497437,1185543721076974191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12393897735741497437,1185543721076974191,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,12393897735741497437,1185543721076974191,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1932 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.twimg.com | udp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| GB | 199.232.56.159:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.137.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.56.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.ads-twitter.com | udp |
| GB | 199.232.56.157:443 | static.ads-twitter.com | tcp |
| US | 8.8.8.8:53 | 66.220.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 157.56.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | syndication.twitter.com | udp |
| US | 104.244.42.136:443 | syndication.twitter.com | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 91.65.42.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8b167567021ccb1a9fdf073fa9112ef0 |
| SHA1 | 3baf293fbfaa7c1e7cdacb5f2975737f4ef69898 |
| SHA256 | 26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513 |
| SHA512 | 726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54 |
\??\pipe\LOCAL\crashpad_1680_LVGCKMJOBFATBVWO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 537815e7cc5c694912ac0308147852e4 |
| SHA1 | 2ccdd9d9dc637db5462fe8119c0df261146c363c |
| SHA256 | b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f |
| SHA512 | 63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5c8eab45bcf7c6d074517ac0c582d7b7 |
| SHA1 | 026eea6ed22e3f66ab314eb1b90de18af76fa04e |
| SHA256 | 7867b0f090589e9b914050d9587dbbc5aeac0ed588185fb02df6bd15d065e335 |
| SHA512 | 97194ff63f30cdf581ed0971037125cd056226220775bfc560ad1e3a63656cbbe1b0813204ea37e055389ecb16e45d16e03ed4af9212b884efbe889a4f9f2754 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c248914abd1694cbe98d552063ecdba0 |
| SHA1 | 8abaf70915eaaccb9f615151055bf5d255067d7d |
| SHA256 | 2373849fdaa22195ee99879cf4fdc054bb332689362675fccdd43e30b4613b5a |
| SHA512 | d93434ccbcab3538eb371d8395dc5ad1f46046418572f9d8aae65d91a05879b44bb3db7ab115fe2303ccb08fe52599b0ba7852d546b2c7a8db4c02b256f50f64 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | aa534b1c1f198b0d7423c7b78958fa82 |
| SHA1 | f6b8c0449dc08ce037374fb98458c5dd157e4ee4 |
| SHA256 | 6336e35880d57c94058f4da332c935d13d38a8b84ddbb05c8a79231592fec95f |
| SHA512 | 309dc97c0ef628d7e961c26f8019514e428798aa73e02010a31b3900cb9cf6175fc90086f68a1f5989ae6408d2ce1822b3fb6cbb52c8e6b76ce8b48115abfd7d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e6a8b0d5f6b1084720832b584e5d0e91 |
| SHA1 | 71c52b1fb976750b3ae15172448cf23f4e25c69d |
| SHA256 | d9fd8c7ab5447025f715ab55b1ea1d013d91c025a1c33640a7725380ed8d8a0f |
| SHA512 | 9c01f599a0a8be3da1c92f250bbc4a0ac4e2bff89017bdfced03c3263e47bc9f001dc085cba7f7b1f23a1f26ea9665aca68142897f9b393c1176e3fb6950dfaa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | bcbc96dfb9da7db39528afa21c1c35eb |
| SHA1 | 2e0821ad6883e8fb13afd441315c582f4e6a6522 |
| SHA256 | f912bdde3d2f5f02513730a690a774dcb89c45215c72f73f393022d6588a7735 |
| SHA512 | 6457f7e23cfed821eda8eb3aee29083a7fffce2375bb3fc162f110be543f8545e3d5108f00b69fa253f1eb1359d3efc4deb71f512822769ea75c9f88c7062239 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-22 23:48
Reported
2024-05-22 23:51
Platform
win10v2004-20240426-en
Max time kernel
136s
Max time network
105s
Command Line
Signatures
Loads dropped DLL
Enumerates physical storage devices
Processes
C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.138.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\nsr24A1.tmp\System.dll
| MD5 | 3e6bf00b3ac976122f982ae2aadb1c51 |
| SHA1 | caab188f7fdc84d3fdcb2922edeeb5ed576bd31d |
| SHA256 | 4ff9b2678d698677c5d9732678f9cf53f17290e09d053691aac4cc6e6f595cbe |
| SHA512 | 1286f05e6a7e6b691f6e479638e7179897598e171b52eb3a3dc0e830415251069d29416b6d1ffc6d7dce8da5625e1479be06db9b7179e7776659c5c1ad6aa706 |
C:\Users\Admin\AppData\Local\Temp\nsr24A1.tmp\InstallOptions.dll
| MD5 | f8d9d9418e6e1827ed2b53dd930e48fb |
| SHA1 | c78b0e5b274dbbfd032a0f3ed795d82d5ea617c8 |
| SHA256 | 2a2878b54550178144665d4c5f67309f71f1089679ae0f84fa419b8a309a88e4 |
| SHA512 | 510ac31f9e330ec2e6133c1cbe775a955b79b94dc5a84d94b2c59d9b513c35f3786ff8a7f706d04ec2503a4ffc16535624a34e0dcc53e91eedd2321691b617fc |
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-22 23:48
Reported
2024-05-22 23:51
Platform
win7-20231129-en
Max time kernel
121s
Max time network
122s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\tc_sftp_uninstaller.exe | N/A |
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3004 wrote to memory of 3012 | N/A | C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\tc_sftp_uninstaller.exe | C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe |
| PID 3004 wrote to memory of 3012 | N/A | C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\tc_sftp_uninstaller.exe | C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe |
| PID 3004 wrote to memory of 3012 | N/A | C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\tc_sftp_uninstaller.exe | C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe |
| PID 3004 wrote to memory of 3012 | N/A | C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\tc_sftp_uninstaller.exe | C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\tc_sftp_uninstaller.exe
"C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\tc_sftp_uninstaller.exe"
C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
"C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\
Network
Files
\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
| MD5 | e04b1bbeaff6221daf4d4ae0ed7fd00c |
| SHA1 | cbe6a9e349a6711dc9e040e15ec32345c1bb7aee |
| SHA256 | 36b1104781e2c77a1e76593e697ac99621f27db3bfd5c282f7ae3579bf510a5b |
| SHA512 | 2f8523b1fd5bed682dc841292a5523eabbd49fea71b1e088a5080c375ed8e67b22e95e60129516d96bd720845a1c27fd37fd993d1cadfd81296176f683066334 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-05-22 23:48
Reported
2024-05-22 23:51
Platform
win10v2004-20240508-en
Max time kernel
132s
Max time network
101s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe | N/A |
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1760 wrote to memory of 1164 | N/A | C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\tc_sftp_uninstaller.exe | C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe |
| PID 1760 wrote to memory of 1164 | N/A | C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\tc_sftp_uninstaller.exe | C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe |
| PID 1760 wrote to memory of 1164 | N/A | C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\tc_sftp_uninstaller.exe | C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\tc_sftp_uninstaller.exe
"C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\tc_sftp_uninstaller.exe"
C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
"C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.137.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.138.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
| MD5 | e04b1bbeaff6221daf4d4ae0ed7fd00c |
| SHA1 | cbe6a9e349a6711dc9e040e15ec32345c1bb7aee |
| SHA256 | 36b1104781e2c77a1e76593e697ac99621f27db3bfd5c282f7ae3579bf510a5b |
| SHA512 | 2f8523b1fd5bed682dc841292a5523eabbd49fea71b1e088a5080c375ed8e67b22e95e60129516d96bd720845a1c27fd37fd993d1cadfd81296176f683066334 |
Analysis: behavioral11
Detonation Overview
Submitted
2024-05-22 23:48
Reported
2024-05-22 23:51
Platform
win7-20240221-en
Max time kernel
117s
Max time network
145s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CEFAEE81-1895-11EF-A635-D2EFD46A7D0E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 407c90a5a2acda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000083343237efeb6b44b8bcecd1f35af2dd000000000200000000001066000000010000200000005c6bb98b84c7af172d1a9eb3d59823e9cb6a766dd2b027cdb9ed93a5afe778c5000000000e80000000020000200000002eddae1404e687dea106f22072999513e7bb52e26080039289335a5e612d76e520000000b72c5e12a692f6394c65967b3f9a0f7346449e836f7f64ee99333ddef15e128b40000000e589a00c09b8351af9460052241ead0c687e2d647c04940fdc38a34480ed9736b75963271ba378da15428d73ca5d7c578304993ecb43408db294b0e3ad18ce0e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422583585" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000083343237efeb6b44b8bcecd1f35af2dd0000000002000000000010660000000100002000000040dc06a86e8cfdc6fe8fa8b47bbf3bc303b0a9d3e70f2a18fddb3cf7a878935e000000000e80000000020000200000007cf53b7ef1cd31b88e4cd372cf34a1d332478e06173f3730c28513ab90f40ded900000003ac0cfb64d1d4891caf08ec802e725b7498af01c2362a51c2024ea4873dd78035293efa92f03bf18a99330816aca4c0d09636ffaff340c6e756faca5c9bb6a75c350e4c14745d352f42543a588e4c00f33eeb998f55a5e86a23e71d2fe913b0e50817fe0cb76d196ad1a827c95dd20b6222247baa8676cbbe383e4570fd3107b3b351b372bc79347329294e7cd17456b400000006edb20f53a3ae902eee85674a26623dd50d2527604b464ab68521f55aee8d13df8e57ceea2e9ff3e1bcee70581387e5c11b8ec17200e78d5f8c4efcaa73070d5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2320 wrote to memory of 2180 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2320 wrote to memory of 2180 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2320 wrote to memory of 2180 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2320 wrote to memory of 2180 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\contact-domains-org.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2320 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 8.8.8.8:53 | www.domains.org | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| BE | 104.68.81.91:80 | s7.addthis.com | tcp |
| BE | 104.68.81.91:80 | s7.addthis.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 50.28.32.168:80 | www.domains.org | tcp |
| US | 50.28.32.168:80 | www.domains.org | tcp |
| US | 50.28.32.168:80 | www.domains.org | tcp |
| US | 50.28.32.168:80 | www.domains.org | tcp |
| US | 50.28.32.168:80 | www.domains.org | tcp |
| US | 50.28.32.168:80 | www.domains.org | tcp |
| US | 8.8.8.8:53 | domains.org | udp |
| US | 50.28.32.168:80 | domains.org | tcp |
| US | 50.28.32.168:80 | domains.org | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPR7YYBV\recaptcha__en[1].js
| MD5 | 4668e74b2b2a58381399e91a61b6d63d |
| SHA1 | 89ebf54e996e46f4b1e26f6dcda93bad74fc0a1c |
| SHA256 | b0e3acc54460721385d2e472dda7288382f2766a06b38d2e732d034619f9b929 |
| SHA512 | b2ead3410dea89b658bfb0ce67842569641cd6c29889ecfb223a83637600b82b0d2e55cec26750593359663a22896f5da91d3df9f085c204803cd646a7cabc28 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ff298668eb8a36b020164bc2b4838c5 |
| SHA1 | 4e5fefe9ee0bb1fa13d46eb41a7ed8b17628b947 |
| SHA256 | c1ab8a8207eee2661af280920b74b49d91ad38f3c71c73baf25dd8d496722c3a |
| SHA512 | d2f288f28959ade47c76c7240629667ba47874ab9bffc8fe2cf1c433a02cd5897c684e99588a29becc70e7cd43594181d5db02bfde7a2063192ecfd4bcbe237f |
C:\Users\Admin\AppData\Local\Temp\Cab4599.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar459A.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar467C.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5255b048b0955bf0eb0d3a85b0b02ba7 |
| SHA1 | 0b4f8662a39ab546cb4e6593bbd1c4f74db87bda |
| SHA256 | 1de77fddd432004fcb9076353fc738ad18201dfaecd7da6c82df2aa34dc9354b |
| SHA512 | f589638e66ec1874dbd4b999b0af5d9e0e57c3f0d61e28b15512c8173fca7bf322193afdd3599979d38f123682d1ed7fa65f9c04e36a6913243fff6d5ab4430e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e068b46611a73ce23a4d6c410818323 |
| SHA1 | 26e53b5021a9d553528ba17adcdc53f2db865a6a |
| SHA256 | d55ef9a5a5bf0b3d99d55adbb0b37008f44e6634b3f50578deeed225f1ca1230 |
| SHA512 | d2ca13ba0e850f1cf41b6ab8b947eb0b9036d6c99453dcc8f527a06c0f4bcd2188844fd018969f63b882a12c4ddff042154878e203c5c0db40ac09d1ee7f6f92 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ceca1f2bc3d2761c1281d309b01548f3 |
| SHA1 | 2757c0efebf34f5ddd1850130f85a96704ac734c |
| SHA256 | 147ab1a8a6227c18d4e72b2fdb256e83b8f5c7c5e44c0cc269b61fa531d12a1d |
| SHA512 | bc0b6c763a0df6a513e54b05a7dbb011eb3edfa1008e471ebdb85ba4507a2cc5a50d1b64d9f5edd97c9a9de4bf201c452bbb6a9089bc4c5230c76ab590e13383 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b0ae2663b28883e909e270f7194b10a |
| SHA1 | fa8b7ac25dd0ee3c5aae796e910ef2202ef47dfa |
| SHA256 | 2321b689112149d228ffc107c94d56441d9f96feb8fadc7700738fcf8a4e3ca1 |
| SHA512 | f0f3480eeccae0350f9729a067c4c77f3ceffeaab0bb8debc22033ee87f9b1e11f52e86c6cdc92590a95dda5f46fa83dba0d240b8e50754e7e078e2258da6e15 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | abcc516031fd05e579182cb2032e3930 |
| SHA1 | 6dd80330e6920d549a90c95b654ff0882385a351 |
| SHA256 | a05cca72faaea6f81f1ccec0e03be82fdc9449d0a3ef79ed89ca879e1836021c |
| SHA512 | 91e73fc9ed470739e6d54e0d65fd6962ec05acb49b195781be124ad21a74dc6a649a9529fd4c3a9f564d29960dfaaed0d8ead467690555d57811b2a921fc9c36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be86a58199a8b91f1c7392a684dfd57a |
| SHA1 | c28ef3f8cae4ccd55f058fe570c494b2ac735ffb |
| SHA256 | cc052f02fdee94abf0b36a4707476b342a8fb4dbcc788aed619bd572088c1091 |
| SHA512 | a7f962e043f83d48424e9fbeb6b4f352dbee9475fdd849f0c581c9a10db6998aa59111d30aa6b9cedb6c2baaf10d7cb7ca536950a510f62e3c06435551827798 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d99d50c4708d49d52130cf1085b44617 |
| SHA1 | 8827652e19aed5b24ad398a8a6c06b457801041f |
| SHA256 | 83c5f9b653f3fe85146aa06497cd19239a2c7949e68634b0ab2c7156a98affb9 |
| SHA512 | f2531fd1db36da697d0422af417773a4fa0f7a20f41a8d13a59db980575886feecb5ab28467bfb39fb6be32617d81b23ee04161d43abc7c5a01948f18edaea90 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e0346889e5e587e426c5837bc02f1e9 |
| SHA1 | 1456f71698d6485d3def9bd6834af3bf74459e92 |
| SHA256 | ef161ca955bdb9ba99463a90ff08a0d85acb5a4d7a33e36c12be4c44c71041f4 |
| SHA512 | 67d92c5fdb6fe1db429d9f3d49dcd4f8038a41992059eef9d4f2dca3a10718dd28ce5890831d13b285109935234f1e8cf49f596da78c555f1fe270ec027cca10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 53a7e9c75c8fd9b3ab32e4440ffe582d |
| SHA1 | 6671bd5d4c20bffc4ac0f2eab74b1bae6029c208 |
| SHA256 | a140f546d98f8b1b97afd687a3b62e10145a918f4f4d6f92bb0d36a9e2dc3cca |
| SHA512 | e2939bfc53b72586e3f1e08fea2aceb7ceb962772320d31b3a539e849e24ad171e92b72cfb42dab7948fa5d0b89e2b3ae5b92dfa00380e6e978732d28054af54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f4b0f103cb6f4541d943ac05b6af9a0 |
| SHA1 | 1de5773640149cfa8acbe8debdaa8f41deced087 |
| SHA256 | eb65207734a0f0c902c74a2ef8726cc1b0192a5fd74308346c3d34927131727e |
| SHA512 | f42cf47d36aae4dec5d501a3c15824a8a7d55374f3a2810e5bcaad63e918973d458e31b77fee05c44ed5b62e52478d867a1a9c0217c5a695735a278058c0f5fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f557d86bd00e2f3cc46eb5114f274708 |
| SHA1 | a7109f480cb99b70d7d47f8e1694d3d34a12466a |
| SHA256 | ab907e801271ad658e476b4b28576af16220f80964a8170dac3af06b60cb891e |
| SHA512 | 25b81d4e203092b84124c1c6d3162253fbf2380746147107f180bce4853a0723aa5ad8da3ba6c21b0aa3760dceaddc844b0d6da1e357ca07ac4554ca8ce6abea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | c4f3c03c25ff2d07e1700cba7e63c707 |
| SHA1 | 4075cc0775d115646930ca01976177575b962170 |
| SHA256 | 3306e7bb1b60f52f4cf0b35414b227d1ce6934779b9d6afed4d18e4722820ad9 |
| SHA512 | 2665d3a56a56be609c84f09de4c8b26f19d14de4b702a2c2b6e97b6516ec2dcabf052ed7c4f4e4cf8fcb7f429ae0ba1dd4287732bf4fdf61a79d02d4513c9ab6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a80b7e30b6d73d624db919b4f18d9f3e |
| SHA1 | 42f2215059bdf0baff1bebd7fbb6b96e6bcc168b |
| SHA256 | e7d1045e0b789cc732a1a907ca1c6a65f4b1188df58409f1154b5e5099e484aa |
| SHA512 | 4f1d45d9b7b5c445e9fc0e272c6201026d4fe0a1c9e37bed6cda8bfae152454d453f2a48314c92f858c41a7e87681fd4f83f9586606c0444ee29ae61368ca90b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a497f1d24f2daf245a301963a6cb5af3 |
| SHA1 | 3bd07ed3e4045188ba67a8e84a9cdea36065f20f |
| SHA256 | 58a6390fa7f542eabd40c22d12010719c4ca1b93d7e24a74f558eb6d647d1600 |
| SHA512 | 2d645f6a3af747fea28508f789655c9718b814844b0c5c87484e6aa5a55fcce61f7df8558e82a2de3c0af65ea2eaaba7f382e34e2c0de38c8d696d4f945a9f33 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91b8d984fa00387e612d615d51c6f3f1 |
| SHA1 | 21626a76e82eb23296f0c87210d022a97f31ab5e |
| SHA256 | dbd6549ed304eeed66b891cf6d0ab5f90d04b3dc3f8a43d3e7574c59e3676141 |
| SHA512 | aea6405777343ceb16e4faab6dd2a31b8ba498d9a0ba7c2075e689700da6be00d5fdfaf707151798036c022c342bd7180883ef50b3b959d9cfe51cf3501776ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b37b2d2b0632a13ac7149a2e5966102f |
| SHA1 | ffa1efbdc97d634f2a9d911142e6aa3ec226ed61 |
| SHA256 | 8873441cd86a30844f545c04e3c259c804e7150f1b504492ebdfd5cbc2945ae6 |
| SHA512 | c4d0cb633cc73f2e9ad7a14ff12a2f94a775e6976213a5d51d8afac512a6fb18cfaacb4be1e0a6caa36ce7ba99c92260d27c6da56e98af7e0a7b54b7dd443355 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 36bf4032e6baa5ae876125917c581ec7 |
| SHA1 | 0bace1c78578a95e8f69ef6dae83c36f9ab35aa3 |
| SHA256 | 41d1aaabeffd40f1968a48f79386a5086d40c32d38f5cf33c9d18754435f3fb2 |
| SHA512 | 58b727794c6f201e56e51e77edfd4513d8a542ff0b3a2b6debab4ae0f28006fd16331198de1402e48c01f95365e6467ba7b14d8fdfd33d41c658ec0adb6ca451 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f197108469a77bb06b7d9a3d4e102908 |
| SHA1 | 5eae5dbe5116fd4a0b1d94d9ff1ff7884768d7cb |
| SHA256 | 902a4c6ee7669369ab07908fae4cbe9693e05534c65182baae801661f06cf4db |
| SHA512 | 9375207b8e14d0d2a19d0f7cc5ee6a9bd06fe19838666adf0dbee319edf9335875cb0efc06a10c94210baf1193108afa199a158b830a50d7f511810084fe99df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 22e2ca0d40793ad30a50f612eb03f41a |
| SHA1 | fffc7d747e79235c68658ebf4a64a6aa25df3748 |
| SHA256 | 935c1a7be261ac2a5d216154dddfe62315c7321331775a229289ea6270264228 |
| SHA512 | 782db26834db47df0666a8eb3de7e86b55e9b2a530a91538fcf8355a63cf9f01e068a6737597551b1713e755d151aa814fa39651f1f3bfbf77a32188e6b83ed3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed2b9519d2e4f2f07282fc508e4c75af |
| SHA1 | 35d2a85ce1d75d9989db5efc03d0fddaaf6b7a41 |
| SHA256 | 610592f6fc360edf51743f634306771364d44b1318227f13064e5a0e5e2a1732 |
| SHA512 | 384272aad6b067f5ded84a66790467558eed30c83a1152e3694a5bedb98723ee2b0b342be9477f435c83fd35250a947de89f3187e8db6a7abe98fc55a08c73ad |
Analysis: behavioral14
Detonation Overview
Submitted
2024-05-22 23:48
Reported
2024-05-22 23:51
Platform
win10v2004-20240508-en
Max time kernel
133s
Max time network
124s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\home.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 242.137.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-05-22 23:48
Reported
2024-05-22 23:51
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
145s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\home1099482986.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa94c146f8,0x7ffa94c14708,0x7ffa94c14718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,8098002292950520347,17985028493638679824,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,8098002292950520347,17985028493638679824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2488 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,8098002292950520347,17985028493638679824,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8098002292950520347,17985028493638679824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8098002292950520347,17985028493638679824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8098002292950520347,17985028493638679824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,8098002292950520347,17985028493638679824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,8098002292950520347,17985028493638679824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8098002292950520347,17985028493638679824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8098002292950520347,17985028493638679824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8098002292950520347,17985028493638679824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8098002292950520347,17985028493638679824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,8098002292950520347,17985028493638679824,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4760 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.twimg.com | udp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| GB | 199.232.56.157:443 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | static.ads-twitter.com | udp |
| GB | 199.232.56.157:443 | static.ads-twitter.com | tcp |
| US | 8.8.8.8:53 | 157.56.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | syndication.twitter.com | udp |
| US | 104.244.42.136:443 | syndication.twitter.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.138.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_2996_SWDMLMGPTEOCUNHP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3bc3ce0544ef75010e44f09fe7f0d197 |
| SHA1 | 09c968a8efd6dcfcb618463fc522f642e820f2c6 |
| SHA256 | 29153a05c7749890d9cad18b022206ae079586c552e1bf2f2fff0a1db88313d4 |
| SHA512 | f48e00c81a379624f7908bee8e4f1ab4d3bd8303c32d96efbab67d07b5201173f116a8f1cb9f8b36e676d73466b1bd7514393849bd3b2e2436636b3304b9fb6e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9366b16eca3e9fbd0e528a7ae40241dd |
| SHA1 | ebc0e5f212ae5d142738ba5b133df0d13be97c8c |
| SHA256 | aa610bb9044f20d2a38afc690b96a9dde8ad692d77df3f424e6ac599d707902a |
| SHA512 | 8b6ae9f8c9ce309ce25382ae072a1860fe28f4e3170f7994d9e36e94d420b7fe74883f87ce3b4a6741f440b1dbedbf38dfe763ecaaa856c6e617fde822745818 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 16ecd0e874ca759707b3b7849d1ef106 |
| SHA1 | 9b846974825c23d5820c4a829be421716d2dff6e |
| SHA256 | 35c380191e7202f7739798c3a27c8f655295dcdf1dd8aea3975974c1817e93e7 |
| SHA512 | e808f3dfd58d33afa5e28a7dcc55e9da26c3689ac35c8381329f7005c38ae0a82e636f6e90fb37580bd0e84d67074fc27b7101bfb108c4ce00254e87fd68d398 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cc5aa59a3c7bc418e4cd77ab8ad7e9a9 |
| SHA1 | 944fd9f8b01310eec92e2e3bda5e476874254938 |
| SHA256 | dff2dac5fd983bdf7837ce5872e54263fbba0245d63d0b84cdece7db9948c187 |
| SHA512 | 6ea149aae025b824933e74821f965ebbc09539b437b46df67549929e2e42cf2ed28ff689d7055d231cc074cede55037317b28ea6bf8aa1aaa8c4cd2dfefd7d69 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 172832f1422fa8dff504a2a3d719d5e5 |
| SHA1 | 77d05ed672624b724c6410a08beeb0a5ee46726c |
| SHA256 | 0c8b81c3b56abde196e93ed5d14151392bb1e3018fcc906d82d29cb358464685 |
| SHA512 | abc25f82f714ff715c3adb4e22e63aa1e5fd58bf3d6c7f4af95d93cd03d28289ab9eb7d23e058e975550b103923a692c5d3af96c379e02a9c2a86873e54f3532 |
Analysis: behavioral17
Detonation Overview
Submitted
2024-05-22 23:48
Reported
2024-05-22 23:51
Platform
win7-20240508-en
Max time kernel
121s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0f159a7a2acda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a23000000000200000000001066000000010000200000000de44eca7687076a1456f380c7ea9a2e3270c28a5d981e9f60746db33b54788c000000000e80000000020000200000006c33ed4721ae920651bd51f0f4424b7be44fd0f12ebfa29eebfb39aa471d642190000000c5b3eb7267ebfedac243630ba11d54eae325254741418519689f84ad954f00e248f86869749b8af4cd8bad4475c94e3e7ad978a9b2bb847867d022c6cc7101cec0bf220ae3c411b341814b3a6aeb98d5dbf332b285d823329e7dfa5f4ad7bb41e0ea69d15ee621a04ed46d37aea93d1400b4c88f573265f3250e22e4d590161dc30766644161b939d73aee2269c8b28540000000a7ee59ea0b05f3de98f0301a1b53c2627d47e864f44eb57feb1d06a2f4fc8bdbebf906d42e004a0d1151fca092ca13d126f813a6755d94b903149f4b8bbee0f3 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CEFB3CA1-1895-11EF-B97B-5630532AF2EE} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a230000000002000000000010660000000100002000000003a8fc891ff73fe1f9323b0a9e700d28b16eac218cd626eaa464d6defe67064f000000000e80000000020000200000008bcbf7d7ffe087a84b9216b43c56c1007c59b6a74f8ba7dd47971debff8dc42c20000000e9b1a84c96ddbab988b95d6c53dee322669aee21a403c89e296797b4edc599e340000000132156e6beee6cf2701f4e56f1ff239c318ffabd3d97bad90646a79a290ec28f393448b9a694344b9aa8008ae19f6b82c68f61f1ae4da71ac44b8a5c9066ce8d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422583584" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1764 wrote to memory of 2412 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1764 wrote to memory of 2412 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1764 wrote to memory of 2412 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1764 wrote to memory of 2412 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\home1259317828.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1764 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.twimg.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| GB | 199.232.56.159:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| GB | 199.232.56.159:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| GB | 199.232.56.159:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 152.199.21.141:443 | g.twimg.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2BE5.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar2C01.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7828f2f54b6c677c0385644ae61eb85 |
| SHA1 | fe7df82495656e469fe78ba7ac07de4450f8c044 |
| SHA256 | 218be8381219bf8ccbaddc4ae33d1a65a38d45c3c160d26ccc7122d988c42fc0 |
| SHA512 | 690c9578c3786179717cab4e2d17ef46208a669b85cb8647044bf3936c87a8b180b6ef8f87281ac403263010bacb157393ccd760069ca6e6b7c3a3351ae7e4bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cfff17681a3be6e08ed4833454d140d7 |
| SHA1 | 86daeb1bad1b02911c161ac4daee38cd7cc49b2d |
| SHA256 | df34a2d5f11d20933ba4b4af8ed3572c18ca44b59f69143cbffe5b855d9ea4cc |
| SHA512 | d0ddaea173a4ff4ba783c3ebf12143407174880e0788ec997e4f3324a8dfdf65c7d5384c542537f37ab459418aedfb01bafcee90d2a6c115b69985af55cff7f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3fef3cefda6ae6cb67836d4e126aa514 |
| SHA1 | bb986cbb36bfef99773f6d110944b48287224001 |
| SHA256 | 65e4700a877b83650c93ce6b3447dc5b66478d944a304fc8deeaa345445bec1a |
| SHA512 | 660b4bd9cf7506dbdc4ee05195f1316248c7c0d44207a11fff47f8603295853d7e381887570263edad530465b5174c42a4eb9d1d9dd445bb9c1acfb140315464 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e3f890ecd35480f2dfc2a3de77530625 |
| SHA1 | d9894ff777e8b91a9594a421b2f0cf1a4b679485 |
| SHA256 | f2035ec55b99ea477074268d0db6ee35b2d1a8511d8da8ab991ae965c090392c |
| SHA512 | cd8de9519d4393f4f8a1d0b042b9a8c7caac8d74a42a6946321ac03167df7547edb08e8de17e2e7363b9882c18041dec6839fe133ad2971d99df64af1216da4d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 77361d13a83bef318457c4350165b252 |
| SHA1 | c1cfe5e065465b3351f1a82d0912410a6b52834a |
| SHA256 | dde2ef65282bfb2c9968eb664cea3ff2e3bc00c9311563713bf93bb5de2a46d2 |
| SHA512 | 6e4e814d3dc76fcc256ba253671d42d977d9da0a84687b3f0ba6630bd6025e093d37c99c96bcfed71781eb9f72afbdc2e44bb4cbfeb8271f4464e6534fcfb0e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 434f03eeb887112d8c3c2578f4049669 |
| SHA1 | a706dbae4351b1345269e745867d889f88a66c40 |
| SHA256 | 727dae370319d5d69d0474bfb3039c00ffe5c0d92bfd514964dd964cd229774f |
| SHA512 | 8fe94b85528f1ece17bfcf0e5154deaa853e151e97cb068c354078db7ee7a76003a290a90ed8e529d944d95f716e8ad43b758af9578e87f45d1b9028aca87436 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e9f14e54aa1e3ea6c1eed4c936d60619 |
| SHA1 | e3bd447a30b2b39890ef93c299fb18d18b8599be |
| SHA256 | c0b2c77c44c9c1e19ef143c5a1ffbc6bb1ff4f137a143191d2d2ec712468d327 |
| SHA512 | 4fe749e09663438775d16447090126e6ff62f08900d16535825a93d5ec38a330b3b59f38b0c460d4fb214d9e49065ab6098d522ee5cfa181959c42d848bdd2fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 19f4d27d5b0ed03c160e4fda7310927f |
| SHA1 | f81eb553f56dc43a73b2a126eefbe66865c01b4d |
| SHA256 | 37d1998393b0328e7aa792871c5e55c2f5ce8220b8707aed8cc74cb8af1ffca4 |
| SHA512 | 59e52fac8267cc93340d694a4e6b1deea60e224f07a5e59fab35f9609499bf01a162e078cb965f6a63d7a87c447a56ef12b648493662d8f2a90a1ffc7e9cce50 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e3aab53475427919e116c1c77f3cde2d |
| SHA1 | cef91d6c06b1d62a6a523f6fd35ff7df5a7cb5c0 |
| SHA256 | 8daf6025323677c62bec41dc3fc14358a9af1bb147a19679ba3e7cba31e37566 |
| SHA512 | 96ef3db24da875c4fbf85b7e5a66961b261dfaaaa10f555a911ef988acbdacd6174150bfe851843591a9c4c3108bce792d92878924dc21c4cff46e00f65c230c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42307c98d177a85a2d30ec32af14e112 |
| SHA1 | 0de408d0db8ba190812240cf0206b389f43b2de1 |
| SHA256 | 8e56ba557a345979afe424fa53790f873557d458a72a6634adf41a6e6271bcf5 |
| SHA512 | de5299ffae31e142fa4d6ded96b6f2d126e50b253dee6415ce8ffc3fc2fb0903bca4815e1d278a09de3835fb459bc6af9c80b36d61c1b898d41f0c66ec2e6415 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c449022d79a9baad2bc3b8eb06f0c30c |
| SHA1 | 130409dd7becc8055b17c261281a8c7518aaadbc |
| SHA256 | 966035a4b95df0be99db78673954a46278c8275f63c1411d695499d4ac470019 |
| SHA512 | d6d434cde766a0ae623e73ab62160c3e5e4016454d91216a87eb74a211c01b1e9bd0efd07bf16cfa48685859eeda1491122ac81afa0e34952b63338bb84d2df4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa8cf675fa83fec10e3122aa99461195 |
| SHA1 | 92e85671e4e9082b5d75bda52af43239d7aea8b8 |
| SHA256 | 7ae97a6c96c033655cae5894da5bd1a56efb271b5c448e9be7578e7fc0c10523 |
| SHA512 | b8aeab7c8351854fade147cc49635f03be6904f026e5c7ae0c173c2ca1029786905b6e495b8295f6dd80d6fe58599039918ba311539212980275583793868edd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ecef972e4c9fff6867e500696a9d1e9 |
| SHA1 | 65fc363f7bf781f81fd17d8b703c2d61668f1405 |
| SHA256 | 90b8acc282d4498f932e81c429294ca0869e8fa374b9f2ae41c5b9fc4c2b1c8d |
| SHA512 | beb9a08f400a2226c4c7aafbd4b4d34a8afb62b3ede0f582bb615f1de2166f5802e33817550e647f1eff0a5ddf3ea43a3ffde4baa78201e1b5a8eed75159e1b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9827054c08cc2fd443c32a93c5743fd5 |
| SHA1 | af870866432be19a5fbf0bac47461ad00f69275e |
| SHA256 | e35f370c12063c21af3cee934eee457efb9d3ae2eb42e3f8915273add241d9c1 |
| SHA512 | 16e6f6b338da4e3a0b3dc3f013ae1ce0d4747465f892fdbacedd9defbb4cfa9c82d5a8d0b1aa2efe83b13859749a275309e796d1b8fcc7c7373f036655ade4df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 50bbc514e3b05718de54bb4cafe24bdb |
| SHA1 | 947d532e14a0c0b4b7fb1bca2332dbd04449e2a0 |
| SHA256 | 7f03a8489c8cd6d4a350e66caa597116804374f5f0d88ddeaef137b2450af1b1 |
| SHA512 | 288cad17c622ae45821d7efbe459624e3261cb93ffc809188f52b4da77f4fa3c0d0943fb34c74427e8a483a5d4c83a3c65a935136183b3d161bc86b07c27a2db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 583b198777218c181eacf10938a6a5ca |
| SHA1 | 213a80e0026bf14f2008bbb8b89b27f7f235e531 |
| SHA256 | 7feeefd9af195bf037dd37fe058a34d9e6027675420d4ecc98dd21187bd940ef |
| SHA512 | 28acfaf34e3d1928a23e1938b373e55c77d53fd5925c4417c96297d23dc3b087cdc0ed52a569e04ce2dc8fa22f90180fdbd8c2c0c11eae9ce1ea1cbee03e79d4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ac1d7ee2cf4da273b4ac12584f493e4 |
| SHA1 | 5ff1acb1aa6580e33114dc7e9b01e1903517849b |
| SHA256 | d35691c399fd2cd02b54584e34d0599539472333b88bd170d4e162b1c8ae158b |
| SHA512 | 7218ee59b87f002cd6fd851d3d37e6da85fd33b18e1d55a522ea36b492c349813b5ffa4723610ada0f407fa80c091bbe578e15dd746ae8feefa5a74a45e6b8f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e48850e3a78219d82b67d9eff06ab792 |
| SHA1 | 070af4a2d3365202a36ec10afb957b328b4f469c |
| SHA256 | 24b80cf7534384730ac7d332ab7356f45c0e6a868fe5de33e0ac4eb2e5716188 |
| SHA512 | 3ff415bb7828af320f6294124fae4c68cef5ecd80c755e9746e07f3e116d40d62f0bb943e037c7c223365c1fe82bc23112ebc5ba4fe68aef0a196c1332d73761 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 15608c85324467e5fbed13c2cf5e5360 |
| SHA1 | 2cef10b544597577400d7038d36c3420206126a8 |
| SHA256 | b5fdea4503f21a7d0bd5cd4e657e3218e04b26cf28806d0a549364fd4bc9d608 |
| SHA512 | ea9b4c7b6934b7fba220d6d65b68b2bbb95aa036b618ce0111e4866e94579c48fe407665aa0ef7c2658711d52df6bf46b04bf07a6bd1f55a886fc29051216785 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd389c6f39b2f84fc91ac90863fec421 |
| SHA1 | 69bd3ab88b6d6f87c0c3365c13a47005d8f65957 |
| SHA256 | 9f2ce9b15ced31ba55c3ea9ca23a3eeeb0b1bb1287d434b04dc26dd4ed88fea5 |
| SHA512 | aeb0306f4698738b208008704e7774a250e3013bd9ded38b971c7464cfa0f39c22d8762024e1ca934ad6721d9be4eacdb9a3b7e354d6d22c52254aef7efd89fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 72825c4ec928af371f5dffd129dc1940 |
| SHA1 | 59985c433bb82706f17e4dc51534599f200f2325 |
| SHA256 | 20038c758ce482f0528d0891f513fa55bcfe6b12ebc2a1ec819e685329a336e3 |
| SHA512 | cff46b5731496131f8758660eaa57290103f504a528198f2398299cf38f43ef5f5354dcffb2d628858bad8107e28e62a555cdf102db5459d98daed6de9b07709 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b7fef5c120b6735385c5b76a045873a |
| SHA1 | 831263a2b83190519d1b29aa378f90efcb7ef231 |
| SHA256 | 47f8cb4b250b1e4dda885b1a59c7506329929e4a6d0f3a53c6e6f8be892e696f |
| SHA512 | 0c3fb2e773ee4b77e87c3e2a135885b84a515b9793308aa5617fbce26fb083123269e3cd35bb45189d3651e1e7e9d5e0ea4e5460f5e2b2f4474e848e683b454c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d24cfb068119a93e23dfc3f38be7aea6 |
| SHA1 | bddb387ba967e8936533e2e718ffa7b9264d58ed |
| SHA256 | a8c3b9b29d3b76b201a2b93974fa5412ef84d2b4dbb2952449ace72855b69aa0 |
| SHA512 | fc3a5086c1af8cd0a188648796446db20f5d4a157fa5519fb46deca46580cdcd27423bc0b7fa6f08051a75058ae16249933eda0967a374614507008179996520 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb4819b41a79904523595cdcbfd9fdbb |
| SHA1 | b0187783d283355c43db2177d48839c69b8cce2e |
| SHA256 | b363949a8f35e4509ce5d1cc6e1201f96748494330c6a6f529f051c5817320e0 |
| SHA512 | 1d94f7e9237d25986206a7a15d33c52f633b3b5b797c8b8680b96b3195b1030779978fc6f35ed2d65cbbe50d7a1e9e61162b10106eee8bd14908b9537166b530 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 528a086e5075a201d9b547d6228086b3 |
| SHA1 | 35cde224e0a0c0cf194333cdfa98c48c84e47b92 |
| SHA256 | 4a59426fceae0882214ab545e89904c1c26191eed03302c4ce24e07dbd260cca |
| SHA512 | e56f6ec6673cc768cd88074a1837fd5fb37c48d1522a514e25729070477b46910b6a6c914442a32aeea2f3bc629fcfe41a1a59d1b3b076aaf9485f9514b8afb2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 247cda883f5cf709a50414f8adbe703e |
| SHA1 | 943c931dfc33c6b3df844515a3bb10bbbce4fd2e |
| SHA256 | 3e4886d65df2c8a366ca2ec7d8d508417b1c710d4bbe92eb316f5e56a1fc0d5f |
| SHA512 | 9b62ee2413a835c9a780e67c65920ea8b09bc17198233cb4954ede4db29ab56bb6edcc0b63c0074314a8127f928ef62ae195f6de65f9d638b11ea6dc9d86132c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 962b564678fe97bef6bf92978985da67 |
| SHA1 | afc9f057f2f969d8ed02e71a9eb26ff5ca87dc59 |
| SHA256 | f2f8976143b55a204961b6258a11bba18ebf4907d3751f43aef38efa62837127 |
| SHA512 | 1520f0b023280ac9cbd56262708a0c7e08dabb95d7419a5e004524684b819bb338b5376346fe136a5cc8a2a07b95fba9bc83b0bb2ad7a790f849bc849d70deb4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d524e6b82811e9dbf8d74555aa52627 |
| SHA1 | e37d93b6a0471101e8ddcee14b90e0cd5a1f2a3d |
| SHA256 | c2ff48790b5c8473be36b6351a5b90a8d2989740548244c4ef91ffa2585fae12 |
| SHA512 | cc48052d4d21670bce9e90103fb6a4a3d907ba1df407b7c2d1f040a328701524ed87ee71d823b2a296c4c0f1352dd12fc4b44d300f625f7cda20f3f6d3bd0961 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf64e8b0d1bbe9b5a08baeaf6a12469f |
| SHA1 | 8a0adc1d5d31a37be158d506863ca7f3e9c46ee9 |
| SHA256 | db6451bca0ed6de81e0f056d9f36d42baad5b66a81ea87a125514c05cc67aba1 |
| SHA512 | efee064c2c05b5918bfa0954d2f74e7ab01168f6c4976d4716d08231ad65d1c7b2c83bedd6a03228a512401022dda8f5bfa8fe6f6cde4fab94c1c8986477d57c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aeae0e098dc85ed66d7e6a58ecdfd86d |
| SHA1 | da65777403f688a047799595f6d27b790f0d0c2e |
| SHA256 | 5f87ad90261e0a2334316f41adc32343ce52bd48ca2df9a846eeea211fc1e82f |
| SHA512 | 961a627649d4f04e8d3456edc3c5e16779585bae6902d56185b5552c43a4008b8b25cc7aff28e3326b0b08670f5987957d2ad5924880013c2d754a75a32faa1c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a68861cb43be205c9c14900bd6544e8f |
| SHA1 | 55289507ca94bf8ed8b5d4033f7f5978abcf31fc |
| SHA256 | f9369971ddd685c68c4b8d78e7a0b51a462a1e54872d053942abd7a133f95b0a |
| SHA512 | 17c893ff26c93592cdf7fd7e844749e909d976dd8861f9440de2a2bda93a02f19c5f86e8bba9662d152b35420588aba3cdf31e59ff9413a54dce04321753ba9b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f7fe76bbf6c488ab8098e804664427d7 |
| SHA1 | 0624581d679c6ba3db60efbfe1e4b7a3d5cc8976 |
| SHA256 | a2c780236e6c295da45dae8b8ca736c55f2f44ada758e0cd1c125860174df2d2 |
| SHA512 | 04886b5e6257ba7109a7ec60cdc6be6054beda0a7fe64bd9f80c1dd9be1ab64ef01ae6d49956cc1896d953acc1a785483a376203ad1dad2fadd38695a4cc8ad3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 36743de1cc5d7b433a83dc277d292ab3 |
| SHA1 | d0eb5eb96aea7711e38fa4074d36fbc512dfe4ed |
| SHA256 | 817f1b302e5a6e3650ba5a05eeedd7652056c6e9053a71001362e955e5ff2e26 |
| SHA512 | ebc56ef4a7bb54bbcf6f5dac75458770bfe8732232f28cdf64d24c595b9da36df75bed15de6f623474a6d131fd3010aaa799315a9b0ba5c6b1232aaa86d71d97 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22d0b1d2c287c6a2c98130af969a3693 |
| SHA1 | 9c644c37932d801ea14354158e3c453cc60e3999 |
| SHA256 | 4cb2457fdbed0f66181f5b6a15a7b3ddb066baef2151d60b29ffccb7f3054e5f |
| SHA512 | a1f9d3a6848dc72a5471440cebc393df893c8178928b022a94d52fb57aeec552d9176b32d25a0e256361d28d8d3cc442721e456882c3a8d479150d258f431705 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da1249b22c0cedb21d983ddb331e8ef6 |
| SHA1 | 4d9abc7448323db075c5ecb847ef23a24c40bf57 |
| SHA256 | 0f7de36b50221cca6c29e9b30bd79151333f6efce36d79f6944a41cbd8577386 |
| SHA512 | 221bd1a5ee698e5dd3268f54d78ee779841e3b266205f2cbe7418f6f996841e2ea3f41a99716e38940e76b17dee94226681966520befa366a770331d57583cbe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f28ab247ebbc836eba2e407b18a96100 |
| SHA1 | a51143650bad2c2c287a0841e50e8f1bafd66e41 |
| SHA256 | 9ebca79b227da5ea2748da5f44cd170ca531adc2f1d6ad6773174514653b5e42 |
| SHA512 | 3d494568684278141a30e9491f1cce4ec3690dc8db69cc7ca3b8f8034958faad28925c4e982087c188155a583eefd6c716c3b0aa4ce64d692b3b0af31b73f02d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 26136ac52709db929c623ab462ceabae |
| SHA1 | 5bd677d9d1130a76482dfac57e4035c5ddd0d5a3 |
| SHA256 | b8e822752467594a602a2dc9bcb145c5fd6488aa401a132f36d5387c7a240d64 |
| SHA512 | f652945601b7c992654ce1ead4a4a6e4c6eec5c3e270de53878cb54328a7d0cbdc034a3d69cceacc833e7b39748203a2b919bb12230c96a003d1fc81bc6c7d2f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5ace0c6564bb5030f858ec792e360019 |
| SHA1 | 8231903f30ae5e946fa9c03f315a1ca473aa08d9 |
| SHA256 | d1b2cf8ddd99f68fb5de4a17847201476d562f77f34a57880943170c6a7be33b |
| SHA512 | bc22a8cd780cce438839db82e3e67904888a9f0a27d8220e22fd6c76d2c8047fab19bfe603cda9ba2959c41e4bf03ffcbd33607ff98470e1bcd1a30da840bb43 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc8e34f345656311f3fa9622557d5a54 |
| SHA1 | 0cebc55a8252abccb59fe8104e8858064b8e2f3f |
| SHA256 | fb61781e3b60907fb8f6d4f4012c3553feef8e5baa812ab89591c9d8c7d9bb69 |
| SHA512 | 19e8017085dd57410d73405980e3d458adb9f62b32b959ab275f06a6727007c1ede8603da7d7df3d2debf00040cbd867e9e8ebbc35a82c15850178f63caafe9f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 75b7a58f4adb76f6403611cf007be80e |
| SHA1 | 04cf850cfcf3e81cabbb71e4340e8c8839a509d5 |
| SHA256 | 984023b67d79c0ad1d774b756474831c48b474013792cf8794275e1a4555c051 |
| SHA512 | a1cf06c44d2fe68ea78e4fc8801b43cd393f84190370b731171d8525390162089b127c0a8a56fe9e1461e46cba7fdd358fe89a449fe143a0153883866bc67d3e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2efad834e8016414e29e57686fa91147 |
| SHA1 | 23cae813d16d01a52c0ea36d2e6a48d615c35b7e |
| SHA256 | 45e2c49087924601cadee2559632181b121e49b761eaf398a4f311554304992c |
| SHA512 | c7564ce1071dcdf61098837f2501b696ecc774cc171e5cd07be52c24770e2351fdc6936a07660510407586d2af076d724b38eba595b209c00a5db086a9d14ec8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58722087e436c90f8dc2740867537d33 |
| SHA1 | 0ffd95dbf2ff9c95728b21c9e82e360f250fb09f |
| SHA256 | 1d6b8b6b6bac43dda40f2d5b7f55e271331e0917c6b4f360e9da490d62399121 |
| SHA512 | 4ad67e99537b9bbfc1b372f647e7c567acf2bfd7b6b3476cfc3ee84dc62ff30d0d0a8110641f3fd3d61a170abbec3111d72c2928b6f58060836cb80611f064c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ce53321062d0b0d68e6f223592930ee |
| SHA1 | 08110e1e8968bdf4f332761703e39cf30873728b |
| SHA256 | 917f8d6498773b4983fe0e867a44452f1ee11cebfe3be5768c4481adfba2751f |
| SHA512 | a939acad80597dd12e79a88ae2babd658d01ee7be4e2a3ec7f2a24e6ed06e4f77493e6454e2ab7a26fc0617c72b7031f7a112a502828ac7f64be04e63c0a2cb7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e4b73d62509914cd786a16b8fd9fa1f |
| SHA1 | 577b751872506dc8112cb166360a0c3b66812e72 |
| SHA256 | 42e51374a38955f8353c0ad558216574f33b1fcb34b241f65cc03c8de8b430d6 |
| SHA512 | 69cbf1d55dba8ce4fe807d61c23183599da8b1e7a463976cb715f858bb89f20b34345f8d2326571685681d66d9136fb228c262472b8fa84049e08478d0f81bad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c3ebda01b6237003679e6094f0dfc4d5 |
| SHA1 | c7b62c2ba8dcf06d1d30a20ebc53d90f18a9fe1d |
| SHA256 | 1c09b5a32de5dc07f83f729783c90df622e4fbbf5d700a53b825ac6e7b6ff4a6 |
| SHA512 | 5ade353629b4664c83038ab5658a30769100afb6806669ad56221db6a64b2ffadec3b896e503faf08468a6c844db83503e276ec09804ccca23ecf58dcbaa0a5f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5cb5b4b8c65a4b389c0dd49ebd074d71 |
| SHA1 | 8238fee2259582fccbbff17b9850a94e601f17ce |
| SHA256 | c49487c321956fb98431a10211ba0a754c49b280f0c1effeb550b9eda8c057de |
| SHA512 | c9f07df97a5887a6ea475a1483c4f623f1bfafae22d6fb249e9b5c6132cd37e317ccc9a877f5afc61639588b2e0bf86ba8fbc9ee8b272a525a4ccdc0dd34b9cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 412da0163c65d020c828ac06442f4e26 |
| SHA1 | 71c36d05378c5f3dd8c613716accd9282dfbf499 |
| SHA256 | 127da33654aa7f618366c784e5bf5e3a9efea4141fece8de090a95516ea07036 |
| SHA512 | b510ed9764e2a90e210a2188eebb7c9cec56c93a5a3d036a077a7e64525efbfcde6d43aaffd21881e741cb877332acb6f47707f47286d11e6f3805fb4969fef3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d8231bda99106621e56f382e070a8c7 |
| SHA1 | 7000d13be79f823ece0c69b3ae3c07ce0d8e02b3 |
| SHA256 | 139c874ae38ee3698e03f6430fb56fb696b69040e9d829e7b78452a8255f5bae |
| SHA512 | af13d90ff7a12a6fd7e574cb58a183c65549f58122b81036aff0825463e185cf68bb4a7800f1c215291dc3eff8aa9319c9cac9d62cd25bbc896b71290f380d28 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7579df9323bdd4c9bedd04ac0180d3e4 |
| SHA1 | 5dc7a727f96cbbe3f84703e2de346ab36cea0f17 |
| SHA256 | e12915d095fcfa60166cf033c2e4e44ed8a1fcf2069ac2e224c22ca5d41ccf7b |
| SHA512 | 4a21f8d363f32005745afbdf4a0baf82a7b9a6c88aa77ad420b1e87f4569befef33ec0e0a019fc9ca4b0114a021dd3a5b7d46eb953f4abecd67de086465f7463 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b21d9e44c2edd15a26f5bc90b8075b4 |
| SHA1 | e9276fd514626bec04f5b64dbee5e78a9e980723 |
| SHA256 | 36bd68dcfdd1e971e3fe53e209d768eb12a13de96488c739f2db3fba989e50cd |
| SHA512 | 6887f549e4fc0633a6831feff116140c5fe6c50124500135d3f5f6c03275f7e909236c348146ef2cc2a34212ebd7979d7b967149ea3d6d81d88f1314513637c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1cb12084bdd383ec7a63aa4c7f0319a1 |
| SHA1 | c2f4299e1177808a61b3f0e58bfea4b0dac4a73e |
| SHA256 | ba247b7921dbbe630d8d1cf1efad35f861dd0b205a245b6a912d45534ca0e457 |
| SHA512 | 8292fac941a1e6fce67681962bb1aafdbcdd5584bcb0c946db490f68e4e566a72c45dbf2d3d1a4c3f430e2e84074302aab01680aa8294177dda1a412989cae54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a7d5f36df1b43c471bfac30147969856 |
| SHA1 | 4d7517143d1cadc296ca0999f89893597e8ebd28 |
| SHA256 | b319e82e3700887e35a611d739f90ca7ac332891d56ffc2ca7c1433f204969f1 |
| SHA512 | 8df09609994e689e4944561063354c54e12f8910fa7123ec5923f7f8733ea1bbc016bb662050a9166c0b265eb3ab9e4019e4acd66aeb82d2ef6512b02b9d2162 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9fb33d84d0c38774642a2353b667bd20 |
| SHA1 | 374e12f88afbfe2d09f184465c0cf2397f2bd5dc |
| SHA256 | 3a56ce3ee5a176c5f0a1a5ae09a2993fa8b521a3b963e72aa160dfed8893ba2c |
| SHA512 | 60fc0dddad919028082058f686be0957967e55eff4f0ad16bd8b42f009e4870a016250a30d8ee4a47f3d53580095207cfe439e4019559571d28150c7979909fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d98cad07c3cc1b69cf22b615faceecfc |
| SHA1 | 9efeb7d60f68eb7a0e343f786b5415b9bc5e95ac |
| SHA256 | 3da4d1a9e0bd6ed8d1f5fd9706796fbbaa1c0d98ce2caa3c5b8d1c6a48e0f818 |
| SHA512 | 0537ce53e3c213ed949d3c22ada873b91cd3d930423b3213d0a57a7a9efdfaabdba71ddddc03d7537d5138c9cd1e8e64583f75ce8e0bdfb03fc1d35825970913 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 90881f6e78ae49db8b1977f0a40260b3 |
| SHA1 | d1f820fc092cd78fe770478350a30d87c1244436 |
| SHA256 | 357d89dc8428fdc5ee785efe245509c57464a4f1ca73717e03deeff6b68b9dfb |
| SHA512 | 7a918c562f5abe9e0e29dcd4ddf33560f9f1c1946f55af2ce62454789aee6a252dbbe27335d058eac368733487497ac9e1e3fdbc1a37df4396ea7675bd282ab9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa045ee5745f8f89bdabbecf23cd5e9c |
| SHA1 | d7e241d14d98ee36df7b6018cb6838dae2a4c34a |
| SHA256 | 49b077274d85a80fe5c620ceb7e877f7904986ce0b1933953950ae1e27a1ce23 |
| SHA512 | 485335998df374be90da77c490da80fdf3911f7d2388487c6358e3fdd104daf47d8e125b3f6b5bb8cb90bda63013960925760dd2aa8d048e83cf2a411444d2bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 53d437995b747b88cc488630b60dc18d |
| SHA1 | 81b651715f5acdc4929f439c670c05ce41a6fe6a |
| SHA256 | 59d98d70962965afdf097ebccb9839581c2bb16f31e3ce2a526c338299ddeef9 |
| SHA512 | cdb05a046bc95de2be0c77ea67e30fd23c62daefbaa8e0247dc3f8dfe4dcccba67c8ec3feb892c9e4d35851fed6cb67f3b684e8cb0e08355c7af0698b0e48764 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4c90f3f39bc1c1444a407f4fa4b1cf5 |
| SHA1 | f0c19b45b63241fcd175a9f2dfe09aebb1179ea7 |
| SHA256 | e2b4ab8312347ebdad6753c9c130810e046662e5a871447b34d718125cecb058 |
| SHA512 | f51272ce7aa0a9c31541a36ad507e98a4295eb0a53ad604cc2b8854187d4398ed239fecc72ee024e46813217669d6247c90a0062668f743ded5cb3a689de4046 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 34275d2b65c597e0dfe5739fe526f2dd |
| SHA1 | 0427b38443ccf56113d2cafb2c449cec7ebb6b50 |
| SHA256 | 45bc33c833389f3e3f1db3ffd5bcb3c1f5ae0a8c8b215b179b5658fb67fd5361 |
| SHA512 | f64e6c22d360a4490bbbb10578b3f71ea23c8e5ab7fbbe4d4bc29ffb95b12ed9c487302a28425b3694ef9ab14b883921382fbf0cad0f9cc66b2d1b8a7f61c6da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8c017b7596186d9aa27551f661a80069 |
| SHA1 | bd7f411d68d1cbd0d30b2e5125a153d3a0366250 |
| SHA256 | 19bf47c8b269c0c7487814cf14327ceeef52320da0ad8a8820638856d5085e3d |
| SHA512 | 930cbe96c7b9af6c72252828c164bd7a6b5627f0ed4f2aa828e3665da7a560f8762aec4df125c332000ecba5329fbb51854b2a3249ca65869784ca66ade55f70 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 156a50c871847ce851636eed4c7bd9f3 |
| SHA1 | 8d05ed67e3724fd73a068e9755c05469b88e87a4 |
| SHA256 | 845b40f09a8322c864433ececa169f31ea39cde42356c4a6e13ff059c2ea7ae7 |
| SHA512 | 1edeb7bffbfeff28e8767f744d5c23b239d8fb98f55cafee2897ede24e909fd30421a3f7ca293d4fd6f9b69e32bc7703453551713a3e00b0513feb86904d3c78 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a05bdd06fcdd78b878b8d3eb97194adc |
| SHA1 | 38ddb1a839d8d912d3145d33797a70f06b86cf87 |
| SHA256 | 3ad86ba61c4026866916897ce9a751fb85d007670d930c682e94d426d4aed2c4 |
| SHA512 | d309bca9332c20b4ff95f5e7469266b793ae2a4184bebb041e7f59123fa0f94223264b2365b768cddcbb074b3d53ead86a7670700c1bd2c5e741d4b21fd5a772 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d44a69a2b87ed5df9cc7fa8de9f8e2cf |
| SHA1 | 3b9c81287e2688c3920c397c0d536ef0ca5b7b13 |
| SHA256 | 9d9d20cda04463ea5035633c64019ba77c9e9b46045bb530d8c336c75d248d45 |
| SHA512 | 6c5f9b4c5cb777f517c205816e88e0798e28d332bc6c51796c05ce371a55ad14cb15e701b5319fdd83f473e7dcb8c16d210395fdcfd8038b1e3f09d48c083d72 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 54435e33c45563bb4f91fc5c4950555b |
| SHA1 | cd331f99d800a855999dc8d7e698b485c6525791 |
| SHA256 | 0b472369d29d49eac6cbce953a8f3593a041ca3d4ff4201da5d99ab495836566 |
| SHA512 | ea6b1f5c6c0682996d8b34608658913f1e82ee9bf99f017c1f20056a969059bf519777ce22d5091e903e3f0f32a84c09394b2ed6bb6f6905f19d602acda9414a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 402e134d934075cd7aea28d61ff4ac1d |
| SHA1 | c5c91b4cf8f3e60e57d18c98cde80df0ab1082d0 |
| SHA256 | 9be372db366bc1b038f318d83bd2fb929c7c2fc34ba006704b8564f8eef2fb4b |
| SHA512 | 88cea397a2d7539f1d8c89fb1093ca132b3f5859da9b643f98a97e6493920b6007d2a3f86703544047c7ccc33bd8cc7bdaa2292ce13e74a95340d344848330b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ecc27fad57b4398f7684cbb80b33d3da |
| SHA1 | c53004ee720f4404c6c10c914d69fccd8880e3ea |
| SHA256 | 0533970972a25994caf2e934737101052a5cf95fa8e1c3c0940b0109726549f5 |
| SHA512 | 0b21e9d579c53b8ffcbad135dac1ec607a1aa5e60826ca2172fd681782e476b5cb5eee8b65ffd7d3da4bb968c484fba1f9b9c2ffa6e401c7ee9e2ebcfe4a5c6d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de9a91374cc59b98cb2e618616396a7c |
| SHA1 | cc0f25ba2d0233a736ce1e1c34bb3c9e8dc0f42a |
| SHA256 | 2d07eaa5b9ced788f8e2fe7b4a5cfbe84e3aa7b5f8769a9b4b88ede292b05de5 |
| SHA512 | bb21f729c0a6364a3da6ef92bd3d2749fb4d68113cd535f5a3aa4003a6e2249ed6c1b59b0acc3f2814d9d095d076eac1500c86f2f439ad91cee4c201643aee8f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 02ec84fa965041522dea09fdb253f175 |
| SHA1 | 980ceb948ee3c0842e2a87fbf3d9a2f3ec7b802c |
| SHA256 | 853b722f05ccaa0bf64d3a6c9a1297f25d43278763e2ad7a9e4f9db42254e8e1 |
| SHA512 | 617178a94ececb0c80cc2711030eb5ede0226caf3214d63ab76ee89de140a0c35b0218d61e2f7a1792e479e2853c3d10f8a36af24cf019f23833cd9db0fd703b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e1cbfa9c9d60ece2116d112f4568041 |
| SHA1 | 426a6f76357c5e142bc8c6d15d102fce94401645 |
| SHA256 | e57e5527d78aed18fe5744181c36e67ef1011a6c338d38fc910866e827516024 |
| SHA512 | 7b204deb62e4f4db6371e883c67c36f79c67ff0b015c42d0c0157ccad747545ab387d35531b19066485819148a467656483916818096e1067497d23f7dbfbb13 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e2d5c80a5d9b979a211257ae59edde1 |
| SHA1 | 54e268e3bce983995105581232d345dd500cf5c4 |
| SHA256 | fb21b00b63a67fb6838af28b6894707bd4e677aa1dc3cf42326281f453a0ee4b |
| SHA512 | 9b4532da50979e426c0b141570aa46976030662a6db5e2e7514f5500a02a8d87ee99adfea2a271aab1fcc30b0cd6b7145ca1e8ebaac7a723f21f3fedb6fb6051 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22cd9bc3c17d4c507b08a42709cba73c |
| SHA1 | 175ca6efd42ce0b899437210a80b54dbf5453a64 |
| SHA256 | 8b5a61878617fa7643248cf3a157262a0296d6c0c21336d93c0b78530aa270b6 |
| SHA512 | 7e1cd077e1106a6e7a31a898574f8a0a986f4124f2b61a20793316f5d84d634e9032ad88dbaeb2f8c19756b95d8d70e852b998f0a8ebf7d0bf03b71fa62e8080 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a4676764726c9725fb4d90891fcb536 |
| SHA1 | b3fab7bbaa8616106ceb83a84a9a1b82082ad6b9 |
| SHA256 | a447823696930f8900c70114e2da2b67af60deee4624762a681bb84e776b91d0 |
| SHA512 | 5fec26b97c7b102ce09f7fb63c824b136265dd173c3e05e1504de7526c5f25898c8576d6c1b6038116e95d06fd45a3c85b6ec5de3f4010428edd0dfdc7434244 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 68b63211f50873df387f122919a473f5 |
| SHA1 | d48e604dfbd49ea5cd1f79f048464bbce516f41e |
| SHA256 | b59831c29c6493e517702178fe5c00643639331ac773493c80049b86dbff6986 |
| SHA512 | 6f635e05cbacfa529d1ccbffc248a92518ba5dacf537eda1a308452601d8aa7165c8c5dfad359725d5d1d906cff1e5c4bd64deea3e7c08d9dd369b2b3c0fb520 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2edad03cc6e2d173ad6a06fe2ff47347 |
| SHA1 | 38bf15f80775df34fe65eec9d22ac790910ba9b9 |
| SHA256 | bd41db72abd4a14902930493305d6955ff8569e74aeb5271ec883d70be39e28c |
| SHA512 | 6b0740aa3bfaf377dce86036bcc6d6d19dc4d68df992e7ca97bbdf332dda86e1fe095889dd1013fd628b85f7d19469e25544f0108a13b1c5206bca311945bc25 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a92adff24347db551c41504cc381b7b6 |
| SHA1 | 9924199858c1c41d72274f5609061589d55b6fd7 |
| SHA256 | 553bd7efc212f4a7dd3acc68fc0aedbebfb9e90a2a6a352eb12aa1b14b20a4fa |
| SHA512 | 20c267fb6e56a22223d805b912d5145a107ebb657717db7a21c9a4b1ada8e5984d561b717a70015d3284d3747822e50ba3d197606a8109989f08bbfff4c6dcc7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1278341607cb0f2ae1c7dd5efdd44c4a |
| SHA1 | bf8adac31647c33c9d0f16116a2bf340ee38a6ef |
| SHA256 | 53faf13b56a96cc5c329fb108cf6d78de71eb1c6b9c127cf674e1dd3ea3b5290 |
| SHA512 | a585c003a93e07ba38d73206f5cb6d2bbb2fa16c8f769ee1da04ae674b569ca97fac71ca186e32e0fe6ea502228e800a9bf2253847402e2a335fc6823f6d9fd6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d419b6f7eeea1db16b1fb6a033e46f68 |
| SHA1 | c1fba08b985b739277fc930f826c0cd7ec429f35 |
| SHA256 | a18fb001a8d606fee2f6d625cc56753ddaa7024fb2753f9681f30d5f30ea1139 |
| SHA512 | 19f2c70e59087138a786cc866c46a1e5866288d660ed0f0764c589631dde078d556616c19267f13fb64f1cc0fc061282ac734501eee322534300ae480b950b04 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a1f8c399fde3d0582742ae5fbdc6ff79 |
| SHA1 | 64d3a771c2c150308beae8377c30aa77e520457c |
| SHA256 | 459bcbbb18e5a47a1bcc447c3a4e0ff90e314187548955ef3c12779852d59e77 |
| SHA512 | fb5d862853f1fc8edf8ce7bea1ea999ec11a6ddef45b8868ef8811dd0970065798f386424b336a392e8adef7c7ab65da5e94ad5ba1eb5ce08a351e17681bbb92 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ad35284b44c30b0f54191a6d5a167cd |
| SHA1 | 029e699b9819d61fd31ae45eae129617829f8725 |
| SHA256 | 03a0d73cee0adef13841947366133cdacdca20ff89d6b3a5c2b7ba2446210cc9 |
| SHA512 | efe33b0efc092a6042a54d85c8a275ee1dbcf75b43c0069022c7ef6d13d2299f56de08734b307be186ce35c60d6b153dcae15434af495878c399fa7d42004b88 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cbeb09e995b0610a805ab5499db55f54 |
| SHA1 | f3a8f16a0b56ee8becddcd14af1583a4bb787934 |
| SHA256 | 766f4fb837b30ecaca137b497b29d9f5e927147f3e8cc3d69d4dd577f462b2ea |
| SHA512 | 7f3fe265c4ab9d4b69ecbfd9c447c993d288cc7520b325d0ddf8107f84902c1380ebd0218dcf2b074a518cfd50bf99dbabfee0b2fd2631f813742fae3b733134 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 73f1572953c44a8774b3c68e7da01430 |
| SHA1 | 6d4c50200eadcdbe8798a59437a8ad35814a537f |
| SHA256 | d85cb6d9b38bfec144aa55d310d38b74b6a79c1155d0e312e10affdc40c108bb |
| SHA512 | efda783a0382b777e1fd03ac1e67b54a0a3f78b45fce95c085300e352b85cd46ca2eefc9f4406448119cc2d2ce324eceb11da38176c43c766731643bbb4429e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00ae680ad0bb49ccb34d61226952b214 |
| SHA1 | d40fb60fc4b60fd23e26839b6b97ec6887653379 |
| SHA256 | 467654cf35e628cca7de725225f2c5e094267400007105ddcdc84979edae5a5e |
| SHA512 | 1f744f41b2429bce2df67eae73a4032583d2b3fbda06258c60c6982935b617b56bb578c433150d4e351b056401e634c0bdf19ceff741c4aa3645cbef235a8f98 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 311f89943f3d410829b3093dfdfab749 |
| SHA1 | 68b8c9017777b34038e32401f020efc29d330618 |
| SHA256 | 71d6a10072dd57abdbaf0f7168e720d30019932e8e9066421eb20a6c8204a0a4 |
| SHA512 | 0877456b544dd8b1623314b66fb3555966018848db966631d638965658216a5552b57949567c137238c8edce92b35d011128353534c89e8a37dccd7d04fd2635 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 938e014da85f27727f37b5180f3858e7 |
| SHA1 | e63e421eafd650f6abdd63b07150dd3ad97ad857 |
| SHA256 | 69ed52ce9d91c90e46cd428ec973130698b1c5f851aea1e6d1103d34e7cfa93b |
| SHA512 | b639f7316d95bc7029b9dfd227f7b1f78cb5c70dcb36f150f72b3665d9bcd957f868c921f781ee0e387a120d1a8c1b13c796893ce201e7d228f86980b969a389 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd61a79edff7955a6e3caecc890498b8 |
| SHA1 | 18ecd5d51db35da209ab6c388d2d1afe840256f5 |
| SHA256 | dca18db441fa3ac59cf01023c2c973c650e456623c273e46ec98836e19262c43 |
| SHA512 | 289395b9bf89a526284d8ad439112fee17451d50ce1286fcbc16e6019171a2f0a75e2f57dba7cee54b5c9787c4b5b0503892168a7477e554ad2c01f999176faf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c6546dc508603293a1ad0f5b355d1ce |
| SHA1 | 848f744efd6810d369b081d0c757eee75b51a84a |
| SHA256 | 73fe6a4e8f9d65bbbc6594c7ee5fb0fae183c8e4aca843c3e1ae47213edb007d |
| SHA512 | cf54669c84c154344acaac55f9260cc297ccf9ce4a0c0f444a5e099c640167537df9e08f5b2cd90a0b6a09fe5bb5c4d953c32d7ba0a0a376a7006edbb09a7c80 |