Malware Analysis Report

2024-09-22 14:01

Sample ID 240522-3tqqladf8t
Target 690c89ef69c176f31c2010e75c365ac5_JaffaCakes118
SHA256 3c3c4b39f9355765dc75b7a893bbe52469f83afb9e5d609b7b74d9edfa415609
Tags
cerber defense_evasion discovery execution impact ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3c3c4b39f9355765dc75b7a893bbe52469f83afb9e5d609b7b74d9edfa415609

Threat Level: Known bad

The file 690c89ef69c176f31c2010e75c365ac5_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

cerber defense_evasion discovery execution impact ransomware spyware stealer

Cerber

Deletes shadow copies

Contacts a large (517) amount of remote hosts

Blocklisted process makes network request

Loads dropped DLL

Reads user/profile data of web browsers

Deletes itself

Executes dropped EXE

Suspicious use of SetThreadContext

Sets desktop wallpaper using registry

Drops file in Program Files directory

Unsigned PE

Command and Scripting Interpreter: JavaScript

Enumerates physical storage devices

Program crash

Uses Volume Shadow Copy service COM API

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious behavior: MapViewOfSection

Runs ping.exe

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Kills process with taskkill

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Modifies Internet Explorer settings

Suspicious use of SendNotifyMessage

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-05-22 23:48

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-05-22 23:48

Reported

2024-05-22 23:51

Platform

win10v2004-20240426-en

Max time kernel

134s

Max time network

105s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\InstallOptions.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1524 wrote to memory of 540 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1524 wrote to memory of 540 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1524 wrote to memory of 540 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\InstallOptions.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\InstallOptions.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 540 -ip 540

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 636

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 242.137.73.23.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-05-22 23:48

Reported

2024-05-22 23:51

Platform

win7-20240508-en

Max time kernel

118s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2611067143.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d032cea3a2acda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422583585" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CEFC2ED1-1895-11EF-8C89-6200E4292AD7} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000003352d6775eb53c573dc6dad26ed573937727d6a11dd71fba228d919050db7b50000000000e80000000020000200000002ca7e2d994f688ce4c428ab48293a0319fa13a02f6219121c5164755fb583a2c90000000f1f2236ca2518a610e4f75669ca64db6551d44adda743a791b96dbcb62d7281258d1e45d72219fddc8f4d1799bbed3418d9d6f5b42f6e471d07fb50a8ad43ea28a206d16bacf12644a9ad486c21bca50c6040bb66750f8154fe81fbf506a7448bdb498379a472675ee91b12b57a0ce731d4d59fae178234ef28ebc9cfec952da71e756a4a631c4298f0fb17b9089061b400000006c801675fe50f51753bce6224e75e26d1ae9c8a28c1ac49ec255970668fe354687cdc7bd35b9a7f57ff7706b7dd6a816cb9b0a354b696b983111da6637da9ae2 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000009630426e1e9c194ef1200ee79cac7c994efa7bf4e1ce749cf964877948384aa6000000000e80000000020000200000006d518a358078b98427f977130d74bf8100aeb28f5356550aef773e1556234958200000006324c246b5809a90b34bb79b8ad17e6239803b8552aa178bbabb8d932486cd80400000000e76c23c7732a8ccbe9e3ca2a15381a4a045b9c05c3e64ac736cde52e6fdb660819fab7f7456b7cfbbbd053524a0d79842024cc35fe31b3f488064c6ea96b687 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2611067143.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2232 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.028jiaxiao.net udp
US 202.5.18.17:80 www.028jiaxiao.net tcp
US 202.5.18.17:80 www.028jiaxiao.net tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab3C09.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar3C99.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 235bd48635f71635aea378c0398d6a54
SHA1 7ee54793980b6aaba821ab8bb7580c8966fde6fe
SHA256 2d0cfa321e0d1c58eb189f944eda231c72a6eb1cbf3ebdaaac26cf9094957e49
SHA512 d0e8c53968d4fa36d651bee361f868e304efc8536a7e3b98b7b26e7b87070289889611c7959acd14c72318bb453d47c8d9e988eb3d9943e8c7e0a7ce55e6d644

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f77e1d508fdd106cdde9ef5559e6a4f9
SHA1 ea3939c53248c4e157f965af948e3b951f4da978
SHA256 bcfc8be07a8ab3b7d3d8e54d9b1ef2e51e7fe4b3595c9d02ff13f9a064c7ebaf
SHA512 8891576f032dd5f3782db21ecf345a0d699d128d261c67d57c4d3e75935aaaa8dd02758da0ea4cbf79aa4dcfe1498539227d08d7b5c122ace5ba288380a18cbf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e5d8f349b5347a007eea4a7a161e23a5
SHA1 649e9188162fb4a11d579e2b594fe3455eba5799
SHA256 d048be248c2b865ae9d982d21866fde19358c8c119d3f8e7566b0e17573338a4
SHA512 8e4cf34e1bd40c60d83e02fbe1508de9ae4cc3eaa4ebf24c54532f81b19938eb8186accc5031edfa642540e534461ca265cccaac3692592eb896e5344423af78

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 34faced15f296e71d195ee3833950fd2
SHA1 3529a175943578451a185dcabb29b1cd83b3750e
SHA256 a0b0021a25b84b8190b3ff9bdc8479c3a333c2f7a0689d498372b5b7861611cf
SHA512 0c3d1d465a8dc0899d317b0186ebda02e7c117f5182e69ec776a1a4c499effa3ea078e580dca783153181f44fd9756bebe31263049679509b44603d21fdc4fe0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 31d6563713a30f1f1fc20ed139341663
SHA1 5e2f42f4523e54f5ac025b8a9774056c563e0ef9
SHA256 9003c017bb58b8d41e291a3dda07520fc974734becf96b1555784924377dca58
SHA512 1be75677672a016dcc705c3af71548d3bfb48dcbc733833ac5aa90f4d8cdf159f27b825cc58cc4c00f9ec5772686818b3a87143a74ec763c5469e1e7a67a3fc3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ed8b0a0018f38e630c4c41900e021bde
SHA1 22618261fae0d8b1d2faeb942816ae45e7a55145
SHA256 05e1f37b829271ee4dfb66d0cd509cc411201fe3322738ff555f47a328ad6c97
SHA512 a2a9a871a4dc160e608f76e03ea3209a7d407363c3a8de63647956e51f05c2b37b23a7e31e9ee611e6917ade7fe362d19c8da0b6cb2061ef32b1b11f1b15c623

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ed744c8f8371654e06e2fb1c84baf4b0
SHA1 e5be542526455c6341e9ff7c29e0753831ccd052
SHA256 1b26ca3b4e59fcebacb9b7138bf0b045f6ebff56653ee7682aef229e7383f16d
SHA512 5453a76d912a55b5bb67c6688ec4609ad31000f7cb2c795cfb908fe2c1fc1b56ec22ff13df884ebf934ed9970899200713037aa7112a869ccd33486f45465593

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d00d0fec8bd9f21a2194542979950e4
SHA1 7802fdffb04914a870b601d92720792bc87b3047
SHA256 df4a39fadb20c7bb715a9dbdb26060d69bb0664d765327593aceb7682acb04a4
SHA512 50973f6529717a4c78597d5ac9c48f695d448e9770d12b07ba8ec4256c87d3e9c540307013a7b3b13af173901e24e3fa456cb6e7853d4e267b77d458041ee062

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6e476d63680d39b25e817a36b0d7aa05
SHA1 d3d7349b78cf549bb4c22e48ac746ce778d996d4
SHA256 6d261e3c678e72bacf93f8433ac5b00a335113919a0487fde2372c10fc734f0c
SHA512 08f20b1747d12b299aef8149a89d6ebbfdd160337fdaaab99e956064bedc0e97fa038518312021ad93a1a9b7176d9ccf66b06f833c996064b0944be876b732aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a871f0b1e0c394fa7cbd50d266498f49
SHA1 4353cd824fe7c35bcc9351ee097d356b0e331853
SHA256 2857715d1335a5f3c6edab2922f82f87c3ac8e9e90a6bb9f4033f0095dc441fc
SHA512 427f2f44603f98af149c098b61c499ed48b6ba6f3064ed1e81d2b45720b5e2c9b6bd1b6b0e3dae02875ea63744a6207ac197e4093f26e52b3fea0fa5d775033f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ac63d16ae63228aa2b02a1f0a5e65ffe
SHA1 16eec55b3902c861954f6e9c254a7a4765770481
SHA256 cd7a557ec02f28b4bc388e3736724cff5776b7fab9eff626a177c55037cfc50b
SHA512 f987394ec9aded74c657b716aa04aec0c9532696be5ae5352dfd94dd86a024129907cee969695e7ad57cc90fcee8dcf340d1e33d6a650292df0776f5ecc44e34

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2e011cb01935c7c9b9df50e1577ce54b
SHA1 5b1d3038d182103ecfca7ae592d3c297ca07b06d
SHA256 cf48bfd1c85137979280cd08ed9202f138bf0a2d3b3d35e19936201a8473e122
SHA512 cb86c967fdb7fe7fdfb3ff1057d28646f63f7b41759752ef40a62df071693930497def327d8a74a26953b18276edcdd401f2551b3d8596a606a10aff597efd03

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 37316a316cb65af2509406c0805f994f
SHA1 45d230b17517ccf0f4822e93fd46deb0ea37392a
SHA256 a2f0c59397d7da3840c60bc153d71fadeb6ad547b2d1f0defa134bb8624a834b
SHA512 655e7fc90383cb0270bad626f2e5a5298283a752cb44ab510f1db7653f1b3535bfbd97c88c522f54b35f5a3abf17eaf80a4828053944cc445e7c28f57afe79f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6731d248a8cfc866409b0a99b1892bfc
SHA1 626f29b131e1e5d3bec1c0e7046889bc95f345bd
SHA256 3b6329a75ad34d767654ba23766af128fd2ba830ad2d41e15147c09b11ecb2dd
SHA512 7ce40f8ce6150548297e22a32d4fb9ed57be9475a6e406f1e9a7158620a429dc63ab17d7db69eb74392b62e025bdae6fb48e3a608859dbb483fee791592d56d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 001aeea3f8bb2a6b66421aaf34e85095
SHA1 61fbff66ca218c5feac3ff1b5387860c89c1ac87
SHA256 139fc3816ec1c9de5b45c16e06e6c43f53fb3f25c9ee20a49179404678e39316
SHA512 25d69e44397eb2a9fb00492fa6ad1965716add43f8414ed97b4418a689a9497432b13a70170c61d9a4c75fb7977ed016bcffa37793315d83d9131ac094887288

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4c2e6dc5ab0babb0f2a8b465a8b1bb32
SHA1 23808461d0c19918418235befe879a5e50d5f4df
SHA256 23e9500c067fee96323b133f4bdc3e31409766c60317686aa3dbddbcea115d93
SHA512 5628c28c63c7553eba2a6dd5c818610a0a646edf20ef455d9e08fafb086becd09260184c582d1a5d9fa55d65c845c0b662b3469febef2f37b8dd1f03c67bc34f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 15ff5de7ed163868e8a2c23c005d6992
SHA1 dbcece30a5d5d4ead99231ee9fcf9937fa48c297
SHA256 a796e59d0ee526b0b2372b63f438bd29ba3a9a4be805396c2986f45a1e1a8a10
SHA512 d9edf171ffff85cba24997248e9a5c8872715bda11fc543e3fbf0dd98dd98dc7ff30210c4c9e1b4a320e037bdf65e82157c9ae33ac967ed6bb9b05a4aa90f76d

Analysis: behavioral10

Detonation Overview

Submitted

2024-05-22 23:48

Reported

2024-05-22 23:51

Platform

win10v2004-20240426-en

Max time kernel

145s

Max time network

146s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2611067143.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2124 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 4752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 4752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 3688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 3688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 3688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 3688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 3688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 3688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 3688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 3688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 3688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 3688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 3688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 3688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 3688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 3688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 3688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 3688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 3688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 3688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 3688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2124 wrote to memory of 3688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2611067143.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe5a3e46f8,0x7ffe5a3e4708,0x7ffe5a3e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,6619666733602169334,8370479112290208283,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,6619666733602169334,8370479112290208283,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,6619666733602169334,8370479112290208283,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6619666733602169334,8370479112290208283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6619666733602169334,8370479112290208283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,6619666733602169334,8370479112290208283,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,6619666733602169334,8370479112290208283,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6619666733602169334,8370479112290208283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6619666733602169334,8370479112290208283,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6619666733602169334,8370479112290208283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6619666733602169334,8370479112290208283,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,6619666733602169334,8370479112290208283,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3084 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 www.028jiaxiao.net udp
US 202.5.18.17:80 www.028jiaxiao.net tcp
US 8.8.8.8:53 51.242.123.52.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 17.18.5.202.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 249.138.73.23.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ea98e583ad99df195d29aa066204ab56
SHA1 f89398664af0179641aa0138b337097b617cb2db
SHA256 a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6
SHA512 e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4f7152bc5a1a715ef481e37d1c791959
SHA1 c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7
SHA256 704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc
SHA512 2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

\??\pipe\LOCAL\crashpad_2124_QGOFJOSODQXFLCEP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b275d7025ec319e937f7a9d4a0b0d82c
SHA1 59d7fad222be82dfc7854626465d83140d705d13
SHA256 c8349ab9daa0baca63144d77260f9637afe4aaea648bc2356a650d15382f4324
SHA512 41150fd7d22057ba0f4d38b35ed0dc40cf0442ab6f6d854cb878f16a2fd8392a8be761c8107b20c5dd3241e6ed67c97a36d09fc9021cd564f66dd4039bc29e25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b82d18682b2664edd98cb626181a304d
SHA1 628787226dd4fe3224470cd05aa9e5d1b8c0e4c0
SHA256 b25dfac4eff81974dcb3a87ee5acb6cbfb057f01cf5f974670562cfd47a14d58
SHA512 852f2d1feba99d79e51313346f5709d839e5b6c225c54b8eec3f081adb65776ea30c56f1448d420092ef8cead54bc6f7432482e58ca8a9283f093fab1cf465e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 966e1156e701c19f53461184c55954d6
SHA1 608f0473c40afce8bcfef7f9a429cadb5a4064cb
SHA256 66c2037d11c9c1c4592e4fb8b185b4a66e015f95c56aa7880d209cef8692da72
SHA512 1c97cc5fe4e23c46f3ce094268e63d8d8cc57435138dbd03b12c7d457a866eb60813cb8bb6c7ad6644edcb94b511f6e9f8ed54638b3b55d5099f56e8e91ad6e4

Analysis: behavioral15

Detonation Overview

Submitted

2024-05-22 23:48

Reported

2024-05-22 23:51

Platform

win7-20240220-en

Max time kernel

121s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\home1099482986.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f82d62e7823635439c896d3dfcd423700000000002000000000010660000000100002000000098a860861c56b7d05eaa63449b220068d3a9b4b0055b42c24856c3c688e2d8e8000000000e8000000002000020000000407cc1eec1246c31233828222d728e67e8d39b559b2da866c29536ae494df4de2000000092e35c4baf81d2854cc0a181bb68bad0663a3e4a020def81069ddb4250839e61400000006d882e5ef02f05b4356e1219d3ae973921e7026cf2a7bd37e51cd1ad86f3e243d04249153ab90cad0d0663037b91135875aa6c85c5e7525ff96501df67df7961 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CEFA0421-1895-11EF-9ED8-52FE85537310} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422583585" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80d8d6a9a2acda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f82d62e7823635439c896d3dfcd423700000000002000000000010660000000100002000000088b1972e9622972cd37d1ae1c357e8abf4c78616c3fd0a709e8e51fd8be2fd77000000000e8000000002000020000000f7592a20c3ac265e176439547750fd2c44aa731f81ffde56febf1863f0daf2ba9000000065258c091ce03480b54fc5234b86c77f6d4b22708f5c3e3d9b6efe69c4f5777cc4c58b527a987d306bf2a86dc2fcbeb32cc98c83973a37f630046bdb04f0daf7b2928aa8d09e4897fd7add2952753cbc36dff3bcb1ee8480ce94310a05cf50525eb8a756e9f6a05994601010265d164f98b6031ad6ff25fca8fff0afcdf6166f8710ae184ab3d206cc859463c0b7d7644000000018c04f56a5ffb48c8ed99907014cf2398f352f9ce3997b444a1c9e019d49675cbdd5ea5688e3ba74d366d8284daaa972c8457ca5291483421c494bb328caa9a1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\home1099482986.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3028 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.twimg.com udp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 abs.twimg.com udp
PL 93.184.220.66:443 platform.twitter.com tcp
US 152.199.21.141:443 g.twimg.com tcp
GB 199.232.56.159:443 abs.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
GB 199.232.56.159:443 abs.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
US 152.199.21.141:443 g.twimg.com tcp
GB 199.232.56.159:443 abs.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Tar27FF.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\Cab27ED.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 82ebc86fe5764e91b63ac071d8bc223a
SHA1 a5c2036f93d86dd4e2d9568bca2d017008000e18
SHA256 cde791733e78f1a537282c9a0266f459b99da86ce11cca5ca42aa1ed767bab5b
SHA512 b02baab129ccd7ca9661c0b34a4c8d2d782cde7400c216475a0f89caf09ff8b61df2b781871f5dcea5e83d1da8926410a75578792f26f8993fa8899863998c61

C:\Users\Admin\AppData\Local\Temp\Tar294C.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f81e2dae958b98d4f405640874f20e3f
SHA1 17f3c6e97e83d897e107350b5708b8b0567327f9
SHA256 8dd38b05ca88b8690a57aec1795ea1775f852e4f653c8cea80a0379759a19c8c
SHA512 ef9e6cce968f04bc2563a8e1fc45797f716d48875df4d904304ad7b8849544d3c7ab8cdce60c515540edecca308e73700c87488a5d2c02aef9f3ca233b292684

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 77d5043f2b35e4b0cddc47513a616209
SHA1 2185a84d033e554ccf936073c138e3f731ea0eaa
SHA256 256573dd4a2152f059385da75a11edb9f72c67a44a6f6ad9f2b5548d1256f638
SHA512 853381cb1b9135d2bdc025c835f74286f3f1e0de026b4ee71abd770aa66af4de3f23e08d9edff1c55e81cbcc2b33a42ef64a2aa7485bd2850381461610dacb16

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 50ea4d822bc0e9f3f4ee5a658eaad29c
SHA1 2f23a2a470e5d2e6559cd6f84d87adadf026a283
SHA256 ef25e120f6e965c4534771cad65a460f6b11adf23f86d04dfd598f29208ea36f
SHA512 640007b358d40f21b544a2154db72c6bc215496c2f04238ddbb38979497e8b375f92bfb93686744c0c3a0b95a660762ede198b4674856861fcd83469d210eee7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 73199985e2eb23afc2aa7ed12de78cb2
SHA1 bae33a654499c775c54523318dfbdbc44685dee2
SHA256 30a248b7f58492d0fccd60c70ca4bf9929352db71003ef8ea09f0f9bf87ac6df
SHA512 1a8ed3d784faf8619e62ab40e50c3086363ccdbb24a7d9af7079f1340ebbe7280dd1c24d57b8273e9cd6b58d192c3b033d834f5e9cabf3a6c548edfd564e8e93

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c48014020476d3ba5c2b89b0e9180811
SHA1 3041e517ec5dc956697f3ea426759b606e6a440d
SHA256 6211a31ab8167d2588bbd21de882877d6d84d86c53fc76d900b6059bf475ba1c
SHA512 4266daa39e1834c5d8cc4ffb6ba89a26b1fd269a0f1edddd25dd01e582cde705a3745c9722f4630ef9bd9a48076cb2a80691cc2f5f3586175dbc37643027feac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c699330297e803ebeb4790f6d2d7dd32
SHA1 69e507a0994ea15c69e2e56719fe1fa2ddeded2c
SHA256 cbbd5d837ab6a660debae4c7603a2c50bee20b9cdf6695585242fadc4d911bbb
SHA512 70a603a8e8dc8a144495ddd21fc64b94ecacd8cb9b341704b0e545a6b228f7210a8bf77bcec59fc3eb1d6dbaf7940a6e8fcd6d24b7688ce2c8462539322aff2e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 91c512ceba6c6218a97e55948e93f37b
SHA1 d5055dc5ec3b9e02169ba473a40655fbcc2ac3aa
SHA256 912bf9f6c45ecdad4ce5bfdf7b5ca2bbf226ff3cd38ede9c41cd80eebb022612
SHA512 de292e180c4505b69242d081dde1a71944f84ff94dc23405a28573aacb45ca4cae3b7ba81bc698984f6e29d06cbb5c237e9ab93263cff398ea8ed9555a26a24d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ae53092cd892f4e8580073a497b77e13
SHA1 10f0948ecd7add1f3447e6d5be55bb68e05cb626
SHA256 084780a5ff84f6d9d63434528e8c038fde45c6ba1365aa27f9855c953363f456
SHA512 daa6c28b218cb62b30bab785b2226c6cf49a86eec3e9efa6dd6e9173f3962b26388e03c11f7ea595626b98719cd8541d39416c1cb0806c63b0ff9489370b3c3b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 adbb8578f6d9cbd551fecf2ca8b0ca8f
SHA1 6490f2d891559825a288d92795ccb4b863905428
SHA256 7b6886843f230a66618fbbfbfc6b47886c44582968ecc4454717ac2d1fff9216
SHA512 f548e5f6912efc3e07e093fb23c74e0a7614de52202e334d2a14844eae1bef9d0ee87654f9b25ddbd1df0f8f8c32474bd99314e00784cbccd6b83998c8221fef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76d33d2f446da6eee9281caa4352fcc7
SHA1 4f76476d36c6ad4302c8714a84571683fafae2cd
SHA256 323219d980f6d87dc525bcdd73a2cf26fae954041c7e5c0edb9702bdf780362b
SHA512 ad13ff187ae1217580138e9c97fe352e4d0b2d2b542d6b0ba55e73b1bb6e9c646d381097ab22c033be05349004579d5364eea6d80587f7e02883621e52bb1021

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08fbe11f44677e0333e060bc156e7e76
SHA1 052c725a7cc64fb8e2e9ff765a8f11a0aaadeeca
SHA256 2029cbbc3f1efaacb5e7c376a5ecaca43aa87340f89831e4a543dbdaca48db64
SHA512 12eb9cffde1afe4b573a471e475cc04efbacf4f61c96d938b7b81e65571b95e4186e1315b4917d217e983cd7f92581ae5a919fc36151d80707bebbda21e3ea8c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 82f4acd1b15ccd022f35d34e5207706a
SHA1 86a7c696565aef5e90e1fa86cbbb89f922051422
SHA256 0638d06e1987c1e5ce45bf2f32537a67a65797ef31143a1b56dc36e7dfcb2f6c
SHA512 ca75a332dc111ce76ab3efcc1c099bb1e3b2bab231c908b7a97fc814b182cabac5658cc28b6a7ee8ffb21845ee33441a2baaa1cd787961187bf01ed383c7d83e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c5e4c695439f6c2657193776b632a21
SHA1 8e1f10098e5b06859a415177671650413ba23d1d
SHA256 7692fb691ce5ec2c55fa945e0ba32ca9c02f4f1e5f5f667032457125f1a92e66
SHA512 0b5f6c0d6b905d32d4a14d67a691de8e20fd5d5a49f31fc9acdf781f13b1e08aad6d5a31f480b3e035a69bcadc06aa5e4ff5c9bd1ac4c0cb01e1e1d91c5e2c61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a0df0059251943a0eeca9757ea5ead0
SHA1 ce4a7f64598c732ebf3d72efdc41691dbd860a25
SHA256 3186d84f7ea5b990fbe558129fa827e0bf83edc6c70c05c32ad1b5dda0a6f4b9
SHA512 ab52a293dcb1e5bead10697f5cd4fcdcd821dcfedb5f58d196de7a38276f718eb9b715195ed8cff0c5690e67b750e1a4700857b4606b24825fde6219a5c265c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 33be2d94164029825e9263e28611bd88
SHA1 4a82199ee6a22a543342fe3043c63577e3b9fe83
SHA256 435e950246945b0d46a8c9df40e79233b0d7c8741a7e5ff1870e3af922d89bfb
SHA512 046c66e68d229dfda682b40e426895f9f7f2584f14c2c68fff7a695d7512354f7b5839140ca5195d4f8fed571c39344ebab0fdf07eecd7dcb64e022e452ca579

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 22112157b80f8107721897a3d524ad56
SHA1 7376e4441c57249eae726af9ef3e3298aaf8e963
SHA256 233fcf72d786a481abf8c8db33d08a68b12f4b2377119061b71029942a159dc8
SHA512 c7bfaeb5726429eea0a884fcb47e2a85f9e2bccd274200b322c5320c64f8269562a9e9bacc0ea0ff320878d1afb942a5889b6e1b1c1defcf15cdd4d648d697c0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6e0766037ab384010721a5bcb61e2ee1
SHA1 d7115801a77828e5eaf12fb462c345cd3560209e
SHA256 08dca91cb564551046810f068ac48e4439450d4451a2195b042b9ae8fc9decc8
SHA512 b8d4b425e5e1b24ec16fb3c4442865c51fb07909af190f06bb4cb38aae33ef40678016b91162666b6b76af2ae34fb721b1f62227e6cb2c723ea5e6029d6cac95

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fc704f9087a59cdd4545e8639fec1cc4
SHA1 c235f5f59846c4acaee7aec97db9015470742eb0
SHA256 3f9235312989dd22754a43562bc1b5bce70f39dcc5d28c144e1d143c094d92d6
SHA512 b51ad956ee5a24db3e2285a10a26b7782cee5e7264f0a910e424156cb1d3b04f45ce163b2f489a6b8c4cccc8dcb08ff1d822deaec4ca4e388277620deb8f37f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb9e5352fb64ba0c5a44cbedfcf07ad6
SHA1 78b6cb91b568835d121f7595a42fc455d907bfc2
SHA256 43d9bd4bcacf9decac08526cd7880832cf53ebaf60e1d2426fc924b05e489b9f
SHA512 f913676144fed7c73ff76a6d18332888d5a8b53b5a0ebc26409bdd9b6e8270fa276588937f523396bd7a136b5c96df00400e8f74d1f221d3114d92875514a51b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e7051fd6d290fd0e890fd30d8567efc
SHA1 3f0389905a542231851d4ecae24918adc8c0d18c
SHA256 b4652f3e3c832e6632c1f1cd12dc19217a458d9660c8bcd3fde1c0242153958f
SHA512 9748c41512104293e5cf2b14f255a3ff553caa2362b2c7444a3bd76c6235951782ec84a86dc0460c9acddbbb61ce098e53255a0620bf4098125050ca628d4768

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f661f57f34e85145bea4f3f4610339ce
SHA1 76473ba891fb619d65d60914543813ca4bf905b9
SHA256 cbcb920d34003ed44eedab0fe0a6782e3814d1047fb2c3b8f936002a916d78b5
SHA512 469c5106bd12fa61eeb1e907db63800381e5332dda65f764c717b5d47098cb6533273b8fbe72a9bf0db825918b57bd031c0742ae52decb35c9cecfa5eefe2267

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d33292be909cea6ec5f3377eade1690
SHA1 68e927398c32c9354a772e3fc130ae755748494e
SHA256 e82940b702378ff47663c868a91a0b3fb5a049e6dd62edaefe1bcf97bd5e64f1
SHA512 adf16e3ecb1db5da81f66199317ad3b1b6b332f02bb4cbff6382162586a0444b2a17139be7b887e4e485a139ab0834bc6c2fe712812bcd5e4532d4fb5650a56d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f2f7a6b8b2408ee728111f7dd702a1e9
SHA1 dc54fe6efa0563b0202cc988b657459969aab795
SHA256 dcdaca78de2125d7d78dee465525021703c4dacf64728a1287565a44cf17ba11
SHA512 5a84a78d55e2a6a5b87f2e3adcc57cd45fada95fcb975bb8ceb57a38a5255a27bc57cb26a7abf4b212ac72c532fd82100486ce71839865fa2a98c7aad1e1a4a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fc02cba17b25521630b8f8acb7e6ab83
SHA1 bebadff611317e3fc3a0d28a6d916dd813f2ac9c
SHA256 520af7150f1b20e7abbeb7a5e56f18d9d94b7b464dd58e1a7218487fa64d5a17
SHA512 14f63ef4267074d97f5fb644030123c8dab8fc293b20e523d53f6d7fbcbbecbcef7b6b8c47ea85f5537d9308f75aea467b3fe90ed59cf9dddd61026f3587be65

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5bb3d6f37f1676255b7b72072ae0fe28
SHA1 d525f6967df7a6da00db0b16e9828a0d8760a893
SHA256 010d66fb47b2decb4232b46ec1be6b0b89bf9e2463feb453ed49129827d3bcd9
SHA512 1c7bba282ecabe3bd6c18ae1bb96cd78ed298e967da5d2777920229134c33658312ebd34b5729d6fa119dcdbbcacec6f9e3c6dc277055d7faf4d322190bf77fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ef13e7fc2a9e37063d51b106c1ceb647
SHA1 2613695209ab937a97d753b6dea645aad3d5487e
SHA256 5e879994b072d44d575efc4bd97e64278843e0a2a3ff2120dc4aa9c690e03b84
SHA512 8842703e38c9f76e4c191dc1480817f50f03d8aea79ae6f54d7e14ac28f469eb0c48c87e0d5878df42963b82abcf9721618d12b3920074a07fb3e2606e0fc94e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1a8e7e0cbe2793533105d0d44e43b379
SHA1 f1a432a8f6331ebffef5792c849b602ca3393cfd
SHA256 3fee05ffccbd4ff2430af4a939f42d8d2333b6b6d03c3b303f62ba26e9c25759
SHA512 913040a26bfa96258f8a268ae8c94d6f91a364a57fb54f20ef2b66442bdcc85941bdec547e39e481ed0beaaa0a8c08fead0822e618da7d06eb6d2a14e6aef9ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7e91b00c308cacec95aab58c2d7b4320
SHA1 bea8fcd186fa721e8f8faa589972248767828920
SHA256 a1b617161ff411bf7259ddfe5d08e1d90fda1ffdba0e15fe113f4984c5fdc0d8
SHA512 37e476221a5b4e00a3fea47d19c5bfd7f8436bd59000ef9ca50e5d34996dc4383721cc0140d8599eacf2e7560531009a8957e820cf3bfb8d00406e40f51489ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a64a42d8c33e8e690b2c3f567b724862
SHA1 a5a43452ad6945ffa554b9285d3aec08b65dfbc8
SHA256 d543516c09f4ba7174c88243d0e359ae2201f7575e88d55eccef4d90a47acb51
SHA512 02edfb140ec73001017d35aadc9530f057836cb983009ae484f729b0b7ee807a3e63ee583916d23512b377d60dcb87e0002a92139cbb7b7dd9375ef196f8acfd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 53b980804fccabe6062ee8e46bd9f994
SHA1 8e23968a5aa38b4a2b5f941148fe8c41385ed87a
SHA256 7ba62a923fc1f97b709801240309b423806840ad94f8080f6e4ecca7fba827c0
SHA512 c393ab337ce9a10c65afba54928260090a3b7bb76e9a5b44f989a84804e91d54b7d2cb0d6d53044a962ecd3aa79fc3156db86606a8b95666f01629c2dddf2f68

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 901f29780f6c14ac60fe46437adc7ffc
SHA1 e2bde4eb53b003f39d1e64f5deae139c5f9c6f7e
SHA256 447968211195b6e968ee70f0e0467ff22ec0b1a7f3c80933d85ce428593cf590
SHA512 790050bd253bc8265df6b60f73945c8019fd60e9411ce4db5f3884cb59670a198f96e861fbc5bfbb2db2e8f18c3f78f4042db4c3b0e58ba1493c51d22a6715e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d0a8b76170f10ff3d5ede4cb06094517
SHA1 d97188f874b6629fa756e603aebce23ae79607a3
SHA256 7a9c36e311f1e5c83f06c4602eb3bcc1ef1439a8e50e90becda19f1c37aef151
SHA512 ebd4a1b00391accd85128f6e4b34ee48dbddbcfb5751778991cbb669a3526f6d7eadc2983879fa1546329d2a6fec9d0720c0f61563dd25579685f1c0a3ff4c09

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a36de19587ef365b8d3027fc1e5e2a56
SHA1 f6540f4088f63b9766f83452b58bc46c523ade0d
SHA256 8062718ffe5acb9c8c1236b6947beb6b13959d600947bdff8d95b343f2dd21c8
SHA512 c5008bfbf01163531e37068fc2d3cfae9298424ecdbace9e21fa4655ca5a665a8e97acd03c7106a6ce841809c9db489cce1ce7953b0381f1e55249b66c85e779

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bea038897bb8756e9cc031ed6a55050a
SHA1 5f34fd645abb227ff79cdff37a64d55762c7f2c5
SHA256 70e6df9326b7dd155922e90fa565c42f222719c1c01eecb66038aa2e3a92e8e9
SHA512 ad17d1a705aa2b9390973ad57f41d37573a58df9b2b1c61067634206fa6b49adfd139e935f9e3f6247b9c0064baddb9813525078c57b106b3428d50f3d6ed526

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b2bfaa10ff83742dd65b4d1f7187143
SHA1 48198f24875ae2b1a1bae10e57a19aa9aa27dc43
SHA256 1a4543227dc6f05a454696d5bbfda01e73a3fd48bb8c4bd9676e835f04df7018
SHA512 4983b02c08e31142fd105a1f4fd454ab671bb5d8b498933003bcb68cb9878d82e057f9fcc8933df800270b7676ee907b4b34fbc6df482ca5efaedf4c34789a4e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d80c7fcebe86b0bb3a18527de9b86d6b
SHA1 e9a40db0a297adbd6ea97014a3e1137568b78a62
SHA256 b67dfeb340513b83bf18d5ef14df2fd021c6565a77779c69be34cf2026f29ff1
SHA512 958bf070368bf9c7fdecee43a5fcfbbcbe0ada144f173707632e5bb5b7aafcc0b9d35bc4f41d0c584a440b6d5741f2d3946a66495804724c2c0a56f47bdb0722

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d6376ee692b26b53c7ec0d513821ac2
SHA1 16b4ebd028af5716b91e68380ef4cc875c890ec3
SHA256 145820a67109390984956b8479056d8c9f465d09f808f5a2cb0c1ee22b09b86b
SHA512 4a057c5467dc3c61feaf9c7687dd85a98a402f420feb65ef8f6044ec3c86c53ee6747d65781741b118541f18e7f27d6a4032027ae9f55cf9d5c9781420ab0881

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 72390371f0200fa2c2ea9dbb03a4434e
SHA1 0ab488a640cb732da456afa49c95dec9a995719b
SHA256 cf3056b72c202e0e7266fb9da840f2a9d9c7bfe1ce56d63d783d6456c1a1362a
SHA512 a68ea8dec05bf051d9e0b9a6be3985e4b1291e48863bd935e1255d455acf4ddc330b89096e790efd515f838f93f0fadf7133e20bafb5b21aff5798bdd584accd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 71551ec3d7f477cbd86c624430336c4d
SHA1 de4e05f4eedebf11aca2bc9090fc761283ba9fa4
SHA256 395f9c472c4ea464e87a36a293f70d461edd50454a369e9b4b2866c007c55573
SHA512 d871ae7137310730d4ece72310131136af2dc7c68f221198a16dfec17ad797a48c786c02c8679cd23eb4f0c9de16383eff21297f995570d82fe35737c0c02987

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7414b9c2e4bc08cb5ce9f3b0cb7a3385
SHA1 daae6038d07d4b82492f3365e8227bca9288a282
SHA256 72506ab1cb4104ca12ed22527f3fb76b4621fc9678ea316994bfd90e8d8e573e
SHA512 b9c7d55cb05ead7d8c845c5abe2024fce3c298b3b67a8e33bd2842cb689f04d48d6d0d9d67414567553d938f3fa862900a932546b222f5c21b97d1237f19593a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 10546f9e9918941ed508efc913fbf84b
SHA1 917d44a7d37473a4d987dad88661a102cade87cf
SHA256 4eb7077777c44692b8e45ab059315f1c11751704e21d1497114c15e157be43ab
SHA512 5a6bbe5145d73e4a433439403a057d2dc855f1a24e110a3fb8839e49de7942400c8a7cc6f5c1015b9e23901406cb12b6054cfba67df49502bb0ff0bad19455a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5866e0f917e271fe749bee8a7301258e
SHA1 ba7c43dfdaa03dd6ce948966f0127c6b974cd326
SHA256 495d9b4c86ccd945c802d69612af677ef194722f1f89cf0df1f08c8a83e3f476
SHA512 bc26ecdbaf8027972aca2f4a65e819276479da588e5f8b7e37a489c82bf2912b98274251cdf05462c1af0652821788c85abc482e270914713cad66cb32f50e46

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2cce70c2f90a698b76f581ba1c327e2a
SHA1 5192f40db708f5198b8118a913f6b57aef9a0004
SHA256 95a997a5087fde52d144e87ffbeb07ab28e84c338e9ece78514e373e5d5441d6
SHA512 8a0d0e80fd3b33f036805967528ee15c23ee00d2ec07bdf904d50b70def6e64a75196dd80c58e91c3d5da872188d56d65298d65e6a1655a3495dc19973022974

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b98b3e5fad5bb753473af3930da091e5
SHA1 45cf424ff1c3bc32eb250a3ff5afa9e561d66d6b
SHA256 4a61d79527bafd39422cac628a685047444dfc350abcdd503ff1353c1b5faf7c
SHA512 16d1c5de67a544bf0701a640df92b87dd44b0e25904f0a41cb12ce9ad1e6af6abb0fe136a904173f01838a309254179323b4d935453e8898c4f2e56b50af693a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ceb162534f7fb0629295f0f9c192ae51
SHA1 5a6c1f244d9b5c2117e58e586420c7d22c4f9edc
SHA256 fce7875f3f98fa0ddada40e2bf0bb12ee0233ac8f6ebba2f60f4674effe364ac
SHA512 f3c05e4f46cf6768f78c6d2e6c33093225f2b9edeaf36362994f672e15a4acab6bd1642eaef336270e58df2e7520838581f49ba3503e069fb25fc4bd6505564a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cda4e47b51c0524b0b943899262bb68d
SHA1 24b2bb91c92de8e9cc3926e82a327ee32f62c4db
SHA256 73c4b90ade624ba1a00534d241354fdd3cb4190f9258a1f06e13009ceae279e0
SHA512 0e78f8a36e3001271625cdb554bbb05ff6f54a5b8580cc8b05223d8985bfb58697f4e37c997a6b1e2ceca425cefc99f61fac862caeb229805363feb675c0004f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 56e1eb1e4664381a404652d4cd10304f
SHA1 e2e406ba9393391227182d0bbb0fc613335be3ce
SHA256 de684e04e77287cf3771592a36c84659ebc27bea672f59f593eea7f90c692f0c
SHA512 af05f4e393483feb6a668bb98afb254550290b08f51e0eefb9ecaa6ea9b81297f25de45ee89e246315f19932358eef18c7f1ed0635b9ca7ac6f34ef8182e44c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 91a5ffd455a8d30db41214571b5dd19f
SHA1 f5ea768d8297e2a4d397e5e3a0aa6b2b6e2b315d
SHA256 7ad9f8e58fd17d0dd59180c5ae1a0b49fedeb5734e27f457299111a71b2816ef
SHA512 abd95617916ed2c74268b0eb24ce542b98058ba401558ea9ef5f56e837c7806b424df12b4a48a963118679d9d155072b21572a9ee523494447451f23d241047e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6b1ed9ffafed3d5ab4dac019dfd8f5c8
SHA1 ed4eb0e0ee7de7656391f668ed45b28730b34294
SHA256 ce228ef338d2e32e12a4a61a7883e99a21af8c0c1412e2cbe20fd4271716fd83
SHA512 20e8069d86e9a0da6708835b4d981c0281122d11361f586f0b639cf5c4eded9a40f86d7531393f53570b21c477c3f1382f224adeab34458c13b3bdf0f8094203

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 26405fb01e25ef6657403fec82cb9ad2
SHA1 dc71b0ff6c67ec72c51619bb03b84e1c100e7db2
SHA256 7a19dc76cdc9d4e9dbcdfd11a0579bf0f8d24639c3f99a1b6e6eb86fff54cdd9
SHA512 dfa0761b5f75b5c1493be5dff77a6d2d0065cba2eac8eb59eb83ca5688977254cc25bccce3e54e11c02c97264bd8418c7a3d4de2269b1776a463ac84530a1873

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 72e8e297f7f13342ecb8bd95535e85eb
SHA1 3bde45f63d7d0d256278f6a399a4bdbb359a1e4f
SHA256 60fc5dfa2c91a4a227a1dc2d9177835f11361dcd49101b9c681797a0d1d68e8b
SHA512 9c3098056c0f5d8feb653a534833bc4c49df22a9b10d57ec7706c1fecdac2e44a8cb337bdbea53c17571fe54ca4d165e85f98c58e17dc49f87e52245251a9bed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0293a5c6aa3d6a6c70dc058b0f1cc562
SHA1 411c7f8a7438296988a48f3c396acc666e53fcf7
SHA256 408569a8084c9a36bd2830b1f381a0382aac18fb9f9f5a3edd3e6a83fb702170
SHA512 787cf8e78e4ca291ec4f5f4a4cfc41dcf43f459240a598c850ac93c0c66a75401294113d2d67d3cec03638072035757eb824da765aafb1b1c7392ecf5f04bc66

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ddbaf03252b4d1802d7cb9eb8abde922
SHA1 c4307f75769e18eeef49a6aea8b9ce175432cf65
SHA256 ba76e3ab48f1cef8abbefc3ffe129247b0b07af935ae20565cfc0f2e8660ea04
SHA512 26f6ae9a9136edf1e77d8a338c3bc1a242c3e1c230a23103030e3e8536c3de420fd4317e8589f4f91682805ac6125ea874d59c382472a6e224c930bee4a6e981

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 96e326836c6dea7cdbc98d3887c11bbe
SHA1 88f5cd88de6dc78e9295271ce14d47738e996f44
SHA256 44e564510b164a69ff1abb6cd95991404fdcb77269b5da899e00e6c22d46dd53
SHA512 28bf0a259bab3a0602c5d06ce0dcb78ca96b573af1b1320d04f089e948163c69954285a010119643922f1b9583fc341fe3c5bdd13c93988549c26aad54befa63

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 321f7990628f4c539281ec989248cfe9
SHA1 b2cdae4e066b726d112fd7ab9163bf195cc70976
SHA256 5bfdb33bb3d5aff5ecc18ea973cfc073eb4706dbc105fa532629397c1662ebd1
SHA512 750b4784de674bc6d57ac1714a1e13345fc73dc07f8cc3a9e1acacf4e0f7ad1e98d29524b0308076544c3539f1d8a92f928f9786c8cc5f646e8ee55ed4a5d68a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c3f9d4b61c2ff7513a8504673ccc6ed8
SHA1 18a16d66f3b63614f368a0da9764a69471d0f327
SHA256 d99b835ac5171a8a46d0ebb192ec5ebd1915bd73b5396c8db6a19338a48bc49a
SHA512 19a0484fc70b81fab9ac6ed08f655ed821d8317ea261c1e3e9588e9e2032ee3a2c88b8125c2fe70b57139b70cae8d2b839d7eb63d63f5acaccc88459574179b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fadc47f2954712195090ae6ee6cd51ca
SHA1 f6d33d0d96ac83f97952c70f438324dcf402006e
SHA256 c2944e4727135fa386a29ef1de51f806258d4f0f668c2610f830cacd84bcec48
SHA512 b8b62e5f5b5d07fd74d408c95885cf205bc3ca23e17f466fb5a3c24c5d0050cad61aa318b45d1648496ece0abeedae2e8556a03d3d0b4349b8a3ae019e5aee2b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ab3fbc573fa853e5e231b2a3c8c0b82c
SHA1 6a9a2655af7ebeb47519c263cb21b75a6977de95
SHA256 7ef449c3e0f37ff5e5676fc27f794fc8e0f9963e538fa8f7965f4a7c3525c8b2
SHA512 09c1756b830de992b45b1458d9a18d62630a8428e07ed87c3ad6752e06fd802948e08d3e21a4bbac1c592e945cd4dc315e3aafd2ad915a6eb455b50487668ba2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c3c904331e2513cd1ce44e32cec59f7
SHA1 52816053f572e180db5470752312600931e96cb8
SHA256 f96827fe5860ad77a3e5ea3eab68aa08d1a18c2cb177e2119365ed037061cfa7
SHA512 77196261f059c14b32a7b7e1c6758089e7b2bd17e27efebbc397bfb3fab1d435ea30c8d93514acae790752634c941135719884322a861285cc2e4a39119ace88

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c1aa34bb97af81676aac2a32a56344d3
SHA1 9906d9060397137a40c09591bbff40c987785517
SHA256 15a5548cdad138b8ec91aa2ea7a64018150db5126513561b4ae693f33dbc21d5
SHA512 595dacd928990a1aefa1ff6eee1281e7e7ec29daf707cae25c2ae49b36b648d20ea843d35cc0994934d6996d6b730e2aa61ce9fe928537f991372b49dd69bb7f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7e6133c0ff3ce4afa033732e8716468f
SHA1 ec078f50d4f1f20716e329d63e5d88fc64b74b3e
SHA256 99f5416727b36db93365c97c3d3ef6c34edec94fb681b072e7d79100300c2bc1
SHA512 a67ac9df8bd5a8d907da47d4ac3bc350179b425801a455fd215f9048ef9cf9cc2b096eea653aff8e9d2dd1c39f9278b76c4ed4d66dcbe8cca7b1982848611012

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25f01e65a3dcc7b108ead4eb345b7903
SHA1 3a84ee5f1a4666e3feef40ba11e4ab86799d9411
SHA256 4c84d988361755f8dd2b05f7989fa2153f72eb61eb50ebd22223bf5262d8a4c8
SHA512 372774ac23402ecca47631b11585764a8968cd1c4e3eca97248fa9df8fdc721b47dd85400ea7bb6d382fe62894b3ab544fb33e18377ec872938d4b8bd8978cfc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e62205bf00c1cc85a887b0fb628bbbb0
SHA1 c6433b8951a716b0dcf4d6eaaba0c1d4a4f1ae64
SHA256 74740a1c1ef7de8b6882ae63fbd333ede9fb6872ffeaee98d7d8cf9c9e3b850f
SHA512 8f894eb26e69ad00cfb760d9b4b7795259c1c29207618ae7b8bb5848ec6711af917f88ab13788a153c78fdc121a2485e475f40dd7d16e5c85a0ec458a273e7f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 361c163698a94bdc18467463d3c0f59b
SHA1 981fe5b6872ab9b56a82b5bbf316c12a794438d1
SHA256 1a36b0355ae2547275c6bfdf78bc354d5b1987a5f219301b978ce0b2452f158a
SHA512 40d67e6f44820b0a398d1a80373d44ce7a63ce4fef29cafd31b6fbf71976a23500a50d5f421654099195c8ebfa622b8cea4d2d5d79121c9ead5522ca0c3962e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f8e348cb56f69a5fce2d54a1526749f
SHA1 fb0ae1349d30e84509054f369b3946ae680504e5
SHA256 2420f5cf964c043c0f205821e3ad570360273d69735aa1ce993c2e3b9265432a
SHA512 5d5d5b1ddea16d4017d078a425070a8c69a29173952974aedfe57bbf6d3851035310a855e8b2493fb41d70540e2dbb4d2bdcaf396dac770a83a891b5b900fea5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 23b939996f62a3e88932844e7d65306b
SHA1 0661239dfb3be82bfd6a202d86832923c3f0e9db
SHA256 c1611b03a49745c43368dcb627aea547b5f87f0866e165d1e984c289d4fea338
SHA512 57ef92a53ddd16401bec23a6e5b1505daaead90a66a732324c83800aa4f4bdd74726b99cc3c37024fcd1087f700bb08db3f72bf3aa1344f816bbacd255f6d9d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 956ad261bd6bc76ac5b313f3c44ab4c5
SHA1 53c4ed126ffef8d33d8cda995d7ef616001842f1
SHA256 e5720f391d317db1bd121c94f044f97480423708d6afc8618ec09f6e368bba55
SHA512 5ef956e9fcf0c70be6640aa4fe13ffd35c134bff4f9c08db9c4219b3a68a5fe908a84406573aeec2d71f717e8aa0a81eff286a35667709ed9ff5c91ed1e3c140

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3afb0a51f8f82e91a26b64a20001e31e
SHA1 4435c243e6b61bc6a01b5ee1aa3d51d26f2a8628
SHA256 131cdd4fd3b002cfb34aa0248c13e17dcdc365e46a1167f57f9a759eb54188a6
SHA512 788bd7f5fb5329487452dc004feccdbd4e063d4ab57b1e34be022a7624dccfcbde7e3061f1e7ebe9f5fb6c14fab9c9bed3a56223284069e61398b58b83f975a2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 96965c5f702e8cac04e57b0d1376c1ac
SHA1 59aa837751559af21b79b8155c511afba07aeef4
SHA256 59790c0214a091adbe04b6f540e35bbf1849d0cd4fdf7e13e432c260355f7d0d
SHA512 0b9e01574565e93a6cff5d0a00706ac72477bd90f62bd7eb7bb3c38f78f9eb03a1eb841607b91fb13e9b4ad4a21be4a33ab485110cd936509fb44125f2185db3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5325bb47b28b570a466bf11e38523bfc
SHA1 ca973c7338335b02291870b2cb671b42f593d9a5
SHA256 db4546caddb537d057b100580ae5f031e440c66cf9f1342fa7941cafcd72e694
SHA512 7d2b9fb340b7464c7114d2d4abe7e0ffe563c6530b8cd381081d23ca6f5eebace0386f5367dc50e6e7109dd8d1f14c4ce54ff9fc2a53d5818e7dee9f5fe3021b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b4b601c0ab86dd05b937e513c5554e8
SHA1 e60fa91e46484c80e3c3946f6b95f5ac52a51e7c
SHA256 5b02ca47ec084a8f720b97cc54819a1e3785a9cc30676c6352fd6a2a52ed97da
SHA512 9735ef0529b7a5863e8d36200b0f12b9c31655b90350168debb4e4908839eed9a2b53fc3861799457d98302a934131af450752db90125f91f57de200eebbce14

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e9cbdf0effb660f4e733b34e5297699a
SHA1 2cd5b7acbbcb5720a95828628f235000db1f463f
SHA256 41c9eb278f048f511b95ec87cb2c21ba58a3b438ee7414b80d2b5f6eaf03beb5
SHA512 856d7650128f74463a61aee4f56b3d187500aff39ee801b4edc1b65764fa328c4868310702e7c01a1150b14111c38409b7ab526ebe23e7dc1d7e3f6a02a792b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c2e4ad07930edef268cb06fd94cd49c7
SHA1 b15f9581bec4c6adad2ed5f1f3b7a754b9e93b54
SHA256 8013f3eb43dc4abb0094c57eb962ca27fca1cd10ed706aa3fa21127dbcd2c7f4
SHA512 3c30d75c81a5f8cb750caf2c1dd3feb544087381991c6456073f01babf8541049fde591088907ad600599456a29d1989c48aa6d9ebb7919c4a8d545c51036598

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76def7b1030c398141a5aee0f72176db
SHA1 5ff3cfdb75306577945fb12d1c13da75ac78d34c
SHA256 8ec4f9a0ffb5ca0e8233f17e06a2c410f0cfe57971f26a2779903447e6d1cb51
SHA512 036d2f44167e3d3d65416f890f83b7263a8790e4a8895c370a2f93def867ec4aa096eb0b660b9c4235ec46ae9c47df96d2e1eb017d4bd90e62d43a44717cee6a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3874baebba76bc419e95e9ea8f6f55dc
SHA1 3fca2a44b1f82b89bfbe96d84808fde8d07ddd52
SHA256 fe4470682c05f0ebcc1a5b1215a55a26e170a4039051527401e28108e50e076f
SHA512 52b5e77c3e5b3100d8a9248ac9b4e8a9f7f1e134ec9dbbfff0e9246688ceb9d5a16aef05b5dd197224aa6b935ce630562807a5686247a5347f00a7d899b88c9f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b97c72307d8203b608d9b80462b0b9c4
SHA1 ca9e4437ee67b0597aae5587b6af8ab67e7f6295
SHA256 abf78c67a88579148b125908ec27e893c65c9c2f1eea3d13589509143c2f457d
SHA512 a9eff7025dac509510e7e1c497f8a4b62f2f630865490125b8ae26787521c201f2c71a4e2a170b232fc9b498f72c3cce65740fc17324e10dbd7b38c64ec42b5a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 68986f36abba4deafbd1a9e6f72698e2
SHA1 c00e59a1c197cb73ea6513a88822990b493c0d70
SHA256 ec1a3426ee8975834bc9a8482053c71a442141dbef801d0c9e32fd4ca08eec2d
SHA512 13547c2e3668076ecfca92558535d8999fbca3bc4e3f7fe61c30d662a558e7740d5b73dd91c0e09e82020a6adcfea71126db02a0a27478d5135e7bc79be5c643

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 669cc44f6a1eb3ab32508a14bc31bc38
SHA1 24539517fa5d7b58587c1fe6a02100a8f3ba031e
SHA256 68839daf720277e46b88e1e1e7ef6a512c822b6c486753efa5f9e3aca1e7679f
SHA512 dc03fe402741a47e8f8239da305a59175dd67eef9775a5d1be0d9f33ec1f32ee6d0f246c15a261fad8a0c22e2ffd049c011353581f749d32178be46772ef7709

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ffd5f55c47db5141a0e78e2b524f1fc7
SHA1 a848f65a6e7c84ad8017e24d4ab5806d697ba574
SHA256 10f59e003b9c2f8a2ef33ff3aa0f1d885455be74f84c204161c12938bc8faef0
SHA512 ec4793669d32088f0c04f11a147aeacebf34657fb721dfc83ea97d591e92c9f6c272475f2411ea3c317f1145c04fa027bf4e689663ec053b28c01b2f3ddbab13

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c7a6a81f4232999e5ced32b416f846ed
SHA1 dbdbde5b7ad31bdf9111918cd7ec45e1cb6a4e13
SHA256 f69e8b9660d2a68f0ab18a9888714dc5d61ed09b50d040dc7fe5f7b1e173bb95
SHA512 d57e45c3217427d8324d8e3f7916557271445db23c333bd2cb05295cbe6342d9d590721954f9ec1b0b90e7b783c2ae3e1c9c299f2d0408b4a74174f2e3d07509

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f6ae9d1e4cdc03e9705c6c47284d08cb
SHA1 210de5222cf999c876ea63f58e13a3e9df1a54d4
SHA256 2b7f6176b692e9d4bce151fbe255ef85ac875e6246b0c1439ca4851ba06ac00f
SHA512 a6af6ce5fd35c72f1779a26045daf7b34873bbe00af75f77d1f1d0cb141b5fa240da2cafaf5b80f7145d72c555227163155a0e8385dd53fa3f78a6d8a9715818

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7df2525ababdabadce7ad6919df4888a
SHA1 84d38e06a0c661e44c37d03ccedfec5cd009e74d
SHA256 93c336500c424bbdab77359aeabbff8ab5f7379583ddd45e055e0c52d9952945
SHA512 404c1896ddcf732a2eff09800ce0ce952ef665d8e739e0cbf333ac926f10e99bb4dd883084809e6d0084b4394a194dc394d0d0a9372451d5956d1cda8cb76eae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9774f38c587242c21f809866ee38e328
SHA1 8bb2d9020cceea5ccef05257788afeb89c14a3dc
SHA256 d42351ce4a33412c7fc7c33acf6969a87084b668434cc3fa085eb8c3d2fee0c3
SHA512 cf77a158706ed023aa990708a1e7531d620184ca6b8b54e4430fa2070ac394e7a080722719f7006336a3f4bb4ca297230737fc8d64c4df68cb8134ef3d61782f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6ec0da67256bed9d8e270e83579e620f
SHA1 1b9f21583a1a8028fb15b335cf031c5946e4a853
SHA256 3a497e170497d60d103ae55e674e9782228d1eccd179f265b656e454a37cd2ce
SHA512 f99b6249527c27ca8d59139e3dbf76fdcd1ef8a7f28d94ec4da70708a1947209012d561d734fee39e91924ed15da2830eb53174a2cb36576d233442760322fb4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ace57066361844c8e9d91b544bf3de2b
SHA1 e8e88ece0afdd9b580777271e615a2bea442732a
SHA256 ddae640d7899db95806d4ab0d5c851017d2196e3b0ef2854ba557b144cde525d
SHA512 0a30fb172a7c00e04726ed319757fb52f6f547afe22cb914537f5d18635f6cc94097ef4bc5ac761737c8841236376c26a11bbcd33d6eabb898260a125cb56267

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db2fc49d00682f3a0854f5f370231f35
SHA1 a06e5fa7b0175d8b383be450c8dbd9d18aff4e48
SHA256 8eb31a06dd2dddb86e104383f022b7aed570750a26be9377afc0b0b9d12587b1
SHA512 5aa883ccdddaa56f11f0856b3fa768f64b0341e03a653d8d6e04b0fe09220ff9b5fa6a92d34957caf429c5d7ba0e139e80be3c86d52753e9f9444698631449fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 03e4ea508f6ab1a5e9100dfe378ba2fa
SHA1 40af9c33039b453ce997090b71fd0a29d00bbd0b
SHA256 ee99ba6c24e8babaaba923248d829c5e7c6316a4c0078414ddcaa51c00406cb2
SHA512 0c476e2b6134bc3005fa6c5c7b6753dc57117e14510eb04329cf0eb758180c351c160295ec577090d3c23bb2913afd12946ddaefa744bd7084fc8fde0805641b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4973a1a0245fc2ac013f94bcf58c45f9
SHA1 3b35aefb582bd6f94eca9d057a7099abc900483a
SHA256 1e12048ee3b8931218407d0c82315d1d93fff563daba2ed8bb932417e9727b31
SHA512 020fdd5dabc237bcee729e3e619da132b66854fa2286a20f32786d8fad5a8847c82fcc56c0805e07a233632d3de70bb4d24a7789b74840b100adaa32d8253cf9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 225aa79dbce7dc2e1f56c3163ad59e51
SHA1 d03d869ea87132b386463c3b51bc490df2e24316
SHA256 c26f8709848e3d202ec84cf85859268c18966e4b35c4c811b3399ee7820dd21b
SHA512 68d0516931a612e41eee1c72e467f5586d01a5c7fc7d9fa580695ab67a9ad276da187cc415aeece5ef6e1851f98ce481afeb45fabf19a529452f5549e235282f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dfd36f4fcdfb723d356c57eccc55b939
SHA1 8619b0c79ed0c0c77b8d088b27900749b03207a7
SHA256 9041b8b431c57e85107bee35e5e59453e4489fe814ada279973268153b4630ac
SHA512 a6b1c79045f8692920d886244a996812e873916f3aab97219f8237060ce31abba5dd9971f153e81b53ad4ebe3703a062ae700132c20664d771a3026968bfea8c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 48b9c16c66b0a6a2e8d13c49fe0b4cf2
SHA1 b6df14399b66bcbff73053f9c23299f78788c34f
SHA256 01e4323b216ac63820e30f71b5d1883bfb7a6e1d31bc4244f7f2b67602b6b2ec
SHA512 fe082b160fa37bfcf5af38d7621338a5f5e87768567ccf0350b7c4e301cf7afb024a06918510358b73a768c998dda7e87616de3b6ad8a6cdc267c4c121c22603

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e20470780b2ef98d5b96271ad0cd1dcf
SHA1 c906e2fd6515f97fef1256cfdc177c511e2023eb
SHA256 23a027b485b0e0a5d0ad6acc86ec9c0d4c0c7e9562e9277e0405fb5a0797bbe5
SHA512 d0fd8f4424f77c1f60793bfd7f8a2efec69229b75025472aae634d261d5f7aebf437a231bd8c16c9c89adce50de508f98a351a78b85d5b5886f2b3c9666b0db8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 825e9e16263b0d1802610a0bc0c5bd6c
SHA1 a1d918b92b49a6410a3bcb5bb351974dbe0fef76
SHA256 ee4c64588ea25c872992a9a9bd77dc6bad37e5dc82412f84601144ea9e76ad24
SHA512 7e4aa3c6102ffe1d8678ce8ea35cdc087c7a4a6a657cca1dcb370ab4775cd5bc7828c6973e959b71c4e69692dad80364d67547ca8815f5a2605bffd7568b5d4c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0fbca5e4aefd8c4cfc6d0e44b4361b57
SHA1 14e8ff8f96ac2fcfc079c57a2bf5e21be8b0a6bd
SHA256 f44e5e58cb7fd117409b4ce35a13cad9bca25270311687bd24e78fb5b6cdd185
SHA512 92e9e35de3c4b24482c132872a462df328633c0ccf94f4a5b3e8e68112c685f0db89215a48ff904a4474439248de8f44e26bc106039c60fc5acf657b9f3d2bb7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 65c52c7d2bc01bedcd4ce09393c61d90
SHA1 30e938e7cee1b15477f7c6d38e8a6912f1d4650c
SHA256 4bc8f2049b655a1d3bdc481cb5ac71f9540ca17e272c48734e8e611ade4c6564
SHA512 64c08794d3411c66ce132c5a0bec39a1ef41927e957c0f904bd78d65e7b210c1a21f1c2d5995eaaac16515c4d9a676be286bea690f4e5ec33daaa8ba33773ce8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e8dab7527afc9645cd456066de5fe2fd
SHA1 3e6c9a0912b1bdfe474d7e3be61228b45366f123
SHA256 8d6c527684c6c8c6bfd1cb95e5ee44c7b7ff0a746f9fe682cde61c9958aa4faa
SHA512 6a17965466d9aba8112137d023fc572eb812368c3801d747938cb4f0c305922a60b2fe8b64577d96d8a9c51a6686f60916c8c459df3f508a3f7e718f8d1000bf

Analysis: behavioral19

Detonation Overview

Submitted

2024-05-22 23:48

Reported

2024-05-22 23:51

Platform

win7-20240221-en

Max time kernel

117s

Max time network

133s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\index1449123078.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422583589" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D0A840C1-1895-11EF-8C27-FA5112F1BCBF} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000933fe494fc43a745a6ec09c2aa5dd99300000000020000000000106600000001000020000000a519277972f246dd20f678313b7b445c5951317a9e41bfae6713fc6922823bfb000000000e800000000200002000000057fb9c0296cf1dae3a8143a64bb6170508d51027655eb5e605e314e7182905c120000000608a2748e0e557c392d7d5c247bbfe5a03f8ae3400503a604896a6a03ba7afff400000002683e9b26b1984b8753e11f4ccf72a060f5dbdaabc3dc2c77a6874835d1ee324c94e7036dbe5a425050fe1fc1c3d970ce7b529c5c8e6604323774c48efec0bf5 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000933fe494fc43a745a6ec09c2aa5dd99300000000020000000000106600000001000020000000f8d2abfec8aab4be63ad60a4a61c7190d2db8d458ada5b08a821ea840e114355000000000e800000000200002000000023ff153fae8d53a56c34a4e43e3cade99dedda2ba68fb09c8df424f1173dd7fd90000000db962dc644774d9f426e4176fda0ba1fc9f53fff606c644f9e29485cfe03a93b4bcf11664638dad645c1db6944505de35a0aac37e80e70ec74d2b0d41ea16b1c62f46966847606da67015db5a2c2d0ce373e28a7a1f45c1328498d296ab572f92871b2fe22ab50bd5179c1372ea105e4b74799a92fc893a1630349e6c1e51c776def704d1671840568967c4b31201abd4000000023f691cc33e6dc596d32f283e2ba6b42c9e64552f9b5ea2907e4b35cb2bffc6f345b25a091bed8fc927518857194a810ce2955c2c56a97a96ee7850739d7b9f5 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20afb9a5a2acda01 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\index1449123078.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3048 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab9669.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar9769.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9fefae5338e6c1218c42f8cd2deb490f
SHA1 584ca974d772604159a3fb91b18fb20d204dcdfc
SHA256 4281bcf981f2c5dcb610d7784a1c63ab0e6d562d7594f889d16b300340fcdeea
SHA512 e0f2f908a68053ace53f730a17bca353d2eb7732a016564e6a68816830668afd9e5fe42fcb191139f76ab90f39daacfe6be0575aa6ead2317a9f30b76450b601

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2b0246b0bbd8af0fee1449a78d661539
SHA1 231558b86c77fedf9727342dbbfdd3816f0ee16f
SHA256 a742dc6ba1518c8f5554c2365bf96292f4f98e039b713f2b0a6f4689e8077b05
SHA512 8b128b902acc45d01f78c6eeeff406ee48f3458bb50d9d426ddc6b3b0c154c82126e61300ac23406f909904bf2a4d4ad572ee21bb2eabdee5292567df3e0cf7c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a21b881678ad8267a90ccc5112577bf
SHA1 0ed9c19eaaf441836f744ccf60fb81881f05fcb9
SHA256 999b14cf57949434534d1a77a99c68afe4f3510794d46224069128a429e5496c
SHA512 b9d9561959e05c7d13f55ad0761cf3d8aeab681a2f20b3cfebd2d001415027eab73d6064f066e47ba6d288a170db408a0b325ed2abaad4dab764e7e463c15137

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6150e99267d027e6751bc7ca126b64b0
SHA1 cd8a20451e1c4f9cb755d13ff83f293de189a4f7
SHA256 3d7c75c5f4e23bd218ec4aa020d87df6328158f445c59a11dce07f0776a950dd
SHA512 fbe8853711252c3cc9871b06168dd3720ba8aee2bfa7e45f54a5e1bfbbe4497fb7be08a68bef02f1c3b131ce8b875e32cf31ac244c0afb6f3c08a66179fc48d4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6618781e1b71936f589bed1a54bac416
SHA1 610b64b5331fdff2aacab78598d538f3bd831e23
SHA256 bdb4ebd838d8b42f191b8637ae518c1e43aaa06c73323aa952119f05ade906eb
SHA512 cefd0e8915098dd80507e8fa4b2b70c1c4e451208242311b540b47085396540019bc0c9b4d2777437e6f53593457a7d2dbc0aab7ce791d5b4aa5f2de9b5176d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1d7118ddc2c24ceb5303b1931d74e39d
SHA1 e76e426e0c4334f3584b2939e3f4d7fc26ed5a0e
SHA256 6496f93912657fea61c690b8fe865d8a7e1ae30056b22839450fa0c2622cfae8
SHA512 07f55f254d9e05475dcc383c3fed9aae6a34aa3cbaea24dd109d742c3ab52a6e64276e84c54b6bb57ffc1cd58d38749fdfe0bcd786695d5f2fa23c35bad6926d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 668e03aa3835fc4dcf7ae7cb6abb593c
SHA1 a9942a75420fe6a24d5b96663c3a5fc15fe0c9e3
SHA256 7ad7a0980dd58889914d1915936ce5f1f72a6916e0bbc76acbdd1ecca4aef30a
SHA512 a56e5afb997825ad94553fd60d76ab7be0f14db81ad3dcd0244d09531e4678a29f26ac421053485bf11f54fea1910a6f730d5db6df5ba92ee666a9da8f18c512

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b60d4e361b24007c96af23180f01ecc
SHA1 262860be39d8bdf07e6760c54be91965854c12f2
SHA256 aa2bfc7aa7ba06d69c3a2de3d343962d463cb817334e5f4bd30a3e67b61035d1
SHA512 06338f58bfceb10d9fb7ffa9df4cba0aa31f98949d9b772f83e62acb071da8f999e5c8b0c2784fe5ad86514e5e1ed8bdf5399c2a557cf972a801398d2ba2a342

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ef8c3cac500570444e5335ca0c26fb0
SHA1 1e32852ee1795ee782eb8a11e8236b570d2ba993
SHA256 7c67245ed168e842461d303d79b0a8aa8073be26ea0e703a47acaadc92f5b922
SHA512 16c0dd54a301fcbc6e54c88fdf2b1756c6ea94b96fb822f53c57f121af05c54e06443fe8e2c0ea164e678a4b7292e8408474da5925256ba1a8be3a852d07226e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6e578ceeb30604422cff2216bfb31427
SHA1 31d15db5f8d44f97cb1b88a75cbc3fb0ffa61994
SHA256 47f29a38a10529c915c2fec9a5c0c88f5a2a9c41f5a111319f199bdad9a0ed01
SHA512 6fc23ba37124ff1be85ccf29bf517340fd4d9d0708388416b152961f3e9c42d372020ec9d9b5a99478abf5af462714bdd311a2d2548692a6444829c70b79eff9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cd057d14a00a310f1265fbbcb873f8f1
SHA1 b0c77641cd9c1842e28965cc3dbac5e9cbe19638
SHA256 ef754527ccd895f34c695279bbb333fa6ec60d192af7565fd5d5b778c1d18c33
SHA512 ec29f956271afe3e5430e5b5cfea130a95231ad3bb80b1f9f457e07d972f30c89646da5a6a9ef3751fc08a36442b7162c66cf074048df6bfbdd86c3bd219485b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e8007223d5cf5e4dd7396e1e8e23dacc
SHA1 0bd1bef260e4d76aa52243c129410e6f61c08c40
SHA256 8eb87552040970bd5343d4bf20a7384d66992ea455dce55ce80623139d56ca8d
SHA512 f3abf6515126c353fb634ecb9275d385e50ce2911ec7103d085287a87821fb224966d1be6359a8b389471674dc94a4a9f0d04a84edcfecd697057d22dbfea8cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a77c6e26434ccd5a8e67f52fe1d5b9a9
SHA1 98d5998290c124f521dfd0824370cc08fa276bcd
SHA256 98f24e1ac497c4d23678c9236349b87037c6c04360ee001354518fd5f170a651
SHA512 5c6434967c2c027076e23bf0490643d0a732d471629f64071fd05484fe78b33a215e8dcf4bf7fda696fd25e5f901fb58dc7fa702375c0bc04324b9b75f54523a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cedfc0bb355084f19e7552e46758ee6f
SHA1 6202a377a0c8b11584d9e505a455e437807ed8c4
SHA256 4c32ab9656e1f3e3a2867551175e29d8bf0414c37a1823eddc84ec9774b0cbb4
SHA512 497cde0dc0ae65e153555e53f7c529c651cc47f018d5d5b6d22582566b6db6c4327a47eae5131604b520c18165873c5afe1200c1601addb8d6f352612487ed09

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc6bc881db8710dcca57501c1f22a38c
SHA1 02e73e5ed5ff86dc547763b367fc09f952f1a655
SHA256 c0d5ce364f0fe76f2121eb95fc6cd289909218d911536086cfaa37b0fe1fd6ec
SHA512 89c1f40fb7f2ec6396168ace30c763702c83e06593927636ccb8f73a5acd57b5528fdf61b6104ac1a5fd25dcc55360ad558feb117af002c11ba589a4971b1e3f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4e0e36cfa3686abf5948bce69b50a087
SHA1 911f91899adbaa65cb0e79f3468bbda5e4274737
SHA256 2712c1f2b3dbadc2583d84709dddf140719e61763a803e43ccc5a2f1a44b51a0
SHA512 cbc14d5e7e37b15ea65ee44a9bce30e841ca8839f2163e53113656217184ebb418699723c5459e9648b5457fb1ef53cde7728e2b0d22994babf37cf326282d0a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 67894192922cb5856be064348851d81c
SHA1 423c58fa93332529a5ee4d6d847ceee002e6cfbc
SHA256 738a9482d2b17ccfbe49fc967fa786a3a049c57c439c55c845e611f14180d473
SHA512 27abb2fee8bcd1684be1751e805ef9e9b666cc8653e058b0d1d6b75f4fc55fcb2a27f3b12eb22b3faa6d0dabb0a2e910d9414f25327880af9a7af926132569b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee864ba9de17b1ae0c60d12cb626adc6
SHA1 f0045d945953acf48ab75f126289cc997bf5c3c5
SHA256 a5b3864f174f63b0eacea7e96a4e93ec0606a699d66cca521d8185f6c2b68123
SHA512 34fff5d9c9cc92f65f16d5caf6f504877226e6df2f06664e9cb303c9a52aa3e1aadbd351e70198e6b9da780853138f7e36d7f3c6d65146213727b611d5110c16

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b8a9bd68a56d672277812a2bf70e63c5
SHA1 24d554a66c2cf6b22d2455ce65f28000445b00b1
SHA256 53c3dabe3ad9d3799d6ef0f148361707e156715405edebe6f2ec297bdd78374f
SHA512 388ac56a4e9ce5fd9c5030d596b68a6dad9adddd8beff5d0f39824c0d6c19a2932baeae477d967acce09ba309e2aad7266333c2a4c01e5aa2e9eea23b8da5ed8

Analysis: behavioral8

Detonation Overview

Submitted

2024-05-22 23:48

Reported

2024-05-22 23:51

Platform

win10v2004-20240426-en

Max time kernel

133s

Max time network

103s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2508 wrote to memory of 3740 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2508 wrote to memory of 3740 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2508 wrote to memory of 3740 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3740 -ip 3740

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 612

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-05-22 23:48

Reported

2024-05-22 23:51

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

142s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\contact-domains-org.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4848 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 1312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 2860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 3716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 3716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 4048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 4048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 4048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 4048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 4048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 4048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 4048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 4048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 4048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 4048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 4048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 4048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 4048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 4048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 4048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 4048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 4048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 4048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 4048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4848 wrote to memory of 4048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\contact-domains-org.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c0ef46f8,0x7ff8c0ef4708,0x7ff8c0ef4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,8113145307534721754,18192615540224719244,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,8113145307534721754,18192615540224719244,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2496 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,8113145307534721754,18192615540224719244,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8113145307534721754,18192615540224719244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8113145307534721754,18192615540224719244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8113145307534721754,18192615540224719244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,8113145307534721754,18192615540224719244,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,8113145307534721754,18192615540224719244,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8113145307534721754,18192615540224719244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8113145307534721754,18192615540224719244,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8113145307534721754,18192615540224719244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8113145307534721754,18192615540224719244,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,8113145307534721754,18192615540224719244,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4812 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 www.domains.org udp
US 50.28.32.168:80 www.domains.org tcp
US 50.28.32.168:80 www.domains.org tcp
US 50.28.32.168:80 www.domains.org tcp
US 50.28.32.168:80 www.domains.org tcp
US 50.28.32.168:80 www.domains.org tcp
US 50.28.32.168:80 www.domains.org tcp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 s7.addthis.com udp
BE 104.68.81.91:80 s7.addthis.com tcp
BE 104.68.81.91:443 s7.addthis.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 91.81.68.104.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 168.32.28.50.in-addr.arpa udp
US 8.8.8.8:53 domains.org udp
US 50.28.32.168:80 domains.org tcp
US 50.28.32.168:80 domains.org tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 50.28.32.168:80 domains.org tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4158365912175436289496136e7912c2
SHA1 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA512 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

\??\pipe\LOCAL\crashpad_4848_XZYESRJUPILBNGQA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce4c898f8fc7601e2fbc252fdadb5115
SHA1 01bf06badc5da353e539c7c07527d30dccc55a91
SHA256 bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA512 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 95cff97b69db31a3062f8234f9eed75f
SHA1 b154bdaf45f4251d54feb7e5c174b403433b3d2a
SHA256 a00dbfa98c6077f68530c6949efb32ee3f1ac9e357406d54371f4f3b52b88b28
SHA512 c491ec59c661306eeac109326aa988264b628165a9d8124255cde67ab7de404a5c2af9bccbb47a91c875259682944d6f753deb34b519d56463a5573394a30d0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9f60a1cfa6725abef15bd7dd93f69f39
SHA1 853142f08aae7952f166630a3345a1a0c72ccd2d
SHA256 3e8519a3cf40624936db488121e28c07f99286e3f60cf4e3a7aa346ea3620e33
SHA512 58d41491afa31640aa1faf8501b95118a0fc6147e230db3aa6bdcb502dda5c8bdcf75d4f50d1ce1b0e47dc48e630e6d781fe7a631c6ae6430704755040789e55

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 22be65a6496e8bbba5687bdd2096dec4
SHA1 ba32a6f98c1c48e202eff35ce92e33514d3c4d5b
SHA256 f55c188f85582158fe19a7eac3ee17ee47e62358bd02121af756a6d890b7507b
SHA512 86476ba47d3db16d9e79a485fa238d2d047e024ed77ac67f8e8304dde130d9214bbcd0116ad9fe8a39a6ef178aece05797d39aa339b4eff0514e3a3fc2ea57ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 95f2ef5eed597010934ef88e1b739320
SHA1 3d97bc7a6bb2456c8f2d3b6a5af8b54e618607fe
SHA256 3e7eb0ea1be3bb4425a42722722d587e23f1d8ebed6fea413c7e7cb542a4520a
SHA512 b7d7af57f35c65ee06acf1c1322eb5e46190bcd0a3b5a051767ec143e9ae5a2be0212a9149913357c6f919d2a608df4678ec2800e688c72671d1f0ce8b92cdae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2718d288201f62dc53fc1dae2bcfe7f2
SHA1 bd682dfe44db0d9f2c06e5900d583ea2e16aa123
SHA256 b3f44be26253b2b77821451b03b90e9da9ffafb37ccd9bb1c9179318be948530
SHA512 269c8ea19da0150462a8e5d9481aa825f4a60e0e216317dc986037b0b71d8977bb957e67890f43c8eca78f0db7dd01c1f05284affce6d38c2c0dda95c7745e0a

Analysis: behavioral20

Detonation Overview

Submitted

2024-05-22 23:48

Reported

2024-05-22 23:51

Platform

win10v2004-20240226-en

Max time kernel

143s

Max time network

152s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\index1449123078.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\index1449123078.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5080 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4668 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5744 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=4508 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5752 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2536 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 13.107.6.158:443 business.bing.com tcp
GB 13.87.96.169:443 nav-edge.smartscreen.microsoft.com tcp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 23.55.97.181:443 www.microsoft.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 2.17.251.21:443 bzib.nelreports.net tcp
US 8.8.8.8:53 56.94.73.104.in-addr.arpa udp
US 8.8.8.8:53 169.96.87.13.in-addr.arpa udp
US 8.8.8.8:53 158.6.107.13.in-addr.arpa udp
US 8.8.8.8:53 21.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
GB 216.58.213.14:445 www.google-analytics.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
GB 216.58.213.14:139 www.google-analytics.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.189.173.21:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 21.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 13.107.253.64:443 tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 26.178.89.13.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-22 23:48

Reported

2024-05-22 23:51

Platform

win7-20240221-en

Max time kernel

122s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe"

Signatures

Cerber

ransomware cerber

Deletes shadow copies

ransomware defense_evasion impact execution

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A

Contacts a large (517) amount of remote hosts

discovery

Deletes itself

Description Indicator Process Target
N/A N/A C:\Windows\system32\cmd.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmpE206.bmp" C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\BUSINESS.ONE C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\DESIGNER.ONE C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\PLANNERS.ONE C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\ACADEMIC.ONE C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\README.hta C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\BLANK.ONE C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A

Enumerates physical storage devices

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SysWOW64\mshta.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2320 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe
PID 2320 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe
PID 2320 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe
PID 2320 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe
PID 2320 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe
PID 2032 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe C:\Windows\system32\cmd.exe
PID 2032 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe C:\Windows\system32\cmd.exe
PID 2032 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe C:\Windows\system32\cmd.exe
PID 2032 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe C:\Windows\system32\cmd.exe
PID 2592 wrote to memory of 2084 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\wbem\WMIC.exe
PID 2592 wrote to memory of 2084 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\wbem\WMIC.exe
PID 2592 wrote to memory of 2084 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\wbem\WMIC.exe
PID 2032 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe C:\Windows\SysWOW64\mshta.exe
PID 2032 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe C:\Windows\SysWOW64\mshta.exe
PID 2032 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe C:\Windows\SysWOW64\mshta.exe
PID 2032 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe C:\Windows\SysWOW64\mshta.exe
PID 2032 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe C:\Windows\system32\cmd.exe
PID 2032 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe C:\Windows\system32\cmd.exe
PID 2032 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe C:\Windows\system32\cmd.exe
PID 2032 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe C:\Windows\system32\cmd.exe
PID 1360 wrote to memory of 352 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1360 wrote to memory of 352 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1360 wrote to memory of 352 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1360 wrote to memory of 1796 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\PING.EXE
PID 1360 wrote to memory of 1796 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\PING.EXE
PID 1360 wrote to memory of 1796 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\PING.EXE

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Windows\system32\wbem\WMIC.exe

C:\Windows\system32\wbem\wmic.exe shadowcopy delete

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Local\Temp\README.hta"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Windows\system32\taskkill.exe

taskkill /f /im "690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe"

C:\Windows\system32\PING.EXE

ping -n 1 127.0.0.1

Network

Country Destination Domain Proto
AM 31.184.234.0:6892 udp
AM 31.184.234.1:6892 udp
AM 31.184.234.2:6892 udp
AM 31.184.234.3:6892 udp
AM 31.184.234.4:6892 udp
AM 31.184.234.5:6892 udp
AM 31.184.234.6:6892 udp
AM 31.184.234.7:6892 udp
AM 31.184.234.8:6892 udp
AM 31.184.234.9:6892 udp
AM 31.184.234.10:6892 udp
AM 31.184.234.11:6892 udp
AM 31.184.234.12:6892 udp
AM 31.184.234.13:6892 udp
AM 31.184.234.14:6892 udp
AM 31.184.234.15:6892 udp
AM 31.184.234.16:6892 udp
AM 31.184.234.17:6892 udp
AM 31.184.234.18:6892 udp
AM 31.184.234.19:6892 udp
AM 31.184.234.20:6892 udp
AM 31.184.234.21:6892 udp
AM 31.184.234.22:6892 udp
AM 31.184.234.23:6892 udp
AM 31.184.234.24:6892 udp
AM 31.184.234.25:6892 udp
AM 31.184.234.26:6892 udp
AM 31.184.234.27:6892 udp
AM 31.184.234.28:6892 udp
AM 31.184.234.29:6892 udp
AM 31.184.234.30:6892 udp
AM 31.184.234.31:6892 udp
AM 31.184.234.32:6892 udp
AM 31.184.234.33:6892 udp
AM 31.184.234.34:6892 udp
AM 31.184.234.35:6892 udp
AM 31.184.234.36:6892 udp
AM 31.184.234.37:6892 udp
AM 31.184.234.38:6892 udp
AM 31.184.234.39:6892 udp
AM 31.184.234.40:6892 udp
AM 31.184.234.41:6892 udp
AM 31.184.234.42:6892 udp
AM 31.184.234.43:6892 udp
AM 31.184.234.44:6892 udp
AM 31.184.234.45:6892 udp
AM 31.184.234.46:6892 udp
AM 31.184.234.47:6892 udp
AM 31.184.234.48:6892 udp
AM 31.184.234.49:6892 udp
AM 31.184.234.50:6892 udp
AM 31.184.234.51:6892 udp
AM 31.184.234.52:6892 udp
AM 31.184.234.53:6892 udp
AM 31.184.234.54:6892 udp
AM 31.184.234.55:6892 udp
AM 31.184.234.56:6892 udp
AM 31.184.234.57:6892 udp
AM 31.184.234.58:6892 udp
AM 31.184.234.59:6892 udp
AM 31.184.234.60:6892 udp
AM 31.184.234.61:6892 udp
AM 31.184.234.62:6892 udp
AM 31.184.234.63:6892 udp
AM 31.184.234.64:6892 udp
AM 31.184.234.65:6892 udp
AM 31.184.234.66:6892 udp
AM 31.184.234.67:6892 udp
AM 31.184.234.68:6892 udp
AM 31.184.234.69:6892 udp
AM 31.184.234.70:6892 udp
AM 31.184.234.71:6892 udp
AM 31.184.234.72:6892 udp
AM 31.184.234.73:6892 udp
AM 31.184.234.74:6892 udp
AM 31.184.234.75:6892 udp
AM 31.184.234.76:6892 udp
AM 31.184.234.77:6892 udp
AM 31.184.234.78:6892 udp
AM 31.184.234.79:6892 udp
AM 31.184.234.80:6892 udp
AM 31.184.234.81:6892 udp
AM 31.184.234.82:6892 udp
AM 31.184.234.83:6892 udp
AM 31.184.234.84:6892 udp
AM 31.184.234.85:6892 udp
AM 31.184.234.86:6892 udp
AM 31.184.234.87:6892 udp
AM 31.184.234.88:6892 udp
AM 31.184.234.89:6892 udp
AM 31.184.234.90:6892 udp
AM 31.184.234.91:6892 udp
AM 31.184.234.92:6892 udp
AM 31.184.234.93:6892 udp
AM 31.184.234.94:6892 udp
AM 31.184.234.95:6892 udp
AM 31.184.234.96:6892 udp
AM 31.184.234.97:6892 udp
AM 31.184.234.98:6892 udp
AM 31.184.234.99:6892 udp
AM 31.184.234.100:6892 udp
AM 31.184.234.101:6892 udp
AM 31.184.234.102:6892 udp
AM 31.184.234.103:6892 udp
AM 31.184.234.104:6892 udp
AM 31.184.234.105:6892 udp
AM 31.184.234.106:6892 udp
AM 31.184.234.107:6892 udp
AM 31.184.234.108:6892 udp
AM 31.184.234.109:6892 udp
AM 31.184.234.110:6892 udp
AM 31.184.234.111:6892 udp
AM 31.184.234.112:6892 udp
AM 31.184.234.113:6892 udp
AM 31.184.234.114:6892 udp
AM 31.184.234.115:6892 udp
AM 31.184.234.116:6892 udp
AM 31.184.234.117:6892 udp
AM 31.184.234.118:6892 udp
AM 31.184.234.119:6892 udp
AM 31.184.234.120:6892 udp
AM 31.184.234.121:6892 udp
AM 31.184.234.122:6892 udp
AM 31.184.234.123:6892 udp
AM 31.184.234.124:6892 udp
AM 31.184.234.125:6892 udp
AM 31.184.234.126:6892 udp
AM 31.184.234.127:6892 udp
AM 31.184.234.128:6892 udp
AM 31.184.234.129:6892 udp
AM 31.184.234.130:6892 udp
AM 31.184.234.131:6892 udp
AM 31.184.234.132:6892 udp
AM 31.184.234.133:6892 udp
AM 31.184.234.134:6892 udp
AM 31.184.234.135:6892 udp
AM 31.184.234.136:6892 udp
AM 31.184.234.137:6892 udp
AM 31.184.234.138:6892 udp
AM 31.184.234.139:6892 udp
AM 31.184.234.140:6892 udp
AM 31.184.234.141:6892 udp
AM 31.184.234.142:6892 udp
AM 31.184.234.143:6892 udp
AM 31.184.234.144:6892 udp
AM 31.184.234.145:6892 udp
AM 31.184.234.146:6892 udp
AM 31.184.234.147:6892 udp
AM 31.184.234.148:6892 udp
AM 31.184.234.149:6892 udp
AM 31.184.234.150:6892 udp
AM 31.184.234.151:6892 udp
AM 31.184.234.152:6892 udp
AM 31.184.234.153:6892 udp
AM 31.184.234.154:6892 udp
AM 31.184.234.155:6892 udp
AM 31.184.234.156:6892 udp
AM 31.184.234.157:6892 udp
AM 31.184.234.158:6892 udp
AM 31.184.234.159:6892 udp
AM 31.184.234.160:6892 udp
AM 31.184.234.161:6892 udp
AM 31.184.234.162:6892 udp
AM 31.184.234.163:6892 udp
AM 31.184.234.164:6892 udp
AM 31.184.234.165:6892 udp
AM 31.184.234.166:6892 udp
AM 31.184.234.167:6892 udp
AM 31.184.234.168:6892 udp
AM 31.184.234.169:6892 udp
AM 31.184.234.170:6892 udp
AM 31.184.234.171:6892 udp
AM 31.184.234.172:6892 udp
AM 31.184.234.173:6892 udp
AM 31.184.234.174:6892 udp
AM 31.184.234.175:6892 udp
AM 31.184.234.176:6892 udp
AM 31.184.234.177:6892 udp
AM 31.184.234.178:6892 udp
AM 31.184.234.179:6892 udp
AM 31.184.234.180:6892 udp
AM 31.184.234.181:6892 udp
AM 31.184.234.182:6892 udp
AM 31.184.234.183:6892 udp
AM 31.184.234.184:6892 udp
AM 31.184.234.185:6892 udp
AM 31.184.234.186:6892 udp
AM 31.184.234.187:6892 udp
AM 31.184.234.188:6892 udp
AM 31.184.234.189:6892 udp
AM 31.184.234.190:6892 udp
AM 31.184.234.191:6892 udp
AM 31.184.234.192:6892 udp
AM 31.184.234.193:6892 udp
AM 31.184.234.194:6892 udp
AM 31.184.234.195:6892 udp
AM 31.184.234.196:6892 udp
AM 31.184.234.197:6892 udp
AM 31.184.234.198:6892 udp
AM 31.184.234.199:6892 udp
AM 31.184.234.200:6892 udp
AM 31.184.234.201:6892 udp
AM 31.184.234.202:6892 udp
AM 31.184.234.203:6892 udp
AM 31.184.234.204:6892 udp
AM 31.184.234.205:6892 udp
AM 31.184.234.206:6892 udp
AM 31.184.234.207:6892 udp
AM 31.184.234.208:6892 udp
AM 31.184.234.209:6892 udp
AM 31.184.234.210:6892 udp
AM 31.184.234.211:6892 udp
AM 31.184.234.212:6892 udp
AM 31.184.234.213:6892 udp
AM 31.184.234.214:6892 udp
AM 31.184.234.215:6892 udp
AM 31.184.234.216:6892 udp
AM 31.184.234.217:6892 udp
AM 31.184.234.218:6892 udp
AM 31.184.234.219:6892 udp
AM 31.184.234.220:6892 udp
AM 31.184.234.221:6892 udp
AM 31.184.234.222:6892 udp
AM 31.184.234.223:6892 udp
AM 31.184.234.224:6892 udp
AM 31.184.234.225:6892 udp
AM 31.184.234.226:6892 udp
AM 31.184.234.227:6892 udp
AM 31.184.234.228:6892 udp
AM 31.184.234.229:6892 udp
AM 31.184.234.230:6892 udp
AM 31.184.234.231:6892 udp
AM 31.184.234.232:6892 udp
AM 31.184.234.233:6892 udp
AM 31.184.234.234:6892 udp
AM 31.184.234.235:6892 udp
AM 31.184.234.236:6892 udp
AM 31.184.234.237:6892 udp
AM 31.184.234.238:6892 udp
AM 31.184.234.239:6892 udp
AM 31.184.234.240:6892 udp
AM 31.184.234.241:6892 udp
AM 31.184.234.242:6892 udp
AM 31.184.234.243:6892 udp
AM 31.184.234.244:6892 udp
AM 31.184.234.245:6892 udp
AM 31.184.234.246:6892 udp
AM 31.184.234.247:6892 udp
AM 31.184.234.248:6892 udp
AM 31.184.234.249:6892 udp
AM 31.184.234.250:6892 udp
AM 31.184.234.251:6892 udp
AM 31.184.234.252:6892 udp
AM 31.184.234.253:6892 udp
AM 31.184.234.254:6892 udp
AM 31.184.234.255:6892 udp
AM 31.184.235.0:6892 udp
AM 31.184.235.1:6892 udp
AM 31.184.235.2:6892 udp
AM 31.184.235.3:6892 udp
AM 31.184.235.4:6892 udp
AM 31.184.235.5:6892 udp
AM 31.184.235.6:6892 udp
AM 31.184.235.7:6892 udp
AM 31.184.235.8:6892 udp
AM 31.184.235.9:6892 udp
AM 31.184.235.10:6892 udp
AM 31.184.235.11:6892 udp
AM 31.184.235.12:6892 udp
AM 31.184.235.13:6892 udp
AM 31.184.235.14:6892 udp
AM 31.184.235.15:6892 udp
AM 31.184.235.16:6892 udp
AM 31.184.235.17:6892 udp
AM 31.184.235.18:6892 udp
AM 31.184.235.19:6892 udp
AM 31.184.235.20:6892 udp
AM 31.184.235.21:6892 udp
AM 31.184.235.22:6892 udp
AM 31.184.235.23:6892 udp
AM 31.184.235.24:6892 udp
AM 31.184.235.25:6892 udp
AM 31.184.235.26:6892 udp
AM 31.184.235.27:6892 udp
AM 31.184.235.28:6892 udp
AM 31.184.235.29:6892 udp
AM 31.184.235.30:6892 udp
AM 31.184.235.31:6892 udp
AM 31.184.235.32:6892 udp
AM 31.184.235.33:6892 udp
AM 31.184.235.34:6892 udp
AM 31.184.235.35:6892 udp
AM 31.184.235.36:6892 udp
AM 31.184.235.37:6892 udp
AM 31.184.235.38:6892 udp
AM 31.184.235.39:6892 udp
AM 31.184.235.40:6892 udp
AM 31.184.235.41:6892 udp
AM 31.184.235.42:6892 udp
AM 31.184.235.43:6892 udp
AM 31.184.235.44:6892 udp
AM 31.184.235.45:6892 udp
AM 31.184.235.46:6892 udp
AM 31.184.235.47:6892 udp
AM 31.184.235.48:6892 udp
AM 31.184.235.49:6892 udp
AM 31.184.235.50:6892 udp
AM 31.184.235.51:6892 udp
AM 31.184.235.52:6892 udp
AM 31.184.235.53:6892 udp
AM 31.184.235.54:6892 udp
AM 31.184.235.55:6892 udp
AM 31.184.235.56:6892 udp
AM 31.184.235.57:6892 udp
AM 31.184.235.58:6892 udp
AM 31.184.235.59:6892 udp
AM 31.184.235.60:6892 udp
AM 31.184.235.61:6892 udp
AM 31.184.235.62:6892 udp
AM 31.184.235.63:6892 udp
AM 31.184.235.64:6892 udp
AM 31.184.235.65:6892 udp
AM 31.184.235.66:6892 udp
AM 31.184.235.67:6892 udp
AM 31.184.235.68:6892 udp
AM 31.184.235.69:6892 udp
AM 31.184.235.70:6892 udp
AM 31.184.235.71:6892 udp
AM 31.184.235.72:6892 udp
AM 31.184.235.73:6892 udp
AM 31.184.235.74:6892 udp
AM 31.184.235.75:6892 udp
AM 31.184.235.76:6892 udp
AM 31.184.235.77:6892 udp
AM 31.184.235.78:6892 udp
AM 31.184.235.79:6892 udp
AM 31.184.235.80:6892 udp
AM 31.184.235.81:6892 udp
AM 31.184.235.82:6892 udp
AM 31.184.235.83:6892 udp
AM 31.184.235.84:6892 udp
AM 31.184.235.85:6892 udp
AM 31.184.235.86:6892 udp
AM 31.184.235.87:6892 udp
AM 31.184.235.88:6892 udp
AM 31.184.235.89:6892 udp
AM 31.184.235.90:6892 udp
AM 31.184.235.91:6892 udp
AM 31.184.235.92:6892 udp
AM 31.184.235.93:6892 udp
AM 31.184.235.94:6892 udp
AM 31.184.235.95:6892 udp
AM 31.184.235.96:6892 udp
AM 31.184.235.97:6892 udp
AM 31.184.235.98:6892 udp
AM 31.184.235.99:6892 udp
AM 31.184.235.100:6892 udp
AM 31.184.235.101:6892 udp
AM 31.184.235.102:6892 udp
AM 31.184.235.103:6892 udp
AM 31.184.235.104:6892 udp
AM 31.184.235.105:6892 udp
AM 31.184.235.106:6892 udp
AM 31.184.235.107:6892 udp
AM 31.184.235.108:6892 udp
AM 31.184.235.109:6892 udp
AM 31.184.235.110:6892 udp
AM 31.184.235.111:6892 udp
AM 31.184.235.112:6892 udp
AM 31.184.235.113:6892 udp
AM 31.184.235.114:6892 udp
AM 31.184.235.115:6892 udp
AM 31.184.235.116:6892 udp
AM 31.184.235.117:6892 udp
AM 31.184.235.118:6892 udp
AM 31.184.235.119:6892 udp
AM 31.184.235.120:6892 udp
AM 31.184.235.121:6892 udp
AM 31.184.235.122:6892 udp
AM 31.184.235.123:6892 udp
AM 31.184.235.124:6892 udp
AM 31.184.235.125:6892 udp
AM 31.184.235.126:6892 udp
AM 31.184.235.127:6892 udp
AM 31.184.235.128:6892 udp
AM 31.184.235.129:6892 udp
AM 31.184.235.130:6892 udp
AM 31.184.235.131:6892 udp
AM 31.184.235.132:6892 udp
AM 31.184.235.133:6892 udp
AM 31.184.235.134:6892 udp
AM 31.184.235.135:6892 udp
AM 31.184.235.136:6892 udp
AM 31.184.235.137:6892 udp
AM 31.184.235.138:6892 udp
AM 31.184.235.139:6892 udp
AM 31.184.235.140:6892 udp
AM 31.184.235.141:6892 udp
AM 31.184.235.142:6892 udp
AM 31.184.235.143:6892 udp
AM 31.184.235.144:6892 udp
AM 31.184.235.145:6892 udp
AM 31.184.235.146:6892 udp
AM 31.184.235.147:6892 udp
AM 31.184.235.148:6892 udp
AM 31.184.235.149:6892 udp
AM 31.184.235.150:6892 udp
AM 31.184.235.151:6892 udp
AM 31.184.235.152:6892 udp
AM 31.184.235.153:6892 udp
AM 31.184.235.154:6892 udp
AM 31.184.235.155:6892 udp
AM 31.184.235.156:6892 udp
AM 31.184.235.157:6892 udp
AM 31.184.235.158:6892 udp
AM 31.184.235.159:6892 udp
AM 31.184.235.160:6892 udp
AM 31.184.235.161:6892 udp
AM 31.184.235.162:6892 udp
AM 31.184.235.163:6892 udp
AM 31.184.235.164:6892 udp
AM 31.184.235.165:6892 udp
AM 31.184.235.166:6892 udp
AM 31.184.235.167:6892 udp
AM 31.184.235.168:6892 udp
AM 31.184.235.169:6892 udp
AM 31.184.235.170:6892 udp
AM 31.184.235.171:6892 udp
AM 31.184.235.172:6892 udp
AM 31.184.235.173:6892 udp
AM 31.184.235.174:6892 udp
AM 31.184.235.175:6892 udp
AM 31.184.235.176:6892 udp
AM 31.184.235.177:6892 udp
AM 31.184.235.178:6892 udp
AM 31.184.235.179:6892 udp
AM 31.184.235.180:6892 udp
AM 31.184.235.181:6892 udp
AM 31.184.235.182:6892 udp
AM 31.184.235.183:6892 udp
AM 31.184.235.184:6892 udp
AM 31.184.235.185:6892 udp
AM 31.184.235.186:6892 udp
AM 31.184.235.187:6892 udp
AM 31.184.235.188:6892 udp
AM 31.184.235.189:6892 udp
AM 31.184.235.190:6892 udp
AM 31.184.235.191:6892 udp
AM 31.184.235.192:6892 udp
AM 31.184.235.193:6892 udp
AM 31.184.235.194:6892 udp
AM 31.184.235.195:6892 udp
AM 31.184.235.196:6892 udp
AM 31.184.235.197:6892 udp
AM 31.184.235.198:6892 udp
AM 31.184.235.199:6892 udp
AM 31.184.235.200:6892 udp
AM 31.184.235.201:6892 udp
AM 31.184.235.202:6892 udp
AM 31.184.235.203:6892 udp
AM 31.184.235.204:6892 udp
AM 31.184.235.205:6892 udp
AM 31.184.235.206:6892 udp
AM 31.184.235.207:6892 udp
AM 31.184.235.208:6892 udp
AM 31.184.235.209:6892 udp
AM 31.184.235.210:6892 udp
AM 31.184.235.211:6892 udp
AM 31.184.235.212:6892 udp
AM 31.184.235.213:6892 udp
AM 31.184.235.214:6892 udp
AM 31.184.235.215:6892 udp
AM 31.184.235.216:6892 udp
AM 31.184.235.217:6892 udp
AM 31.184.235.218:6892 udp
AM 31.184.235.219:6892 udp
AM 31.184.235.220:6892 udp
AM 31.184.235.221:6892 udp
AM 31.184.235.222:6892 udp
AM 31.184.235.223:6892 udp
AM 31.184.235.224:6892 udp
AM 31.184.235.225:6892 udp
AM 31.184.235.226:6892 udp
AM 31.184.235.227:6892 udp
AM 31.184.235.228:6892 udp
AM 31.184.235.229:6892 udp
AM 31.184.235.230:6892 udp
AM 31.184.235.231:6892 udp
AM 31.184.235.232:6892 udp
AM 31.184.235.233:6892 udp
AM 31.184.235.234:6892 udp
AM 31.184.235.235:6892 udp
AM 31.184.235.236:6892 udp
AM 31.184.235.237:6892 udp
AM 31.184.235.238:6892 udp
AM 31.184.235.239:6892 udp
AM 31.184.235.240:6892 udp
AM 31.184.235.241:6892 udp
AM 31.184.235.242:6892 udp
AM 31.184.235.243:6892 udp
AM 31.184.235.244:6892 udp
AM 31.184.235.245:6892 udp
AM 31.184.235.246:6892 udp
AM 31.184.235.247:6892 udp
AM 31.184.235.248:6892 udp
AM 31.184.235.249:6892 udp
AM 31.184.235.250:6892 udp
AM 31.184.235.251:6892 udp
AM 31.184.235.252:6892 udp
AM 31.184.235.253:6892 udp
AM 31.184.235.254:6892 udp
AM 31.184.235.255:6892 udp
AM 31.184.234.0:6892 udp
AM 31.184.234.1:6892 udp
AM 31.184.234.2:6892 udp
AM 31.184.234.3:6892 udp
AM 31.184.234.4:6892 udp
AM 31.184.234.5:6892 udp
AM 31.184.234.6:6892 udp
AM 31.184.234.7:6892 udp
AM 31.184.234.8:6892 udp
AM 31.184.234.9:6892 udp
AM 31.184.234.10:6892 udp
AM 31.184.234.11:6892 udp
AM 31.184.234.12:6892 udp
AM 31.184.234.13:6892 udp
AM 31.184.234.14:6892 udp
AM 31.184.234.15:6892 udp
AM 31.184.234.16:6892 udp
AM 31.184.234.17:6892 udp
AM 31.184.234.18:6892 udp
AM 31.184.234.19:6892 udp
AM 31.184.234.20:6892 udp
AM 31.184.234.21:6892 udp
AM 31.184.234.22:6892 udp
AM 31.184.234.23:6892 udp
AM 31.184.234.24:6892 udp
AM 31.184.234.25:6892 udp
AM 31.184.234.26:6892 udp
AM 31.184.234.27:6892 udp
AM 31.184.234.28:6892 udp
AM 31.184.234.29:6892 udp
AM 31.184.234.30:6892 udp
AM 31.184.234.31:6892 udp
AM 31.184.234.32:6892 udp
AM 31.184.234.33:6892 udp
AM 31.184.234.34:6892 udp
AM 31.184.234.35:6892 udp
AM 31.184.234.36:6892 udp
AM 31.184.234.37:6892 udp
AM 31.184.234.38:6892 udp
AM 31.184.234.39:6892 udp
AM 31.184.234.40:6892 udp
AM 31.184.234.41:6892 udp
AM 31.184.234.42:6892 udp
AM 31.184.234.43:6892 udp
AM 31.184.234.44:6892 udp
AM 31.184.234.45:6892 udp
AM 31.184.234.46:6892 udp
AM 31.184.234.47:6892 udp
AM 31.184.234.48:6892 udp
AM 31.184.234.49:6892 udp
AM 31.184.234.50:6892 udp
AM 31.184.234.51:6892 udp
AM 31.184.234.52:6892 udp
AM 31.184.234.53:6892 udp
AM 31.184.234.54:6892 udp
AM 31.184.234.55:6892 udp
AM 31.184.234.56:6892 udp
AM 31.184.234.57:6892 udp
AM 31.184.234.58:6892 udp
AM 31.184.234.59:6892 udp
AM 31.184.234.60:6892 udp
AM 31.184.234.61:6892 udp
AM 31.184.234.62:6892 udp
AM 31.184.234.63:6892 udp
AM 31.184.234.64:6892 udp
AM 31.184.234.65:6892 udp
AM 31.184.234.66:6892 udp
AM 31.184.234.67:6892 udp
AM 31.184.234.68:6892 udp
AM 31.184.234.69:6892 udp
AM 31.184.234.70:6892 udp
AM 31.184.234.71:6892 udp
AM 31.184.234.72:6892 udp
AM 31.184.234.73:6892 udp
AM 31.184.234.74:6892 udp
AM 31.184.234.75:6892 udp
AM 31.184.234.76:6892 udp
AM 31.184.234.77:6892 udp
AM 31.184.234.78:6892 udp
AM 31.184.234.79:6892 udp
AM 31.184.234.80:6892 udp
AM 31.184.234.81:6892 udp
AM 31.184.234.82:6892 udp
AM 31.184.234.83:6892 udp
AM 31.184.234.84:6892 udp
AM 31.184.234.85:6892 udp
AM 31.184.234.86:6892 udp
AM 31.184.234.87:6892 udp
AM 31.184.234.88:6892 udp
AM 31.184.234.89:6892 udp
AM 31.184.234.90:6892 udp
AM 31.184.234.91:6892 udp
AM 31.184.234.92:6892 udp
AM 31.184.234.93:6892 udp
AM 31.184.234.94:6892 udp
AM 31.184.234.95:6892 udp
AM 31.184.234.96:6892 udp
AM 31.184.234.97:6892 udp
AM 31.184.234.98:6892 udp
AM 31.184.234.99:6892 udp
AM 31.184.234.100:6892 udp
AM 31.184.234.101:6892 udp
AM 31.184.234.102:6892 udp
AM 31.184.234.103:6892 udp
AM 31.184.234.104:6892 udp
AM 31.184.234.105:6892 udp
AM 31.184.234.106:6892 udp
AM 31.184.234.107:6892 udp
AM 31.184.234.108:6892 udp
AM 31.184.234.109:6892 udp
AM 31.184.234.110:6892 udp
AM 31.184.234.111:6892 udp
AM 31.184.234.112:6892 udp
AM 31.184.234.113:6892 udp
AM 31.184.234.114:6892 udp
AM 31.184.234.115:6892 udp
AM 31.184.234.116:6892 udp
AM 31.184.234.117:6892 udp
AM 31.184.234.118:6892 udp
AM 31.184.234.119:6892 udp
AM 31.184.234.120:6892 udp
AM 31.184.234.121:6892 udp
AM 31.184.234.122:6892 udp
AM 31.184.234.123:6892 udp
AM 31.184.234.124:6892 udp
AM 31.184.234.125:6892 udp
AM 31.184.234.126:6892 udp
AM 31.184.234.127:6892 udp
AM 31.184.234.128:6892 udp
AM 31.184.234.129:6892 udp
AM 31.184.234.130:6892 udp
AM 31.184.234.131:6892 udp
AM 31.184.234.132:6892 udp
AM 31.184.234.133:6892 udp
AM 31.184.234.134:6892 udp
AM 31.184.234.135:6892 udp
AM 31.184.234.136:6892 udp
AM 31.184.234.137:6892 udp
AM 31.184.234.138:6892 udp
AM 31.184.234.139:6892 udp
AM 31.184.234.140:6892 udp
AM 31.184.234.141:6892 udp
AM 31.184.234.142:6892 udp
AM 31.184.234.143:6892 udp
AM 31.184.234.144:6892 udp
AM 31.184.234.145:6892 udp
AM 31.184.234.146:6892 udp
AM 31.184.234.147:6892 udp
AM 31.184.234.148:6892 udp
AM 31.184.234.149:6892 udp
AM 31.184.234.150:6892 udp
AM 31.184.234.151:6892 udp
AM 31.184.234.152:6892 udp
AM 31.184.234.153:6892 udp
AM 31.184.234.154:6892 udp
AM 31.184.234.155:6892 udp
AM 31.184.234.156:6892 udp
AM 31.184.234.157:6892 udp
AM 31.184.234.158:6892 udp
AM 31.184.234.159:6892 udp
AM 31.184.234.160:6892 udp
AM 31.184.234.161:6892 udp
AM 31.184.234.162:6892 udp
AM 31.184.234.163:6892 udp
AM 31.184.234.164:6892 udp
AM 31.184.234.165:6892 udp
AM 31.184.234.166:6892 udp
AM 31.184.234.167:6892 udp
AM 31.184.234.168:6892 udp
AM 31.184.234.169:6892 udp
AM 31.184.234.170:6892 udp
AM 31.184.234.171:6892 udp
AM 31.184.234.172:6892 udp
AM 31.184.234.173:6892 udp
AM 31.184.234.174:6892 udp
AM 31.184.234.175:6892 udp
AM 31.184.234.176:6892 udp
AM 31.184.234.177:6892 udp
AM 31.184.234.178:6892 udp
AM 31.184.234.179:6892 udp
AM 31.184.234.180:6892 udp
AM 31.184.234.181:6892 udp
AM 31.184.234.182:6892 udp
AM 31.184.234.183:6892 udp
AM 31.184.234.184:6892 udp
AM 31.184.234.185:6892 udp
AM 31.184.234.186:6892 udp
AM 31.184.234.187:6892 udp
AM 31.184.234.188:6892 udp
AM 31.184.234.189:6892 udp
AM 31.184.234.190:6892 udp
AM 31.184.234.191:6892 udp
AM 31.184.234.192:6892 udp
AM 31.184.234.193:6892 udp
AM 31.184.234.194:6892 udp
AM 31.184.234.195:6892 udp
AM 31.184.234.196:6892 udp
AM 31.184.234.197:6892 udp
AM 31.184.234.198:6892 udp
AM 31.184.234.199:6892 udp
AM 31.184.234.200:6892 udp
AM 31.184.234.201:6892 udp
AM 31.184.234.202:6892 udp
AM 31.184.234.203:6892 udp
AM 31.184.234.204:6892 udp
AM 31.184.234.205:6892 udp
AM 31.184.234.206:6892 udp
AM 31.184.234.207:6892 udp
AM 31.184.234.208:6892 udp
AM 31.184.234.209:6892 udp
AM 31.184.234.210:6892 udp
AM 31.184.234.211:6892 udp
AM 31.184.234.212:6892 udp
AM 31.184.234.213:6892 udp
AM 31.184.234.214:6892 udp
AM 31.184.234.215:6892 udp
AM 31.184.234.216:6892 udp
AM 31.184.234.217:6892 udp
AM 31.184.234.218:6892 udp
AM 31.184.234.219:6892 udp
AM 31.184.234.220:6892 udp
AM 31.184.234.221:6892 udp
AM 31.184.234.222:6892 udp
AM 31.184.234.223:6892 udp
AM 31.184.234.224:6892 udp
AM 31.184.234.225:6892 udp
AM 31.184.234.226:6892 udp
AM 31.184.234.227:6892 udp
AM 31.184.234.228:6892 udp
AM 31.184.234.229:6892 udp
AM 31.184.234.230:6892 udp
AM 31.184.234.231:6892 udp
AM 31.184.234.232:6892 udp
AM 31.184.234.233:6892 udp
AM 31.184.234.234:6892 udp
AM 31.184.234.235:6892 udp
AM 31.184.234.236:6892 udp
AM 31.184.234.237:6892 udp
AM 31.184.234.238:6892 udp
AM 31.184.234.239:6892 udp
AM 31.184.234.240:6892 udp
AM 31.184.234.241:6892 udp
AM 31.184.234.242:6892 udp
AM 31.184.234.243:6892 udp
AM 31.184.234.244:6892 udp
AM 31.184.234.245:6892 udp
AM 31.184.234.246:6892 udp
AM 31.184.234.247:6892 udp
AM 31.184.234.248:6892 udp
AM 31.184.234.249:6892 udp
AM 31.184.234.250:6892 udp
AM 31.184.234.251:6892 udp
AM 31.184.234.252:6892 udp
AM 31.184.234.253:6892 udp
AM 31.184.234.254:6892 udp
AM 31.184.234.255:6892 udp
AM 31.184.235.0:6892 udp
AM 31.184.235.1:6892 udp
AM 31.184.235.2:6892 udp
AM 31.184.235.3:6892 udp
AM 31.184.235.4:6892 udp
AM 31.184.235.5:6892 udp
AM 31.184.235.6:6892 udp
AM 31.184.235.7:6892 udp
AM 31.184.235.8:6892 udp
AM 31.184.235.9:6892 udp
AM 31.184.235.10:6892 udp
AM 31.184.235.11:6892 udp
AM 31.184.235.12:6892 udp
AM 31.184.235.13:6892 udp
AM 31.184.235.14:6892 udp
AM 31.184.235.15:6892 udp
AM 31.184.235.16:6892 udp
AM 31.184.235.17:6892 udp
AM 31.184.235.18:6892 udp
AM 31.184.235.19:6892 udp
AM 31.184.235.20:6892 udp
AM 31.184.235.21:6892 udp
AM 31.184.235.22:6892 udp
AM 31.184.235.23:6892 udp
AM 31.184.235.24:6892 udp
AM 31.184.235.25:6892 udp
AM 31.184.235.26:6892 udp
AM 31.184.235.27:6892 udp
AM 31.184.235.28:6892 udp
AM 31.184.235.29:6892 udp
AM 31.184.235.30:6892 udp
AM 31.184.235.31:6892 udp
AM 31.184.235.32:6892 udp
AM 31.184.235.33:6892 udp
AM 31.184.235.34:6892 udp
AM 31.184.235.35:6892 udp
AM 31.184.235.36:6892 udp
AM 31.184.235.37:6892 udp
AM 31.184.235.38:6892 udp
AM 31.184.235.39:6892 udp
AM 31.184.235.40:6892 udp
AM 31.184.235.41:6892 udp
AM 31.184.235.42:6892 udp
AM 31.184.235.43:6892 udp
AM 31.184.235.44:6892 udp
AM 31.184.235.45:6892 udp
AM 31.184.235.46:6892 udp
AM 31.184.235.47:6892 udp
AM 31.184.235.48:6892 udp
AM 31.184.235.49:6892 udp
AM 31.184.235.50:6892 udp
AM 31.184.235.51:6892 udp
AM 31.184.235.52:6892 udp
AM 31.184.235.53:6892 udp
AM 31.184.235.54:6892 udp
AM 31.184.235.55:6892 udp
AM 31.184.235.56:6892 udp
AM 31.184.235.57:6892 udp
AM 31.184.235.58:6892 udp
AM 31.184.235.59:6892 udp
AM 31.184.235.60:6892 udp
AM 31.184.235.61:6892 udp
AM 31.184.235.62:6892 udp
AM 31.184.235.63:6892 udp
AM 31.184.235.64:6892 udp
AM 31.184.235.65:6892 udp
AM 31.184.235.66:6892 udp
AM 31.184.235.67:6892 udp
AM 31.184.235.68:6892 udp
AM 31.184.235.69:6892 udp
AM 31.184.235.70:6892 udp
AM 31.184.235.71:6892 udp
AM 31.184.235.72:6892 udp
AM 31.184.235.73:6892 udp
AM 31.184.235.74:6892 udp
AM 31.184.235.75:6892 udp
AM 31.184.235.76:6892 udp
AM 31.184.235.77:6892 udp
AM 31.184.235.78:6892 udp
AM 31.184.235.79:6892 udp
AM 31.184.235.80:6892 udp
AM 31.184.235.81:6892 udp
AM 31.184.235.82:6892 udp
AM 31.184.235.83:6892 udp
AM 31.184.235.84:6892 udp
AM 31.184.235.85:6892 udp
AM 31.184.235.86:6892 udp
AM 31.184.235.87:6892 udp
AM 31.184.235.88:6892 udp
AM 31.184.235.89:6892 udp
AM 31.184.235.90:6892 udp
AM 31.184.235.91:6892 udp
AM 31.184.235.92:6892 udp
AM 31.184.235.93:6892 udp
AM 31.184.235.94:6892 udp
AM 31.184.235.95:6892 udp
AM 31.184.235.96:6892 udp
AM 31.184.235.97:6892 udp
AM 31.184.235.98:6892 udp
AM 31.184.235.99:6892 udp
AM 31.184.235.100:6892 udp
AM 31.184.235.101:6892 udp
AM 31.184.235.102:6892 udp
AM 31.184.235.103:6892 udp
AM 31.184.235.104:6892 udp
AM 31.184.235.105:6892 udp
AM 31.184.235.106:6892 udp
AM 31.184.235.107:6892 udp
AM 31.184.235.108:6892 udp
AM 31.184.235.109:6892 udp
AM 31.184.235.110:6892 udp
AM 31.184.235.111:6892 udp
AM 31.184.235.112:6892 udp
AM 31.184.235.113:6892 udp
AM 31.184.235.114:6892 udp
AM 31.184.235.115:6892 udp
AM 31.184.235.116:6892 udp
AM 31.184.235.117:6892 udp
AM 31.184.235.118:6892 udp
AM 31.184.235.119:6892 udp
AM 31.184.235.120:6892 udp
AM 31.184.235.121:6892 udp
AM 31.184.235.122:6892 udp
AM 31.184.235.123:6892 udp
AM 31.184.235.124:6892 udp
AM 31.184.235.125:6892 udp
AM 31.184.235.126:6892 udp
AM 31.184.235.127:6892 udp
AM 31.184.235.128:6892 udp
AM 31.184.235.129:6892 udp
AM 31.184.235.130:6892 udp
AM 31.184.235.131:6892 udp
AM 31.184.235.132:6892 udp
AM 31.184.235.133:6892 udp
AM 31.184.235.134:6892 udp
AM 31.184.235.135:6892 udp
AM 31.184.235.136:6892 udp
AM 31.184.235.137:6892 udp
AM 31.184.235.138:6892 udp
AM 31.184.235.139:6892 udp
AM 31.184.235.140:6892 udp
AM 31.184.235.141:6892 udp
AM 31.184.235.142:6892 udp
AM 31.184.235.143:6892 udp
AM 31.184.235.144:6892 udp
AM 31.184.235.145:6892 udp
AM 31.184.235.146:6892 udp
AM 31.184.235.147:6892 udp
AM 31.184.235.148:6892 udp
AM 31.184.235.149:6892 udp
AM 31.184.235.150:6892 udp
AM 31.184.235.151:6892 udp
AM 31.184.235.152:6892 udp
AM 31.184.235.153:6892 udp
AM 31.184.235.154:6892 udp
AM 31.184.235.155:6892 udp
AM 31.184.235.156:6892 udp
AM 31.184.235.157:6892 udp
AM 31.184.235.158:6892 udp
AM 31.184.235.159:6892 udp
AM 31.184.235.160:6892 udp
AM 31.184.235.161:6892 udp
AM 31.184.235.162:6892 udp
AM 31.184.235.163:6892 udp
AM 31.184.235.164:6892 udp
AM 31.184.235.165:6892 udp
AM 31.184.235.166:6892 udp
AM 31.184.235.167:6892 udp
AM 31.184.235.168:6892 udp
AM 31.184.235.169:6892 udp
AM 31.184.235.170:6892 udp
AM 31.184.235.171:6892 udp
AM 31.184.235.172:6892 udp
AM 31.184.235.173:6892 udp
AM 31.184.235.174:6892 udp
AM 31.184.235.175:6892 udp
AM 31.184.235.176:6892 udp
AM 31.184.235.177:6892 udp
AM 31.184.235.178:6892 udp
AM 31.184.235.179:6892 udp
AM 31.184.235.180:6892 udp
AM 31.184.235.181:6892 udp
AM 31.184.235.182:6892 udp
AM 31.184.235.183:6892 udp
AM 31.184.235.184:6892 udp
AM 31.184.235.185:6892 udp
AM 31.184.235.186:6892 udp
AM 31.184.235.187:6892 udp
AM 31.184.235.188:6892 udp
AM 31.184.235.189:6892 udp
AM 31.184.235.190:6892 udp
AM 31.184.235.191:6892 udp
AM 31.184.235.192:6892 udp
AM 31.184.235.193:6892 udp
AM 31.184.235.194:6892 udp
AM 31.184.235.195:6892 udp
AM 31.184.235.196:6892 udp
AM 31.184.235.197:6892 udp
AM 31.184.235.198:6892 udp
AM 31.184.235.199:6892 udp
AM 31.184.235.200:6892 udp
AM 31.184.235.201:6892 udp
AM 31.184.235.202:6892 udp
AM 31.184.235.203:6892 udp
AM 31.184.235.204:6892 udp
AM 31.184.235.205:6892 udp
AM 31.184.235.206:6892 udp
AM 31.184.235.207:6892 udp
AM 31.184.235.208:6892 udp
AM 31.184.235.209:6892 udp
AM 31.184.235.210:6892 udp
AM 31.184.235.211:6892 udp
AM 31.184.235.212:6892 udp
AM 31.184.235.213:6892 udp
AM 31.184.235.214:6892 udp
AM 31.184.235.215:6892 udp
AM 31.184.235.216:6892 udp
AM 31.184.235.217:6892 udp
AM 31.184.235.218:6892 udp
AM 31.184.235.219:6892 udp
AM 31.184.235.220:6892 udp
AM 31.184.235.221:6892 udp
AM 31.184.235.222:6892 udp
AM 31.184.235.223:6892 udp
AM 31.184.235.224:6892 udp
AM 31.184.235.225:6892 udp
AM 31.184.235.226:6892 udp
AM 31.184.235.227:6892 udp
AM 31.184.235.228:6892 udp
AM 31.184.235.229:6892 udp
AM 31.184.235.230:6892 udp
AM 31.184.235.231:6892 udp
AM 31.184.235.232:6892 udp
AM 31.184.235.233:6892 udp
AM 31.184.235.234:6892 udp
AM 31.184.235.235:6892 udp
AM 31.184.235.236:6892 udp
AM 31.184.235.237:6892 udp
AM 31.184.235.238:6892 udp
AM 31.184.235.239:6892 udp
AM 31.184.235.240:6892 udp
AM 31.184.235.241:6892 udp
AM 31.184.235.242:6892 udp
AM 31.184.235.243:6892 udp
AM 31.184.235.244:6892 udp
AM 31.184.235.245:6892 udp
AM 31.184.235.246:6892 udp
AM 31.184.235.247:6892 udp
AM 31.184.235.248:6892 udp
AM 31.184.235.249:6892 udp
AM 31.184.235.250:6892 udp
AM 31.184.235.251:6892 udp
AM 31.184.235.252:6892 udp
AM 31.184.235.253:6892 udp
AM 31.184.235.254:6892 udp
AM 31.184.235.255:6892 udp
AM 31.184.234.0:6892 udp
AM 31.184.234.1:6892 udp
AM 31.184.234.2:6892 udp
AM 31.184.234.3:6892 udp
AM 31.184.234.4:6892 udp
AM 31.184.234.5:6892 udp
AM 31.184.234.6:6892 udp
AM 31.184.234.7:6892 udp
AM 31.184.234.8:6892 udp
AM 31.184.234.9:6892 udp
AM 31.184.234.10:6892 udp
AM 31.184.234.11:6892 udp
AM 31.184.234.12:6892 udp
AM 31.184.234.13:6892 udp
AM 31.184.234.14:6892 udp
AM 31.184.234.15:6892 udp
AM 31.184.234.16:6892 udp
AM 31.184.234.17:6892 udp
AM 31.184.234.18:6892 udp
AM 31.184.234.19:6892 udp
AM 31.184.234.20:6892 udp
AM 31.184.234.21:6892 udp
AM 31.184.234.22:6892 udp
AM 31.184.234.23:6892 udp
AM 31.184.234.24:6892 udp
AM 31.184.234.25:6892 udp
AM 31.184.234.26:6892 udp
AM 31.184.234.27:6892 udp
AM 31.184.234.28:6892 udp
AM 31.184.234.29:6892 udp
AM 31.184.234.30:6892 udp
AM 31.184.234.31:6892 udp
AM 31.184.234.32:6892 udp
AM 31.184.234.33:6892 udp
AM 31.184.234.34:6892 udp
AM 31.184.234.35:6892 udp
AM 31.184.234.36:6892 udp
AM 31.184.234.37:6892 udp
AM 31.184.234.38:6892 udp
AM 31.184.234.39:6892 udp
AM 31.184.234.40:6892 udp
AM 31.184.234.41:6892 udp
AM 31.184.234.42:6892 udp
AM 31.184.234.43:6892 udp
AM 31.184.234.44:6892 udp
AM 31.184.234.45:6892 udp
AM 31.184.234.46:6892 udp
AM 31.184.234.47:6892 udp
AM 31.184.234.48:6892 udp
AM 31.184.234.49:6892 udp
AM 31.184.234.50:6892 udp
AM 31.184.234.51:6892 udp
AM 31.184.234.52:6892 udp
AM 31.184.234.53:6892 udp
AM 31.184.234.54:6892 udp
AM 31.184.234.55:6892 udp
AM 31.184.234.56:6892 udp
AM 31.184.234.57:6892 udp
AM 31.184.234.58:6892 udp
AM 31.184.234.59:6892 udp
AM 31.184.234.60:6892 udp
AM 31.184.234.61:6892 udp
AM 31.184.234.62:6892 udp
AM 31.184.234.63:6892 udp
AM 31.184.234.64:6892 udp
AM 31.184.234.65:6892 udp
AM 31.184.234.66:6892 udp
AM 31.184.234.67:6892 udp
AM 31.184.234.68:6892 udp
AM 31.184.234.69:6892 udp
AM 31.184.234.70:6892 udp
AM 31.184.234.71:6892 udp
AM 31.184.234.72:6892 udp
AM 31.184.234.73:6892 udp
AM 31.184.234.74:6892 udp
AM 31.184.234.75:6892 udp
AM 31.184.234.76:6892 udp
AM 31.184.234.77:6892 udp
AM 31.184.234.78:6892 udp
AM 31.184.234.79:6892 udp
AM 31.184.234.80:6892 udp
AM 31.184.234.81:6892 udp
AM 31.184.234.82:6892 udp
AM 31.184.234.83:6892 udp
AM 31.184.234.84:6892 udp
AM 31.184.234.85:6892 udp
AM 31.184.234.86:6892 udp
AM 31.184.234.87:6892 udp
AM 31.184.234.88:6892 udp
AM 31.184.234.89:6892 udp
AM 31.184.234.90:6892 udp
AM 31.184.234.91:6892 udp
AM 31.184.234.92:6892 udp
AM 31.184.234.93:6892 udp
AM 31.184.234.94:6892 udp
AM 31.184.234.95:6892 udp
AM 31.184.234.96:6892 udp
AM 31.184.234.97:6892 udp
AM 31.184.234.98:6892 udp
AM 31.184.234.99:6892 udp
AM 31.184.234.100:6892 udp
AM 31.184.234.101:6892 udp
AM 31.184.234.102:6892 udp
AM 31.184.234.103:6892 udp
AM 31.184.234.104:6892 udp
AM 31.184.234.105:6892 udp
AM 31.184.234.106:6892 udp
AM 31.184.234.107:6892 udp
AM 31.184.234.108:6892 udp
AM 31.184.234.109:6892 udp
AM 31.184.234.110:6892 udp
AM 31.184.234.111:6892 udp
AM 31.184.234.112:6892 udp
AM 31.184.234.113:6892 udp
AM 31.184.234.114:6892 udp
AM 31.184.234.115:6892 udp
AM 31.184.234.116:6892 udp
AM 31.184.234.117:6892 udp
AM 31.184.234.118:6892 udp
AM 31.184.234.119:6892 udp
AM 31.184.234.120:6892 udp
AM 31.184.234.121:6892 udp
AM 31.184.234.122:6892 udp
AM 31.184.234.123:6892 udp
AM 31.184.234.124:6892 udp
AM 31.184.234.125:6892 udp
AM 31.184.234.126:6892 udp
AM 31.184.234.127:6892 udp
AM 31.184.234.128:6892 udp
AM 31.184.234.129:6892 udp
AM 31.184.234.130:6892 udp
AM 31.184.234.131:6892 udp
AM 31.184.234.132:6892 udp
AM 31.184.234.133:6892 udp
AM 31.184.234.134:6892 udp
AM 31.184.234.135:6892 udp
AM 31.184.234.136:6892 udp
AM 31.184.234.137:6892 udp
AM 31.184.234.138:6892 udp
AM 31.184.234.139:6892 udp
AM 31.184.234.140:6892 udp
AM 31.184.234.141:6892 udp
AM 31.184.234.142:6892 udp
AM 31.184.234.143:6892 udp
AM 31.184.234.144:6892 udp
AM 31.184.234.145:6892 udp
AM 31.184.234.146:6892 udp
AM 31.184.234.147:6892 udp
AM 31.184.234.148:6892 udp
AM 31.184.234.149:6892 udp
AM 31.184.234.150:6892 udp
AM 31.184.234.151:6892 udp
AM 31.184.234.152:6892 udp
AM 31.184.234.153:6892 udp
AM 31.184.234.154:6892 udp
AM 31.184.234.155:6892 udp
AM 31.184.234.156:6892 udp
AM 31.184.234.157:6892 udp
AM 31.184.234.158:6892 udp
AM 31.184.234.159:6892 udp
AM 31.184.234.160:6892 udp
AM 31.184.234.161:6892 udp
AM 31.184.234.162:6892 udp
AM 31.184.234.163:6892 udp
AM 31.184.234.164:6892 udp
AM 31.184.234.165:6892 udp
AM 31.184.234.166:6892 udp
AM 31.184.234.167:6892 udp
AM 31.184.234.168:6892 udp
AM 31.184.234.169:6892 udp
AM 31.184.234.170:6892 udp
AM 31.184.234.171:6892 udp
AM 31.184.234.172:6892 udp
AM 31.184.234.173:6892 udp
AM 31.184.234.174:6892 udp
AM 31.184.234.175:6892 udp
AM 31.184.234.176:6892 udp
AM 31.184.234.177:6892 udp
AM 31.184.234.178:6892 udp
AM 31.184.234.179:6892 udp
AM 31.184.234.180:6892 udp
AM 31.184.234.181:6892 udp
AM 31.184.234.182:6892 udp
AM 31.184.234.183:6892 udp
AM 31.184.234.184:6892 udp
AM 31.184.234.185:6892 udp
AM 31.184.234.186:6892 udp
AM 31.184.234.187:6892 udp
AM 31.184.234.188:6892 udp
AM 31.184.234.189:6892 udp
AM 31.184.234.190:6892 udp
AM 31.184.234.191:6892 udp
AM 31.184.234.192:6892 udp
AM 31.184.234.193:6892 udp
AM 31.184.234.194:6892 udp
AM 31.184.234.195:6892 udp
AM 31.184.234.196:6892 udp
AM 31.184.234.197:6892 udp
AM 31.184.234.198:6892 udp
AM 31.184.234.199:6892 udp
AM 31.184.234.200:6892 udp
AM 31.184.234.201:6892 udp
AM 31.184.234.202:6892 udp
AM 31.184.234.203:6892 udp
AM 31.184.234.204:6892 udp
AM 31.184.234.205:6892 udp
AM 31.184.234.206:6892 udp
AM 31.184.234.207:6892 udp
AM 31.184.234.208:6892 udp
AM 31.184.234.209:6892 udp
AM 31.184.234.210:6892 udp
AM 31.184.234.211:6892 udp
AM 31.184.234.212:6892 udp
AM 31.184.234.213:6892 udp
AM 31.184.234.214:6892 udp
AM 31.184.234.215:6892 udp
AM 31.184.234.216:6892 udp
AM 31.184.234.217:6892 udp
AM 31.184.234.218:6892 udp
AM 31.184.234.219:6892 udp
AM 31.184.234.220:6892 udp
AM 31.184.234.221:6892 udp
AM 31.184.234.222:6892 udp
AM 31.184.234.223:6892 udp
AM 31.184.234.224:6892 udp
AM 31.184.234.225:6892 udp
AM 31.184.234.226:6892 udp
AM 31.184.234.227:6892 udp
AM 31.184.234.228:6892 udp
AM 31.184.234.229:6892 udp
AM 31.184.234.230:6892 udp
AM 31.184.234.231:6892 udp
AM 31.184.234.232:6892 udp
AM 31.184.234.233:6892 udp
AM 31.184.234.234:6892 udp
AM 31.184.234.235:6892 udp
AM 31.184.234.236:6892 udp
AM 31.184.234.237:6892 udp
AM 31.184.234.238:6892 udp
AM 31.184.234.239:6892 udp
AM 31.184.234.240:6892 udp
AM 31.184.234.241:6892 udp
AM 31.184.234.242:6892 udp
AM 31.184.234.243:6892 udp
AM 31.184.234.244:6892 udp
AM 31.184.234.245:6892 udp
AM 31.184.234.246:6892 udp
AM 31.184.234.247:6892 udp
AM 31.184.234.248:6892 udp
AM 31.184.234.249:6892 udp
AM 31.184.234.250:6892 udp
AM 31.184.234.251:6892 udp
AM 31.184.234.252:6892 udp
AM 31.184.234.253:6892 udp
AM 31.184.234.254:6892 udp
AM 31.184.234.255:6892 udp
AM 31.184.235.0:6892 udp
AM 31.184.235.1:6892 udp
AM 31.184.235.2:6892 udp
AM 31.184.235.3:6892 udp
AM 31.184.235.4:6892 udp
AM 31.184.235.5:6892 udp
AM 31.184.235.6:6892 udp
AM 31.184.235.7:6892 udp
AM 31.184.235.8:6892 udp
AM 31.184.235.9:6892 udp
AM 31.184.235.10:6892 udp
AM 31.184.235.11:6892 udp
AM 31.184.235.12:6892 udp
AM 31.184.235.13:6892 udp
AM 31.184.235.14:6892 udp
AM 31.184.235.15:6892 udp
AM 31.184.235.16:6892 udp
AM 31.184.235.17:6892 udp
AM 31.184.235.18:6892 udp
AM 31.184.235.19:6892 udp
AM 31.184.235.20:6892 udp
AM 31.184.235.21:6892 udp
AM 31.184.235.22:6892 udp
AM 31.184.235.23:6892 udp
AM 31.184.235.24:6892 udp
AM 31.184.235.25:6892 udp
AM 31.184.235.26:6892 udp
AM 31.184.235.27:6892 udp
AM 31.184.235.28:6892 udp
AM 31.184.235.29:6892 udp
AM 31.184.235.30:6892 udp
AM 31.184.235.31:6892 udp
AM 31.184.235.32:6892 udp
AM 31.184.235.33:6892 udp
AM 31.184.235.34:6892 udp
AM 31.184.235.35:6892 udp
AM 31.184.235.36:6892 udp
AM 31.184.235.37:6892 udp
AM 31.184.235.38:6892 udp
AM 31.184.235.39:6892 udp
AM 31.184.235.40:6892 udp
AM 31.184.235.41:6892 udp
AM 31.184.235.42:6892 udp
AM 31.184.235.43:6892 udp
AM 31.184.235.44:6892 udp
AM 31.184.235.45:6892 udp
AM 31.184.235.46:6892 udp
AM 31.184.235.47:6892 udp
AM 31.184.235.48:6892 udp
AM 31.184.235.49:6892 udp
AM 31.184.235.50:6892 udp
AM 31.184.235.51:6892 udp
AM 31.184.235.52:6892 udp
AM 31.184.235.53:6892 udp
AM 31.184.235.54:6892 udp
AM 31.184.235.55:6892 udp
AM 31.184.235.56:6892 udp
AM 31.184.235.57:6892 udp
AM 31.184.235.58:6892 udp
AM 31.184.235.59:6892 udp
AM 31.184.235.60:6892 udp
AM 31.184.235.61:6892 udp
AM 31.184.235.62:6892 udp
AM 31.184.235.63:6892 udp
AM 31.184.235.64:6892 udp
AM 31.184.235.65:6892 udp
AM 31.184.235.66:6892 udp
AM 31.184.235.67:6892 udp
AM 31.184.235.68:6892 udp
AM 31.184.235.69:6892 udp
AM 31.184.235.70:6892 udp
AM 31.184.235.71:6892 udp
AM 31.184.235.72:6892 udp
AM 31.184.235.73:6892 udp
AM 31.184.235.74:6892 udp
AM 31.184.235.75:6892 udp
AM 31.184.235.76:6892 udp
AM 31.184.235.77:6892 udp
AM 31.184.235.78:6892 udp
AM 31.184.235.79:6892 udp
AM 31.184.235.80:6892 udp
AM 31.184.235.81:6892 udp
AM 31.184.235.82:6892 udp
AM 31.184.235.83:6892 udp
AM 31.184.235.84:6892 udp
AM 31.184.235.85:6892 udp
AM 31.184.235.86:6892 udp
AM 31.184.235.87:6892 udp
AM 31.184.235.88:6892 udp
AM 31.184.235.89:6892 udp
AM 31.184.235.90:6892 udp
AM 31.184.235.91:6892 udp
AM 31.184.235.92:6892 udp
AM 31.184.235.93:6892 udp
AM 31.184.235.94:6892 udp
AM 31.184.235.95:6892 udp
AM 31.184.235.96:6892 udp
AM 31.184.235.97:6892 udp
AM 31.184.235.98:6892 udp
AM 31.184.235.99:6892 udp
AM 31.184.235.100:6892 udp
AM 31.184.235.101:6892 udp
AM 31.184.235.102:6892 udp
AM 31.184.235.103:6892 udp
AM 31.184.235.104:6892 udp
AM 31.184.235.105:6892 udp
AM 31.184.235.106:6892 udp
AM 31.184.235.107:6892 udp
AM 31.184.235.108:6892 udp
AM 31.184.235.109:6892 udp
AM 31.184.235.110:6892 udp
AM 31.184.235.111:6892 udp
AM 31.184.235.112:6892 udp
AM 31.184.235.113:6892 udp
AM 31.184.235.114:6892 udp
AM 31.184.235.115:6892 udp
AM 31.184.235.116:6892 udp
AM 31.184.235.117:6892 udp
AM 31.184.235.118:6892 udp
AM 31.184.235.119:6892 udp
AM 31.184.235.120:6892 udp
AM 31.184.235.121:6892 udp
AM 31.184.235.122:6892 udp
AM 31.184.235.123:6892 udp
AM 31.184.235.124:6892 udp
AM 31.184.235.125:6892 udp
AM 31.184.235.126:6892 udp
AM 31.184.235.127:6892 udp
AM 31.184.235.128:6892 udp
AM 31.184.235.129:6892 udp
AM 31.184.235.130:6892 udp
AM 31.184.235.131:6892 udp
AM 31.184.235.132:6892 udp
AM 31.184.235.133:6892 udp
AM 31.184.235.134:6892 udp
AM 31.184.235.135:6892 udp
AM 31.184.235.136:6892 udp
AM 31.184.235.137:6892 udp
AM 31.184.235.138:6892 udp
AM 31.184.235.139:6892 udp
AM 31.184.235.140:6892 udp
AM 31.184.235.141:6892 udp
AM 31.184.235.142:6892 udp
AM 31.184.235.143:6892 udp
AM 31.184.235.144:6892 udp
AM 31.184.235.145:6892 udp
AM 31.184.235.146:6892 udp
AM 31.184.235.147:6892 udp
AM 31.184.235.148:6892 udp
AM 31.184.235.149:6892 udp
AM 31.184.235.150:6892 udp
AM 31.184.235.151:6892 udp
AM 31.184.235.152:6892 udp
AM 31.184.235.153:6892 udp
AM 31.184.235.154:6892 udp
AM 31.184.235.155:6892 udp
AM 31.184.235.156:6892 udp
AM 31.184.235.157:6892 udp
AM 31.184.235.158:6892 udp
AM 31.184.235.159:6892 udp
AM 31.184.235.160:6892 udp
AM 31.184.235.161:6892 udp
AM 31.184.235.162:6892 udp
AM 31.184.235.163:6892 udp
AM 31.184.235.164:6892 udp
AM 31.184.235.165:6892 udp
AM 31.184.235.166:6892 udp
AM 31.184.235.167:6892 udp
AM 31.184.235.168:6892 udp
AM 31.184.235.169:6892 udp
AM 31.184.235.170:6892 udp
AM 31.184.235.171:6892 udp
AM 31.184.235.172:6892 udp
AM 31.184.235.173:6892 udp
AM 31.184.235.174:6892 udp
AM 31.184.235.175:6892 udp
AM 31.184.235.176:6892 udp
AM 31.184.235.177:6892 udp
AM 31.184.235.178:6892 udp
AM 31.184.235.179:6892 udp
AM 31.184.235.180:6892 udp
AM 31.184.235.181:6892 udp
AM 31.184.235.182:6892 udp
AM 31.184.235.183:6892 udp
AM 31.184.235.184:6892 udp
AM 31.184.235.185:6892 udp
AM 31.184.235.186:6892 udp
AM 31.184.235.187:6892 udp
AM 31.184.235.188:6892 udp
AM 31.184.235.189:6892 udp
AM 31.184.235.190:6892 udp
AM 31.184.235.191:6892 udp
AM 31.184.235.192:6892 udp
AM 31.184.235.193:6892 udp
AM 31.184.235.194:6892 udp
AM 31.184.235.195:6892 udp
AM 31.184.235.196:6892 udp
AM 31.184.235.197:6892 udp
AM 31.184.235.198:6892 udp
AM 31.184.235.199:6892 udp
AM 31.184.235.200:6892 udp
AM 31.184.235.201:6892 udp
AM 31.184.235.202:6892 udp
AM 31.184.235.203:6892 udp
AM 31.184.235.204:6892 udp
AM 31.184.235.205:6892 udp
AM 31.184.235.206:6892 udp
AM 31.184.235.207:6892 udp
AM 31.184.235.208:6892 udp
AM 31.184.235.209:6892 udp
AM 31.184.235.210:6892 udp
AM 31.184.235.211:6892 udp
AM 31.184.235.212:6892 udp
AM 31.184.235.213:6892 udp
AM 31.184.235.214:6892 udp
AM 31.184.235.215:6892 udp
AM 31.184.235.216:6892 udp
AM 31.184.235.217:6892 udp
AM 31.184.235.218:6892 udp
AM 31.184.235.219:6892 udp
AM 31.184.235.220:6892 udp
AM 31.184.235.221:6892 udp
AM 31.184.235.222:6892 udp
AM 31.184.235.223:6892 udp
AM 31.184.235.224:6892 udp
AM 31.184.235.225:6892 udp
AM 31.184.235.226:6892 udp
AM 31.184.235.227:6892 udp
AM 31.184.235.228:6892 udp
AM 31.184.235.229:6892 udp
AM 31.184.235.230:6892 udp
AM 31.184.235.231:6892 udp
AM 31.184.235.232:6892 udp
AM 31.184.235.233:6892 udp
AM 31.184.235.234:6892 udp
AM 31.184.235.235:6892 udp
AM 31.184.235.236:6892 udp
AM 31.184.235.237:6892 udp
AM 31.184.235.238:6892 udp
AM 31.184.235.239:6892 udp
AM 31.184.235.240:6892 udp
AM 31.184.235.241:6892 udp
AM 31.184.235.242:6892 udp
AM 31.184.235.243:6892 udp
AM 31.184.235.244:6892 udp
AM 31.184.235.245:6892 udp
AM 31.184.235.246:6892 udp
AM 31.184.235.247:6892 udp
AM 31.184.235.248:6892 udp
AM 31.184.235.249:6892 udp
AM 31.184.235.250:6892 udp
AM 31.184.235.251:6892 udp
AM 31.184.235.252:6892 udp
AM 31.184.235.253:6892 udp
AM 31.184.235.254:6892 udp
AM 31.184.235.255:6892 udp
US 8.8.8.8:53 xrhwryizf5mui7a5.pax3rg.bid udp
US 8.8.8.8:53 btc.blockr.io udp
US 8.8.8.8:53 api.blockcypher.com udp
US 104.20.98.10:80 api.blockcypher.com tcp
US 8.8.8.8:53 chain.so udp
US 172.67.40.90:443 chain.so tcp

Files

\Users\Admin\AppData\Local\Temp\nsy28A8.tmp\System.dll

MD5 3e6bf00b3ac976122f982ae2aadb1c51
SHA1 caab188f7fdc84d3fdcb2922edeeb5ed576bd31d
SHA256 4ff9b2678d698677c5d9732678f9cf53f17290e09d053691aac4cc6e6f595cbe
SHA512 1286f05e6a7e6b691f6e479638e7179897598e171b52eb3a3dc0e830415251069d29416b6d1ffc6d7dce8da5625e1479be06db9b7179e7776659c5c1ad6aa706

memory/2320-15-0x0000000001E20000-0x0000000001E23000-memory.dmp

memory/2032-17-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2320-19-0x0000000001E20000-0x0000000001E23000-memory.dmp

memory/2032-20-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2032-21-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2032-26-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2032-27-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2032-31-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2032-30-0x0000000000400000-0x0000000000431000-memory.dmp

C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\README.hta

MD5 036e206cbbd69617f5c7f52148e368b0
SHA1 f329bf0d57e4690e1460fb1e07a8b64bc2c1b35b
SHA256 fdcff08c49563415bfec6b559e7a4aa77b2aab3c089b24d7ded855112222a0df
SHA512 e6022ab5dab604931705e59cf0e80eece879178c4e368a222b304b76df9cfbb11af97465cce9b25e45d62388cb89f1b180a9bd38b7827671bc9421d6f68fdf92

memory/2032-320-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2032-329-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2032-332-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2032-335-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2032-338-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2032-341-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2032-344-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2032-347-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2032-350-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2032-353-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2032-356-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2032-359-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2032-362-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2032-365-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2032-368-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2032-371-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2032-374-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2032-381-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2032-393-0x0000000000400000-0x0000000000431000-memory.dmp

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-22 23:48

Reported

2024-05-22 23:51

Platform

win7-20240221-en

Max time kernel

118s

Max time network

123s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\InstallOptions.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\InstallOptions.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\InstallOptions.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 248

Network

N/A

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-05-22 23:48

Reported

2024-05-22 23:51

Platform

win7-20240221-en

Max time kernel

121s

Max time network

122s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 360 -s 224

Network

N/A

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-05-22 23:48

Reported

2024-05-22 23:51

Platform

win7-20240508-en

Max time kernel

119s

Max time network

120s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\home.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\home.js

Network

N/A

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-05-22 23:48

Reported

2024-05-22 23:51

Platform

win10v2004-20240426-en

Max time kernel

148s

Max time network

152s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\home1259317828.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1680 wrote to memory of 1208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 1208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 1588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 1588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1680 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\home1259317828.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec2bb46f8,0x7ffec2bb4708,0x7ffec2bb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,12393897735741497437,1185543721076974191,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,12393897735741497437,1185543721076974191,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,12393897735741497437,1185543721076974191,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12393897735741497437,1185543721076974191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12393897735741497437,1185543721076974191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12393897735741497437,1185543721076974191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,12393897735741497437,1185543721076974191,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,12393897735741497437,1185543721076974191,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12393897735741497437,1185543721076974191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12393897735741497437,1185543721076974191,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12393897735741497437,1185543721076974191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12393897735741497437,1185543721076974191,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,12393897735741497437,1185543721076974191,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1932 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 g.twimg.com udp
US 8.8.8.8:53 abs.twimg.com udp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
GB 199.232.56.159:443 abs.twimg.com tcp
US 8.8.8.8:53 platform.twitter.com udp
PL 93.184.220.66:443 platform.twitter.com tcp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 242.137.73.23.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 159.56.232.199.in-addr.arpa udp
US 8.8.8.8:53 static.ads-twitter.com udp
GB 199.232.56.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 66.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 157.56.232.199.in-addr.arpa udp
US 8.8.8.8:53 syndication.twitter.com udp
US 104.244.42.136:443 syndication.twitter.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 136.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 91.65.42.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8b167567021ccb1a9fdf073fa9112ef0
SHA1 3baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA256 26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512 726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

\??\pipe\LOCAL\crashpad_1680_LVGCKMJOBFATBVWO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 537815e7cc5c694912ac0308147852e4
SHA1 2ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256 b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA512 63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5c8eab45bcf7c6d074517ac0c582d7b7
SHA1 026eea6ed22e3f66ab314eb1b90de18af76fa04e
SHA256 7867b0f090589e9b914050d9587dbbc5aeac0ed588185fb02df6bd15d065e335
SHA512 97194ff63f30cdf581ed0971037125cd056226220775bfc560ad1e3a63656cbbe1b0813204ea37e055389ecb16e45d16e03ed4af9212b884efbe889a4f9f2754

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c248914abd1694cbe98d552063ecdba0
SHA1 8abaf70915eaaccb9f615151055bf5d255067d7d
SHA256 2373849fdaa22195ee99879cf4fdc054bb332689362675fccdd43e30b4613b5a
SHA512 d93434ccbcab3538eb371d8395dc5ad1f46046418572f9d8aae65d91a05879b44bb3db7ab115fe2303ccb08fe52599b0ba7852d546b2c7a8db4c02b256f50f64

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 aa534b1c1f198b0d7423c7b78958fa82
SHA1 f6b8c0449dc08ce037374fb98458c5dd157e4ee4
SHA256 6336e35880d57c94058f4da332c935d13d38a8b84ddbb05c8a79231592fec95f
SHA512 309dc97c0ef628d7e961c26f8019514e428798aa73e02010a31b3900cb9cf6175fc90086f68a1f5989ae6408d2ce1822b3fb6cbb52c8e6b76ce8b48115abfd7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e6a8b0d5f6b1084720832b584e5d0e91
SHA1 71c52b1fb976750b3ae15172448cf23f4e25c69d
SHA256 d9fd8c7ab5447025f715ab55b1ea1d013d91c025a1c33640a7725380ed8d8a0f
SHA512 9c01f599a0a8be3da1c92f250bbc4a0ac4e2bff89017bdfced03c3263e47bc9f001dc085cba7f7b1f23a1f26ea9665aca68142897f9b393c1176e3fb6950dfaa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 bcbc96dfb9da7db39528afa21c1c35eb
SHA1 2e0821ad6883e8fb13afd441315c582f4e6a6522
SHA256 f912bdde3d2f5f02513730a690a774dcb89c45215c72f73f393022d6588a7735
SHA512 6457f7e23cfed821eda8eb3aee29083a7fffce2375bb3fc162f110be543f8545e3d5108f00b69fa253f1eb1359d3efc4deb71f512822769ea75c9f88c7062239

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-22 23:48

Reported

2024-05-22 23:51

Platform

win10v2004-20240426-en

Max time kernel

136s

Max time network

105s

Command Line

"C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\690c89ef69c176f31c2010e75c365ac5_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 249.138.73.23.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\nsr24A1.tmp\System.dll

MD5 3e6bf00b3ac976122f982ae2aadb1c51
SHA1 caab188f7fdc84d3fdcb2922edeeb5ed576bd31d
SHA256 4ff9b2678d698677c5d9732678f9cf53f17290e09d053691aac4cc6e6f595cbe
SHA512 1286f05e6a7e6b691f6e479638e7179897598e171b52eb3a3dc0e830415251069d29416b6d1ffc6d7dce8da5625e1479be06db9b7179e7776659c5c1ad6aa706

C:\Users\Admin\AppData\Local\Temp\nsr24A1.tmp\InstallOptions.dll

MD5 f8d9d9418e6e1827ed2b53dd930e48fb
SHA1 c78b0e5b274dbbfd032a0f3ed795d82d5ea617c8
SHA256 2a2878b54550178144665d4c5f67309f71f1089679ae0f84fa419b8a309a88e4
SHA512 510ac31f9e330ec2e6133c1cbe775a955b79b94dc5a84d94b2c59d9b513c35f3786ff8a7f706d04ec2503a4ffc16535624a34e0dcc53e91eedd2321691b617fc

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-22 23:48

Reported

2024-05-22 23:51

Platform

win7-20231129-en

Max time kernel

121s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\tc_sftp_uninstaller.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\tc_sftp_uninstaller.exe

"C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\tc_sftp_uninstaller.exe"

C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe

"C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\

Network

N/A

Files

\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe

MD5 e04b1bbeaff6221daf4d4ae0ed7fd00c
SHA1 cbe6a9e349a6711dc9e040e15ec32345c1bb7aee
SHA256 36b1104781e2c77a1e76593e697ac99621f27db3bfd5c282f7ae3579bf510a5b
SHA512 2f8523b1fd5bed682dc841292a5523eabbd49fea71b1e088a5080c375ed8e67b22e95e60129516d96bd720845a1c27fd37fd993d1cadfd81296176f683066334

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-22 23:48

Reported

2024-05-22 23:51

Platform

win10v2004-20240508-en

Max time kernel

132s

Max time network

101s

Command Line

"C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\tc_sftp_uninstaller.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\tc_sftp_uninstaller.exe

"C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\tc_sftp_uninstaller.exe"

C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe

"C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 242.137.73.23.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 249.138.73.23.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe

MD5 e04b1bbeaff6221daf4d4ae0ed7fd00c
SHA1 cbe6a9e349a6711dc9e040e15ec32345c1bb7aee
SHA256 36b1104781e2c77a1e76593e697ac99621f27db3bfd5c282f7ae3579bf510a5b
SHA512 2f8523b1fd5bed682dc841292a5523eabbd49fea71b1e088a5080c375ed8e67b22e95e60129516d96bd720845a1c27fd37fd993d1cadfd81296176f683066334

Analysis: behavioral11

Detonation Overview

Submitted

2024-05-22 23:48

Reported

2024-05-22 23:51

Platform

win7-20240221-en

Max time kernel

117s

Max time network

145s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\contact-domains-org.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CEFAEE81-1895-11EF-A635-D2EFD46A7D0E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 407c90a5a2acda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000083343237efeb6b44b8bcecd1f35af2dd000000000200000000001066000000010000200000005c6bb98b84c7af172d1a9eb3d59823e9cb6a766dd2b027cdb9ed93a5afe778c5000000000e80000000020000200000002eddae1404e687dea106f22072999513e7bb52e26080039289335a5e612d76e520000000b72c5e12a692f6394c65967b3f9a0f7346449e836f7f64ee99333ddef15e128b40000000e589a00c09b8351af9460052241ead0c687e2d647c04940fdc38a34480ed9736b75963271ba378da15428d73ca5d7c578304993ecb43408db294b0e3ad18ce0e C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422583585" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000083343237efeb6b44b8bcecd1f35af2dd0000000002000000000010660000000100002000000040dc06a86e8cfdc6fe8fa8b47bbf3bc303b0a9d3e70f2a18fddb3cf7a878935e000000000e80000000020000200000007cf53b7ef1cd31b88e4cd372cf34a1d332478e06173f3730c28513ab90f40ded900000003ac0cfb64d1d4891caf08ec802e725b7498af01c2362a51c2024ea4873dd78035293efa92f03bf18a99330816aca4c0d09636ffaff340c6e756faca5c9bb6a75c350e4c14745d352f42543a588e4c00f33eeb998f55a5e86a23e71d2fe913b0e50817fe0cb76d196ad1a827c95dd20b6222247baa8676cbbe383e4570fd3107b3b351b372bc79347329294e7cd17456b400000006edb20f53a3ae902eee85674a26623dd50d2527604b464ab68521f55aee8d13df8e57ceea2e9ff3e1bcee70581387e5c11b8ec17200e78d5f8c4efcaa73070d5 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\contact-domains-org.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2320 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 www.domains.org udp
US 8.8.8.8:53 www.google.com udp
BE 104.68.81.91:80 s7.addthis.com tcp
BE 104.68.81.91:80 s7.addthis.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 50.28.32.168:80 www.domains.org tcp
US 50.28.32.168:80 www.domains.org tcp
US 50.28.32.168:80 www.domains.org tcp
US 50.28.32.168:80 www.domains.org tcp
US 50.28.32.168:80 www.domains.org tcp
US 50.28.32.168:80 www.domains.org tcp
US 8.8.8.8:53 domains.org udp
US 50.28.32.168:80 domains.org tcp
US 50.28.32.168:80 domains.org tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPR7YYBV\recaptcha__en[1].js

MD5 4668e74b2b2a58381399e91a61b6d63d
SHA1 89ebf54e996e46f4b1e26f6dcda93bad74fc0a1c
SHA256 b0e3acc54460721385d2e472dda7288382f2766a06b38d2e732d034619f9b929
SHA512 b2ead3410dea89b658bfb0ce67842569641cd6c29889ecfb223a83637600b82b0d2e55cec26750593359663a22896f5da91d3df9f085c204803cd646a7cabc28

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ff298668eb8a36b020164bc2b4838c5
SHA1 4e5fefe9ee0bb1fa13d46eb41a7ed8b17628b947
SHA256 c1ab8a8207eee2661af280920b74b49d91ad38f3c71c73baf25dd8d496722c3a
SHA512 d2f288f28959ade47c76c7240629667ba47874ab9bffc8fe2cf1c433a02cd5897c684e99588a29becc70e7cd43594181d5db02bfde7a2063192ecfd4bcbe237f

C:\Users\Admin\AppData\Local\Temp\Cab4599.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar459A.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar467C.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5255b048b0955bf0eb0d3a85b0b02ba7
SHA1 0b4f8662a39ab546cb4e6593bbd1c4f74db87bda
SHA256 1de77fddd432004fcb9076353fc738ad18201dfaecd7da6c82df2aa34dc9354b
SHA512 f589638e66ec1874dbd4b999b0af5d9e0e57c3f0d61e28b15512c8173fca7bf322193afdd3599979d38f123682d1ed7fa65f9c04e36a6913243fff6d5ab4430e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e068b46611a73ce23a4d6c410818323
SHA1 26e53b5021a9d553528ba17adcdc53f2db865a6a
SHA256 d55ef9a5a5bf0b3d99d55adbb0b37008f44e6634b3f50578deeed225f1ca1230
SHA512 d2ca13ba0e850f1cf41b6ab8b947eb0b9036d6c99453dcc8f527a06c0f4bcd2188844fd018969f63b882a12c4ddff042154878e203c5c0db40ac09d1ee7f6f92

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ceca1f2bc3d2761c1281d309b01548f3
SHA1 2757c0efebf34f5ddd1850130f85a96704ac734c
SHA256 147ab1a8a6227c18d4e72b2fdb256e83b8f5c7c5e44c0cc269b61fa531d12a1d
SHA512 bc0b6c763a0df6a513e54b05a7dbb011eb3edfa1008e471ebdb85ba4507a2cc5a50d1b64d9f5edd97c9a9de4bf201c452bbb6a9089bc4c5230c76ab590e13383

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b0ae2663b28883e909e270f7194b10a
SHA1 fa8b7ac25dd0ee3c5aae796e910ef2202ef47dfa
SHA256 2321b689112149d228ffc107c94d56441d9f96feb8fadc7700738fcf8a4e3ca1
SHA512 f0f3480eeccae0350f9729a067c4c77f3ceffeaab0bb8debc22033ee87f9b1e11f52e86c6cdc92590a95dda5f46fa83dba0d240b8e50754e7e078e2258da6e15

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 abcc516031fd05e579182cb2032e3930
SHA1 6dd80330e6920d549a90c95b654ff0882385a351
SHA256 a05cca72faaea6f81f1ccec0e03be82fdc9449d0a3ef79ed89ca879e1836021c
SHA512 91e73fc9ed470739e6d54e0d65fd6962ec05acb49b195781be124ad21a74dc6a649a9529fd4c3a9f564d29960dfaaed0d8ead467690555d57811b2a921fc9c36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be86a58199a8b91f1c7392a684dfd57a
SHA1 c28ef3f8cae4ccd55f058fe570c494b2ac735ffb
SHA256 cc052f02fdee94abf0b36a4707476b342a8fb4dbcc788aed619bd572088c1091
SHA512 a7f962e043f83d48424e9fbeb6b4f352dbee9475fdd849f0c581c9a10db6998aa59111d30aa6b9cedb6c2baaf10d7cb7ca536950a510f62e3c06435551827798

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d99d50c4708d49d52130cf1085b44617
SHA1 8827652e19aed5b24ad398a8a6c06b457801041f
SHA256 83c5f9b653f3fe85146aa06497cd19239a2c7949e68634b0ab2c7156a98affb9
SHA512 f2531fd1db36da697d0422af417773a4fa0f7a20f41a8d13a59db980575886feecb5ab28467bfb39fb6be32617d81b23ee04161d43abc7c5a01948f18edaea90

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7e0346889e5e587e426c5837bc02f1e9
SHA1 1456f71698d6485d3def9bd6834af3bf74459e92
SHA256 ef161ca955bdb9ba99463a90ff08a0d85acb5a4d7a33e36c12be4c44c71041f4
SHA512 67d92c5fdb6fe1db429d9f3d49dcd4f8038a41992059eef9d4f2dca3a10718dd28ce5890831d13b285109935234f1e8cf49f596da78c555f1fe270ec027cca10

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 53a7e9c75c8fd9b3ab32e4440ffe582d
SHA1 6671bd5d4c20bffc4ac0f2eab74b1bae6029c208
SHA256 a140f546d98f8b1b97afd687a3b62e10145a918f4f4d6f92bb0d36a9e2dc3cca
SHA512 e2939bfc53b72586e3f1e08fea2aceb7ceb962772320d31b3a539e849e24ad171e92b72cfb42dab7948fa5d0b89e2b3ae5b92dfa00380e6e978732d28054af54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9f4b0f103cb6f4541d943ac05b6af9a0
SHA1 1de5773640149cfa8acbe8debdaa8f41deced087
SHA256 eb65207734a0f0c902c74a2ef8726cc1b0192a5fd74308346c3d34927131727e
SHA512 f42cf47d36aae4dec5d501a3c15824a8a7d55374f3a2810e5bcaad63e918973d458e31b77fee05c44ed5b62e52478d867a1a9c0217c5a695735a278058c0f5fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f557d86bd00e2f3cc46eb5114f274708
SHA1 a7109f480cb99b70d7d47f8e1694d3d34a12466a
SHA256 ab907e801271ad658e476b4b28576af16220f80964a8170dac3af06b60cb891e
SHA512 25b81d4e203092b84124c1c6d3162253fbf2380746147107f180bce4853a0723aa5ad8da3ba6c21b0aa3760dceaddc844b0d6da1e357ca07ac4554ca8ce6abea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 c4f3c03c25ff2d07e1700cba7e63c707
SHA1 4075cc0775d115646930ca01976177575b962170
SHA256 3306e7bb1b60f52f4cf0b35414b227d1ce6934779b9d6afed4d18e4722820ad9
SHA512 2665d3a56a56be609c84f09de4c8b26f19d14de4b702a2c2b6e97b6516ec2dcabf052ed7c4f4e4cf8fcb7f429ae0ba1dd4287732bf4fdf61a79d02d4513c9ab6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a80b7e30b6d73d624db919b4f18d9f3e
SHA1 42f2215059bdf0baff1bebd7fbb6b96e6bcc168b
SHA256 e7d1045e0b789cc732a1a907ca1c6a65f4b1188df58409f1154b5e5099e484aa
SHA512 4f1d45d9b7b5c445e9fc0e272c6201026d4fe0a1c9e37bed6cda8bfae152454d453f2a48314c92f858c41a7e87681fd4f83f9586606c0444ee29ae61368ca90b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a497f1d24f2daf245a301963a6cb5af3
SHA1 3bd07ed3e4045188ba67a8e84a9cdea36065f20f
SHA256 58a6390fa7f542eabd40c22d12010719c4ca1b93d7e24a74f558eb6d647d1600
SHA512 2d645f6a3af747fea28508f789655c9718b814844b0c5c87484e6aa5a55fcce61f7df8558e82a2de3c0af65ea2eaaba7f382e34e2c0de38c8d696d4f945a9f33

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 91b8d984fa00387e612d615d51c6f3f1
SHA1 21626a76e82eb23296f0c87210d022a97f31ab5e
SHA256 dbd6549ed304eeed66b891cf6d0ab5f90d04b3dc3f8a43d3e7574c59e3676141
SHA512 aea6405777343ceb16e4faab6dd2a31b8ba498d9a0ba7c2075e689700da6be00d5fdfaf707151798036c022c342bd7180883ef50b3b959d9cfe51cf3501776ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b37b2d2b0632a13ac7149a2e5966102f
SHA1 ffa1efbdc97d634f2a9d911142e6aa3ec226ed61
SHA256 8873441cd86a30844f545c04e3c259c804e7150f1b504492ebdfd5cbc2945ae6
SHA512 c4d0cb633cc73f2e9ad7a14ff12a2f94a775e6976213a5d51d8afac512a6fb18cfaacb4be1e0a6caa36ce7ba99c92260d27c6da56e98af7e0a7b54b7dd443355

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36bf4032e6baa5ae876125917c581ec7
SHA1 0bace1c78578a95e8f69ef6dae83c36f9ab35aa3
SHA256 41d1aaabeffd40f1968a48f79386a5086d40c32d38f5cf33c9d18754435f3fb2
SHA512 58b727794c6f201e56e51e77edfd4513d8a542ff0b3a2b6debab4ae0f28006fd16331198de1402e48c01f95365e6467ba7b14d8fdfd33d41c658ec0adb6ca451

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f197108469a77bb06b7d9a3d4e102908
SHA1 5eae5dbe5116fd4a0b1d94d9ff1ff7884768d7cb
SHA256 902a4c6ee7669369ab07908fae4cbe9693e05534c65182baae801661f06cf4db
SHA512 9375207b8e14d0d2a19d0f7cc5ee6a9bd06fe19838666adf0dbee319edf9335875cb0efc06a10c94210baf1193108afa199a158b830a50d7f511810084fe99df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 22e2ca0d40793ad30a50f612eb03f41a
SHA1 fffc7d747e79235c68658ebf4a64a6aa25df3748
SHA256 935c1a7be261ac2a5d216154dddfe62315c7321331775a229289ea6270264228
SHA512 782db26834db47df0666a8eb3de7e86b55e9b2a530a91538fcf8355a63cf9f01e068a6737597551b1713e755d151aa814fa39651f1f3bfbf77a32188e6b83ed3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ed2b9519d2e4f2f07282fc508e4c75af
SHA1 35d2a85ce1d75d9989db5efc03d0fddaaf6b7a41
SHA256 610592f6fc360edf51743f634306771364d44b1318227f13064e5a0e5e2a1732
SHA512 384272aad6b067f5ded84a66790467558eed30c83a1152e3694a5bedb98723ee2b0b342be9477f435c83fd35250a947de89f3187e8db6a7abe98fc55a08c73ad

Analysis: behavioral14

Detonation Overview

Submitted

2024-05-22 23:48

Reported

2024-05-22 23:51

Platform

win10v2004-20240508-en

Max time kernel

133s

Max time network

124s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\home.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\home.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 242.137.73.23.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-05-22 23:48

Reported

2024-05-22 23:51

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

145s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\home1099482986.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2996 wrote to memory of 4448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 4448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 1712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 1712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 1712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 1712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 1712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 1712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 1712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 1712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 1712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 1712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 1712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 1712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 1712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 1712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 1712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 1712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 1712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 1712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 1712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2996 wrote to memory of 1712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\home1099482986.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa94c146f8,0x7ffa94c14708,0x7ffa94c14718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,8098002292950520347,17985028493638679824,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,8098002292950520347,17985028493638679824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2488 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,8098002292950520347,17985028493638679824,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8098002292950520347,17985028493638679824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8098002292950520347,17985028493638679824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8098002292950520347,17985028493638679824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,8098002292950520347,17985028493638679824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,8098002292950520347,17985028493638679824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8098002292950520347,17985028493638679824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8098002292950520347,17985028493638679824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8098002292950520347,17985028493638679824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8098002292950520347,17985028493638679824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,8098002292950520347,17985028493638679824,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4760 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 g.twimg.com udp
US 8.8.8.8:53 abs.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 platform.twitter.com udp
GB 199.232.56.157:443 platform.twitter.com tcp
US 8.8.8.8:53 static.ads-twitter.com udp
GB 199.232.56.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 157.56.232.199.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 syndication.twitter.com udp
US 104.244.42.136:443 syndication.twitter.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 136.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 249.138.73.23.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 eaa3db555ab5bc0cb364826204aad3f0
SHA1 a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256 ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512 e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

\??\pipe\LOCAL\crashpad_2996_SWDMLMGPTEOCUNHP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4b4f91fa1b362ba5341ecb2836438dea
SHA1 9561f5aabed742404d455da735259a2c6781fa07
SHA256 d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512 fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3bc3ce0544ef75010e44f09fe7f0d197
SHA1 09c968a8efd6dcfcb618463fc522f642e820f2c6
SHA256 29153a05c7749890d9cad18b022206ae079586c552e1bf2f2fff0a1db88313d4
SHA512 f48e00c81a379624f7908bee8e4f1ab4d3bd8303c32d96efbab67d07b5201173f116a8f1cb9f8b36e676d73466b1bd7514393849bd3b2e2436636b3304b9fb6e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9366b16eca3e9fbd0e528a7ae40241dd
SHA1 ebc0e5f212ae5d142738ba5b133df0d13be97c8c
SHA256 aa610bb9044f20d2a38afc690b96a9dde8ad692d77df3f424e6ac599d707902a
SHA512 8b6ae9f8c9ce309ce25382ae072a1860fe28f4e3170f7994d9e36e94d420b7fe74883f87ce3b4a6741f440b1dbedbf38dfe763ecaaa856c6e617fde822745818

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 16ecd0e874ca759707b3b7849d1ef106
SHA1 9b846974825c23d5820c4a829be421716d2dff6e
SHA256 35c380191e7202f7739798c3a27c8f655295dcdf1dd8aea3975974c1817e93e7
SHA512 e808f3dfd58d33afa5e28a7dcc55e9da26c3689ac35c8381329f7005c38ae0a82e636f6e90fb37580bd0e84d67074fc27b7101bfb108c4ce00254e87fd68d398

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 cc5aa59a3c7bc418e4cd77ab8ad7e9a9
SHA1 944fd9f8b01310eec92e2e3bda5e476874254938
SHA256 dff2dac5fd983bdf7837ce5872e54263fbba0245d63d0b84cdece7db9948c187
SHA512 6ea149aae025b824933e74821f965ebbc09539b437b46df67549929e2e42cf2ed28ff689d7055d231cc074cede55037317b28ea6bf8aa1aaa8c4cd2dfefd7d69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 172832f1422fa8dff504a2a3d719d5e5
SHA1 77d05ed672624b724c6410a08beeb0a5ee46726c
SHA256 0c8b81c3b56abde196e93ed5d14151392bb1e3018fcc906d82d29cb358464685
SHA512 abc25f82f714ff715c3adb4e22e63aa1e5fd58bf3d6c7f4af95d93cd03d28289ab9eb7d23e058e975550b103923a692c5d3af96c379e02a9c2a86873e54f3532

Analysis: behavioral17

Detonation Overview

Submitted

2024-05-22 23:48

Reported

2024-05-22 23:51

Platform

win7-20240508-en

Max time kernel

121s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\home1259317828.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0f159a7a2acda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a23000000000200000000001066000000010000200000000de44eca7687076a1456f380c7ea9a2e3270c28a5d981e9f60746db33b54788c000000000e80000000020000200000006c33ed4721ae920651bd51f0f4424b7be44fd0f12ebfa29eebfb39aa471d642190000000c5b3eb7267ebfedac243630ba11d54eae325254741418519689f84ad954f00e248f86869749b8af4cd8bad4475c94e3e7ad978a9b2bb847867d022c6cc7101cec0bf220ae3c411b341814b3a6aeb98d5dbf332b285d823329e7dfa5f4ad7bb41e0ea69d15ee621a04ed46d37aea93d1400b4c88f573265f3250e22e4d590161dc30766644161b939d73aee2269c8b28540000000a7ee59ea0b05f3de98f0301a1b53c2627d47e864f44eb57feb1d06a2f4fc8bdbebf906d42e004a0d1151fca092ca13d126f813a6755d94b903149f4b8bbee0f3 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CEFB3CA1-1895-11EF-B97B-5630532AF2EE} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a230000000002000000000010660000000100002000000003a8fc891ff73fe1f9323b0a9e700d28b16eac218cd626eaa464d6defe67064f000000000e80000000020000200000008bcbf7d7ffe087a84b9216b43c56c1007c59b6a74f8ba7dd47971debff8dc42c20000000e9b1a84c96ddbab988b95d6c53dee322669aee21a403c89e296797b4edc599e340000000132156e6beee6cf2701f4e56f1ff239c318ffabd3d97bad90646a79a290ec28f393448b9a694344b9aa8008ae19f6b82c68f61f1ae4da71ac44b8a5c9066ce8d C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422583584" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\home1259317828.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1764 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.twimg.com udp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 abs.twimg.com udp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
GB 199.232.56.159:443 abs.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
GB 199.232.56.159:443 abs.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
GB 199.232.56.159:443 abs.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 152.199.21.141:443 g.twimg.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab2BE5.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar2C01.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b7828f2f54b6c677c0385644ae61eb85
SHA1 fe7df82495656e469fe78ba7ac07de4450f8c044
SHA256 218be8381219bf8ccbaddc4ae33d1a65a38d45c3c160d26ccc7122d988c42fc0
SHA512 690c9578c3786179717cab4e2d17ef46208a669b85cb8647044bf3936c87a8b180b6ef8f87281ac403263010bacb157393ccd760069ca6e6b7c3a3351ae7e4bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cfff17681a3be6e08ed4833454d140d7
SHA1 86daeb1bad1b02911c161ac4daee38cd7cc49b2d
SHA256 df34a2d5f11d20933ba4b4af8ed3572c18ca44b59f69143cbffe5b855d9ea4cc
SHA512 d0ddaea173a4ff4ba783c3ebf12143407174880e0788ec997e4f3324a8dfdf65c7d5384c542537f37ab459418aedfb01bafcee90d2a6c115b69985af55cff7f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3fef3cefda6ae6cb67836d4e126aa514
SHA1 bb986cbb36bfef99773f6d110944b48287224001
SHA256 65e4700a877b83650c93ce6b3447dc5b66478d944a304fc8deeaa345445bec1a
SHA512 660b4bd9cf7506dbdc4ee05195f1316248c7c0d44207a11fff47f8603295853d7e381887570263edad530465b5174c42a4eb9d1d9dd445bb9c1acfb140315464

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e3f890ecd35480f2dfc2a3de77530625
SHA1 d9894ff777e8b91a9594a421b2f0cf1a4b679485
SHA256 f2035ec55b99ea477074268d0db6ee35b2d1a8511d8da8ab991ae965c090392c
SHA512 cd8de9519d4393f4f8a1d0b042b9a8c7caac8d74a42a6946321ac03167df7547edb08e8de17e2e7363b9882c18041dec6839fe133ad2971d99df64af1216da4d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 77361d13a83bef318457c4350165b252
SHA1 c1cfe5e065465b3351f1a82d0912410a6b52834a
SHA256 dde2ef65282bfb2c9968eb664cea3ff2e3bc00c9311563713bf93bb5de2a46d2
SHA512 6e4e814d3dc76fcc256ba253671d42d977d9da0a84687b3f0ba6630bd6025e093d37c99c96bcfed71781eb9f72afbdc2e44bb4cbfeb8271f4464e6534fcfb0e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 434f03eeb887112d8c3c2578f4049669
SHA1 a706dbae4351b1345269e745867d889f88a66c40
SHA256 727dae370319d5d69d0474bfb3039c00ffe5c0d92bfd514964dd964cd229774f
SHA512 8fe94b85528f1ece17bfcf0e5154deaa853e151e97cb068c354078db7ee7a76003a290a90ed8e529d944d95f716e8ad43b758af9578e87f45d1b9028aca87436

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e9f14e54aa1e3ea6c1eed4c936d60619
SHA1 e3bd447a30b2b39890ef93c299fb18d18b8599be
SHA256 c0b2c77c44c9c1e19ef143c5a1ffbc6bb1ff4f137a143191d2d2ec712468d327
SHA512 4fe749e09663438775d16447090126e6ff62f08900d16535825a93d5ec38a330b3b59f38b0c460d4fb214d9e49065ab6098d522ee5cfa181959c42d848bdd2fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 19f4d27d5b0ed03c160e4fda7310927f
SHA1 f81eb553f56dc43a73b2a126eefbe66865c01b4d
SHA256 37d1998393b0328e7aa792871c5e55c2f5ce8220b8707aed8cc74cb8af1ffca4
SHA512 59e52fac8267cc93340d694a4e6b1deea60e224f07a5e59fab35f9609499bf01a162e078cb965f6a63d7a87c447a56ef12b648493662d8f2a90a1ffc7e9cce50

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e3aab53475427919e116c1c77f3cde2d
SHA1 cef91d6c06b1d62a6a523f6fd35ff7df5a7cb5c0
SHA256 8daf6025323677c62bec41dc3fc14358a9af1bb147a19679ba3e7cba31e37566
SHA512 96ef3db24da875c4fbf85b7e5a66961b261dfaaaa10f555a911ef988acbdacd6174150bfe851843591a9c4c3108bce792d92878924dc21c4cff46e00f65c230c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 42307c98d177a85a2d30ec32af14e112
SHA1 0de408d0db8ba190812240cf0206b389f43b2de1
SHA256 8e56ba557a345979afe424fa53790f873557d458a72a6634adf41a6e6271bcf5
SHA512 de5299ffae31e142fa4d6ded96b6f2d126e50b253dee6415ce8ffc3fc2fb0903bca4815e1d278a09de3835fb459bc6af9c80b36d61c1b898d41f0c66ec2e6415

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c449022d79a9baad2bc3b8eb06f0c30c
SHA1 130409dd7becc8055b17c261281a8c7518aaadbc
SHA256 966035a4b95df0be99db78673954a46278c8275f63c1411d695499d4ac470019
SHA512 d6d434cde766a0ae623e73ab62160c3e5e4016454d91216a87eb74a211c01b1e9bd0efd07bf16cfa48685859eeda1491122ac81afa0e34952b63338bb84d2df4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aa8cf675fa83fec10e3122aa99461195
SHA1 92e85671e4e9082b5d75bda52af43239d7aea8b8
SHA256 7ae97a6c96c033655cae5894da5bd1a56efb271b5c448e9be7578e7fc0c10523
SHA512 b8aeab7c8351854fade147cc49635f03be6904f026e5c7ae0c173c2ca1029786905b6e495b8295f6dd80d6fe58599039918ba311539212980275583793868edd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ecef972e4c9fff6867e500696a9d1e9
SHA1 65fc363f7bf781f81fd17d8b703c2d61668f1405
SHA256 90b8acc282d4498f932e81c429294ca0869e8fa374b9f2ae41c5b9fc4c2b1c8d
SHA512 beb9a08f400a2226c4c7aafbd4b4d34a8afb62b3ede0f582bb615f1de2166f5802e33817550e647f1eff0a5ddf3ea43a3ffde4baa78201e1b5a8eed75159e1b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9827054c08cc2fd443c32a93c5743fd5
SHA1 af870866432be19a5fbf0bac47461ad00f69275e
SHA256 e35f370c12063c21af3cee934eee457efb9d3ae2eb42e3f8915273add241d9c1
SHA512 16e6f6b338da4e3a0b3dc3f013ae1ce0d4747465f892fdbacedd9defbb4cfa9c82d5a8d0b1aa2efe83b13859749a275309e796d1b8fcc7c7373f036655ade4df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 50bbc514e3b05718de54bb4cafe24bdb
SHA1 947d532e14a0c0b4b7fb1bca2332dbd04449e2a0
SHA256 7f03a8489c8cd6d4a350e66caa597116804374f5f0d88ddeaef137b2450af1b1
SHA512 288cad17c622ae45821d7efbe459624e3261cb93ffc809188f52b4da77f4fa3c0d0943fb34c74427e8a483a5d4c83a3c65a935136183b3d161bc86b07c27a2db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 583b198777218c181eacf10938a6a5ca
SHA1 213a80e0026bf14f2008bbb8b89b27f7f235e531
SHA256 7feeefd9af195bf037dd37fe058a34d9e6027675420d4ecc98dd21187bd940ef
SHA512 28acfaf34e3d1928a23e1938b373e55c77d53fd5925c4417c96297d23dc3b087cdc0ed52a569e04ce2dc8fa22f90180fdbd8c2c0c11eae9ce1ea1cbee03e79d4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ac1d7ee2cf4da273b4ac12584f493e4
SHA1 5ff1acb1aa6580e33114dc7e9b01e1903517849b
SHA256 d35691c399fd2cd02b54584e34d0599539472333b88bd170d4e162b1c8ae158b
SHA512 7218ee59b87f002cd6fd851d3d37e6da85fd33b18e1d55a522ea36b492c349813b5ffa4723610ada0f407fa80c091bbe578e15dd746ae8feefa5a74a45e6b8f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e48850e3a78219d82b67d9eff06ab792
SHA1 070af4a2d3365202a36ec10afb957b328b4f469c
SHA256 24b80cf7534384730ac7d332ab7356f45c0e6a868fe5de33e0ac4eb2e5716188
SHA512 3ff415bb7828af320f6294124fae4c68cef5ecd80c755e9746e07f3e116d40d62f0bb943e037c7c223365c1fe82bc23112ebc5ba4fe68aef0a196c1332d73761

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 15608c85324467e5fbed13c2cf5e5360
SHA1 2cef10b544597577400d7038d36c3420206126a8
SHA256 b5fdea4503f21a7d0bd5cd4e657e3218e04b26cf28806d0a549364fd4bc9d608
SHA512 ea9b4c7b6934b7fba220d6d65b68b2bbb95aa036b618ce0111e4866e94579c48fe407665aa0ef7c2658711d52df6bf46b04bf07a6bd1f55a886fc29051216785

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bd389c6f39b2f84fc91ac90863fec421
SHA1 69bd3ab88b6d6f87c0c3365c13a47005d8f65957
SHA256 9f2ce9b15ced31ba55c3ea9ca23a3eeeb0b1bb1287d434b04dc26dd4ed88fea5
SHA512 aeb0306f4698738b208008704e7774a250e3013bd9ded38b971c7464cfa0f39c22d8762024e1ca934ad6721d9be4eacdb9a3b7e354d6d22c52254aef7efd89fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 72825c4ec928af371f5dffd129dc1940
SHA1 59985c433bb82706f17e4dc51534599f200f2325
SHA256 20038c758ce482f0528d0891f513fa55bcfe6b12ebc2a1ec819e685329a336e3
SHA512 cff46b5731496131f8758660eaa57290103f504a528198f2398299cf38f43ef5f5354dcffb2d628858bad8107e28e62a555cdf102db5459d98daed6de9b07709

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b7fef5c120b6735385c5b76a045873a
SHA1 831263a2b83190519d1b29aa378f90efcb7ef231
SHA256 47f8cb4b250b1e4dda885b1a59c7506329929e4a6d0f3a53c6e6f8be892e696f
SHA512 0c3fb2e773ee4b77e87c3e2a135885b84a515b9793308aa5617fbce26fb083123269e3cd35bb45189d3651e1e7e9d5e0ea4e5460f5e2b2f4474e848e683b454c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d24cfb068119a93e23dfc3f38be7aea6
SHA1 bddb387ba967e8936533e2e718ffa7b9264d58ed
SHA256 a8c3b9b29d3b76b201a2b93974fa5412ef84d2b4dbb2952449ace72855b69aa0
SHA512 fc3a5086c1af8cd0a188648796446db20f5d4a157fa5519fb46deca46580cdcd27423bc0b7fa6f08051a75058ae16249933eda0967a374614507008179996520

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bb4819b41a79904523595cdcbfd9fdbb
SHA1 b0187783d283355c43db2177d48839c69b8cce2e
SHA256 b363949a8f35e4509ce5d1cc6e1201f96748494330c6a6f529f051c5817320e0
SHA512 1d94f7e9237d25986206a7a15d33c52f633b3b5b797c8b8680b96b3195b1030779978fc6f35ed2d65cbbe50d7a1e9e61162b10106eee8bd14908b9537166b530

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 528a086e5075a201d9b547d6228086b3
SHA1 35cde224e0a0c0cf194333cdfa98c48c84e47b92
SHA256 4a59426fceae0882214ab545e89904c1c26191eed03302c4ce24e07dbd260cca
SHA512 e56f6ec6673cc768cd88074a1837fd5fb37c48d1522a514e25729070477b46910b6a6c914442a32aeea2f3bc629fcfe41a1a59d1b3b076aaf9485f9514b8afb2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 247cda883f5cf709a50414f8adbe703e
SHA1 943c931dfc33c6b3df844515a3bb10bbbce4fd2e
SHA256 3e4886d65df2c8a366ca2ec7d8d508417b1c710d4bbe92eb316f5e56a1fc0d5f
SHA512 9b62ee2413a835c9a780e67c65920ea8b09bc17198233cb4954ede4db29ab56bb6edcc0b63c0074314a8127f928ef62ae195f6de65f9d638b11ea6dc9d86132c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 962b564678fe97bef6bf92978985da67
SHA1 afc9f057f2f969d8ed02e71a9eb26ff5ca87dc59
SHA256 f2f8976143b55a204961b6258a11bba18ebf4907d3751f43aef38efa62837127
SHA512 1520f0b023280ac9cbd56262708a0c7e08dabb95d7419a5e004524684b819bb338b5376346fe136a5cc8a2a07b95fba9bc83b0bb2ad7a790f849bc849d70deb4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0d524e6b82811e9dbf8d74555aa52627
SHA1 e37d93b6a0471101e8ddcee14b90e0cd5a1f2a3d
SHA256 c2ff48790b5c8473be36b6351a5b90a8d2989740548244c4ef91ffa2585fae12
SHA512 cc48052d4d21670bce9e90103fb6a4a3d907ba1df407b7c2d1f040a328701524ed87ee71d823b2a296c4c0f1352dd12fc4b44d300f625f7cda20f3f6d3bd0961

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf64e8b0d1bbe9b5a08baeaf6a12469f
SHA1 8a0adc1d5d31a37be158d506863ca7f3e9c46ee9
SHA256 db6451bca0ed6de81e0f056d9f36d42baad5b66a81ea87a125514c05cc67aba1
SHA512 efee064c2c05b5918bfa0954d2f74e7ab01168f6c4976d4716d08231ad65d1c7b2c83bedd6a03228a512401022dda8f5bfa8fe6f6cde4fab94c1c8986477d57c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aeae0e098dc85ed66d7e6a58ecdfd86d
SHA1 da65777403f688a047799595f6d27b790f0d0c2e
SHA256 5f87ad90261e0a2334316f41adc32343ce52bd48ca2df9a846eeea211fc1e82f
SHA512 961a627649d4f04e8d3456edc3c5e16779585bae6902d56185b5552c43a4008b8b25cc7aff28e3326b0b08670f5987957d2ad5924880013c2d754a75a32faa1c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a68861cb43be205c9c14900bd6544e8f
SHA1 55289507ca94bf8ed8b5d4033f7f5978abcf31fc
SHA256 f9369971ddd685c68c4b8d78e7a0b51a462a1e54872d053942abd7a133f95b0a
SHA512 17c893ff26c93592cdf7fd7e844749e909d976dd8861f9440de2a2bda93a02f19c5f86e8bba9662d152b35420588aba3cdf31e59ff9413a54dce04321753ba9b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f7fe76bbf6c488ab8098e804664427d7
SHA1 0624581d679c6ba3db60efbfe1e4b7a3d5cc8976
SHA256 a2c780236e6c295da45dae8b8ca736c55f2f44ada758e0cd1c125860174df2d2
SHA512 04886b5e6257ba7109a7ec60cdc6be6054beda0a7fe64bd9f80c1dd9be1ab64ef01ae6d49956cc1896d953acc1a785483a376203ad1dad2fadd38695a4cc8ad3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36743de1cc5d7b433a83dc277d292ab3
SHA1 d0eb5eb96aea7711e38fa4074d36fbc512dfe4ed
SHA256 817f1b302e5a6e3650ba5a05eeedd7652056c6e9053a71001362e955e5ff2e26
SHA512 ebc56ef4a7bb54bbcf6f5dac75458770bfe8732232f28cdf64d24c595b9da36df75bed15de6f623474a6d131fd3010aaa799315a9b0ba5c6b1232aaa86d71d97

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 22d0b1d2c287c6a2c98130af969a3693
SHA1 9c644c37932d801ea14354158e3c453cc60e3999
SHA256 4cb2457fdbed0f66181f5b6a15a7b3ddb066baef2151d60b29ffccb7f3054e5f
SHA512 a1f9d3a6848dc72a5471440cebc393df893c8178928b022a94d52fb57aeec552d9176b32d25a0e256361d28d8d3cc442721e456882c3a8d479150d258f431705

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da1249b22c0cedb21d983ddb331e8ef6
SHA1 4d9abc7448323db075c5ecb847ef23a24c40bf57
SHA256 0f7de36b50221cca6c29e9b30bd79151333f6efce36d79f6944a41cbd8577386
SHA512 221bd1a5ee698e5dd3268f54d78ee779841e3b266205f2cbe7418f6f996841e2ea3f41a99716e38940e76b17dee94226681966520befa366a770331d57583cbe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f28ab247ebbc836eba2e407b18a96100
SHA1 a51143650bad2c2c287a0841e50e8f1bafd66e41
SHA256 9ebca79b227da5ea2748da5f44cd170ca531adc2f1d6ad6773174514653b5e42
SHA512 3d494568684278141a30e9491f1cce4ec3690dc8db69cc7ca3b8f8034958faad28925c4e982087c188155a583eefd6c716c3b0aa4ce64d692b3b0af31b73f02d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 26136ac52709db929c623ab462ceabae
SHA1 5bd677d9d1130a76482dfac57e4035c5ddd0d5a3
SHA256 b8e822752467594a602a2dc9bcb145c5fd6488aa401a132f36d5387c7a240d64
SHA512 f652945601b7c992654ce1ead4a4a6e4c6eec5c3e270de53878cb54328a7d0cbdc034a3d69cceacc833e7b39748203a2b919bb12230c96a003d1fc81bc6c7d2f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5ace0c6564bb5030f858ec792e360019
SHA1 8231903f30ae5e946fa9c03f315a1ca473aa08d9
SHA256 d1b2cf8ddd99f68fb5de4a17847201476d562f77f34a57880943170c6a7be33b
SHA512 bc22a8cd780cce438839db82e3e67904888a9f0a27d8220e22fd6c76d2c8047fab19bfe603cda9ba2959c41e4bf03ffcbd33607ff98470e1bcd1a30da840bb43

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fc8e34f345656311f3fa9622557d5a54
SHA1 0cebc55a8252abccb59fe8104e8858064b8e2f3f
SHA256 fb61781e3b60907fb8f6d4f4012c3553feef8e5baa812ab89591c9d8c7d9bb69
SHA512 19e8017085dd57410d73405980e3d458adb9f62b32b959ab275f06a6727007c1ede8603da7d7df3d2debf00040cbd867e9e8ebbc35a82c15850178f63caafe9f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 75b7a58f4adb76f6403611cf007be80e
SHA1 04cf850cfcf3e81cabbb71e4340e8c8839a509d5
SHA256 984023b67d79c0ad1d774b756474831c48b474013792cf8794275e1a4555c051
SHA512 a1cf06c44d2fe68ea78e4fc8801b43cd393f84190370b731171d8525390162089b127c0a8a56fe9e1461e46cba7fdd358fe89a449fe143a0153883866bc67d3e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2efad834e8016414e29e57686fa91147
SHA1 23cae813d16d01a52c0ea36d2e6a48d615c35b7e
SHA256 45e2c49087924601cadee2559632181b121e49b761eaf398a4f311554304992c
SHA512 c7564ce1071dcdf61098837f2501b696ecc774cc171e5cd07be52c24770e2351fdc6936a07660510407586d2af076d724b38eba595b209c00a5db086a9d14ec8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 58722087e436c90f8dc2740867537d33
SHA1 0ffd95dbf2ff9c95728b21c9e82e360f250fb09f
SHA256 1d6b8b6b6bac43dda40f2d5b7f55e271331e0917c6b4f360e9da490d62399121
SHA512 4ad67e99537b9bbfc1b372f647e7c567acf2bfd7b6b3476cfc3ee84dc62ff30d0d0a8110641f3fd3d61a170abbec3111d72c2928b6f58060836cb80611f064c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ce53321062d0b0d68e6f223592930ee
SHA1 08110e1e8968bdf4f332761703e39cf30873728b
SHA256 917f8d6498773b4983fe0e867a44452f1ee11cebfe3be5768c4481adfba2751f
SHA512 a939acad80597dd12e79a88ae2babd658d01ee7be4e2a3ec7f2a24e6ed06e4f77493e6454e2ab7a26fc0617c72b7031f7a112a502828ac7f64be04e63c0a2cb7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6e4b73d62509914cd786a16b8fd9fa1f
SHA1 577b751872506dc8112cb166360a0c3b66812e72
SHA256 42e51374a38955f8353c0ad558216574f33b1fcb34b241f65cc03c8de8b430d6
SHA512 69cbf1d55dba8ce4fe807d61c23183599da8b1e7a463976cb715f858bb89f20b34345f8d2326571685681d66d9136fb228c262472b8fa84049e08478d0f81bad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c3ebda01b6237003679e6094f0dfc4d5
SHA1 c7b62c2ba8dcf06d1d30a20ebc53d90f18a9fe1d
SHA256 1c09b5a32de5dc07f83f729783c90df622e4fbbf5d700a53b825ac6e7b6ff4a6
SHA512 5ade353629b4664c83038ab5658a30769100afb6806669ad56221db6a64b2ffadec3b896e503faf08468a6c844db83503e276ec09804ccca23ecf58dcbaa0a5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5cb5b4b8c65a4b389c0dd49ebd074d71
SHA1 8238fee2259582fccbbff17b9850a94e601f17ce
SHA256 c49487c321956fb98431a10211ba0a754c49b280f0c1effeb550b9eda8c057de
SHA512 c9f07df97a5887a6ea475a1483c4f623f1bfafae22d6fb249e9b5c6132cd37e317ccc9a877f5afc61639588b2e0bf86ba8fbc9ee8b272a525a4ccdc0dd34b9cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 412da0163c65d020c828ac06442f4e26
SHA1 71c36d05378c5f3dd8c613716accd9282dfbf499
SHA256 127da33654aa7f618366c784e5bf5e3a9efea4141fece8de090a95516ea07036
SHA512 b510ed9764e2a90e210a2188eebb7c9cec56c93a5a3d036a077a7e64525efbfcde6d43aaffd21881e741cb877332acb6f47707f47286d11e6f3805fb4969fef3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d8231bda99106621e56f382e070a8c7
SHA1 7000d13be79f823ece0c69b3ae3c07ce0d8e02b3
SHA256 139c874ae38ee3698e03f6430fb56fb696b69040e9d829e7b78452a8255f5bae
SHA512 af13d90ff7a12a6fd7e574cb58a183c65549f58122b81036aff0825463e185cf68bb4a7800f1c215291dc3eff8aa9319c9cac9d62cd25bbc896b71290f380d28

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7579df9323bdd4c9bedd04ac0180d3e4
SHA1 5dc7a727f96cbbe3f84703e2de346ab36cea0f17
SHA256 e12915d095fcfa60166cf033c2e4e44ed8a1fcf2069ac2e224c22ca5d41ccf7b
SHA512 4a21f8d363f32005745afbdf4a0baf82a7b9a6c88aa77ad420b1e87f4569befef33ec0e0a019fc9ca4b0114a021dd3a5b7d46eb953f4abecd67de086465f7463

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b21d9e44c2edd15a26f5bc90b8075b4
SHA1 e9276fd514626bec04f5b64dbee5e78a9e980723
SHA256 36bd68dcfdd1e971e3fe53e209d768eb12a13de96488c739f2db3fba989e50cd
SHA512 6887f549e4fc0633a6831feff116140c5fe6c50124500135d3f5f6c03275f7e909236c348146ef2cc2a34212ebd7979d7b967149ea3d6d81d88f1314513637c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1cb12084bdd383ec7a63aa4c7f0319a1
SHA1 c2f4299e1177808a61b3f0e58bfea4b0dac4a73e
SHA256 ba247b7921dbbe630d8d1cf1efad35f861dd0b205a245b6a912d45534ca0e457
SHA512 8292fac941a1e6fce67681962bb1aafdbcdd5584bcb0c946db490f68e4e566a72c45dbf2d3d1a4c3f430e2e84074302aab01680aa8294177dda1a412989cae54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a7d5f36df1b43c471bfac30147969856
SHA1 4d7517143d1cadc296ca0999f89893597e8ebd28
SHA256 b319e82e3700887e35a611d739f90ca7ac332891d56ffc2ca7c1433f204969f1
SHA512 8df09609994e689e4944561063354c54e12f8910fa7123ec5923f7f8733ea1bbc016bb662050a9166c0b265eb3ab9e4019e4acd66aeb82d2ef6512b02b9d2162

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9fb33d84d0c38774642a2353b667bd20
SHA1 374e12f88afbfe2d09f184465c0cf2397f2bd5dc
SHA256 3a56ce3ee5a176c5f0a1a5ae09a2993fa8b521a3b963e72aa160dfed8893ba2c
SHA512 60fc0dddad919028082058f686be0957967e55eff4f0ad16bd8b42f009e4870a016250a30d8ee4a47f3d53580095207cfe439e4019559571d28150c7979909fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d98cad07c3cc1b69cf22b615faceecfc
SHA1 9efeb7d60f68eb7a0e343f786b5415b9bc5e95ac
SHA256 3da4d1a9e0bd6ed8d1f5fd9706796fbbaa1c0d98ce2caa3c5b8d1c6a48e0f818
SHA512 0537ce53e3c213ed949d3c22ada873b91cd3d930423b3213d0a57a7a9efdfaabdba71ddddc03d7537d5138c9cd1e8e64583f75ce8e0bdfb03fc1d35825970913

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 90881f6e78ae49db8b1977f0a40260b3
SHA1 d1f820fc092cd78fe770478350a30d87c1244436
SHA256 357d89dc8428fdc5ee785efe245509c57464a4f1ca73717e03deeff6b68b9dfb
SHA512 7a918c562f5abe9e0e29dcd4ddf33560f9f1c1946f55af2ce62454789aee6a252dbbe27335d058eac368733487497ac9e1e3fdbc1a37df4396ea7675bd282ab9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aa045ee5745f8f89bdabbecf23cd5e9c
SHA1 d7e241d14d98ee36df7b6018cb6838dae2a4c34a
SHA256 49b077274d85a80fe5c620ceb7e877f7904986ce0b1933953950ae1e27a1ce23
SHA512 485335998df374be90da77c490da80fdf3911f7d2388487c6358e3fdd104daf47d8e125b3f6b5bb8cb90bda63013960925760dd2aa8d048e83cf2a411444d2bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 53d437995b747b88cc488630b60dc18d
SHA1 81b651715f5acdc4929f439c670c05ce41a6fe6a
SHA256 59d98d70962965afdf097ebccb9839581c2bb16f31e3ce2a526c338299ddeef9
SHA512 cdb05a046bc95de2be0c77ea67e30fd23c62daefbaa8e0247dc3f8dfe4dcccba67c8ec3feb892c9e4d35851fed6cb67f3b684e8cb0e08355c7af0698b0e48764

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f4c90f3f39bc1c1444a407f4fa4b1cf5
SHA1 f0c19b45b63241fcd175a9f2dfe09aebb1179ea7
SHA256 e2b4ab8312347ebdad6753c9c130810e046662e5a871447b34d718125cecb058
SHA512 f51272ce7aa0a9c31541a36ad507e98a4295eb0a53ad604cc2b8854187d4398ed239fecc72ee024e46813217669d6247c90a0062668f743ded5cb3a689de4046

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 34275d2b65c597e0dfe5739fe526f2dd
SHA1 0427b38443ccf56113d2cafb2c449cec7ebb6b50
SHA256 45bc33c833389f3e3f1db3ffd5bcb3c1f5ae0a8c8b215b179b5658fb67fd5361
SHA512 f64e6c22d360a4490bbbb10578b3f71ea23c8e5ab7fbbe4d4bc29ffb95b12ed9c487302a28425b3694ef9ab14b883921382fbf0cad0f9cc66b2d1b8a7f61c6da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8c017b7596186d9aa27551f661a80069
SHA1 bd7f411d68d1cbd0d30b2e5125a153d3a0366250
SHA256 19bf47c8b269c0c7487814cf14327ceeef52320da0ad8a8820638856d5085e3d
SHA512 930cbe96c7b9af6c72252828c164bd7a6b5627f0ed4f2aa828e3665da7a560f8762aec4df125c332000ecba5329fbb51854b2a3249ca65869784ca66ade55f70

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 156a50c871847ce851636eed4c7bd9f3
SHA1 8d05ed67e3724fd73a068e9755c05469b88e87a4
SHA256 845b40f09a8322c864433ececa169f31ea39cde42356c4a6e13ff059c2ea7ae7
SHA512 1edeb7bffbfeff28e8767f744d5c23b239d8fb98f55cafee2897ede24e909fd30421a3f7ca293d4fd6f9b69e32bc7703453551713a3e00b0513feb86904d3c78

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a05bdd06fcdd78b878b8d3eb97194adc
SHA1 38ddb1a839d8d912d3145d33797a70f06b86cf87
SHA256 3ad86ba61c4026866916897ce9a751fb85d007670d930c682e94d426d4aed2c4
SHA512 d309bca9332c20b4ff95f5e7469266b793ae2a4184bebb041e7f59123fa0f94223264b2365b768cddcbb074b3d53ead86a7670700c1bd2c5e741d4b21fd5a772

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d44a69a2b87ed5df9cc7fa8de9f8e2cf
SHA1 3b9c81287e2688c3920c397c0d536ef0ca5b7b13
SHA256 9d9d20cda04463ea5035633c64019ba77c9e9b46045bb530d8c336c75d248d45
SHA512 6c5f9b4c5cb777f517c205816e88e0798e28d332bc6c51796c05ce371a55ad14cb15e701b5319fdd83f473e7dcb8c16d210395fdcfd8038b1e3f09d48c083d72

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 54435e33c45563bb4f91fc5c4950555b
SHA1 cd331f99d800a855999dc8d7e698b485c6525791
SHA256 0b472369d29d49eac6cbce953a8f3593a041ca3d4ff4201da5d99ab495836566
SHA512 ea6b1f5c6c0682996d8b34608658913f1e82ee9bf99f017c1f20056a969059bf519777ce22d5091e903e3f0f32a84c09394b2ed6bb6f6905f19d602acda9414a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 402e134d934075cd7aea28d61ff4ac1d
SHA1 c5c91b4cf8f3e60e57d18c98cde80df0ab1082d0
SHA256 9be372db366bc1b038f318d83bd2fb929c7c2fc34ba006704b8564f8eef2fb4b
SHA512 88cea397a2d7539f1d8c89fb1093ca132b3f5859da9b643f98a97e6493920b6007d2a3f86703544047c7ccc33bd8cc7bdaa2292ce13e74a95340d344848330b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ecc27fad57b4398f7684cbb80b33d3da
SHA1 c53004ee720f4404c6c10c914d69fccd8880e3ea
SHA256 0533970972a25994caf2e934737101052a5cf95fa8e1c3c0940b0109726549f5
SHA512 0b21e9d579c53b8ffcbad135dac1ec607a1aa5e60826ca2172fd681782e476b5cb5eee8b65ffd7d3da4bb968c484fba1f9b9c2ffa6e401c7ee9e2ebcfe4a5c6d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de9a91374cc59b98cb2e618616396a7c
SHA1 cc0f25ba2d0233a736ce1e1c34bb3c9e8dc0f42a
SHA256 2d07eaa5b9ced788f8e2fe7b4a5cfbe84e3aa7b5f8769a9b4b88ede292b05de5
SHA512 bb21f729c0a6364a3da6ef92bd3d2749fb4d68113cd535f5a3aa4003a6e2249ed6c1b59b0acc3f2814d9d095d076eac1500c86f2f439ad91cee4c201643aee8f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 02ec84fa965041522dea09fdb253f175
SHA1 980ceb948ee3c0842e2a87fbf3d9a2f3ec7b802c
SHA256 853b722f05ccaa0bf64d3a6c9a1297f25d43278763e2ad7a9e4f9db42254e8e1
SHA512 617178a94ececb0c80cc2711030eb5ede0226caf3214d63ab76ee89de140a0c35b0218d61e2f7a1792e479e2853c3d10f8a36af24cf019f23833cd9db0fd703b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e1cbfa9c9d60ece2116d112f4568041
SHA1 426a6f76357c5e142bc8c6d15d102fce94401645
SHA256 e57e5527d78aed18fe5744181c36e67ef1011a6c338d38fc910866e827516024
SHA512 7b204deb62e4f4db6371e883c67c36f79c67ff0b015c42d0c0157ccad747545ab387d35531b19066485819148a467656483916818096e1067497d23f7dbfbb13

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e2d5c80a5d9b979a211257ae59edde1
SHA1 54e268e3bce983995105581232d345dd500cf5c4
SHA256 fb21b00b63a67fb6838af28b6894707bd4e677aa1dc3cf42326281f453a0ee4b
SHA512 9b4532da50979e426c0b141570aa46976030662a6db5e2e7514f5500a02a8d87ee99adfea2a271aab1fcc30b0cd6b7145ca1e8ebaac7a723f21f3fedb6fb6051

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 22cd9bc3c17d4c507b08a42709cba73c
SHA1 175ca6efd42ce0b899437210a80b54dbf5453a64
SHA256 8b5a61878617fa7643248cf3a157262a0296d6c0c21336d93c0b78530aa270b6
SHA512 7e1cd077e1106a6e7a31a898574f8a0a986f4124f2b61a20793316f5d84d634e9032ad88dbaeb2f8c19756b95d8d70e852b998f0a8ebf7d0bf03b71fa62e8080

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a4676764726c9725fb4d90891fcb536
SHA1 b3fab7bbaa8616106ceb83a84a9a1b82082ad6b9
SHA256 a447823696930f8900c70114e2da2b67af60deee4624762a681bb84e776b91d0
SHA512 5fec26b97c7b102ce09f7fb63c824b136265dd173c3e05e1504de7526c5f25898c8576d6c1b6038116e95d06fd45a3c85b6ec5de3f4010428edd0dfdc7434244

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 68b63211f50873df387f122919a473f5
SHA1 d48e604dfbd49ea5cd1f79f048464bbce516f41e
SHA256 b59831c29c6493e517702178fe5c00643639331ac773493c80049b86dbff6986
SHA512 6f635e05cbacfa529d1ccbffc248a92518ba5dacf537eda1a308452601d8aa7165c8c5dfad359725d5d1d906cff1e5c4bd64deea3e7c08d9dd369b2b3c0fb520

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2edad03cc6e2d173ad6a06fe2ff47347
SHA1 38bf15f80775df34fe65eec9d22ac790910ba9b9
SHA256 bd41db72abd4a14902930493305d6955ff8569e74aeb5271ec883d70be39e28c
SHA512 6b0740aa3bfaf377dce86036bcc6d6d19dc4d68df992e7ca97bbdf332dda86e1fe095889dd1013fd628b85f7d19469e25544f0108a13b1c5206bca311945bc25

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a92adff24347db551c41504cc381b7b6
SHA1 9924199858c1c41d72274f5609061589d55b6fd7
SHA256 553bd7efc212f4a7dd3acc68fc0aedbebfb9e90a2a6a352eb12aa1b14b20a4fa
SHA512 20c267fb6e56a22223d805b912d5145a107ebb657717db7a21c9a4b1ada8e5984d561b717a70015d3284d3747822e50ba3d197606a8109989f08bbfff4c6dcc7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1278341607cb0f2ae1c7dd5efdd44c4a
SHA1 bf8adac31647c33c9d0f16116a2bf340ee38a6ef
SHA256 53faf13b56a96cc5c329fb108cf6d78de71eb1c6b9c127cf674e1dd3ea3b5290
SHA512 a585c003a93e07ba38d73206f5cb6d2bbb2fa16c8f769ee1da04ae674b569ca97fac71ca186e32e0fe6ea502228e800a9bf2253847402e2a335fc6823f6d9fd6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d419b6f7eeea1db16b1fb6a033e46f68
SHA1 c1fba08b985b739277fc930f826c0cd7ec429f35
SHA256 a18fb001a8d606fee2f6d625cc56753ddaa7024fb2753f9681f30d5f30ea1139
SHA512 19f2c70e59087138a786cc866c46a1e5866288d660ed0f0764c589631dde078d556616c19267f13fb64f1cc0fc061282ac734501eee322534300ae480b950b04

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a1f8c399fde3d0582742ae5fbdc6ff79
SHA1 64d3a771c2c150308beae8377c30aa77e520457c
SHA256 459bcbbb18e5a47a1bcc447c3a4e0ff90e314187548955ef3c12779852d59e77
SHA512 fb5d862853f1fc8edf8ce7bea1ea999ec11a6ddef45b8868ef8811dd0970065798f386424b336a392e8adef7c7ab65da5e94ad5ba1eb5ce08a351e17681bbb92

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3ad35284b44c30b0f54191a6d5a167cd
SHA1 029e699b9819d61fd31ae45eae129617829f8725
SHA256 03a0d73cee0adef13841947366133cdacdca20ff89d6b3a5c2b7ba2446210cc9
SHA512 efe33b0efc092a6042a54d85c8a275ee1dbcf75b43c0069022c7ef6d13d2299f56de08734b307be186ce35c60d6b153dcae15434af495878c399fa7d42004b88

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cbeb09e995b0610a805ab5499db55f54
SHA1 f3a8f16a0b56ee8becddcd14af1583a4bb787934
SHA256 766f4fb837b30ecaca137b497b29d9f5e927147f3e8cc3d69d4dd577f462b2ea
SHA512 7f3fe265c4ab9d4b69ecbfd9c447c993d288cc7520b325d0ddf8107f84902c1380ebd0218dcf2b074a518cfd50bf99dbabfee0b2fd2631f813742fae3b733134

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 73f1572953c44a8774b3c68e7da01430
SHA1 6d4c50200eadcdbe8798a59437a8ad35814a537f
SHA256 d85cb6d9b38bfec144aa55d310d38b74b6a79c1155d0e312e10affdc40c108bb
SHA512 efda783a0382b777e1fd03ac1e67b54a0a3f78b45fce95c085300e352b85cd46ca2eefc9f4406448119cc2d2ce324eceb11da38176c43c766731643bbb4429e3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 00ae680ad0bb49ccb34d61226952b214
SHA1 d40fb60fc4b60fd23e26839b6b97ec6887653379
SHA256 467654cf35e628cca7de725225f2c5e094267400007105ddcdc84979edae5a5e
SHA512 1f744f41b2429bce2df67eae73a4032583d2b3fbda06258c60c6982935b617b56bb578c433150d4e351b056401e634c0bdf19ceff741c4aa3645cbef235a8f98

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 311f89943f3d410829b3093dfdfab749
SHA1 68b8c9017777b34038e32401f020efc29d330618
SHA256 71d6a10072dd57abdbaf0f7168e720d30019932e8e9066421eb20a6c8204a0a4
SHA512 0877456b544dd8b1623314b66fb3555966018848db966631d638965658216a5552b57949567c137238c8edce92b35d011128353534c89e8a37dccd7d04fd2635

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 938e014da85f27727f37b5180f3858e7
SHA1 e63e421eafd650f6abdd63b07150dd3ad97ad857
SHA256 69ed52ce9d91c90e46cd428ec973130698b1c5f851aea1e6d1103d34e7cfa93b
SHA512 b639f7316d95bc7029b9dfd227f7b1f78cb5c70dcb36f150f72b3665d9bcd957f868c921f781ee0e387a120d1a8c1b13c796893ce201e7d228f86980b969a389

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cd61a79edff7955a6e3caecc890498b8
SHA1 18ecd5d51db35da209ab6c388d2d1afe840256f5
SHA256 dca18db441fa3ac59cf01023c2c973c650e456623c273e46ec98836e19262c43
SHA512 289395b9bf89a526284d8ad439112fee17451d50ce1286fcbc16e6019171a2f0a75e2f57dba7cee54b5c9787c4b5b0503892168a7477e554ad2c01f999176faf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c6546dc508603293a1ad0f5b355d1ce
SHA1 848f744efd6810d369b081d0c757eee75b51a84a
SHA256 73fe6a4e8f9d65bbbc6594c7ee5fb0fae183c8e4aca843c3e1ae47213edb007d
SHA512 cf54669c84c154344acaac55f9260cc297ccf9ce4a0c0f444a5e099c640167537df9e08f5b2cd90a0b6a09fe5bb5c4d953c32d7ba0a0a376a7006edbb09a7c80