Analysis Overview
SHA256
ce65b6af9a28fd4755340d5c61724c0c4786e3137ce67c3765d7d4f21bbe877f
Threat Level: No (potentially) malicious behavior was detected
The file 80456ef21d3db747c4e56f0763cf6703_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-29 09:31
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-29 09:31
Reported
2024-05-29 09:34
Platform
win7-20240221-en
Max time kernel
118s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ffdece6e036a194a8ffd3d4ce43b01eb0000000002000000000010660000000100002000000007ae198bc321c3f579e7a588b1848fb982f9a0332b71a7a3918c7c6b0434cb1f000000000e8000000002000020000000614015ec6665653aacccefba6457e95a59c05ad1763d2cffb00954240007708e200000005ee0d910380e9ca4a3f3befcdd2b9de6897a0a93e134515cb2af4f1b3f7ae69740000000c950e7e76cf6e119ba551a02bf22acb04c03766e057b451a97f01fdfc6dc1d2aedb8fc969ec7d4687aa311989029cc7ed5eb018e51136bc1f55bfd9c24486501 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ffdece6e036a194a8ffd3d4ce43b01eb000000000200000000001066000000010000200000003c2b8a263ac96d246cd95ad49dcee7d5276ad6c5f7fd8c262d670ab4eb599390000000000e80000000020000200000005ed5e345ce1f64f0b5e6739eb3b1872b582e20ba2248e62f450470e43c8f91ed9000000024f3bbbc6227df5bbfdd3108ce2c09b57170fbec1cb1d6cc07c34270d8e0efbcb915c79f92709db3e6ecb870ffc572ebbc9376cbf225fe9e728826240cf5d60fff8c50114c0981bb6a9287ddf4b48de45cfb0c584680f7903af7b5e3c2b90a85cbd9e1636911d0c9a1f7df2c4054aea7a0199eaa625475f8f78e702e1ed915e56c1c29a5486bcac5b0444c6865f7d97240000000f4c83bccf50d198a8db2b320081a18faa67f5e714a44838c9122acde6eb63546d8da1735f4acba4f9474290f6956b8d1c537794def7778f2838175e492edd4c2 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80dc3c1eabb1da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{47729A91-1D9E-11EF-AB41-FA5112F1BCBF} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423136979" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2240 wrote to memory of 2472 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2240 wrote to memory of 2472 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2240 wrote to memory of 2472 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2240 wrote to memory of 2472 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\80456ef21d3db747c4e56f0763cf6703_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2240 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | forums.graaam.com | udp |
| US | 8.8.8.8:53 | tags.expo9.exponential.com | udp |
| US | 8.8.8.8:53 | up.graaam.com | udp |
| US | 198.185.159.144:443 | up.graaam.com | tcp |
| US | 104.18.12.219:443 | tags.expo9.exponential.com | tcp |
| US | 198.185.159.144:443 | up.graaam.com | tcp |
| US | 198.185.159.144:443 | up.graaam.com | tcp |
| US | 104.18.12.219:443 | tags.expo9.exponential.com | tcp |
| US | 198.185.159.144:443 | up.graaam.com | tcp |
| US | 198.185.159.144:443 | up.graaam.com | tcp |
| US | 198.185.159.144:443 | up.graaam.com | tcp |
| US | 198.185.159.144:443 | up.graaam.com | tcp |
| US | 198.185.159.144:443 | up.graaam.com | tcp |
| US | 198.185.159.144:443 | up.graaam.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| BE | 23.14.90.91:80 | apps.identrust.com | tcp |
| BE | 23.14.90.91:80 | apps.identrust.com | tcp |
| BE | 23.14.90.73:80 | apps.identrust.com | tcp |
| BE | 23.14.90.91:80 | apps.identrust.com | tcp |
| BE | 23.14.90.73:80 | apps.identrust.com | tcp |
| BE | 23.14.90.73:80 | apps.identrust.com | tcp |
| US | 198.185.159.144:443 | up.graaam.com | tcp |
| US | 8.8.8.8:53 | www.graaam.com | udp |
| FR | 142.250.74.243:443 | www.graaam.com | tcp |
| FR | 142.250.74.243:443 | www.graaam.com | tcp |
| FR | 142.250.74.243:443 | www.graaam.com | tcp |
| FR | 142.250.74.243:443 | www.graaam.com | tcp |
| FR | 142.250.74.243:443 | www.graaam.com | tcp |
| FR | 142.250.74.243:443 | www.graaam.com | tcp |
| FR | 142.250.74.243:443 | www.graaam.com | tcp |
| FR | 142.250.74.243:443 | www.graaam.com | tcp |
| FR | 142.250.74.243:443 | www.graaam.com | tcp |
| FR | 142.250.74.243:443 | www.graaam.com | tcp |
| FR | 142.250.75.238:80 | www.google-analytics.com | tcp |
| FR | 142.250.75.238:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | s.tribalfusion.com | udp |
| US | 104.18.24.173:443 | s.tribalfusion.com | tcp |
| US | 104.18.24.173:443 | s.tribalfusion.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 104.18.24.173:443 | s.tribalfusion.com | tcp |
| US | 104.18.24.173:443 | s.tribalfusion.com | tcp |
| US | 104.18.24.173:443 | s.tribalfusion.com | tcp |
| US | 104.18.24.173:443 | s.tribalfusion.com | tcp |
| US | 8.8.8.8:53 | dsum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | sync.search.spotxchange.com | udp |
| US | 104.18.36.155:443 | dsum-sec.casalemedia.com | tcp |
| US | 104.18.36.155:443 | dsum-sec.casalemedia.com | tcp |
| US | 8.8.8.8:53 | us-u.openx.net | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 35.244.159.8:443 | us-u.openx.net | tcp |
| US | 35.244.159.8:443 | us-u.openx.net | tcp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| US | 8.8.8.8:53 | dpm.demdex.net | udp |
| US | 8.8.8.8:53 | a.tribalfusion.com | udp |
| US | 8.8.8.8:53 | tags.bluekai.com | udp |
| US | 104.18.24.173:443 | a.tribalfusion.com | tcp |
| US | 104.18.24.173:443 | a.tribalfusion.com | tcp |
| IE | 52.31.161.52:443 | dpm.demdex.net | tcp |
| IE | 52.31.161.52:443 | dpm.demdex.net | tcp |
| BE | 23.55.96.210:443 | tags.bluekai.com | tcp |
| BE | 23.55.96.210:443 | tags.bluekai.com | tcp |
| US | 8.8.8.8:53 | aa.agkn.com | udp |
| US | 104.18.24.173:443 | a.tribalfusion.com | tcp |
| IE | 52.213.222.54:443 | aa.agkn.com | tcp |
| IE | 52.213.222.54:443 | aa.agkn.com | tcp |
| US | 104.18.24.173:443 | a.tribalfusion.com | tcp |
| US | 104.18.24.173:443 | a.tribalfusion.com | tcp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 8.8.8.8:53 | public-prod-dspcookiematching.dmxleo.com | udp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| FR | 188.65.124.66:443 | public-prod-dspcookiematching.dmxleo.com | tcp |
| FR | 188.65.124.66:443 | public-prod-dspcookiematching.dmxleo.com | tcp |
| US | 35.244.159.8:443 | us-u.openx.net | tcp |
| IE | 52.31.161.52:443 | dpm.demdex.net | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabEC2.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\TarF71.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
| MD5 | d4ae187b4574036c2d76b6df8a8c1a30 |
| SHA1 | b06f409fa14bab33cbaf4a37811b8740b624d9e5 |
| SHA256 | a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7 |
| SHA512 | 1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee1393b2be75b236f5c823aff38932fb |
| SHA1 | b198e19e96da417eb0750026240baeeaff144f79 |
| SHA256 | c3b3037b546bb5fa71faa04859ddde301945e3dc3e5b72ce730db3f42c5e94ab |
| SHA512 | eb96e6fb7e59d0f85a54a387f61536a856d1c1b656c3ad4a1ce44b7d5494423c60c3924f6acfe0a25034d9ec75335a54fdac8b1c3f07dfd18094159baa8c2472 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarFCF.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f14933c7f1be5dc596df9905b28c138 |
| SHA1 | 8c23247bd3f54bf999681fad79374394e136fc96 |
| SHA256 | 398dbb97b7d37722e9fce53be5bee8c106bdb21fb7dde676b20f493bc4579ad9 |
| SHA512 | bdef57e37e08a34c36a153000ddf64d67e22ac11f2301a62b60ebde351cdd3e5b4803ac7e530d5084d0cd9468d5d9bf9f77422ee15d519f65305e5c2c60b4b6b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f21a5f0753b575f0380d7cfb6464eb9 |
| SHA1 | 0cc1f968901b2072e4e18be18c4d29865c039375 |
| SHA256 | 64abecb4be8a97ecf553bd629e9bbd1c2c54ceb87970ed24e51f82b2279b2fe3 |
| SHA512 | 702059a726b54096bd8b448ebd86aea8cabe87dbeb4743e240b9e33e471284d0e81a795adc149a2caa086528b5bbfcf8b89d5ea3fbf7d9954359929fa67d9b6e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | afdf0a95b0a07466b99d91aa51084508 |
| SHA1 | 8c4de25343d1c8f4594e424cf89529948ba16cf8 |
| SHA256 | 2305645e8b6aed066ba6082a318353ae05f462e81e92cc9fb1deb28cc47bf85e |
| SHA512 | 20c49a35d2ed00257e07e50249595c676db154a0be38e18e257ac886b57d75ff377f534f6d156389293e977e938cc15e332f343a979e3697df57eae32bacff88 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac5e05d7aacaf423079022512525a8b6 |
| SHA1 | 65ec8b7a39fcd4eee436344c6c49d9e8b8b8fa88 |
| SHA256 | c474d6f5a8694c861402b6b2f03ea1615e950d72743defa9aee4976002933ffa |
| SHA512 | 78d16fec352f71d15804f0e1f4d3a8dbf736e27b20d6eede5a9e673b8ed34b39c8597dd5511ee8ad75ba71e2b3aa2a1ca3cf8b2e9187b2fee96c554a85c9c051 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | ed9e54c4b5fab8055263c66a5cb5a0e1 |
| SHA1 | 938830437f0303257bb34bdf641ec0dbb0b91a54 |
| SHA256 | 359110ad42ba4b634f8c5bc8c2e83aa0c2339e4081f6496c60805352749c1943 |
| SHA512 | fad1b8e6791bc3ca84c3e60bd4f4db6f99422443224b8233126c0a2c80362f062fea0ecac38037374ff1536a0885a29194281e9c7178f7b5c34f3c72ad408069 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
| MD5 | 822467b728b7a66b081c91795373789a |
| SHA1 | d8f2f02e1eef62485a9feffd59ce837511749865 |
| SHA256 | af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9 |
| SHA512 | bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 804d23641a4c9318113bbbe598e0bb30 |
| SHA1 | 6680079e7fd0eadcd8459de0513a3c3ef3418f12 |
| SHA256 | 67e1d7837b609b181228b1d6c09119842c4c6f9647343308f75bb5f9a8241bf0 |
| SHA512 | f66e29932c9102df71dbc63f23415b0f0b86b8f53c19f1042d8620aaf1651ff3064c956f55555f81ae495dcd74452a57e3045ad4eeaaff15524b3cd32bdfef65 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | b9a6ce2d8d958f97f33e4c90383555b0 |
| SHA1 | 1dfc439a009c45eb482547d65aeee88675679279 |
| SHA256 | 35c92a56b5f0f8520f27ee9b8d093c80deeb4f7599dbedfa8619559986db3c03 |
| SHA512 | 0395ce6722e8663e946c8ab45bf6b28dde3d77c42ce893dd5d9174bb1c2c287b5ec4cb165ab2c606c13b39a72af14ea2d1b63bd3f21b766f8969b6d18db920f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_45E3C223BCF135987E4038FB6B0DBA13
| MD5 | 19ce58387d6c8226159b5eb1a5515668 |
| SHA1 | 9456af6f37930055a421ce50be49a064e30e6e21 |
| SHA256 | 148f8d55142c0bb49fad60ec4f3d1013c940bca6c51a838079d278c15f8c597c |
| SHA512 | a71daea8a5198f75edc751b5dcb809b0100137cdb04c9b14142f153039305cf1b31bcc159ddadda48660cc7b0e7f9aaeaa2b45df70d4a725fb756f3d8b0006b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_45E3C223BCF135987E4038FB6B0DBA13
| MD5 | 037ae8164352ca91e80ad33054d1906d |
| SHA1 | 1d6520e9f51637e61ee4554393f5ac5eddb18ebd |
| SHA256 | 07c018eb07002663d5248daa8a65eaf587955e3db45735e7e3ac9cb13d7d664e |
| SHA512 | a092a9e43bb47bdb0e081bd4f2c0ef7c6f0ab9fbe3babd624d577186ba52e52e86209a527ced887275b74aa127b03e83c476a2a39a1d6dcf0ba1d024e7bd7730 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EC75F5AA71E6B4D120A787A5C89A7F25_0EBCC4DA882898F9D1F9734B03E08DE1
| MD5 | 029cee0091391a7b6d0d7114aaeebdfe |
| SHA1 | 0ec599ce840450eeb92ea3dc4f8bc28dbf387f25 |
| SHA256 | 3fae964675b53aa3d3b2e764b2cc8b1636e1429d4ee161f21d3a3e574331360b |
| SHA512 | de7038816e1886affa6c31850aea9a44bf23c5d41eedd6fab0bcfdacc43b92eb1e11e058782bfc11f42f10d5c435801050351063811f005aab9e2ae48befd1b6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NPBB818\BI164HM8.htm
| MD5 | c28e85dd3545b9ffa1bf23d147c7dc6a |
| SHA1 | f2f77dcfc1b4dee6675a51ee0f826158b8b579de |
| SHA256 | 609e974eb635c0d884ee5adaeab5353f39f82fa1a3b48a7c2f185476d003a8f3 |
| SHA512 | 3f7bc9d400d1c81fa886aaf830e672889671db72e7e58e35e05baca6dec0f6349f80338d673c320da85caf6050ab35ca23b1d5b65a4f02b4ef6909003e6b6f19 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3eedc66c10e9d866421bbca319d6fbba |
| SHA1 | f7eab4dacf4e2f13b3723898a0dbc9350b713fc9 |
| SHA256 | d068134765dec6e63f58e8421a44c419b8eee1c0bca228f8ae14e119b84056d8 |
| SHA512 | 543ca75cf8b7e33cfdbf78af05c39a7e07d1b45d18cea58071e00161315da4276870624a9a378cf29000837d0edd520085547915140f02362f5204baeb79ba13 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b0e919a7c404f374875f766fedb2180 |
| SHA1 | fc0c07594cd96675826c45568dff2fba4348f9a6 |
| SHA256 | 9738faef6edc187ee341e02c06faa7db869a04a21d8477ef19f2507ed6afc52d |
| SHA512 | d1621f364442f2575f45226e92f65a9cef3b761d4f183576ca688cb3b4db43743f0a305c2eae04b4ca48b62b1490dafe2e667558fe0dfaeeb2031a31a8817038 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab0d594e731caae6a982c2ddaf74ccf6 |
| SHA1 | e4c0dc2e7630c7a24b582515a53712fe96091121 |
| SHA256 | 6316134510bc28fc6e4acd732dad97fffdf25e2b5b43c25a29bc88036ad0abca |
| SHA512 | 1c2e0768774b4e53d6dc039f0c6bf79c0aa986db681f9311906fe77b86132abd7df501dd237509bc9fffdde058aac9395a30973af56a6fb41905b5d722486590 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e50dcb6706873c8195a39038096c81d |
| SHA1 | 5f686b5c8c818360b295e3e0bd606abe80b323e7 |
| SHA256 | 4815d8dda992ee6459c797688482ebb553c3435b2f075f9fae58dd29e0913b2f |
| SHA512 | 76ed51ec7b4b78d2808dbaa7a9867b712608c76e320ad78e2c61b53fb899d758aa94af6758305881b8e512decf6ccb7ce0c16a8ec1baea8714766f2233544b7a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d0633a523a5c7b02928b6564160ed40d |
| SHA1 | c9ea9a89428a36b6b3e6adcdbca811a4016510b2 |
| SHA256 | 74144ba4ec052cb81dda2e34b53255e32d1b6fcd296dd3ece9ec10e93d728015 |
| SHA512 | f2ade82c8599830d6169603b15886f8d280b16b1029499cb456d969a2600b789d0471d63d70e4ce8333dc30781efebfdd755d94e296a93a18ca07066ddfdff9f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f42771dc8ac2dd04b094f96811c89522 |
| SHA1 | 31c62fe7991602bcabb4cc21e0afb339d2621f1f |
| SHA256 | 567f602546c1209f0fcc789d1008eee2a68de0cec9a88d66d63d804f2f71972d |
| SHA512 | ec553758fe70984a1f25565aa7cf732ebcc03a17c17c7846c2311610b6d6790223c49b08cc0193a6185df4769f23139b23f49e7b92b62c7b9cc644dc8c56daa4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ee87782da5f7935bb936a8a80c21394 |
| SHA1 | ebe11dc1c67358cbe0347344b8fdc4ce54200bd5 |
| SHA256 | dcfe906fa375349b4eaa8468b5ad54c3234148a214951aa04cabb07ab2020669 |
| SHA512 | 01c0ef2d13a09784e0042536149c435104377856586fc39eb1ccf86e84804ef7145e7674a9a36129ca0b0b1cc93658fdefb444b866679a011ebff84ede6b8e6f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 13193b11ab9a8fad621aa1aea4b61e5b |
| SHA1 | cc640a6b27b9b645ed91a8a3f8d0bfdccbbe6c39 |
| SHA256 | bc61bebc1109d991a1acf8a229da70e6aae95c9bc866b08d8d5939b2c37a9ece |
| SHA512 | a8966aeba43595a81c15bcabedfd8260669fc2588fa81e89bee11a8fc07caed3c0c8ca7330152c80a5645d8218e7dca48fe156dcbadd8987982b04c7d78fb09f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18e47db26f3c13dfad673f15e9b2d248 |
| SHA1 | 71f97bcda4219c5995568c23790d4ff96276b84a |
| SHA256 | bdbec6abd31635d2ec423358ddae3c784c9195c149cd8714485914fad401e0d7 |
| SHA512 | 6b28f65bb08bef6b5cedfc1d73d868853e8b3536cab709c95143afdd5afc595958c8435a54b2d6fc58fc0c8f39a0d76e50c603d12e4f52c5e400048dd8a3c187 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d6ca2c37f40ed274c8d9efc48453009 |
| SHA1 | 5ec1f8206beb8555aa17f411965655eb12948187 |
| SHA256 | 226472a525806f34185e5234caed743af33a975b765de10cfad6dcaf300ced1c |
| SHA512 | dcf8544f1457df2b4fdb7ace9e460cbc465fb61347e1346eb6315d0ac2438d7ce92f75b3b830eeef2110d08f92f30c5e2fe0f373698f6d37bcb0ea409c208afa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44ed718268be7261004e83f16d063d86 |
| SHA1 | d18d1ae6ef89ab68bf8c2ccc612eb849a41a6840 |
| SHA256 | 419289b7d7aa4050a170a64c99b72cdbe4a972153991bdafb731db2bc7ae83f5 |
| SHA512 | 1426d904f22269b8e5f6431982a2922b3bf1e00958814a4cb664410817b0e8004a8d8369de28a53feb348fa3c02af5fb7395048aba6efc577d5f5f53dac8c63b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 53eb5e38bc308af568af295c1fd6a965 |
| SHA1 | 2f5c8d09a51496067e54b8aabc2a06322ce3fdcc |
| SHA256 | dd115ee3007552a75d2e3c26f65907d0225a9bf8dd79b2293cb14b8aebbf9bf8 |
| SHA512 | 36841f87738389cd39f36a6816432d64faddaf45b4cef693fb18a88fb66389498236755ab2549cc144ea35a5903efd7593d633287c968bca8afd5f5bd8bf387d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04c4193b7c20cecf30564b703315fa38 |
| SHA1 | 8fb7996bebdae3ab83751d41e525c5c7ec651b57 |
| SHA256 | dd6b116ef6d23ef20d1c9c5d81dffc7297dc3bff7320fb0adf570fc73d1dd5db |
| SHA512 | 387b4edbb375e5f08be9c453de5aeceb137b1f24ca28cb9425c3ddaa6c8eab8cee9ec0f201070168bbd8e6167d88e6d07872ae2fb1382e8d4e132aacfcfa75c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 815510fd7e842c169dbd73498cecce32 |
| SHA1 | 1439cce7762752b7893906a1473dee8938f41cf9 |
| SHA256 | 4de9ad0639e17e93f5425c8b38ca9fd65d876b49d4134509462e7b383f741ad0 |
| SHA512 | 23955a2dfcaca7bb2f49447d0f05ca61ee56c3768b21ce1118722328462d17996d3dc287467ae7e0363a8d8f627b8b4e61739ab63d7177e0f8b457f833083b3b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 459a54e931ac26f5e1188d7e44b4fc5c |
| SHA1 | 136b486f8b37d9f0acdeb380827ce89c7e2ee77f |
| SHA256 | b89cd54dba278bc52472e0b21bf0bef72d7e07d2690dd98d77726e9fad97ab20 |
| SHA512 | 117881f21d58538b823278e9888db0c3aa7f85ab6e67972990c5b897e2a7001d8e9f195e856eb33ec587d285fa2c727d865766bbc590b21194d7149de5ee98ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4da02f44f99f52a7938f996ea6500cb5 |
| SHA1 | a09875c77087a12194853814a63b9916041fca67 |
| SHA256 | fc1a8b61e0e7707017f65abac2903be48e0934f3a39e7402985e77bf3b781aa6 |
| SHA512 | 5e9a64c460433d95c6d5fc350131c4f19e31c4d90b855e45b18bb7726c5eeb8e0cdede0d803254f88bd5ba82038272370142f4ba7e136a1157b94100c1fb734f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80ca7471af97fb040384edb1d518a515 |
| SHA1 | 4134eb0634cbd64e290cc8630e3a9bbd138f4d1f |
| SHA256 | cddfeb0834886a325a42ca270a4c327c768c2d79c0a707734e1d52241559e9a4 |
| SHA512 | ee37d99cb71fbff36e7c97cb9284b50298741b4996c2b4ecc0e7d49beef11904730f9f0eddb8c687de61e60660330e320115d2e74627f5a3866fe45a8c344245 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f8e7e238324eb116aff63bdef9174554 |
| SHA1 | 8ced1fe56a46cca6b490409830cd84f1b9615a0b |
| SHA256 | 67e0c9b1c6737d8f50999df7594bb60829b2caa30a22818e294488ea9e56bc94 |
| SHA512 | aa6902ef0beaf8ca1fee0a22c5cbced75c8f3058b231a51e94701a0d4626bd006bac6839ec066337bd08f817c17a987ad0f0ef0949bc7e4baa5688c07fe1fec2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e1c5fafbfb445e2992ea3b6b6d4e1b98 |
| SHA1 | 1285bccfa880b99be44453b113a8935cb65af919 |
| SHA256 | 03b8cfc921713f0ff21a8e3f62cbdcfb4a030d142e9c22f49c3b05786f56723a |
| SHA512 | 0c3cc4ade2dcb0c397ceed81696d22ee4eb83c256c8a651b8257622c15ed784a8d249dc94731812567f5a9266a28415d3a627e41018c1facbb3ac87c1455d244 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3dbdfd8c1adc760f418b7b0afc6d0e45 |
| SHA1 | f5cb43c81b2d220a4aaf7e9ac5f5ebffd8256943 |
| SHA256 | 33717642adefa706ee68c5f4a7461d586100088cbda1a6ebf7680b33363ce230 |
| SHA512 | 80547f12ee9f43d96a41b352df8f4a562514790082c51953bf8a393e36b56d449a7c743de72f5c477a8c68f63d5d0f65649bfb17045006f8afa84439ffde7f43 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6cc90175c01f519b7e8a3489d16ae78f |
| SHA1 | 39280700c97cc4e97d95678bb72402ea55f098bb |
| SHA256 | 9c21f4aba816f8f2a83494f610a6236dc5156868ea33d93df5d11a1e632b3373 |
| SHA512 | 3af4c2f502573a66c83c307902190af8e9a4a0ebeff97fefac3e438c49e3a59d51625af39e2d311781e7350f15ed943d85efb94925360704b15b201b731b763a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b8707c7eb9dd35d02a2b53e5c1a1122 |
| SHA1 | 975f8e87743d57e7daaf1cac0391ff8d5aeb999b |
| SHA256 | 4bddfedde0657edf088fceafb2b21b8f8e4246ca7184abace601440dbb4adec4 |
| SHA512 | f5d403641de3091ca0a710c231f84c963f55172cc2262847f10d0289cedd7a98aae81e88bf864a72e48f9371c05ede0f2cc225eafdedeaa06734b9b893887931 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 01e28378974d12c9598268357619fbf6 |
| SHA1 | 6bc973e92685d7bc7996bcaae1a9f15f8757dfad |
| SHA256 | 27984b0c3c8019e26189ef7de8e4dca4eaf43615fd664cd43759ac8e6445a5ac |
| SHA512 | 6ec579686b33a5ec34af3c3a0e8b94818ac7560e5242565eb60c62670134da9ddd559060946a22235fab694b83b7faa1d261842da01d4c6a7f100766b26ced41 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a6afd89f220c2947881f672cc676ec59 |
| SHA1 | 9d789c06ff928bddb44c3d548c34e92cb3a060e5 |
| SHA256 | b57adc97ab6cde1936e778a94ca62267757843bbd5f1a4be05436fa5836c5600 |
| SHA512 | 226513de92d2c4d8a9a0b2e02822bd5f198d44f8ac86586dfb80ad6c1ed946865c6b062013ebb266c617b74e3a945b0cec60439255325fbac733677209aff0c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d6e6aa4fcec39d01e2715c9531d318b |
| SHA1 | 470dbaafa75013d0fb68ca3f2c16bf41423fe7bd |
| SHA256 | e79b6ff9f6695d3adefee51acc8c19a01cc5bbb67eaabd07173bce97ae54f749 |
| SHA512 | d4bf724e446a4520deedaf1e747e332e86c16f1f2039fd2f8173d4e6754eaee373a6506539f86a43437a4bb2d978a034d0d8f93b647c6b84a45f5949c6b55cb5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d5cf0789d4bedafc20bc3acfd52e682f |
| SHA1 | ad102860157e44001aaafb5ed278b9803d794395 |
| SHA256 | effa37f6d98c344446240515de294d016b9d6f8f02cdd66dae03fc0a8527525a |
| SHA512 | de3ef4d43665e6db113204eb4f324bae424ceeb083a58429807395807b9079d93b51d830009e4ae6a94baa3b8c721429d8aa4e1e1798f16e0b863e0396bb0718 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 687c890ff996934be15f4445ae51df37 |
| SHA1 | a9eef417c899a955460e53f50d2b75e8eaf90189 |
| SHA256 | 352ad739d58aee0b9021e6021124e2d9a7d586b43ef8dcef82f95763c75fc60f |
| SHA512 | 65069fcc59e486e1df2c084f134e7b5af5d45c984f78d3aa3f236c37ed3060fe45da49c161698f9b34c9ef5e9a653124aab502ef7e2862853c50f937ab65139e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8618bc13649e38d9e4d313c2d75ff745 |
| SHA1 | 87d25b26047f5d2a28292d4fe8db26d9dada4d6d |
| SHA256 | f8a64b5dcf6acf6062a20974be6b941f98e184a145f6910d25c320b29d223d9e |
| SHA512 | 0bf735ade70c751a58512847810e595485e1e8aa62c998cda86e6591fa7d3c222646098b58a431598c526351fd50e7b0fbb60b210222ab0f01fd7f127c4eecdd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d89dd899c7d578e489d1fe122f1755a8 |
| SHA1 | b47eb229dd5aa0695c82db7e14303453de004a73 |
| SHA256 | a62c239b8b0df1c966a12ab37a20b372cd254b5e50c27c9163283fc8d912016d |
| SHA512 | f9fc0143c641c1bd9a6d26a201177248996a20453f9421d8b425faf1249a55ddccf337634660a475edff3dc20c4e3da7c72cc55318c7ee54ad5c386120c9cc7e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be12bb7db6013e01ff96ff5a8d0d94eb |
| SHA1 | 676f184081ea95437b9f854038ff49e8d794e1a8 |
| SHA256 | 59fe7ac898e5fddcc567e933b3c2d544366069a184cf94f58897c52c3af411d9 |
| SHA512 | bfdc896826947129eafe4bce69168f19dad1b0eb3ecdc70d4f35e26f2f7718a7ac7d001f9b87279d838bb00a2d4c98e4b6fba2cf3e3b0c4f34b3b3a7e07386b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c9cc5e21fc52455aefc2fe1a6ce38357 |
| SHA1 | 707f81ab7d1addc4dfdf69a0a58d2369e6c4c8bc |
| SHA256 | e544e714c33dca0a053f466421e56740455c6bc763ed5139f75233576c7a505a |
| SHA512 | fea829c9d55c0a3f325421ce31a9b22a4a88d00e0c6ff36791dc5ee4ced740353409706d774c7c1855633decc4b6f02701b54df3ad571b998dc72ace77c2800c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc86c44961238e572d770b5bb70f540f |
| SHA1 | 1cdd655bc1255f7bc26149ba83499778c081f049 |
| SHA256 | 5de7e1aa8de0b7421bfb235d7083fad315f7c5bda6c0570324dc92a952b2f777 |
| SHA512 | e8383ffe3f7782d2bdad7b4542ab89f1358651147fa54993139034c9c94534cdceefa8840f137b49372599cd801f19b2d4c20c0a105552ee381a2701c78d9daf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e094f568264fc6f812d84565760d36c |
| SHA1 | 4558e2751efa7c49dab467bd3d70e872ca407486 |
| SHA256 | 513b4e74bc4f52cdd1995cd2d7345ac7ca58ab1d1cf1ca4909d25448020af927 |
| SHA512 | fc013997422c6a9ed7c88bbd26e748a9d8e88678aa9d0a040e571fa2c6b914ae593ef2f8bf3c1c49cd4f2f53fba946b0655b55593c0587365513da9c924c779f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f2a823a973138cda190f431d4d22bb4 |
| SHA1 | 957ea69b132a336d352040b1e88fbcb39053a46a |
| SHA256 | 283094b6d6d4295b554d4fd144ac91959e32d8520b85bf87f63e085903b9ddaf |
| SHA512 | 86eb6856b592ec889133e71b89e1c4d59c21446ae2e1dcca20e8c9b9df903e053c0a530c1c83d8cfae5ccf05bb213c47a44bfc4629d73fd151f5d33443e70063 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 133ee61499f46a01ec9be1ebe1c0d940 |
| SHA1 | 7c817ff762098cd7e5f2e99d05551c7c2e661bea |
| SHA256 | ebd1df3a2402d2c54c36abda0a9d8588c3110fcf871bb9c7d8c048f0a2f3852b |
| SHA512 | db27a24cd41514daf103790d6587157f9724521a694bbc74f755bb01ab578c3e9c2959fa4a4d1f396070c5e4ba12999f5392857ec39f0dff9a6218ade94732e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 978585f36afb49089c27508381c0099e |
| SHA1 | 56cacb5ac435952111a31c3c05d50153e919b8fb |
| SHA256 | c588e1524c5e7319982801258c112d3f03fbe820963b3f600d63b240e73ae572 |
| SHA512 | 0c680075bef7a15573afc2a6d50da9ccffe2864ed7ba59f326a13a4273caca86d7703295a4670560daa0bf411bb22cd662a1d254b625ff21176f6bef6e073985 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 453c988784ba50ad53b0f65a854dd949 |
| SHA1 | 6c47259ee2ddc4d2b91ff69d373eadc3dd45df4f |
| SHA256 | 15ae0c021fdbc109f68a10a23b96c5bca5d7417008a49eb269f0a80270579292 |
| SHA512 | 4c82999e40692014c9904ea4bbc712c7eb30efe0e697b2361e69ad6eb23b968efc7c40cfff0bd0eb5df7515a841b3fb6bc8680fb3a777904a29c5faad8b60d85 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b1c4596723b4eef25c831d9858206e9 |
| SHA1 | 8d96a360a2339e3624548247b1b01827d0282888 |
| SHA256 | 529a2fe9760bcae9cb45c0a20b2c5b33be0da402252778fb708952ea11d282c5 |
| SHA512 | a18329372374ab218fd88ce6eea134b4ccdefed16578b347e83c834ac0541cca633ff2bb1a9d43b827f881a374d57ebc9a326f6c8d25679b3686de82c494cf38 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 895feb7808a18af89004bdb42a862e52 |
| SHA1 | e5cc0f3798479042855355a79ea3a60ca6ab9055 |
| SHA256 | b598f4a93db16d964cd9273c4f26eb1df1fbcb804615a0acfd465de11cf0e8b2 |
| SHA512 | 396b8aabb91565b1d25ea2f172f4fc5db26d55e5d6bee57396cc03d180a24d4e272c37087d5fc0cc333e29ce5da96ff559187a1ff6473706c316593d243704c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2b48740dc631758e5e0bc6877ebecef |
| SHA1 | ee82a306620aa57cb0a17c4d6321e45996c2bc17 |
| SHA256 | 7c8cdb0a59629bda27936eb6109a5874099af137da087ed753e1c8a567d32476 |
| SHA512 | dc00f9d75704925fd7327491a255113ebd1b15a86d487a3dfc2a4e79c26b2c4f6564b2689365bea501c4f583b2cc5e06933e756b04c8181b3b6b889c652ae1dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74c3cdd8d55ff0bec0c754ab3b348c8a |
| SHA1 | 47fe3fd1892583842c2f4d4537fa7b11cc55baaa |
| SHA256 | f2d72a1d2e81a3a1f6e87d27c64bc8f97e5da488927fd770d2891e98d1685ae2 |
| SHA512 | 3a7e00f32024e4adcffa754000f60e5e7b347ea0452e3f43d2a2aff06d64efff3ab400f8da15660a5c17a22a29c607fca1e5836f7212b0a0b51ada4691e98c53 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6794e9cf3201d83aeb5d214747073ed7 |
| SHA1 | a6ef45ffef62354d832cacd64a150843eb89d75f |
| SHA256 | 1fd37606558184abd94d5297f59a649c2015adef2447c63bcd18098b686d16d0 |
| SHA512 | 10812194f9ac1f0582e7a9e88fe75b26b379ba6dae2c1687a7c6d6eb69ae03e2d7f96824eec525fe0e68262673064fce0ece93f4a614372590a162d74babaf61 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 920d1345c9805764bdeacee7ab29d3e2 |
| SHA1 | 82cbf337c5b06e13eb6ec65ccdfecdda8922a647 |
| SHA256 | 3844aa99f720518b6d4a2761b368c3908ca8f250649842c211db3c1f1cc6aa9b |
| SHA512 | 8fd5b80b087eee30b16ac635148a3ee9a92694e7cdebd27a097777c432a192adb883a183e374cf56154ae57b766c68b8fda91c6df97bab77e1c15dcd3c769a76 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | b8e8ad1d48a32ca8278b406f0b9fb9ef |
| SHA1 | 1d12eb3347f735c20faf8ce89d0eea03c6d33d18 |
| SHA256 | 57d6b30cb38befca8311f04d5a456cdcfde4f0fc92b9c5504b7fc0db61308384 |
| SHA512 | ac3e81fa6d106cda1ba0eeaf39c5fc4f418da552747cd6d045e94947334172a452648c3952e26a244e27f9a321be4f4f1dececc6e48906d0499f8829a52723f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40bc7a31ff9f148ab312327498af683f |
| SHA1 | cb3777bd48876171ba64f83f01699cab24dc5a5e |
| SHA256 | 04e9a4dd16378cdf8e9f6a18f728adddc2e3439202d3ace7b579fd33dbd1b893 |
| SHA512 | f3cd3b4ff13f8d5752719374d87386eb6959c2ea62c5d85d5e0177bebdf88b6fec989bb6ba0882119053ebf33f50bb1e8dc21e396c828e66d828814c715fd2dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e70d32b088187eb77e487746b62a473 |
| SHA1 | 55f8906c51732aee6fe57b862ea50ba3235170b2 |
| SHA256 | b1d0a0b3782cef77c445b643bec91dc75844227df285fe4dcdc1fe48572380df |
| SHA512 | 7c46fc0d91f703a4cc3fb3bfff33c2fdd9576fa99837a39c4803eb5be9d38b7b8052e2be1579856988efb696617f1e4613731b99deeffa88145c365d78477998 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0fb1571d87f32859d9487045e168cbbd |
| SHA1 | 1c79c89710cc83126398eea391595d218bd61202 |
| SHA256 | 7839b3f797ae19885768298c07893244085e43098df52475f8e7f6deb034bcf2 |
| SHA512 | 1ed414a176bafed931b56110e314bfe870f58f0219a0761df575c31c7aaf61f5df63b28b9fe8288cdda632008e7c2843d1a50b3d6690a00b7677a130cf7c2bea |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-29 09:31
Reported
2024-05-29 09:34
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
149s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\80456ef21d3db747c4e56f0763cf6703_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd711f46f8,0x7ffd711f4708,0x7ffd711f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,14698822647026676587,12154664301053984724,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,14698822647026676587,12154664301053984724,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,14698822647026676587,12154664301053984724,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,14698822647026676587,12154664301053984724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,14698822647026676587,12154664301053984724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,14698822647026676587,12154664301053984724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,14698822647026676587,12154664301053984724,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,14698822647026676587,12154664301053984724,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,14698822647026676587,12154664301053984724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,14698822647026676587,12154664301053984724,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,14698822647026676587,12154664301053984724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,14698822647026676587,12154664301053984724,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,14698822647026676587,12154664301053984724,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1304 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tags.expo9.exponential.com | udp |
| US | 8.8.8.8:53 | forums.graaam.com | udp |
| US | 104.18.13.219:445 | tags.expo9.exponential.com | tcp |
| US | 198.185.159.144:443 | forums.graaam.com | tcp |
| US | 198.185.159.144:443 | forums.graaam.com | tcp |
| US | 198.185.159.144:443 | forums.graaam.com | tcp |
| US | 198.185.159.144:443 | forums.graaam.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| BE | 23.14.90.91:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | www.graaam.com | udp |
| FR | 142.250.74.243:443 | www.graaam.com | tcp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.159.185.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 104.18.12.219:445 | tags.expo9.exponential.com | tcp |
| US | 8.8.8.8:53 | tags.expo9.exponential.com | udp |
| US | 104.18.13.219:139 | tags.expo9.exponential.com | tcp |
| US | 104.18.13.219:443 | tags.expo9.exponential.com | tcp |
| US | 8.8.8.8:53 | 243.74.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | up.graaam.com | udp |
| US | 216.239.34.178:80 | www.google-analytics.com | tcp |
| US | 198.185.159.144:443 | up.graaam.com | tcp |
| US | 198.185.159.144:443 | up.graaam.com | tcp |
| US | 198.185.159.144:443 | up.graaam.com | tcp |
| US | 8.8.8.8:53 | 219.13.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.34.239.216.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | s.tribalfusion.com | udp |
| US | 104.18.25.173:443 | s.tribalfusion.com | tcp |
| US | 8.8.8.8:53 | dpm.demdex.net | udp |
| US | 8.8.8.8:53 | dsum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | sync.search.spotxchange.com | udp |
| US | 8.8.8.8:53 | a.tribalfusion.com | udp |
| US | 8.8.8.8:53 | us-u.openx.net | udp |
| US | 8.8.8.8:53 | aa.agkn.com | udp |
| US | 104.18.36.155:443 | dsum-sec.casalemedia.com | tcp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 35.244.159.8:443 | us-u.openx.net | tcp |
| IE | 63.32.160.254:443 | dpm.demdex.net | tcp |
| US | 8.8.8.8:53 | tags.bluekai.com | udp |
| IE | 52.213.222.54:443 | aa.agkn.com | tcp |
| DE | 3.71.149.231:443 | ups.analytics.yahoo.com | tcp |
| BE | 23.55.96.210:443 | tags.bluekai.com | tcp |
| US | 8.8.8.8:53 | 173.25.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.160.32.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.222.213.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.36.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.96.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.149.71.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 612a6c4247ef652299b376221c984213 |
| SHA1 | d306f3b16bde39708aa862aee372345feb559750 |
| SHA256 | 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a |
| SHA512 | 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973 |
\??\pipe\LOCAL\crashpad_4740_MCUYFQKVGQHMRGEQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56641592f6e69f5f5fb06f2319384490 |
| SHA1 | 6a86be42e2c6d26b7830ad9f4e2627995fd91069 |
| SHA256 | 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455 |
| SHA512 | c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2b5b20362323ff56a060b7a4f2e60862 |
| SHA1 | 3dfc8845fae7c9e0c19ac95fad6fbe71f530f5e8 |
| SHA256 | b954b594611113ce3385e852cb0d3bd8d7d7bdb8ab6b455b41f6b9693507385a |
| SHA512 | 14ad3600d68bd0d4900a2e54f6ab7993f5925ec8f9172e487e32d0f15ebe892151226f9db94497d95523a441dffbcd0f5eefd43f49e3e9fb3a729ca50f7eac15 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fa11fd95f94be7ffbb537edab4c47a19 |
| SHA1 | 2347256bf8f163e2898df853be5e135b6a109896 |
| SHA256 | d3c04dc3e2a4bf718c26c00407a8b86fe2552cb0770aa460fd18c97885ccd24b |
| SHA512 | c1f33d374b18ca49d8e1385848cede6e1e3e26ecb94adce5d526259c2c7acd0cf8afd5784de22d835d01b663de967a8038fdbb3918f9f4a6948a92ff3f0c7919 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7022ddc955f59a11e789f0ac22806600 |
| SHA1 | ec79efb21a7c6abe2eb94406a413d35ea398b87d |
| SHA256 | bcc71b0c58b53cbadd0cce0a392b0344496f4039ae4bc615d33d479b1083613d |
| SHA512 | 646c7c902d7a6399fb3395ad7008721720a34e4e1b2fd89bd1391406ed38aebbc596feded805d9771621a31aa1a893cf77d3e44a4d8748dbce9304d15b0a25c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1f91e173f349a26b3b2d68696d20a83d |
| SHA1 | 0f775a1d7628a93b914f89d4af018f3f3c718f3a |
| SHA256 | bdc6b5b6dabfd88b2c1d81f11cd8b5f4450ada2b862bc8f5a4e56550d1819666 |
| SHA512 | 84d6569bf22da75d1de436ea434b47f2a72c4d2761351d2605ad09fc95aba9bb3341f070bdef2a514545bf36fd1c605633f338e2d1a78c428f6080eadc5b9de9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | af4f7aeb2a38b35f7359af7516d98b8f |
| SHA1 | b3286cb071a33ca4b05190d7bf8a9a5d3c5c3587 |
| SHA256 | 5adc002809dc6e768b78359eb59ece2f2d6e3837057d406f9e758a8bbec8e3aa |
| SHA512 | 8c27343ed7887a9f8d45883b642a70e85459b18424a24e6899ba86d2008e6ed3bb62d479d2ff4f3fbf3945128d83c96736d7ff6c084543da7fec361792a274e9 |