Analysis Overview
SHA256
4811ddc12ceb9ec87221bdd0662ee553a57fb081eed45f509009adfc5ea354c1
Threat Level: No (potentially) malicious behavior was detected
The file 877bd3aaf7c6ce9723cf432db3e1539a_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-31 15:29
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-31 15:29
Reported
2024-05-31 15:32
Platform
win7-20240221-en
Max time kernel
145s
Max time network
150s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90ab66776fb3da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9FCB1F81-1F62-11EF-9201-6EAD7206CC74} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000029cb7335d8452145a22ac7a3fa726e7d00000000020000000000106600000001000020000000e88466622a03f15e62b84847ae0ab1ae8ce691ed5122f7e368d8c94a610bd0e0000000000e800000000200002000000072d250f9f80e3bd6528402b8b41a663e1c527d0ad67ed196dc74f098a5980f96200000008c69fa2544bc3bfd0cf3c587365e44efa3a3858f532fb9f7b17edd5956b232d940000000f86a06f61fb3bc6f4eb333bfefce5834303a4a7b64a9c7fbaa5f58d129e7d168e8a8aca5fbe141ceb17084158b3b83af1ccceb44ef531e67eb196dc5cce6b76a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423331261" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000029cb7335d8452145a22ac7a3fa726e7d000000000200000000001066000000010000200000000c2f1cbb4d5ecc46d13f7f3f7bf095c6ad56bff0de412b5612416fb19a5424e5000000000e8000000002000020000000b7297fb696e058c4b6b70d97019a8253cafce13a68c0e045987be1945dd4218f900000002820ca8402653552b035f05466af20280275d6f18001f9d2ca1bd13b362af7966dae0b076037ad0b6b48cc990ce8e73f7582760cc899c29d3aba5abc3bffc0910168cadf7593f21faef8b90b449b7c1686c3b8b549da89821501ea0a6a472664ffa8a2f0da9017173758327c9ec4f2fbcb8953c54f52accf5d393264790c29c7ff67889320b766cdb3e317107b7c20e140000000716146b4cbdc25f16819619293780196a2da945e092fd423687d2fe39f4ba7f7d0c5ac51969c5a7aece98b8e235fde22182e19f2b13310260ae939eb526d43b8 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1524 wrote to memory of 2940 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1524 wrote to memory of 2940 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1524 wrote to memory of 2940 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1524 wrote to memory of 2940 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\877bd3aaf7c6ce9723cf432db3e1539a_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1524 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.sexuria.to | udp |
| US | 8.8.8.8:53 | img200.imagetwist.com | udp |
| US | 8.8.8.8:53 | jdownloader.org | udp |
| DE | 116.203.240.177:80 | jdownloader.org | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| NL | 185.107.44.80:443 | img200.imagetwist.com | tcp |
| NL | 185.107.44.80:443 | img200.imagetwist.com | tcp |
| DE | 116.203.240.177:80 | jdownloader.org | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| NL | 185.107.44.80:443 | img200.imagetwist.com | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| NL | 185.107.44.80:443 | img200.imagetwist.com | tcp |
| NL | 185.107.44.80:443 | img200.imagetwist.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| NL | 185.107.44.80:443 | img200.imagetwist.com | tcp |
| DE | 116.203.240.177:443 | jdownloader.org | tcp |
| DE | 116.203.240.177:443 | jdownloader.org | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 8.8.8.8:53 | ads2.contentabc.com | udp |
| DE | 116.203.240.177:443 | jdownloader.org | tcp |
| NL | 185.107.44.80:443 | img200.imagetwist.com | tcp |
| NL | 185.107.44.80:443 | img200.imagetwist.com | tcp |
| US | 66.254.114.171:443 | ads2.contentabc.com | tcp |
| US | 66.254.114.171:443 | ads2.contentabc.com | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| DE | 116.203.240.177:443 | jdownloader.org | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 216.239.38.178:80 | www.google-analytics.com | tcp |
| US | 216.239.38.178:80 | www.google-analytics.com | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| NL | 185.107.44.80:443 | img200.imagetwist.com | tcp |
| NL | 185.107.44.80:443 | img200.imagetwist.com | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| NL | 185.107.44.80:443 | img200.imagetwist.com | tcp |
| NL | 185.107.44.80:443 | img200.imagetwist.com | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 66.254.114.171:443 | ads2.contentabc.com | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 66.254.114.171:443 | ads2.contentabc.com | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab6D67.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar6D89.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab6F5D.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar6F60.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e33098953628cbe28c18f0e3dfa9f8ca |
| SHA1 | ed0b027ea0ba8e4d99dd20fad6b50f91a064d2df |
| SHA256 | 35204863d64a0b9789eb0ad5ab853fff6f4aa427cc695bfeb5f7c0a271f90fd9 |
| SHA512 | 8cdae2531f1c17cc96abd08142e595ead5358e6c6d02cd829896df682ba08c875b16e17d3492c694229444c124077e091c831c76bbd252ffe807c77387409166 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa20155435e6f4cd9990597c7ff88a91 |
| SHA1 | 39e3d29e3ced0a0aadaccd42e5ab8c27781ccb60 |
| SHA256 | 2783077b69787d228bfa5ee3c1edaa5d13ce21a57f299c736f3982bb608d7978 |
| SHA512 | 27db451222cd7c443cd1470ea346539816a15470b4d856bfa953d0d2aea3fe6c829d39122e67e477261457040e7b41e9ca743747a1404be6cbf7a459887ca2d8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
| MD5 | 1048573c91abd35b5d120d9f8d34eea2 |
| SHA1 | 9ae4200172ad8b8d46ce4475f2e284eb86b864e0 |
| SHA256 | 67e80f302f2cf5ca93c0462d7e79c880d7afc296698d2a5c9ceda51e5d577ff3 |
| SHA512 | 1cb72389ea41190edd88b31b6975a8fad6f33a8cf9349a4a3163a9109d46d94e902a3eabf1e5739e0a076a6870a6b37f9630f9b96c9adbbaa12cfda93cc87679 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
| MD5 | d8ccf258f1e7a12df56d59b3ed62ae03 |
| SHA1 | efc3df6aa5560209c00bf43a001271343dc31162 |
| SHA256 | 046f98c5955af4fa041daa6cd505c896b878f578fa24c2273a50a6bda8c8ce4f |
| SHA512 | 826468d4982d34628c06bb13efe48019b0d6f5aa540a9ee63fd0f9c31c98f135b192d724afaefcfedbd66eb0c0639326456df52f1ad170668b3f268f34cb6de3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb8938dbe11e0b0860eecd35fc9d2996 |
| SHA1 | 09f99d3963ef5bd5bd068ab6bcbe269962079211 |
| SHA256 | d7e5226c2d91f3f762db28fd3452e1a5e1b2b28bbb3b3e6f47bbcdb3ff71114d |
| SHA512 | 106df1d88961628c28f1fb98803984e1f8f36a566260f1b3f6475b74aae7675986cd894323a5dcfc1aed1859c9e0f92b8c7fd349fb1665f4d2238b17a6ab34cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
| MD5 | 8d2ade35cf3c2d6152fc979fe124d4f0 |
| SHA1 | a21e0f93bb036dc073d4cd82db245d1e0429c7e4 |
| SHA256 | a75823a7eb1ca0aba575367efba9addd1da344b9cbacb24720bc61b29bb2841f |
| SHA512 | 4c727978f56c73d309c6dcb195b9777eee2f57eb0560b2a3ca8692d2587f360f4af85b725b435139db2fd6e91b7f0848a4b2ace9ff19cf0be569b124d0fb8000 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ffefa41b294bbdccfe5b12102f3c8efd |
| SHA1 | 9e172088f99c642e3013c8c29d223b2ce210d01f |
| SHA256 | 89e1df11d05d2a19a6dbbb203d21a4d7d7ba2840844eca7bf7fd13ee538c9f6f |
| SHA512 | 278982e2c3e513af6709d3b750c4a1abe8eb570c24d80f1ec4924cbdb2d280af0ebc996c6c01aa756ef6027bb3883be79f552195f75de3b42358bfc157493bae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4CDFD1331FA067A86F509BAEA133CA34
| MD5 | ba63438412346098badb9173e2cc705b |
| SHA1 | 7afc9ed4b523609c5441477c2a8543cd6452807e |
| SHA256 | f808e3eb82fdfa524db65ed70dcd798d1d249ea694f9cf0da630c0d3421a5cce |
| SHA512 | cd068faaef40a3813a386a686262ae58daaa84e0149690e1c9780c21eb2e9fc9e2a334561be772b200e94830fda3842f88a13da829d41ef15653718970c903ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4CDFD1331FA067A86F509BAEA133CA34
| MD5 | 302a6a514528962c7a151909eaf1e143 |
| SHA1 | 464b26eaed7bf329ed3930f9bc2213ddd1010805 |
| SHA256 | d4baf014e264382a3b7ab28701bdfcbd6e551b1369ff2ba2be4ed056c301f3db |
| SHA512 | 814467508b75e2979c1c0ad9f5e4b20f85739d9522f3f0d0e62d1df766b90eebb23d8ee7cd105b46077cd8a0e7d06a7803770e76e97198968bf8c9c5cdd21a98 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ce63e7b869c7891be8874ae16ac9df8 |
| SHA1 | 68b634413f694c80263c3dbce0e7e912877a3bbe |
| SHA256 | aa89b2779ece23ce9c734b96b207a6f3df1d1b453a81fd522503eaece8201720 |
| SHA512 | 8b4404433e7beca3e11c26fbfc56e2dbac26340315240a65e7e7a3c823dceac37886fedac9d80b0fb0da5740abd925151d705153af6192802a0096ef1ba0bf3e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M0HR0P6\poj59cuhedqj[1].jpg
| MD5 | 0bc8d04776c8eac2a12568d109162249 |
| SHA1 | bf52db1e18d09e8a4d46629a2cc33d73984be441 |
| SHA256 | cc3d009865e4980b354ea615270128620d57aaaa243d8593adc8a13a96e4b088 |
| SHA512 | 2b112160f4a215a552c67eee59671fba3b5380dbefee40106ffb9732383ddc9fcf70b3d204053a3db34f4bb483a1eaffd493567d6ec031b0d856dff40cf12751 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | acd451726ac25b756c59b42c1ca47124 |
| SHA1 | 6a66a20659a504c81a50a078c8c1d114466306a5 |
| SHA256 | 8cb362e88298585b49bbb07e7459047bd08d6b70266602c6d2bfb13a6e3edbbe |
| SHA512 | 53a667b4543a3e64b404b4ea101e25e48c06b6578f5d1328342add82a624532e6e00bf57f55bcdce798d2ebf90956a8a00f96f389400a63bd58dd983c64a68a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1d041aadd99565b198ed0fe35133cffd |
| SHA1 | 345edd2172f4729fed9efe32b31a6a4e120f6304 |
| SHA256 | 5f46a498acc30a241a2896c60b1e5f1ba569ec7c6fb1a1ed713e4e98ced7b811 |
| SHA512 | e942b95b86b6067569a67c85d61e7781680a1477c6cfb96872502f7c078af0f892bceb80d1348bb3fee3306652859c69be113f18fc6035f79b8e206a79a25379 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b93efa412c3e4b3f1a022f53bedc19d6 |
| SHA1 | d89e83916bd98aec861c0653b6bb8d963674e1a1 |
| SHA256 | 1a3686b1edbc8a346b4588aabb3b3e0b4a1c38a7aefc05d3d7a06f31ead4653d |
| SHA512 | 8a59424448fc825e849bf12b0c31d11e23b6abfe3e2212997f4040770a39b61d7ff6c4268c649464b14ed627309ce6f2e4d4030aee456a34f6f1779af4948256 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab709ec92cb8017aad673d9fbf7541a7 |
| SHA1 | 9f5e78af591fb6ba980312ececc6cb74dc943f55 |
| SHA256 | aa9a61b3ddca799d4e824708497035f426dd74ca2fdaa59fab995a966b728b22 |
| SHA512 | a4875f211b7d3bbee90a7e931f11cc999bdce9a4d615b822dd2e7c3ab1daa4d7f23402a20d5e3a5971e0c7a4a5be5dc3589d49d804ed94700c66d72204e9d7a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
| MD5 | 969b3e7ee6ba2ebf542724aa7bbfcbb9 |
| SHA1 | cdbb612a0faf94c9cb62ed299e3c750ec88cdf5b |
| SHA256 | 5bc633f2e1f0f1239d3d4252e3bcf9c736116a744d1cf612c2dfa5a45b201a03 |
| SHA512 | 56db86f2d7548d99bb66e63ab2d8ab129304be7bc86e78ca58f55270f28f33600c37ff180cc0073053b7c51d365b5b440f986eb40921da76ff0be391b76d76c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | edc736e33219352ed4d158ef3f504a83 |
| SHA1 | 73819f007a41d2b386ba866e95f55a53a13036ee |
| SHA256 | 7ec820f9f69d83bc6d47609a4880f166835198a38bb471c0035ec084ee6d3a6b |
| SHA512 | 983f409a45c6d04ade96248af2683a6d52a4099a8c3ec571313e00740d22b7f930f96eeba3055c23e19a97ed4b24331f55c736aa7e84cefe0c4c4cd5f88149ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce7adcacb14ee65fc87d4d29232dae45 |
| SHA1 | 5b4b61b55d15195f9a3c6faeaa9a564b70ae83c6 |
| SHA256 | 9e32a32dda55afb42c8ec9891bfedbc86a0156fbffba8ab58887f09e9a4729c8 |
| SHA512 | 6b721ad7a591bac7e3eacabb72d3cdd3dcc87b77650b3b4029c5de1d43932c5d3b7959406d1b77247484a030af06e7883fce91eced900d95ea8f69e2cbd321eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 911f1f88ed4f8bad3157ba2abd72636a |
| SHA1 | 8d0b2707486ec4d7951133022ec9782e4a1a1051 |
| SHA256 | eb937bd290eb9ab2469a40b0655cd53f130a13d06ae71c6a6cdca5e4f8ca397f |
| SHA512 | 3b49f74149082eaaed273cd607defad25a8865fc53df585785f1f5641deec9c875c750cbc9d87f07820dc9db18a27059d3bd937d8f6c09ad59918e3c5f03c338 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32581395a46fa91e4d552921db117ba6 |
| SHA1 | 047946873f57f4013d995cc46d1c7a0a038b2983 |
| SHA256 | bf653dd482bf9f3b8a16fe40e508f2741448c1e0ab33bd11777bc17ad1dafa34 |
| SHA512 | 9f6132ae5096f03b51edf9b0422bd8e710535c2f472c1edbef15758c49930723c4d4e75b1225e67d0690d6d6c64d941fcb69266b9ed66c8ab9691fafa0491859 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 65f6124522fe4cf1d83a0491fca38745 |
| SHA1 | 1df86bd295eac0e082f566f65daba184665f7244 |
| SHA256 | cb14416934b39363ed1d61f791bb351b2e50de4f690b350eb926222bdf0afda1 |
| SHA512 | 6400a4504cd489666198f7a052bd06f53a6748228db3973b6aaf3c457b07eee6f89531f451371f94e880aee5904daf8ad03bdc1dc1ba6c5b53b3a2d70a569c37 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 34fe84441f53fd85356e5394df5780bb |
| SHA1 | 4c338b322e350e24d5cfd33a247895533d159d6e |
| SHA256 | 37b6105ce9abd64612a8c5c7d7fcd326751f1282845291368397490be4dc0c1d |
| SHA512 | 8d7ec1fe2c84bd989152557b7a55c8031dac909a03d344b0f448239785c778927a20f716134b7f2c4177dd2cbdcf3b5b4fee1308083c555dbda13ad3d128f250 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c900c2d9e1f1ebbd4c72d1346bb5710 |
| SHA1 | 0f31b07ade91f5e83d90c568c50df2b5fed474e0 |
| SHA256 | 59fd9498d807ddc67c52c92edc195382759cf986d143465bb953f10eca6c0e67 |
| SHA512 | e29e1cf7a4adce2cec4a3170d0a511a8f4683cbeb488b74412c38080ef1855e9b872d90271661322146e1702b12a0dd4f20bf9d19be0c232f167704c18f52e96 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 477755b39265ef6fbf5d2dcf0382aa18 |
| SHA1 | 8294c004cc29defcf3ebf9a065c7ff1c742e98ad |
| SHA256 | 99303cfbdcc3869739de9a7bc8fd029c7609b52cb4ca89812ea1004bf0cc1d6d |
| SHA512 | b60fe68f0fe1e749c363068c7dcea8b47ec2013cfe6fabe002bde0bd60252fc1c64f732de75a84926a66ea4d9f67821b838285c5127915e4bb459a5e28875f2c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47206c485817e4c8d722cd55f99bdbf9 |
| SHA1 | 1d3d430fba7b93778091748ff6aa54ac5cca9e18 |
| SHA256 | e8686e7abd8ba9b89ff7ac1e043e56999cbcb3b58e2b0df56623a2fd0ddef379 |
| SHA512 | 9449bc7cdd5fe8f160721ce299c4fa7401dbb08f64d678b2c1ae926ada0546a78a2c3545fa78364a6c962e5b74f390a9a97b52b218992571d990323234748edd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 56eadcd7518151a43616681f76378dae |
| SHA1 | 0a34bd7444c1e33172ce887f8868a4699578e359 |
| SHA256 | 4f5fa67b2031097a1ed8be3ff4b1389b80682012ac9e6f49de81db3dd4597263 |
| SHA512 | 6b0097b785979baba3073721fc23030e23a86d432c36c8001cf6dde6e5999c11d75174e1869487cda36c3ebd430e3931afb7ad2be1c5e2c7ee8d45379f1817b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0c0c77520ea8746a54947ef5557079c7 |
| SHA1 | bec96a0810d514413808fef235f8c7a3144f2f2a |
| SHA256 | 12fc592254eea52f2073e0123fddc9191f83cb7187f6a8d1879bc5e801d74e08 |
| SHA512 | 8c35ba7a607695969514205d29fa9d1f9e82bc488ec4d7f9d8df0eb6c565fbe8848931046e7a19f90659ec321f5d9d43774ec370bb6f39a8972940b75f363530 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e2f23b45a19593e9effa37181dcabaee |
| SHA1 | e69c3b10ac937b3b91b2e5e6216dbb2b5a5419a8 |
| SHA256 | c4b6b5a0b6820c5c685d66eb7abe5bbf7caeb1c320bafab2d83e58beec9a83fc |
| SHA512 | c49c6678ca0190a8310b77c2ad7220585658fd1df5e67f6db1df429b33529750b78d899f7d6f352f758462eebe4346b490f3bb9741d28acd5f92a4db9878e9ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b99c9b908b04efd9f81e5ee03f26a396 |
| SHA1 | 03894dc504984960af8a54cbb4b44570398ee2a5 |
| SHA256 | 3baae944e0a2de948bde19ee7203d9d172f23f7b36f116f2d467e3bfd0a598f5 |
| SHA512 | 557e6637b75c84c89187eef65ce8295d5ee738b00af17d326e2a9f200d8e4e04061d4b79b27a58ee1bf557f429fd2351b034896d9aacef74f6ae2d01ac846897 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 859d78e1b02ecd446671a6c9e726a947 |
| SHA1 | a7eee0ab0717dfeb11a3e7f1414c967909fbd030 |
| SHA256 | 15d9cfc51ff7359eb3b3dafa2b4f17ded5a88a3884c47643004a66daca3b3b3e |
| SHA512 | 41ebceb4a8344357475fcd8b1f78f2a2e09cb5de92155ae310b7dbceef2e39e507ed9bedffea299b8176eaccef35677604214479db8ca90c8f6994b2a2ce29e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ebeb7ded550fa58ccd8dbf0d97da7e91 |
| SHA1 | a02ef2c82a19bbd8816bcd05a1b57de07f4c83cc |
| SHA256 | e5dc84b902c38064b722c9225e44ff9165f53e46406b62a1d9cb398cae49eb82 |
| SHA512 | 190401ea429f7ac485b0d0bbace71de07fe010547e89c796391c6b60e5eac9b21a1b41e2f768217acbe4d6f244431bceec3fdf24b402adf674e25e8493594756 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 17fe9720e6e3b908596536b8abd77655 |
| SHA1 | 82721c3f304d590ca186db151b27ab5d723a5fe4 |
| SHA256 | b716d91c8e20d8d923d7d3056bb60ddaae645ba263ccf7da76202acf5a779645 |
| SHA512 | 32c0aa15e6130a52a4cd17c39ae72caf466c671f400bbcf2e51f4a6291e5665ecc046e5b5e8416433185eefe3b517847021ad619eb3ed1c03aea6a2b96d605b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df3d0bbb9476cb5c3bd9480dd0192087 |
| SHA1 | 00ff59b3761bc7d9803e413a928407f59e6efe38 |
| SHA256 | 48554eb41736ac6cdc5a8e9714b70fce902068854b4ac2369848dc83125c4e12 |
| SHA512 | 09dc2b07d47ee45b72b0e6aaa3970155b51fc59c009c89c9ef2736f7abb87050bd3d199be24ca198bb401a105c24105bf83abc2fc6a64dc85dc37d54324e2472 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c36d2eec3da6d8f103242a413220151f |
| SHA1 | cc3f860aed2c95f05a08deae83d142cd6d7221bb |
| SHA256 | 7cbabc37b3486144cb524d9bd8179df4df8700de3fa6d5709a270447aab3048e |
| SHA512 | 73c1de5100df80780cc9155e02e6e316d8e56e78fd9912cd08687c9b4244be35ec62419072e60ff4eec53786446dbae8bea72d08f1c163f8aaf6ec4be013198a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 623eb7d3b7d6597e3b88c89bf1a68113 |
| SHA1 | 3b7bfdc347bdba2a71953b9d056e3029ac2d2d2b |
| SHA256 | e392d357e4d13cb0529aae65ca46e4c605112970b986e8438bca393f7d3099ab |
| SHA512 | 5aae1957cfc6992df4890c2babe1c5b6ed584f6f1ec27bfb4796730f54b1f3fd53e05fe2777e212562cb2a2475e875906c8fa4609fc5f31c87a1a524ad86c85c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 35ee1937f177fcd402b60ff53b55b858 |
| SHA1 | f3533b34c2c3c7d6f0be3084c2ed774c980b6b8b |
| SHA256 | 7c09b1aa79ba6d6a0f193f828e77189fee7e489244705a6635f7c4856e17ee5c |
| SHA512 | ae91d10e45a0e9fec832cbe87bce61f67c16ba4d215426be43af68bec180fe3f475497ae4799ff31a67ac382eda812a1c7fed7e5163e9f77abc90c257522d1cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de7ba9e0bb9258b0196a5ff709461481 |
| SHA1 | b4be0e78665c95cb3522a29ffeb1588ba7ea70d8 |
| SHA256 | df1a06a559171dc3184f4dc254b1c818f18905a650c31ab81b4a056524f05ad5 |
| SHA512 | f78ba03ddce5fb1fed7a4cc5e62c635559a2757f2985159ec7b8aa62ad61cd044cdb70e58f8eef9f43c777c9732f6fc3aeddb25331187ee83d3d8855cf16706b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 93bee16afe6c4dea01ed0f3d337a9f3f |
| SHA1 | 5d8c09ca63028e805f84f38e3f3e9c9196679862 |
| SHA256 | 0f7e3d4b79173b62b573ce4327d8218cf96fab395fb93cba78b7381e868a2a5b |
| SHA512 | 42664995f6c1abf5eb09fe4cbfa7a5db44234e39ea3b1e9cbf196cb694b7a00370915d9f7c4d2b8b813c2afc9f23389dcc9138aab731ba732c5291b2b276dfc9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2df52148f51fb14899e847d0c113fc4 |
| SHA1 | 7d6ed05cb824a97a3edf0f8c5479f8016c206bd1 |
| SHA256 | f701235cbaa218931c830b972fbd5ea9edf35ae0035118f87502c295953252e7 |
| SHA512 | 45d5f2e2093e895557c3818ec1484755ee8db3a90d13007f2a5c9985b66c9dc398e235875269027e4a55e33aa3220379cd9a16b59f199e7a4960a451960daef4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25dc67b424a25fbb38dc072a8a46a309 |
| SHA1 | 8b0b404e46de1819841ba3e5036da436d7b7ac6a |
| SHA256 | e1f02492b78fe34c775702f70d696a6b442dce0221cd21a9b07316ebd30f3030 |
| SHA512 | a2017e365ea37b29cd9c142d932198d0d1035756e444254977a82f54fae81465f3924e29224857c26aeb8272890b9da44d77c209b4b4c65d0209c2c7c651e805 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a3a7b0324c1e15ff239ca699fc5bb60 |
| SHA1 | e47c490918dfbbb70be2d7c41f0e700f6d50d816 |
| SHA256 | 33a2cf19ac1eade591e53b2146a82d7f6151b1c7b38804f14f41296131a758ea |
| SHA512 | e4d8e3872d7698ec5676899a468e125321a07b3b980b555383ef6ed0b13d57c51744f3e407e8272b42e217312734ec06aa30468bba27dfd8ee14078ecd4a1cac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8dbe70c909ffae3d3e308bd3fca490e7 |
| SHA1 | 1c0712752aba4f6f91bd179dfcec332c40606eff |
| SHA256 | 4b9ae753a28d4bb386f6679373ffb0935761eb84d43cc715258aff0d6c91e29f |
| SHA512 | f89d4900155321dc947de426421854e9d4b576f6257637f6429d95cb9b63cc2683cb9f652248d7b19651a4c9f2e3a743c115d5df8e8fcc79c8e0d6a5e76112c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 04da2f0c0827896feedaae9e71b7ea1e |
| SHA1 | 30d11650b8dec26a4d994362b199985057d26fac |
| SHA256 | dc2e5fafcabac80c882da836bd7a2b8bffa54b9ad4d77b955863b3d28fc3683a |
| SHA512 | d04340c6a27b7b1b0c6c5fe4919d2dbe67f6a243a128bb1accb0a89534ead4f76ce0fd4e76f1eb46695ecbc917b2c40a7ab44e37a3fc794e5232cd1829b4f0eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1d7e4cfdcdd6a9be58e421a0d9470f65 |
| SHA1 | 3a76feaa757090e017c5e3c504dea9e0e8cb4348 |
| SHA256 | 993717c09ced24ad9c96a9b2cb35b314a0beb925db73a1c068199b5802d31ac4 |
| SHA512 | 54d08e462f88ec3e958c04867eeadf2145c08fa301666bf46b19f45f7df247a2cbcef8fe241588c328782d4ba9aa880cceeef9155fdde84527548b17b284507e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 747a2a459b5ce7151173c00735917735 |
| SHA1 | b6f0f96e6fe0f3e9504b21491cb0619cb9bf5eab |
| SHA256 | 7ff1101e95bd36683954f3d6921e5486b74a6e6c2c124eaa5e0d5301171a5a72 |
| SHA512 | 8e1ed4b18e44fc38b470818f019cd29d3ee0b90d7266ef876e2dde7e5142ee3ac069bee2eff95e07f0b25e9a3aec321901eb1352fa63b08a539fa95920591daa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08b395c78b3be4545856676d2cada490 |
| SHA1 | b0388ecb0f5704825b1c75bc73088a22827a75d0 |
| SHA256 | 51cf65f073e36e83135a2152e04c1c17ac664e4422c6a91c9a666dd217fecefb |
| SHA512 | 903958fcc88a7e8521b33a8970b7855d3f8a5eb0a36104be99c4654a28d708f578e3fd216553206c7aad56b006727b30280773ece609bda1f83ff2ac5dbcf3a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd006508862dccfb4e252d28c975575b |
| SHA1 | 7812b378733d257686c4ba1e0603ac7927e74f3e |
| SHA256 | bf9d0edb2f497be8fa6121f37b38c40ca952f30d3ff3aff93406340a3bcfa21d |
| SHA512 | 663198c154f63e23ed033165c1c85c4ddfefd51575b235262e9a662aa75bf7a90d4f350b5922ae57943e94f14413c5326865ad79955fec6904f5d0766ad09a63 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-31 15:29
Reported
2024-05-31 15:32
Platform
win10v2004-20240508-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\877bd3aaf7c6ce9723cf432db3e1539a_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa84ef46f8,0x7ffa84ef4708,0x7ffa84ef4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4116751717572516639,15688106348147426107,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,4116751717572516639,15688106348147426107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,4116751717572516639,15688106348147426107,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4116751717572516639,15688106348147426107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4116751717572516639,15688106348147426107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4116751717572516639,15688106348147426107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,4116751717572516639,15688106348147426107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,4116751717572516639,15688106348147426107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4116751717572516639,15688106348147426107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4116751717572516639,15688106348147426107,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4116751717572516639,15688106348147426107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4116751717572516639,15688106348147426107,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4116751717572516639,15688106348147426107,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2772 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.sexuria.to | udp |
| US | 8.8.8.8:53 | st.chatango.com | udp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 208.93.230.16:445 | st.chatango.com | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 8.8.8.8:53 | ads2.contentabc.com | udp |
| US | 66.254.114.171:443 | ads2.contentabc.com | tcp |
| US | 66.254.114.171:443 | ads2.contentabc.com | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 8.8.8.8:53 | hw-cdn2.contentabc.com | udp |
| US | 8.8.8.8:53 | img200.imagetwist.com | udp |
| US | 8.8.8.8:53 | ht-cdn2.contentabc.com | udp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| NL | 185.107.44.80:443 | img200.imagetwist.com | tcp |
| NL | 185.107.44.80:443 | img200.imagetwist.com | tcp |
| NL | 185.107.44.80:443 | img200.imagetwist.com | tcp |
| NL | 185.107.44.80:443 | img200.imagetwist.com | tcp |
| GB | 64.210.156.6:443 | ht-cdn2.contentabc.com | tcp |
| US | 8.8.8.8:53 | hw-cdn2.adtng.com | udp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| GB | 64.210.156.2:443 | hw-cdn2.adtng.com | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.230.16.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.156.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.44.107.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.156.210.64.in-addr.arpa | udp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 208.93.230.18:445 | st.chatango.com | tcp |
| US | 208.93.230.24:445 | st.chatango.com | tcp |
| US | 208.93.230.26:445 | st.chatango.com | tcp |
| US | 208.93.230.28:445 | st.chatango.com | tcp |
| US | 208.93.230.22:445 | st.chatango.com | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 8.8.8.8:53 | jdownloader.org | udp |
| FR | 5.135.151.225:80 | jdownloader.org | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| FR | 5.135.151.225:443 | jdownloader.org | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 8.8.8.8:53 | 225.151.135.5.in-addr.arpa | udp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 8.8.8.8:53 | st.chatango.com | udp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| US | 69.16.230.42:80 | www.sexuria.to | tcp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.99.105.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_2964_LWUVPVVEXHAJAUNW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 051f906198271d65493612ef74f61d84 |
| SHA1 | aa14e639738bd01d4b54845f82ce6dd59782f45e |
| SHA256 | 9f03e1221067b4f2559b60625057049e48895d993566071588f285b7f7468384 |
| SHA512 | 7ccc00eab0017f95ae0ed27c1cb6203c52a90836c053d2f5d22db63589a42e8e777e260c6ca06b79b4dd789a67e9c05c89c457a21935e09497f4e5e92093c6bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7f3d0b27734ed34fe5528fc38f48f375 |
| SHA1 | fddedc155114e55e9ef186790b677f9bd7ed7602 |
| SHA256 | 3612961dd04e3ec85f14e93a436b788a8539201b469d23db050a03285affba8a |
| SHA512 | dc8b6eb5d5af210efddef1342d33a1351a9ba0d28a3a7cb54c4fbbc67f57a53b53ed28dd2dcada173695de6bf5c8ff72774cc4a88498a73f1b9dc1646f588bd4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ee2b06679acc39a56f1d0581a1a8c0ff |
| SHA1 | 82160c7552315a153a6c36a8b5ddd6471669915e |
| SHA256 | b4000c334cd741ab2bf735aa44ef48cb301dd4efa4e3220864dff4f08c7dc99d |
| SHA512 | bcff681005992fdf6a4e0a3f90c323bf1a59805786db543e2cc99e1dd29fdc9ba5e0daf01c8f91e0c614e8ebde08f15373fc39c3ca53add41bd65749d5034bf8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a7a62738cf7bda4fe8190a90ed6c372c |
| SHA1 | 624a5129c9c9344284176a788b2a4c6015928745 |
| SHA256 | 7f2861f99d85ce731a662a590ee4c0643b1a76687d286ed50d015d0b5b8d81a1 |
| SHA512 | 1470c697fdc8a21c8308ba4991d4aad2dbb84ed1b2751b3ad1e4e6e2830a69fa1d2616f7f62db75987c65fc057010d9070f9e1adfd05f799b26a4bceb71283c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c8ce1756a08b0ce2fc0349645644b2a9 |
| SHA1 | 8854365b4f84dbb74690243da6b96379a8e80df2 |
| SHA256 | b535418b5a6a159095fe57ac4f51db0af29daf636bd6c514b7634e37f2e708d8 |
| SHA512 | 2e0139f153f488e707f429d1e2e62ac63aa4c1a4782ffe007f36430a832bce78cd1d7cbac0dc2c4f1d187e1756baf873da0456094fbef28d472aae1d86cb81a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ca8bbf1f9b0b4f1eb923b3fd8a1a8179 |
| SHA1 | 4ecbcdc3fe7f85dc14e6599da4d69a58b3f73869 |
| SHA256 | 6032946eb23595682d51c5fb8c352f2d1916ebfea9581d7fb6fd23aaee0f7500 |
| SHA512 | 3196b3a5b1ddd042e67cc4b879587bcdff6962b09a55e91595df284b3e71c0a39219e916e6b3d6624409724796e9826667fe6bdad3eb08cd42f98de1a0c94c4c |