Analysis Overview
SHA256
0bafc8982478cedfc9353bc000a5149abf61996c546e6fd0242b98a2a0054a67
Threat Level: No (potentially) malicious behavior was detected
The file 877c0d5e4400092349d1d579542f150d_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-31 15:30
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-31 15:30
Reported
2024-05-31 15:32
Platform
win7-20240220-en
Max time kernel
145s
Max time network
149s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001332ca40d573d04eba4fcfc551e5296600000000020000000000106600000001000020000000c64534fd676892116a43362f96d77db4ae8e52e3dff0c81fa17ac370e7285cb2000000000e8000000002000020000000a528af9d1784cfc9705b382b33781134d03cdbc620694835810244aefbbc884790000000d51b7ed770109d262a1c12ae982104c719fb9bc0c66fbd154787b48bc2690fc9b8398dbfd816752bfde0f408126b50313aee300f0b7e46f9a1078a326c5f4e87e75a61139f720f4a32985ce19062ab155afc86957eefd9dbf345bf2a6c784994389c40d21ab005d4d48d797370d997a421fd5eeb820cbcbf2f9bf5f0cf435639a1be655af06da096cf23aba526a14797400000001e9514c5eeea37dcde49b0263d45d1e1b28ed36b89e19a076f939a7dd42e30f14ba374a0cde488ebc07d7f87e31ade8c83a5bfa9b6bb49ebb5663c4b7d0bc908 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A550C9F1-1F62-11EF-9FEE-EA42E82B8F01} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 501849866fb3da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001332ca40d573d04eba4fcfc551e5296600000000020000000000106600000001000020000000b1320e559cb2e584c066ae11fb794794a328a6a32c50b741075d745a0d2bd1ef000000000e8000000002000020000000bd1c984de3599baac970792b2964e51b4b7c714c2dced27def9337e6e3dd0f502000000019bcd9450f5629c73a83e1a996fbcec609ab6455c2ce4123f122b6d4077a901740000000efb9201fc0359ec52909960775bb10eb4242b3e07a4e3b0eeb4304080805b50933273c4ebd72a916c18c2fd138b75f313f4f9f4de7208b1ff0a9a9840278cc5b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423331269" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2856 wrote to memory of 1736 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2856 wrote to memory of 1736 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2856 wrote to memory of 1736 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2856 wrote to memory of 1736 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\877c0d5e4400092349d1d579542f150d_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2856 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | adithya.googlecode.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | xslt.alexa.com | udp |
| US | 8.8.8.8:53 | opi.yahoo.com | udp |
| US | 8.8.8.8:53 | www.iwebtool.com | udp |
| US | 8.8.8.8:53 | images.dmca.com | udp |
| US | 8.8.8.8:53 | www.auto-ping.com | udp |
| US | 8.8.8.8:53 | lh6.ggpht.com | udp |
| US | 8.8.8.8:53 | track.bloglog.com | udp |
| US | 8.8.8.8:53 | www.ping-fast.com | udp |
| US | 8.8.8.8:53 | busuk.org | udp |
| US | 8.8.8.8:53 | banners.copyscape.com | udp |
| US | 8.8.8.8:53 | i155.photobucket.com | udp |
| US | 8.8.8.8:53 | ping.sg | udp |
| US | 8.8.8.8:53 | i1129.photobucket.com | udp |
| US | 8.8.8.8:53 | www.freewebsubmission.com | udp |
| US | 8.8.8.8:53 | www.gbotvisit.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www.w3-directory.com | udp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.202:80 | ajax.googleapis.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.202:80 | ajax.googleapis.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| NL | 142.250.102.82:80 | adithya.googlecode.com | tcp |
| NL | 142.250.102.82:80 | adithya.googlecode.com | tcp |
| GB | 172.217.16.225:443 | lh6.ggpht.com | tcp |
| GB | 172.217.16.225:443 | lh6.ggpht.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 143.244.38.136:80 | images.dmca.com | tcp |
| GB | 143.244.38.136:80 | images.dmca.com | tcp |
| DE | 94.130.218.80:80 | www.auto-ping.com | tcp |
| US | 104.21.54.72:80 | www.ping-fast.com | tcp |
| DE | 94.130.218.80:80 | www.auto-ping.com | tcp |
| US | 104.21.54.72:80 | www.ping-fast.com | tcp |
| NL | 18.239.18.64:80 | i1129.photobucket.com | tcp |
| NL | 18.239.18.64:80 | i1129.photobucket.com | tcp |
| GB | 172.217.16.225:80 | lh6.ggpht.com | tcp |
| GB | 172.217.16.225:80 | lh6.ggpht.com | tcp |
| US | 104.21.26.218:80 | busuk.org | tcp |
| US | 104.21.26.218:80 | busuk.org | tcp |
| SG | 167.71.219.46:80 | ping.sg | tcp |
| SG | 167.71.219.46:80 | ping.sg | tcp |
| GB | 142.250.187.202:80 | ajax.googleapis.com | tcp |
| GB | 142.250.187.202:80 | ajax.googleapis.com | tcp |
| US | 74.208.47.213:80 | www.freewebsubmission.com | tcp |
| US | 74.208.47.213:80 | www.freewebsubmission.com | tcp |
| US | 104.21.3.75:80 | www.gbotvisit.com | tcp |
| US | 104.21.3.75:80 | www.gbotvisit.com | tcp |
| FR | 77.87.110.40:80 | www.w3-directory.com | tcp |
| FR | 77.87.110.40:80 | www.w3-directory.com | tcp |
| US | 162.0.235.138:80 | www.iwebtool.com | tcp |
| US | 162.0.235.138:80 | www.iwebtool.com | tcp |
| GB | 23.214.156.154:80 | banners.copyscape.com | tcp |
| GB | 23.214.156.154:80 | banners.copyscape.com | tcp |
| NL | 18.239.18.50:80 | i1129.photobucket.com | tcp |
| NL | 18.239.18.50:80 | i1129.photobucket.com | tcp |
| NL | 18.239.18.64:443 | i1129.photobucket.com | tcp |
| US | 104.21.26.218:443 | busuk.org | tcp |
| US | 104.21.54.72:443 | www.ping-fast.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 162.0.235.138:443 | www.iwebtool.com | tcp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| SG | 167.71.219.46:443 | ping.sg | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 104.20.18.71:80 | s10.histats.com | tcp |
| US | 104.20.18.71:80 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| CA | 54.39.156.32:443 | s4.histats.com | tcp |
| CA | 54.39.156.32:443 | s4.histats.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| US | 104.20.18.71:443 | s10.histats.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| NL | 18.239.18.50:443 | i1129.photobucket.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| CA | 54.39.156.32:443 | s4.histats.com | tcp |
| CA | 54.39.156.32:443 | s4.histats.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 50307dd5a05eb1be118dd601a701c942 |
| SHA1 | be4994717eda8765bc6bd57384b314dbb1b42866 |
| SHA256 | 003b0019192cb0ad667e934ed3b6b76f68e95a62aab33f28049a919a52d6d608 |
| SHA512 | 92e0a914dd04769499f889160e66f4db6b771ed8fb583e52c9b7dcba15a908f590098d233c3f483c9f8a3b0662d2c5b652bba81888dc9e6e1707ecb2c0cc3277 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 2ab6f91a1d0d37cae290117a53f4dd5c |
| SHA1 | 91a87e67142a23fb4158d6e43e8dc25c3cdce56a |
| SHA256 | 8b908a15d93adb93c60a5d64395ba4fbb7df304ec0e798ea33b536a264334993 |
| SHA512 | 486edafbb4e0f9f8f3745459ee4777f74f1af33a34448f1d84923f94fb2e03979e628ba3f4ac73ed749596e246d15ac1d5fe0266c61a2c1295be045b8429687e |
C:\Users\Admin\AppData\Local\Temp\Cab1805.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar1818.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar184D.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fcc2157d62eec2656c6f60f0593ed7f2 |
| SHA1 | b9c137ad061af00e78e85b61f6374a9cce0cc17a |
| SHA256 | c7115e1b601d42e85998b4f47373125b34d3cea09de4e65aa04f5ea22d845a64 |
| SHA512 | a34b4ea66ff8a0973b600286e1d761bdc67bdb11b4a8e2a79b72a26f84fbed231a673afeef2f5f33610d5cfd5e8cb173d47479759c33a9d450f63395d9683e17 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a8fd82c8e96c4fc1838e1a6904c8977 |
| SHA1 | 32a33a83cc0ac33f67100442ca9a82dd53de4979 |
| SHA256 | 453bae399994bfe46a0199f3ce831399ce2c8d723015ab473c4e44ba1b7af018 |
| SHA512 | 99b48e2af0f9cc61854ba079ad0f17bf14a28e89ed52156fa5afb3478671c860d003f0288448fa0f84f39a252c3f9653dcafa614f8793b1d956909f38349a721 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | abbdcba2a9d7fcdd1046b0f3adf3d240 |
| SHA1 | 9b57d9e8f2cb6386b43b418552ed55699e371fc6 |
| SHA256 | 0850cfd16e7211999253ff9ca957288afceba8c2c699c757f56f954cc6f3f74b |
| SHA512 | 4c7b062a03265924bcd910d5cf6ab89b1a4394f1a67c57c50dff41feb0db9fb8e3cc33ec9b8c5cb4d118e6b56ede51a515c4a08ec46c7d7dc6ea577b5e1be95f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f818bcd51ef837e1a2cee8fae6f802d |
| SHA1 | 86117e4f92c693109e8a95b892effe3fa166a084 |
| SHA256 | b14b6fae4d94c9fc6b481815e929e11beb599fd873b9507b0a5288eedca9fb37 |
| SHA512 | 570ee97b67db7cf388bf53ca14218d9709367530948365689ad6142137d1b1d64e5d6a6e45d42bd8b9eabf5ca7d86006b5d738ecfb26f81e75567ff04055cb08 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | c9b456af6253cbd85a97c89008084690 |
| SHA1 | 5f913cb7c8500a59a87e9c53cae298b38c65e08a |
| SHA256 | 384f1532f3dfc163da872127cbc571c796e16f96fca4f98e75a3df29911722f5 |
| SHA512 | cb88c2d8372861d0d320e037c33534436276b815b9e3aeb858ff426a990c15130e4efa0170a13731ed6339727b8a98eab8c4ca2bd60d043a5d63ee18f143decf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\platform_gapi.iframes.style.common[1].js
| MD5 | 682c26af19b240f98d2cb951721fa54d |
| SHA1 | 18e58b652c7f82a55ab4b1910693686049e25d62 |
| SHA256 | 96428f0f585a874c185d560538ad83ebfad0365d760fcf9fcefe80add9e3c980 |
| SHA512 | 078aeef086271b7f9cf0f6e3a1e7908d7e38465a1a7a4de6f2a785147e9130551a2995e80600824da9341d58e5425d4505518e90eea9ffe1c64f4f41825a9660 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\cb=gapi[2].js
| MD5 | 0fe383a7ddb9bbaefc3105b3297f5583 |
| SHA1 | f80c9d789f251909c7560bd91a9e1b9a10c26362 |
| SHA256 | d7ad4aad4e48174c30ef21fc32c9380659d2c99a5c39680e10ed9752139d8683 |
| SHA512 | 31de1f59377bc76e5d602d02273867ce750bbbccb7edc8f2803c0188002ecae6752ac3ec31c2108e64b0d871b01e6a8a06711969dc68bd9823303def0e7c1ee4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e7d89753f9492efe04a9de2c3aa61892 |
| SHA1 | 7554ae745534e6e8865edcc5cedbe072dad55754 |
| SHA256 | af9351fce5e1cbb718fcb5384562f4ea7c16b0aa8edc1cbd57c0cc19d1daff4e |
| SHA512 | 23295eb6388d5dba5368a5b9b220ad100ae3fa2b226efa3662850335e44dc8942a94930aaddb8a02108012313be9f996ab5b64be76c7bd33595debf6d750bcee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 082e5d40b3a5ad64486baf2cf9e377e4 |
| SHA1 | b010a8d6e9109400ad6dd528f16d5daddc306a93 |
| SHA256 | da98e01ce44bfada57eeb7a70a48a6bd92f37dfeabde77145cad147a91aa5abb |
| SHA512 | dae3d825d6a02c6f52fbbbb20d883fc0bff0e17f2a2f272dbc0cba1bdafeb8b4a954113e2347f2e39bd3c22c08e62bc0ecb16f608e3027cab70019a8ad671e05 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ecf124fafb2ee58eb625a15060b52618 |
| SHA1 | 814a2e2bd350b2d0793a1b89cae6dc29981b4cf1 |
| SHA256 | 2d78f0ceb117c55bc166e3b2cc657d1033bde1f943554bff8167665602ef3dd8 |
| SHA512 | 8cae8faed7ccad5b58ac1e99a90547a32dd24d7a819ccec506e359474db553b93749c3b9fe0474b2e7a6ec63b368ee54f096e8d6e6b8a4ef7ce154e793e81e60 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ff8d1e6f5d00194cfc5b2399c6da7b61 |
| SHA1 | 27955c6045042bfeee3afb5c6797ce521b7f4bae |
| SHA256 | 75d08fc996fa599a09addf4d2e50f0d91fff9c242a7c0d705664b5ea8944a7e2 |
| SHA512 | 5b32703c51b2c00f7f36b9416666a1ccddd47a4ccffc46e372ec15c23a1bade005970600f23f411dc316850db17344d9d725d9a3cd2f22d17589e2872a187637 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 021503f579e02e311d3c9368ae58ae97 |
| SHA1 | d931f0d9d879b3ab4dd6509cd7dd01c66b78e5a4 |
| SHA256 | b8f7d4f68a6898880eafe68d92e37e169f5bde276fe412f6b71a47a02b164243 |
| SHA512 | ee24ee8925bc594c1a65b50f822a638bbb1c397450adbcee4e20cc130ed5213be472bd0448a98d5a4e91c3069e8f03922f97af174daa91841a285a7b4502fede |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 19bdda02cd16390bb6b4ca295b08e413 |
| SHA1 | 70c13b68f107a4ef20a35bac7d45f1b2b0f3c03d |
| SHA256 | fa47cb5297a78d00a8d83de4d32881c6d9430e7c01e92219637733dcd9dd07fc |
| SHA512 | 4268e9d22925f739ef5029513572a4de51e322cddbb4e5714f59d150ddfb5c416f1645f682de095c730f9d8d71d4ddde9dce562ba8b26a985c8d299bb4c3e1ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9880f881d4dfefe5684b3342d7b1b9e2 |
| SHA1 | a0e9fbf4844f50deab637667a9b789792d9ac921 |
| SHA256 | d14cffb458cff51913624bd4bf9dc8a52aec8630066e919c9090d3d4ea26f7c7 |
| SHA512 | bb9e11d506892c3f424192504fb8d0746a50c25241e6f65a9eb4cc0b6d1a09538cda0e431a4b94f7968c755eb9146fec7c7bca9bdaa46033776ae9a39a5e7c00 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e0ab74dce6841cae434006bbe07612d |
| SHA1 | ea85b8220e0bd437f3dbf6a057042401dd7d4728 |
| SHA256 | 60a55683639993b906d994c59a560ad6fea2df77e2a7f0d87b31a479c7afd2ac |
| SHA512 | ff29dcb0d1210c342454d02ebf7d3157731431fb57a75a3e81c4111fef940b3567626ff8dd98019774dcbf598b49cddc9d10fac339a8a2852b18bfa20008cb57 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b9d8c143d39879cfa22fe37de776fe2b |
| SHA1 | 9c19e3a0983131f6903810fdafe3855c807be872 |
| SHA256 | 308226fe423f06555abadc38cf00c590d4d71528511b0ecb6f2552f52bfc1b83 |
| SHA512 | 7c1e967ca6a241843c2a402028a0fdbea055e5d590ae82dc0a3de5def9961ab65f8766ec7d270ac070e21f03d00e194516c63b95a70c7645fec229c8f18d35b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d081c0b1e85315f389533fd861d18dd8 |
| SHA1 | 839930b81782e34ad0dd1b5deebc5283dd7f2334 |
| SHA256 | 455d9753071ec2dcf9611552769b02a447b9adb1a8ccff4b131b0b343d514925 |
| SHA512 | 209cb95fec32bd0ca174a9bee2ff3357fb043eaa944035d0741dee1bf86e02f0fae43a2072cee171e073bca5b253f5f725a4149a28b0a0c022e3156787a8434e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2c88e4a9f47292dfb1e7660d4beafa33 |
| SHA1 | 9a3982c5cb0f7dead3fdc2641c7150586aaf2fba |
| SHA256 | acc5fd058e555c9950d3ade616edd7037976a501573cf20dfe345084a3687f64 |
| SHA512 | 00b9372e5b5c5b65e6e5f47ac6e85e565c2a5e64559b35856f1c92a247cbfb50a30321335c2ab5f7a48eb198c61369b411e47ff168af04b2c4d536f44ff54208 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc2caa8bbdfc92ab86877d58f7b3f5e2 |
| SHA1 | 13b3be52e19c422ae778fcbf1698976c0ba7f2d7 |
| SHA256 | 3a361804d94a4a4228d5a9e1392e9fe0ab7e8378d484ccf3a3a89ef992049ad4 |
| SHA512 | a889b6266ce45e556e7b21336b81cb9847993204e1e32ad95966b1b15991607f8df3b5525632d767ad8af4d222b271c33a96bf9b4ff6a9de75933ef5ec0f710b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3311fb63141de7b2b0d9b9443db893e6 |
| SHA1 | 87bceea3f9ef595e966ea8d8474413c4df072c83 |
| SHA256 | 8695041150c67fe0e546bd1dfd4142e145ba4ee4ee08bfbdc9088bd91f058c19 |
| SHA512 | 00f9b5b6c16568796d0c2ca654b612a2a6af6764c5b8150619aa4c7a0e53f8ccf18c7db19cb7ed113f016e8ce9972c6a36ad0c2c8ddc552ac2d1a6c99cff3e16 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a668e0415d98d0ae4c679c1f772f1940 |
| SHA1 | dfc1920e7975c653bf84a1a373f78af2110bb7bb |
| SHA256 | 76dcf8f99fd19e66cb8ef951813efab331b761bef8953e48e7505dd560f1b041 |
| SHA512 | f136361d151eea58085dfe10bfe03139f861f18c49626d1b3374317f67c22a1fb85647cc2db4efcb7e253ad5cd15f2b3a5312e57aedfbeb914700962a102da0b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | bffe1c8b1a0e94a1dd1772bc6f3cb17d |
| SHA1 | 75a352f3f9df40838aad91c56262b2bf2ee29523 |
| SHA256 | 96717fa708aa72c1166ee69d1025b81c95b0fd0450cf21c3d1a69a47f1152370 |
| SHA512 | 266e8a87d0b993c6b1d11a80b357d6ca0d8f96aa91dcff431250d8c183c24cb1e8cf6397125273c8f5225321e6a20fbda6bfde9388711d30d18a33e632cfba75 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\3604799710-postmessagerelay[1].js
| MD5 | 40aaadf2a7451d276b940cddefb2d0ed |
| SHA1 | b2fc8129a4f5e5a0c8cb631218f40a4230444d9e |
| SHA256 | 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2 |
| SHA512 | 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\rpc_shindig_random[1].js
| MD5 | 6a90a8e611705b6e5953757cc549ce8c |
| SHA1 | 3e7416db7afe4cfdf3980daba308df560b4bede6 |
| SHA256 | 51fdd911dc05b1208911b0123aed6b542e9d9f04c94d7504c63d89ca259ef679 |
| SHA512 | 583636571c015af525cddd5b8dc2ac9964aba5a7a9b0acd3908e4aeb4c2ee74cdfaabe49b0aa13d7b142748542426864e91e88e90d7f73bc647f0bfecb0ff7bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f72fc543cacbef89d53040181ba86514 |
| SHA1 | 858ca81d38f52ea431344654dd6f932e6ea6bbf4 |
| SHA256 | 3cc4b709ad6c7b3940b1cbd31764c7ab3d79702e62a1cb44bff358b6159a379c |
| SHA512 | faf84aca0d754f57a134c2ca73b144a094485ed803c54235e84f1ccffa0a965564b8d5e10b8c4ae5d2093c892492ea39d57626fd36910b5257131ec03874b691 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98e5bd2b4640fe1c806514b14fc30d84 |
| SHA1 | 7e8e9765d03bf35d530d74a56833b351e5285b9a |
| SHA256 | 6fb814e22c4c996151494c7a6ac37eccb633d992db9fb034bdc2e6b29470024c |
| SHA512 | 40512c1b08b83c6d16bf431c13bf426841b70f777808021daa8852cb672578c96d978d949c97c59c52e7394d3b13462a2c4dd10df8999a241a2e2dc994099100 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe3d625f0ab3337cbc683c1cfbd5b133 |
| SHA1 | 513ac7c68487adbccc14e4ed09bf217be2ca62c7 |
| SHA256 | d04276af1c035c75d5a6824386dbce4250e578af195dbfd291f1c9b7eb62ec05 |
| SHA512 | 2ca2e26cc1ce03a8995834bcb2bc72895f12972fbe67a917075b006fc188965f29c3979291fe4a8307d9877f4df1ac2ef3be09c6565025981ad58dd6769e8298 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc221f18d91e46267d6292c834868bd0 |
| SHA1 | 5bb1dc9ac8d4857debf0119a51e301e7c556da11 |
| SHA256 | 704f6b07a157f4baacbef89db408b83b191875b429031c66a27046fbba6ee912 |
| SHA512 | 295212530b92bfb3302b92dc4f075fcf6272c68212aef2d7b2fa926100cc882a88409b3699ef37eb8e812dfa472aa696f32591eadbaba4be68ca0f04789b145f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e1cb4cdb586ec8b0d7ef3d7122cadf5c |
| SHA1 | 6268a342f8de63a6ac3d73cec7513999a03ef199 |
| SHA256 | 942ad5e9198eef8c726e4bee0c4d74bf705bd2b80d76243b328072b428f1266f |
| SHA512 | 93252be995ac6e8f6137d2510c45eed91bed89cc0b5ea99158af89263095061816faf6ff507e66c83e2f2335dca13f78633f1c5374d0746545d3d7f761c74c88 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5ea941ef323129e7f90e24027640f914 |
| SHA1 | 17078d25723e4629b7ea2129408f81095eaaf92b |
| SHA256 | 8375456aea2fd8c24fdfde4a7543d442705a2478c795ccb2d6e483ee91b4ae8d |
| SHA512 | c28992372b431dd7e5a0f8d43830796b787dbf8e23c610f0ba39b2c2890dfb549ade42c71ae35705cc5a1a4b8ee70275b78ca50a36b67e1183a5578b17f57923 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4d3acfc1abd22b40aa13f49db915d8ba |
| SHA1 | 7317d3395872e93b62873535c183beb3521d8fe3 |
| SHA256 | 5bc4d0c2ae6e6ca954682ba0e1092d0fc6457dcea4b064f24659134d9db6e3b7 |
| SHA512 | 42c2e5860dbdf06a90fe055185749646336d4050eb219481026ebb86df576a88066c5e0eff12d91bd5713684578c2f4dc51aee2c84f600a9db669608f9afba96 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c79d7dac4cf1d610576152b45a8f1436 |
| SHA1 | 72c417f19f953708b70da907fc2b82ac966c9dcc |
| SHA256 | 90bd4a307c56e6e66b278e52f7e30d7f02171f5c3583d1c4aec88280d6ad7e12 |
| SHA512 | 465157966d7bfb9bd059bd162f9c174265e040586895aa14963fe57124c82369264d813cb964011c3c6ce795cf24ac34c531ec0cd934931a5ce7aa28bf298c68 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b6da39dd4e7e6e7300246afcabb9187 |
| SHA1 | 187b53c55302ec19f9f53f5a398daa9ce0cd3214 |
| SHA256 | bf1b4f41913d2e82e4e912f2c4b59917e6d5aca9b6469c2e10621cef2657bf29 |
| SHA512 | 639ee5a4e06a4ed27fc6af0a8fe8bcbafedd4122bf4c618fb3a7340094a051ec697e1e51f700b251228b9d5488185d3750c60e701f423f3670e78e90f456e52e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 940e4827c4c0bcdd6dfbf95d02946f8e |
| SHA1 | 04626295a2bbbfbd9241ecd3783b69bd6c6d3a52 |
| SHA256 | 251c5f7203d3132baa3e4e7fe0129aaf1291a41aee6f3a0c8590dbdc459c259a |
| SHA512 | d410389aa9784469ba7ed6c7a1cf978a6172cb11188464480ecc3d1566a892ff4e51946ce3672178a54dd4d07ffc3c55b7c565b029e7425863a3d1f618f9fceb |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-31 15:30
Reported
2024-05-31 15:32
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
139s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\877c0d5e4400092349d1d579542f150d_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe32e546f8,0x7ffe32e54708,0x7ffe32e54718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,12124337837984298685,882128071146781174,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,12124337837984298685,882128071146781174,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,12124337837984298685,882128071146781174,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12124337837984298685,882128071146781174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12124337837984298685,882128071146781174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12124337837984298685,882128071146781174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12124337837984298685,882128071146781174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12124337837984298685,882128071146781174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12124337837984298685,882128071146781174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12124337837984298685,882128071146781174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,12124337837984298685,882128071146781174,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,12124337837984298685,882128071146781174,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12124337837984298685,882128071146781174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12124337837984298685,882128071146781174,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12124337837984298685,882128071146781174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12124337837984298685,882128071146781174,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,12124337837984298685,882128071146781174,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | adithya.googlecode.com | udp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| NL | 142.250.102.82:80 | adithya.googlecode.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | xslt.alexa.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| GB | 142.250.180.10:80 | ajax.googleapis.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | opi.yahoo.com | udp |
| US | 8.8.8.8:53 | www.iwebtool.com | udp |
| US | 8.8.8.8:53 | images.dmca.com | udp |
| US | 8.8.8.8:53 | www.auto-ping.com | udp |
| US | 162.0.235.138:80 | www.iwebtool.com | tcp |
| US | 8.8.8.8:53 | lh6.ggpht.com | udp |
| GB | 143.244.38.136:80 | images.dmca.com | tcp |
| US | 8.8.8.8:53 | track.bloglog.com | udp |
| US | 8.8.8.8:53 | www.ping-fast.com | udp |
| US | 104.21.54.72:80 | www.ping-fast.com | tcp |
| US | 8.8.8.8:53 | busuk.org | udp |
| DE | 94.130.218.80:80 | www.auto-ping.com | tcp |
| GB | 172.217.16.225:80 | lh6.ggpht.com | tcp |
| US | 104.21.26.218:80 | busuk.org | tcp |
| US | 8.8.8.8:53 | banners.copyscape.com | udp |
| US | 8.8.8.8:53 | ping.sg | udp |
| GB | 23.214.156.154:80 | banners.copyscape.com | tcp |
| US | 8.8.8.8:53 | i155.photobucket.com | udp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| US | 8.8.8.8:53 | i1129.photobucket.com | udp |
| NL | 18.239.18.64:80 | i1129.photobucket.com | tcp |
| SG | 167.71.219.46:80 | ping.sg | tcp |
| DE | 94.130.218.80:80 | www.auto-ping.com | tcp |
| US | 104.21.26.218:443 | busuk.org | tcp |
| US | 104.20.18.71:80 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| NL | 18.239.18.50:80 | i1129.photobucket.com | tcp |
| US | 8.8.8.8:53 | www.gbotvisit.com | udp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| US | 104.21.54.72:443 | www.ping-fast.com | tcp |
| US | 8.8.8.8:53 | www.freewebsubmission.com | udp |
| US | 8.8.8.8:53 | www.w3-directory.com | udp |
| NL | 18.239.18.64:443 | i1129.photobucket.com | tcp |
| NL | 18.239.18.50:443 | i1129.photobucket.com | tcp |
| US | 104.21.3.75:80 | www.gbotvisit.com | tcp |
| US | 74.208.47.213:80 | www.freewebsubmission.com | tcp |
| FR | 77.87.110.40:80 | www.w3-directory.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 162.0.235.138:443 | www.iwebtool.com | tcp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.54.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.26.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.218.130.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.235.0.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.156.214.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.18.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.18.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.18.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| SG | 167.71.219.46:80 | ping.sg | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| CA | 149.56.240.132:443 | s4.histats.com | tcp |
| GB | 157.240.214.35:80 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| CA | 149.56.240.132:443 | s4.histats.com | tcp |
| GB | 157.240.214.35:443 | www.facebook.com | tcp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 163.70.151.35:445 | www.facebook.com | tcp |
| SG | 167.71.219.46:443 | ping.sg | tcp |
| GB | 216.58.204.66:445 | pagead2.googlesyndication.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | udp |
| SG | 167.71.219.46:443 | ping.sg | tcp |
| US | 104.20.18.71:443 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | 75.3.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.110.87.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.47.208.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.219.71.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.214.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.240.56.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| GB | 142.250.187.226:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| PL | 93.184.220.66:445 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| PL | 93.184.220.66:139 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | e.dtscout.com | udp |
| DE | 141.101.120.11:445 | e.dtscout.com | tcp |
| DE | 141.101.120.10:445 | e.dtscout.com | tcp |
| US | 8.8.8.8:53 | e.dtscout.com | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | raja-maya.blogspot.com | udp |
| GB | 142.250.200.1:80 | raja-maya.blogspot.com | tcp |
| US | 8.8.8.8:53 | 1.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 612a6c4247ef652299b376221c984213 |
| SHA1 | d306f3b16bde39708aa862aee372345feb559750 |
| SHA256 | 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a |
| SHA512 | 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973 |
\??\pipe\LOCAL\crashpad_4008_EHMLJMNSXYDYSQFJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56641592f6e69f5f5fb06f2319384490 |
| SHA1 | 6a86be42e2c6d26b7830ad9f4e2627995fd91069 |
| SHA256 | 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455 |
| SHA512 | c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 93f96e8b19a9bc7dcdcfaf3f3206e863 |
| SHA1 | 6c4cbe815c49697b7372fcc84a5644694bfed0c0 |
| SHA256 | 5a2a2bc1595030296a4e833daf0254e241b1557677f20525f4ee327b0e6e4a38 |
| SHA512 | 9a77ee4b84c7b44e71cd98033010c2f250f12e875d10cc4cdf82b668b3ae6631c94228745363077870ba6712ede22f8cfa9e952576c758d705e3a3caae54a47e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 5616f721730aed4b065c02bbb0467b90 |
| SHA1 | 409ece76fc30ebb849f6d42db57e5eddb833d58e |
| SHA256 | c4ec7246883916ee5fb0fba05688dae00a073cab79ff59ea5193d95b224d5877 |
| SHA512 | 0c9601b7848f7c823d491deccdab26ed01c002445593ef82641ef659014a195a2190d0298337e0b8e22addfc65a3f395fa47a000c33bca76b45c033e8b513fcb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | e1c71f7c04be834f5587230db2ad24b3 |
| SHA1 | f3bab9cb99d9f343bf7ed3981aaa7450515d2424 |
| SHA256 | 9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899 |
| SHA512 | 205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f4ccaaf9745da1bdf3240ffe77bb70fb |
| SHA1 | e6f966d2ab5ebd28cd5d28829cfa0e0ab07f9780 |
| SHA256 | e0f0d2888a2b0e1da1464796af4c0510e2aab0c5dcd2a5af4a766ee8af981f18 |
| SHA512 | e0610a0679a2df3cd4653fd2918fd9c89938fcbb3c03025bc65faa18baf8694b233926c252f66235b3369c748f185e3e8c31162b1da079b0414d8572536095fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bca862d191bc6d77d1672f32f33efa38 |
| SHA1 | 2f437e43a4d692266337781f0ce7854c41ec977e |
| SHA256 | 5c4ebba44d914d153a3ebfc027b82f68dc3847210bb16b9f504ddeca098c2d2a |
| SHA512 | c53f360ca9a620615f866d6c60cdc3b508e53a7f0217f29a767ce6041c8615058c8e85576be66a3725a7476b2b062b9cdf17ab6c20dac38c234f209f84a17315 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d7a79623e766fb940ab42326af296e9f |
| SHA1 | 22cb0e90ed6c9b02d84f8d849d37bbe960b8551b |
| SHA256 | 32fd151a77b7d969b154a28759c7278e8d622a32e1d4030b413c61729e317671 |
| SHA512 | ae91e67dd6de84134e57864e3594480610e33a82dd902a4c1ef058cde49e85a204a5829c539674548196240551d8348a83a36aa25c0a4f7b198d276e9ed84c19 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 72c6c280ad025e246ce11b752b34e86a |
| SHA1 | 21c6226c7e2f5b7156987dabe210f974af171304 |
| SHA256 | daa21d3d7afe49a32b575bcca51560c35dc2bbfe974800d4bf7e3b53a4fcc68b |
| SHA512 | f65c953c057b94e7403f8f659b1ecbabe5cffee62aeddd08a232fb447f7c4c66c5ca64a1e59b1003ade8b7da2d279d0045d3ed3c7cf7d821c183ab0a6c607f2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 26f334fd4bf19ddb2a316679bed2e6d6 |
| SHA1 | 31f00b2ff3400a23b8b8e946d99185598fa6ddec |
| SHA256 | 30a7f4dcb5a57652b021df40c0d83c2cf43a1d7a432263f4843db4fbcff3c881 |
| SHA512 | 1eed56a17a819a13d7d6504ffc90d4560acaea8ac30d7b9e34d7a0dcf8e016f8f11edd509271ca0588fa89a2c093883e2f5af55b0383c0a8e486b2c6f787ef8b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c446e7a468e66622ee5e94c4bbd1767d |
| SHA1 | 5347289c1a624ce82f58537eed20d6c4e8648858 |
| SHA256 | 3edf2ef5e11f14bdbf2038e65ae56aa7755b935dde37084f9c78254162a70009 |
| SHA512 | 5fee8bb2e65abb987106ae0156225464af432f8b736464a9ae2612c9f2835afb389a6606c1d0c612d7ce649f94faf26a216da6acdea2224abc50f97dec125a3a |