Analysis Overview
SHA256
4bd5041476b800767cd26fa4ba8cb0f399ab4c4d81188b1af65ed43c53bfffff
Threat Level: No (potentially) malicious behavior was detected
The file 8b9da9131b0dcca0a1dbe74ec8822a3f_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-01 20:04
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-01 20:04
Reported
2024-06-01 20:07
Platform
win7-20240220-en
Max time kernel
145s
Max time network
148s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "25" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "25" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423434163" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002d335ecea263a541a4e9073e5bd3908f0000000002000000000010660000000100002000000012716c7b9c315f0d7d9f0058fe6df81cf6c23b8be113a53358ca5c4ae7081f88000000000e80000000020000200000005bbbbd12e45027418a610a866eb052a62c35aec5cb92b4997c69efab1bca4f2290000000d265f69880629a538d3a650d78e112b143dca17b37a7fe713ffad010e686c3321bed61d5239b38d0deba081df35ce1e8f299daec6bae2b403c67ce390970a18cd35ab99764bc890e7d8baf9287653ead81e5f1a22c935e6cf2d6d08f4aa79bac883a1bba4af276d1bbe69ee681abfb594f4ca8ffdfc2ffaee69b20f072a0f9e5622cc7aeb05c904b7fa1624e746ea5254000000048c2d91b79c12a65073179f7ccf1e69de898dfebec4f75687bb5c6efa2ce09fae6889d333341e1e0029de253e333b64850f33ef2fc77a04bdab4063a5b70fafb | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002d335ecea263a541a4e9073e5bd3908f00000000020000000000106600000001000020000000af4dcf1a7c3c21fff0a389b8afaa0c1425c0b8b430b4d70940c3adc955ad22fc000000000e80000000020000200000000a209f55c077e64248653d5dd9ab5c8c4ac3113747db49ba2f5acd135000e22320000000d6dd4c20c114031423563c172570cbcb8c49c6c1600a765bb309ea9639dd081440000000f2ca474fce32548ad3326755282def654134d4afc63127d8d831fda27f195e6f1d64f2d3da13f97856132d427a910a0b0b55b6d3a4e155abddc1b70f6ecb7261 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a08cb50f5fb4da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{35298F91-2052-11EF-852B-6265250A2D3F} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "25" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2764 wrote to memory of 2148 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2764 wrote to memory of 2148 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2764 wrote to memory of 2148 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2764 wrote to memory of 2148 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8b9da9131b0dcca0a1dbe74ec8822a3f_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2764 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | executiveretirementplan.com | udp |
| DE | 3.64.163.50:80 | executiveretirementplan.com | tcp |
| DE | 3.64.163.50:80 | executiveretirementplan.com | tcp |
| DE | 3.64.163.50:80 | executiveretirementplan.com | tcp |
| DE | 3.64.163.50:80 | executiveretirementplan.com | tcp |
| DE | 3.64.163.50:80 | executiveretirementplan.com | tcp |
| DE | 3.64.163.50:80 | executiveretirementplan.com | tcp |
| US | 8.8.8.8:53 | hits1k.com | udp |
| US | 8.8.8.8:53 | artificialintelligenceseo.com | udp |
| US | 76.223.67.189:80 | hits1k.com | tcp |
| US | 76.223.67.189:80 | hits1k.com | tcp |
| US | 52.71.57.184:80 | artificialintelligenceseo.com | tcp |
| US | 52.71.57.184:80 | artificialintelligenceseo.com | tcp |
| US | 8.8.8.8:53 | www.hugedomains.com | udp |
| US | 76.223.67.189:443 | hits1k.com | tcp |
| US | 104.26.7.37:443 | www.hugedomains.com | tcp |
| US | 104.26.7.37:443 | www.hugedomains.com | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | static.hugedomains.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 104.26.7.37:443 | static.hugedomains.com | tcp |
| US | 104.26.7.37:443 | static.hugedomains.com | tcp |
| US | 104.26.7.37:443 | static.hugedomains.com | tcp |
| US | 104.26.7.37:443 | static.hugedomains.com | tcp |
| US | 104.26.7.37:443 | static.hugedomains.com | tcp |
| US | 104.26.7.37:443 | static.hugedomains.com | tcp |
| US | 104.26.7.37:443 | static.hugedomains.com | tcp |
| US | 104.26.7.37:443 | static.hugedomains.com | tcp |
| US | 104.26.7.37:443 | static.hugedomains.com | tcp |
| US | 104.26.7.37:443 | static.hugedomains.com | tcp |
| US | 76.223.67.189:443 | hits1k.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 104.26.7.37:443 | static.hugedomains.com | tcp |
| US | 104.26.7.37:443 | static.hugedomains.com | tcp |
| US | 104.26.7.37:443 | static.hugedomains.com | tcp |
| US | 8.8.8.8:53 | use.typekit.net | udp |
| SE | 184.31.15.74:443 | use.typekit.net | tcp |
| SE | 184.31.15.74:443 | use.typekit.net | tcp |
| SE | 184.31.15.74:443 | use.typekit.net | tcp |
| US | 8.8.8.8:53 | secure.statcounter.com | udp |
| US | 104.20.95.138:443 | secure.statcounter.com | tcp |
| US | 104.20.95.138:443 | secure.statcounter.com | tcp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 216.239.34.181:443 | analytics.google.com | tcp |
| US | 216.239.34.181:443 | analytics.google.com | tcp |
| BE | 74.125.71.154:443 | stats.g.doubleclick.net | tcp |
| BE | 74.125.71.154:443 | stats.g.doubleclick.net | tcp |
| US | 104.20.95.138:443 | secure.statcounter.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab3046.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 769103c5dd5b37bf68a9e36a9823ff34 |
| SHA1 | 0afcae8ab2106afdfdb43248e072f8a7d6054fba |
| SHA256 | c44dd32ada40f31146f26086f146d226504f0daea5d4440f066a338335006322 |
| SHA512 | 83c5c71b40e914ef3baa18a6c571d1d9c554fb3ac7498cf02c206fbc5617a0ef51c0b32d3653eeff3178c6f811de6183481b6df2c37b50efd630455e1b0bf943 |
C:\Users\Admin\AppData\Local\Temp\Tar320D.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3906.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 21711d33b26b3b8a691f862abccc597f |
| SHA1 | e03896c0bdd6cdd66c1be775faa5ce9b1ff79d18 |
| SHA256 | 11221e359e6b422abd87132ee68539d36365da45e6fe1ae98fa368069aa87851 |
| SHA512 | ac0e93e84807de79f6e056c5155270d6bf6604a50dc59319028da62afbc348888dd47c7b95625560d57340858d6b62a7700ccb2d62e1697b47232fd083263e82 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f0a301e64f7cd6fbec5c230d3738eb5 |
| SHA1 | 48103de309952a820440f48dcd75e965b9645c2a |
| SHA256 | 1e9dfb74b403ba3846b4d5bec40bc59c940fc11da754230d10d56a52d8e3aa74 |
| SHA512 | e672c66dac411c5f6382d5df32c30e36ce81f87ae3813a71ed3aadaa3532fe03cd638eafd4bcfee94f1bd066f5ed169580d73a0023742bedcd3976bde360df99 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1
| MD5 | c5dfb849ca051355ee2dba1ac33eb028 |
| SHA1 | d69b561148f01c77c54578c10926df5b856976ad |
| SHA256 | cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b |
| SHA512 | 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1
| MD5 | 52d1ba3ca79e57ea295f10d4d899faa7 |
| SHA1 | 2a6772febd4510b41edc3b013275fbb86443350f |
| SHA256 | 2994d4c0c8971e2317205089ff6889e3382478eec3f92338a46c8f55cd0db5fd |
| SHA512 | 20b4882819b6785464c2d7a6cf557eb17c0af6d6d3306830b09f42d4ec1da9a618e166c08fba22fa17348194f74a7da6f9d29121dcb97785a44ff68d0a3cf668 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 704e2858acf7bcd8db78eecabc77b385 |
| SHA1 | b65292ef657cde33be4e97fea19311caa9266fa0 |
| SHA256 | bc597a9e4462e71426b40b3e8516d9f7fdbafd3cb9da9a4819130386f58bec18 |
| SHA512 | 002b00160d522a42f18be33b5f4ca4edd364926938ea29706acb8b673fe77d04b982b62952e27706d255e7b81d1fd70024a1592d3300d054030b9b02f035d66b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d768921a8de481dd603b2cc546bb3b7 |
| SHA1 | e3b9f4abde4bfbed95caf2f00cd8470a06562211 |
| SHA256 | 3c8fa2dd5647fcad68aa31e9d1d6e32b4137a1004e1f667cb99c550aea041ad2 |
| SHA512 | 80ce0e4926b609e5a271cd36d46e7880e648b0c08acc9d313e8cd761a3a6e52ea7a643993e4c745557d59202012618d35b3bb0ab5c65782d01f0d80b2dd57289 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18253311dd8f889176b7ce13b6fc9d73 |
| SHA1 | 6ebbb7a16f49b62704ca5f004e8017125b5d4fa0 |
| SHA256 | a17e081e6f894d6f244d04e6b0154468ef79f2986313794ba1569ef3d8222e10 |
| SHA512 | c974339af310a7a5222fbb4f6d87910dd95025bf5976d0a2fa3a18f9fb277e959340ef82fed41df0a1de7984ddc4c88e4b40c26810abb0021d5bb73e683120ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5088aae8410feaa9dac3bebb4058b2f7 |
| SHA1 | 660505b687495d3cae4b61d15960f83310406fda |
| SHA256 | 66c70c79201a412a89ea72c4bb6b605fd07e0444ec6ada5b03f8fc5eaa5458f1 |
| SHA512 | d71a3907d3d98a8e98ede65c1caaa43839e29fe8013533ddbe6a01d3672ed5db4a809df6e7295020b96494fb78be65051e9a8b3f292cc991224e7a36ca595e53 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e24c2ab36ad48522b9dde481ff06c9a7 |
| SHA1 | 975bde11cfa11e95b10cca2ba9bb39561575d706 |
| SHA256 | 3af66c98f9b963523bef3bbf5d89a3367ab1714d45e6db31ce270d378099953e |
| SHA512 | 212d3319eccbd11143f5945a4fa195c1ac5e771265ad1570eef737785d6e57d4728e411b38865faf6281e33ee923d1c72bf64ebae86bc4fa30091acbfc290f52 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e578d88001b3bb429ac8162ef5c3fc73 |
| SHA1 | d9159bb3d54cb08d6cadf66542c83a836edce41d |
| SHA256 | c36bd9382309feec310e80b813fcf69bb4d0c7cd9c8a7b8dc039311b774b1556 |
| SHA512 | fd4bf0c06f82d380adafbc2702922d5df6b675f41a43d078f253694282e45e3fe2f1032e637b0fee722caa048a160e97bd4bfdccb60683776077ffbcea69b956 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf51c237fdb5b43135f15726e9e6ffeb |
| SHA1 | 158d3127b463769a26393d6e36519d7e716fd87a |
| SHA256 | 0db9f73cad61bc302e8af71619ae4b6abc3d3d3a8acc49d60f0cb99ac0b427c5 |
| SHA512 | bd80354e63408f7cac6145b3a4bcf9207b0307bdd99c9cac6f51d4552c78c2f3837c335fcbddd230c3271a06888814838a64644cf66e09e6d104ccbfacf79b13 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c23b141e1451636c9558bc63f1b001fc |
| SHA1 | 3f6bf57b599a148e1f201e54b7cbb581d660caed |
| SHA256 | 40341e50390906088c00a4ecba7d73c88acbbcdc6652d0baabab89ae6a080feb |
| SHA512 | 1f81ab801593db7905fd624a047ead1b69c8fa41a41889e7d0b37a109085faeda7f20de85926a2b8bd2383a6864ffea9948d5cf935eb7bcd7d8fe48acb7825ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 65ee5b864970b85a1f12a6262d65f0f9 |
| SHA1 | 5d834e8684a647fc31940a30bfbb21c131d10f9b |
| SHA256 | 171d9d42debc379cf2577c215e9dc21fbf7207485351f7bf5e9339fae178487c |
| SHA512 | 2643aef25105d970be27c88b8b04ebabebb58c89f3e781618d31e88015a5bd5abf53b2f758d3852d91979245ca1eb99ee17bac8390de9ade275d7d8af967d44e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e74fdfb3f9b0d212577fd628942337b1 |
| SHA1 | 658c66829277470ad3b44b5e3e0edb3e59c6a448 |
| SHA256 | d085740c486c148d5463babf1826a06d05333f8bd27eed061417a8158658371b |
| SHA512 | f2d8aa99be2242e0eff1840fcdf5d28d4c6b632cd7405dadf3cc239848332ad7297263f56cc90e4f677d8be35a06d3ba810dca4e743d94e8d8189fecb0457b7b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b7ff4f421be0ac22d4742efc9e300b4 |
| SHA1 | fa8a006ff2f5583caf993b001093937f2d2ae8ae |
| SHA256 | 507d8d4b38cb32c3151ca610a2dc8d9210559871877c753c2ce902af3cce0f52 |
| SHA512 | f566f930bb93c235abc82d88c21242a5dc31bfba925458461a0e39094d03613840a2da66948963c19bb20472ce46439a2209c484bcd814f98c6a11da63013a3c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f57bd2bfb7738a9297abed4ecd83fcb3 |
| SHA1 | 3f2743738734d3d4ab26337e15d7690734e00b27 |
| SHA256 | 638891814b5e6bdf1d1d7e653208149d49b0d1a843fa2753617874e85a49d0d4 |
| SHA512 | 8ca3b1676b4137ce7654b812403217dfd35aa7a86b9c6583f546c8e95e5e05215e8a7c17b9bc3061a1c1d36e28b982e71b63b3df4c40dbab964dbfb8ec1483f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f78122affda86247278649c986bf52f4 |
| SHA1 | 9fa1d86cfd2c0c87f46ba6c0d64f022dd863e251 |
| SHA256 | af496ad202739d971916a0c05fa180ada9d7f6d1ee521e463d20ec1713294970 |
| SHA512 | e6837ce881786fffdae58f61f00cc3046869175a427bd8637e0b1007838b70fb331963c4ec656f73aa9e9ab73c245982c9e26a3bb6c2236519c2df732723e072 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 366dfebd349433a4226767c9ca0f3f05 |
| SHA1 | 0102cb3237f915beada270288f84bd3e17b1cebb |
| SHA256 | acbd7efecf95974b1d43783130698b289fce4c1cdceb26ce3b80ffa3edc619f2 |
| SHA512 | 24b11c5be0b743cc6d32a8bcce11c1145ba17460b68636594e107bc2c66704b5f92fa49c4074050ccdecd959b9ef688c50e559a0afd5a69892703c3095764e48 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5dac313dedcf0ceeb8a7fecc20495974 |
| SHA1 | a39ae34971fb64ace625fbdb74b442042ddb0283 |
| SHA256 | 242723ae29009ee9ace366e2cce675892e8c30a6c80d1698c4ea81df0a9292d6 |
| SHA512 | e3b4b222ebb74b69f834f342f75fcc1a6b0eed2c02e0ddf32e1b8078e974084fb4bc1ae7ee4aa15ef4ff51f6ae67f88772df7bee6c74d0cc34a15d5a922953a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ee520035c6f20e2931b4b9d7aba274f |
| SHA1 | d27a59a6e6774b25185ec09f129ea279a94b8213 |
| SHA256 | aab5d40480bfc94c0b9fb24927d3c8a9e52f41c962aec071236dafa796a71baf |
| SHA512 | d4d1e07145708f0188c0c7696782e7170dad1773c18df93afe22019c0c1898b192f7b1369eb83e9e1c16e2ef669ac2d4b354a716b85b8d454e1ede45fb3a23a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 26da15da4bdc3facfa51dc09fcd76f3f |
| SHA1 | e529e427b8aae7912607752002c26ce68721a17d |
| SHA256 | 14657a84852366f9fc0b8e61a895e607ac9b22e986d4facb6a3bd3ca668c09ab |
| SHA512 | cf514b145516ce98896d3d2f134f068d1241b4f4fb670f61afd0506227acea460534c3a0bf73f8cef63893c6abd15a43821110a260fbe55ebc5ec5cb335d5bcc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9cebf08ffee47c06151d9a605433f5a2 |
| SHA1 | 39e1cd1e4834e19689a478990cb5313cd0db8800 |
| SHA256 | 53e41c7bcf5f20229eddbd346dcd7d7a1331c7251e1aa3ded46372847f7bb200 |
| SHA512 | 9a82934c42b2dacdd5644ba9c94e7d480e9c71436db58f8ecb1671d37bc4b60b10fe0167ef39210baf3c7e9957ae7292b416613315710ba1e60dca4d5c3c83a5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d7cef12d489409f4a6728674f4119b62 |
| SHA1 | 752f4cb4fa8252ed48a5920b941747c8ed677fab |
| SHA256 | e839a1dd88c0b198e5a9590ae0189d5f7fc1f3367c32be5919c0e01658ed00b2 |
| SHA512 | 25d38cb029f98ea1685fe4327ed77dbb8bd82a110f281ea62516c6d7d2929bcef7f1fa6e6dc0d7ba9008a082b479e3083d3339050fba87f2f743a3e87ccca2cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9635dd65386df5710e30a6e4fad43bcf |
| SHA1 | fbf7763c4d706d8378ae224394a213a71433c89e |
| SHA256 | 2f3a00e0ad6ffa3caa38c783d99f9c88f4ec2f8bc9874bd96a94e6a63bdf1fcf |
| SHA512 | 2a85120fb8a65cd3e01805b28d23d92a867b9f0487ccce68d8718fc5520848c5accf5e27121feb4012bc0064ca7a491c322fdf2527a3c68a87e1b176fe137e39 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09b7a28dd89826529162b1adddbdeed1 |
| SHA1 | 1cddfde8d09a0d69e4b06f8778209e26b3ebd696 |
| SHA256 | 83ba7db68191d29385681681aa62718e038e2efb72482f8b86c2548a581e12fd |
| SHA512 | 5dffdca648aa720ff9ed9ee0045101f9612c1ddf42b7e576a06f149138d858f4f12ce3c2b87f05999ad4b49d21db21c21141e8f4a89d886ab3a79a69d52db9e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa99d247cd73c479a52a0c6c65aea5ad |
| SHA1 | 6e4932c078f76a00258fe645f2cf95690c2a782d |
| SHA256 | 3ab0ab182a2c3a35c4478882efa8cc1479246558a311fe986623f3ae6e8772c3 |
| SHA512 | 39c23e8b57b03d14870aebe94856feb3e50cd597fe2088b1402364c5f9a29fc45f83e86ed5f755c50fa585f7fdcfdb7bf89653dbfbc9937dadb2480e44b33ec6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c58b4330ecd7cd4e520b5f7e01b38b63 |
| SHA1 | d92a0b1a9c719bfc749ba669c8c60949f0b14b83 |
| SHA256 | 8f28a1da4e0111a77b6dce6ffa7f044996db15d9b99ce20de07beb8cdbac0090 |
| SHA512 | 9dc5835b022d65a9ce076826365a5b065a912e6058edf775156be88c47e4e015dd614dd519702f44b1b6f1e4ffa5424b9a6865362e70cd3b2f422a85acbcd3e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 247d8ff672f82e640bb969361b39524d |
| SHA1 | eddb624942198550e3e8c9af95b3e03ab73e114e |
| SHA256 | 7646a29d1f9d5e800fe471601092f2ff1e825235e81311165afb7b8740bd6a89 |
| SHA512 | 9ae58d30d0367de2e2c405d985331d3e780051fc2a046e58189d167e7af3d5b903e69a2f7d8012c33f1cf485b8aca9c47289cab5f7bc77ac57ebad057d6cbc92 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4cdbc1b1648ebe61d6ddd73a02ab7ea9 |
| SHA1 | 143a010173b1c3ae2560790eccb8074f75d22921 |
| SHA256 | 2546343a6ac226aa44d1b85acd8b17c2cddc686fea1fd74c1fd200da234015db |
| SHA512 | 2c7f76f72fd71c862c73b0304230a6943e024915d18500967ac737e571dcdba9d5edced17f7ef53b3629f7185cc306ca0f926a67dcc7df061dce3c82d93597c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b93f0a864e8a1ba2df65d55fb0b8bbde |
| SHA1 | 93f886f2e10d1908ddfe2331fdc38cec653a9edd |
| SHA256 | 81a98d940a934bde2599330843bfc39e855beb0106ef9efd9a5405597863be52 |
| SHA512 | dad3d0f52fbb5a1e7def979914f8959f39a229578ab623356ab5dd13a857844e324aaea13e4167a3a52ea2ec3c0a3d60bf378125e6a88f98a63351c4089e8cb2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed2ace1217a19c02d1daafc9eb6f8f4c |
| SHA1 | 3724f064abb8b6357fa4502794b7c3d84893cfba |
| SHA256 | 27b5473e7553466fe62ae7d2b2f95d946e1baa6e9e8ea86e5d2a8ba5c93a3cb6 |
| SHA512 | 0b4a430dde430593b6cb665b484b58e4e5d83a95aa122286f60655081c167fdc2c3863534bbb4016afddafae5051a0d489ef2305c4b53fae19e8acfc93695a6e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ab81ba19e3d90b7e92d4cb041ca05a8 |
| SHA1 | e37a3f619f77a90185119b415eca31db85aa80ba |
| SHA256 | c6d82bc5b7515c6f4ff7be74fd897c9cfa3ecd7f521c2cb80e517f67403b0cdf |
| SHA512 | 3f6e9e607175122105467a2bf2edf9e129e4c5fadde46800e1ba474a3e9ec82d890c2247d23cf4f8eda56810f676d6f1267e9838f392f3b373bca0be3c11da44 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8cfee6ff88bafafae30567c9eb9c10a7 |
| SHA1 | 0dee1a09170d8baf379a74b4a9823186fa35bfae |
| SHA256 | fb2a4374f6ff491b3ab8b6e246592cd65808fa2975d73666c308766cfe93cac1 |
| SHA512 | 190f2276b54f283253d3af1da488f1a57e89c01b4a15c60e8d54c7af54b1a45100b49d673b1b2ecac45a4471b3c2b6fbc7d6216632f1707cccba1e899563266e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d2eb8022b63fda8e36a58e404dd4138d |
| SHA1 | b0636351ed0dc29a573c2e80d6a9d476b92d00c0 |
| SHA256 | ff68c666ddd30cd8e864900b846cdb0175a91183d2ca07de6597fbc3d99aeb0f |
| SHA512 | 884dd870b6354671893d38cbba9d01e19fb9de4d9fc2e66660ee34c6c8ae8d542e6d07dbaffe511494fa5ac7760593a9a730e23b52a1b52ace4fd248610223c8 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\recaptcha__en[1].js
| MD5 | 4668e74b2b2a58381399e91a61b6d63d |
| SHA1 | 89ebf54e996e46f4b1e26f6dcda93bad74fc0a1c |
| SHA256 | b0e3acc54460721385d2e472dda7288382f2766a06b38d2e732d034619f9b929 |
| SHA512 | b2ead3410dea89b658bfb0ce67842569641cd6c29889ecfb223a83637600b82b0d2e55cec26750593359663a22896f5da91d3df9f085c204803cd646a7cabc28 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4882281b01729ad16e871738fafc5941 |
| SHA1 | 11e5b36034581f55af6e27af21ad881549fa5b71 |
| SHA256 | f183d09d8a18c1152bb98fb8f07f04b8e76e6046db0df9654e59a478a22c521d |
| SHA512 | 1e9ba33c5fcb20ea0e3a13cd9bea15d26a8e979a3a87ff05a25e8a3d923cb6e929ab91ed012de4824eb5a1d48f766de0102711a7f2ed32fb675ba2bc6f4a9ccf |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\styles__ltr[1].css
| MD5 | 5208f5e6c617977a89cf80522b53a899 |
| SHA1 | 6869036a2ed590aaeeeeab433be01967549a44d0 |
| SHA256 | 487d9c5def62bc08f6c5d65273f9aaece71f070134169a6a6bc365055be5a92d |
| SHA512 | bdd95d8b4c260959c1010a724f8251b88ed62f4eb4f435bde7f85923c67f20fe9c038257bb59a5bb6107abdf0d053f75761211870ca537e1a28d73093f07198b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e52820e8372c50ee57ae789b7e3f7f82 |
| SHA1 | 3dd54455cd3c574f658a179ca0a32b32e08cfe4b |
| SHA256 | 193189ab8e84279cb15286011b474ef5a1d59473069761605f70726fb1fabd66 |
| SHA512 | 7ea5efe99dde97709b9fc6c486722fd1908444989cd9923a67455928121d705d39548c7df482577eceae3c5ae30e1b56f2954674f300bac6efbf923afdceb9c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7e25060f0b85ea701bb92d9b66deef4 |
| SHA1 | 9032d750b91b7367b34f384804f123c987c4d6a7 |
| SHA256 | 1088ed423ff0d335bcd8b4dadec384baf33b369fdd02bcf37b356caa1ecf76ae |
| SHA512 | d30d1d8b9ef64bbe9b2a58fcbcdcf1997abbeebdc80cf06314350db06e86a9661fb7d07c603fbd4d28c17d8b4b93eccfda80944a1f25e7fc406b6550e4b5d514 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4855f0ebdbdbb44e194a5928a2a8e75 |
| SHA1 | 7787cbd6dff7f9aefef31ac3e0a5fe5626c4c7ce |
| SHA256 | 2fc6e442880ffbb82da1d365b2e50a2e90033206bb36775e41d252f55bafbf95 |
| SHA512 | 5f4697362f65add61ec0332191aae83f25a2c945eb04618b2b4d53c66f19eb45c1863a3162d31dc7aa34438b7c2101450612f16278bbe876ea6ba2cce80fcac0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5601e7492d305322f3354ea34fe58fc7 |
| SHA1 | cb6522bec0bc4ee0f4eac8963ef53e12b1e74ca3 |
| SHA256 | 7d1b01f14abee4aa81604b2cb6319916631d0eed68d94c6258a35700535acc6e |
| SHA512 | bc0f13de3e3ca50669dccaf5714a9b3e6961e276d27dba541cadfe131bd48c8ef5c7a334c14a87b5234c86f8554487fbd42790f56af3333b20d21d20eb68c0bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf3f28088e3f230280256624435b81d2 |
| SHA1 | 770dc9874887750e92133026b780fbb3fa910757 |
| SHA256 | 9f97b6e776be65b6b710666d034dc1db58c528b68fc9c97599a9fa2524e32d55 |
| SHA512 | 2ad83c1b9e2bb078c19ead1eaee5c523137bbc5ea85e23224d33b38bdbd84951b0582608ae210aacda46ebc257f1dddd4a07ae3d232a819f93709e6f2241224d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06acaad6a0867a54d2554c5192d6b1a6 |
| SHA1 | c072226ef3bd6ca155cdbc68d618bf7ae50efae8 |
| SHA256 | 3371b523249b891ba6ecdb203876e9bfbec50ca7d1eb881d02b749038f653223 |
| SHA512 | 48c5e2effa74455196d038e45a2a3a4c74355afb2f2d78aa92197addaf5cd3f0af1c195183182bde52f973b1885c91587c33b18ac85d6e814417cdec94bb2902 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10b008cc1d980a504cbbfbd6d29cb899 |
| SHA1 | ec2a1b8f339098891ee6421db29ddf982752ac4d |
| SHA256 | 7d4f6e9c41a4fc4cbf91cb56139a6ed678afe9c71bef343aec7ad7e964a905c1 |
| SHA512 | d3c935ee28a73ef707331c93a02c0bf5681e2030cbfc84e7f7fa43c5e949e8e85c85683e81d2e3c627d5970088d4232aa92113273c87d3250ccacee94412601e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cfb95b1f76bea13aaf7da3f9e48c9848 |
| SHA1 | 2fa10fea1d2f006b1dd4ee935f7ef874f8381b04 |
| SHA256 | 08e4819bfcd875dd08d6b0a169bf2795e69a207213f6f4b8e8a63b55e1e38fa7 |
| SHA512 | fae9a8138986b6442e4fb5eccf4934ed4f2231883953c4187f8197f423f1b61cfda95004b74348b3fc02cc7dada68d8e14bf82c0f08ccceca053671b3bd199d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 9f9494f6b84a88574a00feb464c94472 |
| SHA1 | 40057934f0b66569a234febb256085bc34284968 |
| SHA256 | a833e31414117caffb75a2c72970e266c374266f80a355d13b84ba06fc98f93a |
| SHA512 | fb1190581c69cd481c995b59b6480aafdb266e238be136d11ba9b84a291819bd26e01009d2cd721d64173cacd84df4313d329db5d1ef3f07b868a1b46132c65e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f047880b0d5397ca9cb569ab9454033 |
| SHA1 | 9f5334fe414eb794b3f3b92c53abcf25229b2431 |
| SHA256 | cae7227cb53ee581fbd0bdbd3bbd4fc4734c222139237dd0505f181542288408 |
| SHA512 | 207515a98ac27c5744581f65bb6730f972810663bec1d089aebf438b9c57041a1954861a3912d259f19e507de84af3b0ddbe803f507493f5716d148748033752 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 658fd198b748ad074602482208d62a23 |
| SHA1 | 48dcaa609793ad3a175936fd5f82b8eeaf80b5d6 |
| SHA256 | f71c2a1a45f371f1220cb69a3ab0a10d2bdb8fd26ff94a8c7b83f5f6a7e7ba0e |
| SHA512 | 8923f9e6771091eeab78e3add6e173ff43a47348ef11347964a38d1342dcd9d86fb6ae2e85b8a4e31d7de115ba3b45b0d4ff0ba878b54acec2947463adb62b15 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00cbfb3dbb5c0334532df0d581212960 |
| SHA1 | 451d8b3c40323734e6e8115d66975a15067ff59e |
| SHA256 | 458d6c0a2de2b8eb4de062aa8d5520bbf5b19da9d9ffdb7042bdf3f5d9b2f964 |
| SHA512 | eca7daf1d4f856d2bbc677a4f6b0e3dd25d2e1ef0262254fe0b87bac91e41bb38f3280530dcfc19d01d596850186c9a46ff95b52468bd913413cc614b450da3a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 83c4593c36f57d93d35c044a5c262b73 |
| SHA1 | be8e0894eec323d34e435b1fe7035250f3ad1d7d |
| SHA256 | 059a9beaee2814bf3932f89d00061f8b273a6d3ea17fb7730e9033acdbec9ab1 |
| SHA512 | b5fa58eabeb6fcdfe6b794a1fbabef98882bc86a5fb7a4e6042086d3e12fa5b8499ea97db155e01e573393843fa770d532a4ef80a914483ce6552c09f6cc53d4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae4fdb2238001d8badda6377a5aaf99b |
| SHA1 | 982e10b2ff0a5b5084ac73567db359d24ac5cf41 |
| SHA256 | da87eaa50102c59642ff92a6d2b8f38ad41de0b71e52e7dee0e8488a0cc727bb |
| SHA512 | 8f0409fa8a0982cf3ba09cadd1f22a505e1e01f3015a54bdc96cc8b166439fc6121dbced7c380ef1425aa59204c857a2c8ebbca0dfc28dda347252ef5eb9ab3d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-01 20:04
Reported
2024-06-01 20:07
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8b9da9131b0dcca0a1dbe74ec8822a3f_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdadfc46f8,0x7ffdadfc4708,0x7ffdadfc4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,17510250250698251015,15115090074022471504,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,17510250250698251015,15115090074022471504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,17510250250698251015,15115090074022471504,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17510250250698251015,15115090074022471504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17510250250698251015,15115090074022471504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17510250250698251015,15115090074022471504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17510250250698251015,15115090074022471504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17510250250698251015,15115090074022471504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17510250250698251015,15115090074022471504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17510250250698251015,15115090074022471504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17510250250698251015,15115090074022471504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,17510250250698251015,15115090074022471504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7132 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,17510250250698251015,15115090074022471504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7132 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17510250250698251015,15115090074022471504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17510250250698251015,15115090074022471504,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17510250250698251015,15115090074022471504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17510250250698251015,15115090074022471504,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,17510250250698251015,15115090074022471504,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4872 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| GB | 142.250.187.202:445 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | executiveretirementplan.com | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| DE | 3.64.163.50:80 | executiveretirementplan.com | tcp |
| DE | 3.64.163.50:80 | executiveretirementplan.com | tcp |
| DE | 3.64.163.50:80 | executiveretirementplan.com | tcp |
| DE | 3.64.163.50:80 | executiveretirementplan.com | tcp |
| DE | 3.64.163.50:80 | executiveretirementplan.com | tcp |
| DE | 3.64.163.50:80 | executiveretirementplan.com | tcp |
| GB | 142.250.187.202:139 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| DE | 3.64.163.50:80 | executiveretirementplan.com | tcp |
| DE | 3.64.163.50:80 | executiveretirementplan.com | tcp |
| DE | 3.64.163.50:80 | executiveretirementplan.com | tcp |
| DE | 3.64.163.50:80 | executiveretirementplan.com | tcp |
| DE | 3.64.163.50:80 | executiveretirementplan.com | tcp |
| DE | 3.64.163.50:80 | executiveretirementplan.com | tcp |
| US | 8.8.8.8:53 | 50.163.64.3.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| DE | 3.64.163.50:80 | executiveretirementplan.com | tcp |
| DE | 3.64.163.50:80 | executiveretirementplan.com | tcp |
| DE | 3.64.163.50:80 | executiveretirementplan.com | tcp |
| DE | 3.64.163.50:80 | executiveretirementplan.com | tcp |
| US | 8.8.8.8:53 | hits1k.com | udp |
| US | 8.8.8.8:53 | artificialintelligenceseo.com | udp |
| US | 76.223.67.189:80 | hits1k.com | tcp |
| DE | 3.64.163.50:80 | executiveretirementplan.com | tcp |
| US | 3.94.41.167:80 | artificialintelligenceseo.com | tcp |
| US | 3.94.41.167:80 | artificialintelligenceseo.com | tcp |
| US | 8.8.8.8:53 | www.hugedomains.com | udp |
| US | 104.26.6.37:443 | www.hugedomains.com | tcp |
| US | 76.223.67.189:443 | hits1k.com | tcp |
| DE | 3.64.163.50:80 | executiveretirementplan.com | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | static.hugedomains.com | udp |
| US | 8.8.8.8:53 | 189.67.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.41.94.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.6.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | img1.wsimg.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| SE | 92.123.135.91:443 | img1.wsimg.com | tcp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| SE | 92.123.135.91:443 | img1.wsimg.com | tcp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| SE | 92.123.135.91:443 | img1.wsimg.com | tcp |
| US | 8.8.8.8:53 | 60.41.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.135.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| SE | 92.123.135.91:443 | img1.wsimg.com | tcp |
| US | 8.8.8.8:53 | api.aws.parking.godaddy.com | udp |
| US | 107.23.46.110:443 | api.aws.parking.godaddy.com | tcp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | afs.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.46.23.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.200.250.142.in-addr.arpa | udp |
| GB | 172.217.16.225:443 | afs.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | afs.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | use.typekit.net | udp |
| SE | 184.31.15.74:443 | use.typekit.net | tcp |
| SE | 184.31.15.74:443 | use.typekit.net | tcp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | p.typekit.net | udp |
| SE | 184.31.15.48:443 | p.typekit.net | tcp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | secure.statcounter.com | udp |
| SE | 184.31.15.74:443 | use.typekit.net | tcp |
| US | 104.20.94.138:443 | secure.statcounter.com | tcp |
| US | 8.8.8.8:53 | c.statcounter.com | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.94.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4dc6fc5e708279a3310fe55d9c44743d |
| SHA1 | a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2 |
| SHA256 | a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8 |
| SHA512 | 5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13 |
\??\pipe\LOCAL\crashpad_2692_HDGDTKLFYYDVLCFE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c9c4c494f8fba32d95ba2125f00586a3 |
| SHA1 | 8a600205528aef7953144f1cf6f7a5115e3611de |
| SHA256 | a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b |
| SHA512 | 9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5dff60361201b4e8913b65c778e07d73 |
| SHA1 | 8f5efe48ccab8ae73e5f26386a3becc2f28261be |
| SHA256 | 1d019dd7e0f2ae0ffee584d934cb1345dac569f674cae38e57975dd9e4c0cf64 |
| SHA512 | 727e144c81ba4eacee22d66a3364d7732a6dab82d853161db4edbd1a81005885f5e9ac62c7089363115fda345ed66a213946ae2e849f77003e358b3415073c45 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\74969b94-a1d4-4efa-a514-b2f342c7f56f.tmp
| MD5 | 5a3942aef6bc41483ba90b494db22a57 |
| SHA1 | 3cdf83c2bad5e65d1c4237bdeb0045f88f68a469 |
| SHA256 | 122cd17ccd253d06b62bcf8a5d959f6b2ab9dcdef229ac3edfb83366ba08211a |
| SHA512 | 5f237fce5d0e29063471ec2234c10a1145efcf0a1ea9c7844cd357117376a9ea33fa7103b9c85a834cbcbe210accc825640dedde4ae60a001bb7d5fe717de593 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dcc997b07beaf1c905016a72e45c4d77 |
| SHA1 | dd909b53d71c6c7a23b15ff9bcf69f47bf07b54e |
| SHA256 | 9b78a7fd8615cadd8060504d2050e28b70229cc5ccbfaeedcc7f37513501a679 |
| SHA512 | 4f1bd47352cc94902a7e56d70d79719677c21521ad0ffc1df6f478f28006c39835cf2c40b93f509315b526a5c5886546e7bcfc35384eb724e80d628c2c570639 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 83e7fcfab9f09e5cce08bf69502c7245 |
| SHA1 | 3e604ccb99c0bfb5908d4b87ed6e1d75593984a8 |
| SHA256 | 1e3f4de8292c19258f7aec49b00a6dcfe127ba1c70a2e2574d4c518993c56e28 |
| SHA512 | 3598f5af2ee7bd9a82f7c6cde736f8c76c020c3e84b927f42b149e2181fbba4ecc8bf545f0cbe66bdd555707f1605917a8d8b5f7877624d56052446ec0ce2289 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | f998b8f6765b4c57936ada0bb2eb4a5a |
| SHA1 | 13fb29dc0968838653b8414a125c124023c001df |
| SHA256 | 374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef |
| SHA512 | d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d2bb693233be63af8cb5aac14655f6cc |
| SHA1 | 3f35911146334010496cf418262adbb3178fad09 |
| SHA256 | a47900d3ee7f4cc3654da00f951bbec447d734575fdaba35cbfac86cb7097fc6 |
| SHA512 | 926bd701a70a54c8ee16e0033fe4555feb9f7cacc7b4cd1c1f7177083fdc289124e75992c97bab0d9b7de289b923b0772a4afef844305b9b5b1c08cf14265b25 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b197d4d361a97084f8ce68a1cf6a4d4f |
| SHA1 | 15059b77791b414b6368f37cd58f3189be272496 |
| SHA256 | 01eea1ce83323916b64bd1abe97281818b3baa682e05897cf204bbc33d6549d3 |
| SHA512 | 078e68fb3b9f81048a067a431f674f49ded71c669457444ff1107c369f14840a890523d8bd701ccebcbd4dc080e080bbc8d4fc255841f62ed704009028a3be6e |