Analysis Overview
SHA256
988ad09b79e71861c7b80f1f4ed8c11d83569c3629c1dfdaab11f0ca87dc3ceb
Threat Level: No (potentially) malicious behavior was detected
The file 8ba290fadcb88ff82a0cbbcd07e633c6_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-01 20:11
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-01 20:11
Reported
2024-06-01 20:14
Platform
win7-20240508-en
Max time kernel
142s
Max time network
143s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000096d44e218791689ba15740e8cf2160f31077138c68c16c126f84e222f008103000000000e8000000002000020000000a4bf210cf829d5a0edc82f3ab0488f576628214d6bcb5218658db2fe29173bf72000000044b7a358cbe439c18ec542db6e778fe3d08a1098b45efd753579e9ac7343cc3b40000000f7622d8f231f2a9d1d4bdfe76ae14daded37261df78474b8666427f675d5c51afc4627f3b7b4032b0b02e2d57447fd6f27e9e25a68652b57b6b057c3d6288a77 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423434567" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "18" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "18" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "18" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000002dbb1588bfe3c1d5cf95c609eb4b36056eb59f3d66a9fa9b310b76f3e28259d6000000000e800000000200002000000076dc2fcab27d8638a0fdd4c670e812f695b9e547128bd055e93e0458bf9469b690000000ac3dfb0005d74d0ae923582cf7c8ab5ed43509888448861fa6d393ebc937071c8aa9ad3722e272b8ae48d55db602764f1c33aec4eba26fe3b47f40ad9e17881328ad84604b78187625798d713f7f4b8e171d37be46997fe3171436436834c250426f1a5c28c66c331242679aa24633d1055f650b78ef653e14cf722cdc4f7b2fb5d79f2e8dd1d7b113221ce9c97cc8684000000061c296e3855c61f801fb26a9513b85dacc12671f418afd41796844609324d1d087c2416226729daa9603299c372309ff63a338d598989aaa9f43a0d246386732 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{285E5561-2053-11EF-9449-6200E4292AD7} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 807bb91860b4da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1520 wrote to memory of 1532 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1520 wrote to memory of 1532 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1520 wrote to memory of 1532 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1520 wrote to memory of 1532 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8ba290fadcb88ff82a0cbbcd07e633c6_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1520 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.footytube.com | udp |
| US | 8.8.8.8:53 | indexsa.com.ar | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | edge.quantserve.com | udp |
| US | 8.8.8.8:53 | s.footytube.com | udp |
| US | 198.185.159.144:80 | www.footytube.com | tcp |
| US | 198.185.159.144:80 | www.footytube.com | tcp |
| US | 198.185.159.144:80 | www.footytube.com | tcp |
| US | 198.185.159.144:80 | www.footytube.com | tcp |
| US | 198.185.159.144:80 | www.footytube.com | tcp |
| US | 198.185.159.144:80 | www.footytube.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.66:443 | www.googletagservices.com | tcp |
| GB | 216.58.204.66:443 | www.googletagservices.com | tcp |
| GB | 172.217.169.42:80 | ajax.googleapis.com | tcp |
| GB | 172.217.169.42:80 | ajax.googleapis.com | tcp |
| DE | 91.228.74.244:80 | edge.quantserve.com | tcp |
| DE | 91.228.74.244:80 | edge.quantserve.com | tcp |
| US | 198.185.159.144:80 | www.footytube.com | tcp |
| US | 198.185.159.144:443 | www.footytube.com | tcp |
| US | 198.185.159.144:80 | www.footytube.com | tcp |
| US | 198.185.159.144:80 | www.footytube.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 198.185.159.144:443 | www.footytube.com | tcp |
| US | 198.185.159.144:80 | www.footytube.com | tcp |
| US | 198.185.159.144:80 | www.footytube.com | tcp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| US | 198.185.159.144:443 | www.footytube.com | tcp |
| US | 198.185.159.144:443 | www.footytube.com | tcp |
| US | 198.185.159.144:80 | www.footytube.com | tcp |
| AR | 190.105.228.129:80 | indexsa.com.ar | tcp |
| AR | 190.105.228.129:80 | indexsa.com.ar | tcp |
| AR | 190.105.228.129:80 | indexsa.com.ar | tcp |
| US | 198.185.159.144:80 | www.footytube.com | tcp |
| US | 198.185.159.144:80 | www.footytube.com | tcp |
| US | 198.185.159.144:80 | www.footytube.com | tcp |
| US | 198.185.159.144:80 | www.footytube.com | tcp |
| US | 198.185.159.144:80 | www.footytube.com | tcp |
| US | 198.185.159.144:80 | www.footytube.com | tcp |
| US | 198.185.159.144:80 | www.footytube.com | tcp |
| US | 198.185.159.144:80 | www.footytube.com | tcp |
| US | 198.185.159.144:80 | www.footytube.com | tcp |
| US | 198.185.159.144:80 | www.footytube.com | tcp |
| US | 198.185.159.144:80 | www.footytube.com | tcp |
| US | 198.185.159.144:80 | www.footytube.com | tcp |
| US | 198.185.159.144:80 | www.footytube.com | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 198.185.159.144:80 | www.footytube.com | tcp |
| US | 198.185.159.144:80 | www.footytube.com | tcp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | 24b31dcb612ecc13247a0aa61ee81d79.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | ec2-23-22-102-201.compute-1.amazonaws.com | udp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| GB | 172.217.169.65:443 | 24b31dcb612ecc13247a0aa61ee81d79.safeframe.googlesyndication.com | tcp |
| GB | 172.217.169.65:443 | 24b31dcb612ecc13247a0aa61ee81d79.safeframe.googlesyndication.com | tcp |
| US | 23.22.102.201:80 | ec2-23-22-102-201.compute-1.amazonaws.com | tcp |
| US | 23.22.102.201:80 | ec2-23-22-102-201.compute-1.amazonaws.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | d39mo2c4ydi49l.cloudfront.net | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.179.226:80 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.179.226:80 | pagead2.googlesyndication.com | tcp |
| GB | 18.245.158.97:443 | d39mo2c4ydi49l.cloudfront.net | tcp |
| GB | 18.245.158.97:443 | d39mo2c4ydi49l.cloudfront.net | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | fe0.google.com | udp |
| US | 198.185.159.144:80 | www.footytube.com | tcp |
| US | 198.185.159.144:80 | www.footytube.com | tcp |
| US | 23.22.102.201:80 | ec2-23-22-102-201.compute-1.amazonaws.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1D62.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar1D84.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 920581f95a2585a677d93a10a2ef8e7d |
| SHA1 | 39a696ef24bca7a671f68891f1e1dfdf4c369397 |
| SHA256 | 0d054fb16dfcef2709ea59d92de6ebb2dbe13a65131d83b05390ee4c3af31106 |
| SHA512 | 4b13f3931dd186f6d3285d8fbd88b11165825e0c3a5bd9dbea49d28576e44e0bef9cb73488d8ee2b78087159fd5ea20b912cda1c89b2ac773307884c3d08ede3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
| MD5 | d4ae187b4574036c2d76b6df8a8c1a30 |
| SHA1 | b06f409fa14bab33cbaf4a37811b8740b624d9e5 |
| SHA256 | a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7 |
| SHA512 | 1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1E09.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe95cd88ecf1964f427485b5f7c6876a |
| SHA1 | 52f5827ca9165c432b98536a543814ea9c420550 |
| SHA256 | 053a967524778366c5b07f8dddca0e29e25326c89e5539cd487097dfd17937fd |
| SHA512 | 022432fedab0729f3de814fa898b2ea673d87288d279fbe6e659999b13c511f9c3f04d149eb284d0434ee4fb1b3237c2e973f2fbbbd9702e1eed22e324db1d32 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f1d2b6bac9492b5e627a3da718b8b249 |
| SHA1 | d0bc7df51c011258e12aa46b4e3e61929fa75161 |
| SHA256 | fc28775df8261ce5f16ab67f0ec263d84f44e62b1156e9f83372844916188808 |
| SHA512 | 9452ca0c26d893ff71dd70124a3eb9eaaf3f45fbea0e683b398c41cc3b247d0bccbc610fae9cc682d1fae19ad592b9c5e3fbf25f21e2b0fb34fb91ecc5140774 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | febc0c801f20b51eb0c1bbd9be7a567e |
| SHA1 | b015f5e3491a3c0abb9865b0bba3e143f7c308af |
| SHA256 | 27e9b929cfc7c630cdb05cedc1ee2e24e82a08cec0d143b8c4d65cf454a5b4c0 |
| SHA512 | 5ad76da58fb53db888785cf68b1506bcc5b3697752dea8c9122cb84f5175354f1604e50c3fce8adcbaba568cf67c69d25fef4bc08effa6f89f33f26c880bb187 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bbaadede4bb6114f18d0a4a6a1a32260 |
| SHA1 | c2ca7b7eb7a84406002e80d8644c1aa1db96bf35 |
| SHA256 | 16256b51b4112e2ae80ddebdc8554f9970359b1c7ac01397ae18f92e2ea9a5ff |
| SHA512 | 17bd4ea88c2896050b58bc2334acc253a75c9e2fe1d809babc5d55d1c4cfe593373a545b411a856e48c6a57a2a15478842ee33e685fb4db2b06ea86b70d2c3fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e7938e0c59022126f64a322bf7ee498f |
| SHA1 | 1da83c89767cd9ec158eba8b816aa89f006709f7 |
| SHA256 | 063eb324530a95f11470f5e00dd51f119c6ada4313afd8e256461321594e7dce |
| SHA512 | 7e1e936589c42de6b926f7b15e6b8aefabc83baf06b8b21a00c0306349bb8c80f2eadb25c8bee3b0d47d16125c1bf736ea6d15a1c0e95b499853120b6e5e9f74 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05e6900a8ad44b7e5ec0296d6c0b46b6 |
| SHA1 | 71210e302802606e94801875c1fd262103714579 |
| SHA256 | 44c8aef787516f124f1ff4b956a00178a3620c43a6910b8d8b027f2048abb521 |
| SHA512 | 31a3d3621b6909e1caf6c4bcc56533f27fc1a6d66f3209ad2ad111d28ae0f9d35107ab5b6e06250f38406bd88161cf7c1a655cd1c9504c5ed72845fa2a7209c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 43e7ff06f6bf82788c00055dc078d1f4 |
| SHA1 | dcbf79bf739e72d69b92a1ec6447fe66f29a0d77 |
| SHA256 | da681c6bb429ecfe54b1cfe9281b231875f5eeaee93e038971d22fa54470b5b6 |
| SHA512 | ada351d3664c6abec3caadc9b574244b70d90c601e6a1de6389e66f09f103087173129c9e9232e30020d035a3d79099a3d6ec757190124048826d03239ac4ad3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 960531fedde4d399e7f5b42e76ee5a49 |
| SHA1 | 769ae5e5002cbca3236fd165371d918b8e5b30c7 |
| SHA256 | fa324e426e36f192bb0c2bc6b53c343b174916d780d3b3e4e56107cf71ad7a00 |
| SHA512 | bf6e7fa06a74113c1b082f248937bbcd3a7342f3df014669fa9cb5b33450fd7172e7587deaab2ce9e214f6fefa711a0c6fd3a9942a3467d0d5d3e726a0cd2734 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b587729e9f090ad68885a8a7ef5ea04 |
| SHA1 | 90948693b75cbf693f9552f05c7c8b18794bfde0 |
| SHA256 | af8352531cb06fabff78e9c8684e008172570d6031fce5dc2d1d473a9daa2398 |
| SHA512 | 9c59573371f0fef237f7ef6797cedf9a444ad2544cd72ca0008eff345c9203f5eb83a93303d1316bbe3298976c98daeb75323a19fcc6bbbf947c05792243d35c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 788349a6690fd9b95e51e907264c3767 |
| SHA1 | e8d00e2597dff79d0616ea01a4ec1274dca4a5f7 |
| SHA256 | 14d1e1ee973ae2ae128040646f473666377f11fc47cb1aac3b18a9978c91b64a |
| SHA512 | 7b35022ffe33ac3533a288e6f900d64bea01924d24c5c6906a6b4ebfeb53043a35b77b892fac2a7754276575f4361b5cb6cd5fcb9fae5c75e581b51da1b1bce9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 43305dd2354eead80726a46e18b27b38 |
| SHA1 | b1c7dc5407b68c69c98d96cfe521b70eb329a5ef |
| SHA256 | 3b2427ab53831d433f0b7f2bf297ed9b884f0fd4138122a1e415dea1614143ee |
| SHA512 | 3a0f1aa2fb1ef06e59d97170eba899d9466fd9e986fcf4fad1a50a1abac09a97cfd2dfa1f221d8bb806bc5b3042f4577437ede74b6f74c4913decba1e423677e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 70a492ac83277f4275f6ef522b56d588 |
| SHA1 | 4fffd3fdf9054a94f5d996dc3954307f10d220af |
| SHA256 | 6f955f0ce28674d602a2653ac72df66acc50c32534a83e136ba925e3e0c11c27 |
| SHA512 | 6b6de763c756ef9a7f9b9e4643aaa7a5de7dd78bac5e173ab9be5dfb1b676e3108bc7f239b02ba437801b023b267da008ae87db2c7131a050f75e5729b35a556 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_1FA458B79FBC47B1C202EDEEAB58B8A1
| MD5 | cf3b2c0646273b69d87f19105b43a9bf |
| SHA1 | 2211ec8b9616a3488846b8d677ed10767b52188f |
| SHA256 | 66347c7d4e16eb3c62bf7b96b10d12e66324084bda5e9d4d12292aa11f4c92a8 |
| SHA512 | 03b108ce23ab12df96533c9e5a628a90ca5fabcff405e0c3b8cbfa2c2fc84083a112147b0e9056ed9cadc474bb121be52a01b7f81f7cf716051d42bfc1bd56b1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G17BROQF\f[1].txt
| MD5 | 08042986e41b6758a5fce670ee36a9c7 |
| SHA1 | 3f1c3cb39b52222f715a9a58e2d9e454cde655fd |
| SHA256 | dfa4feb05444c78b51aa2b2153442bb838538e6915695f60e1a46f2b48abb1b0 |
| SHA512 | 21816d8be80b057876e5a0374f5a77085ed5672d855e9bfe489754ccfb2e63d9f406998c40c748f2480b70cd0e34573f7529dd48c906c6f0948ad82888cb6670 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G17BROQF\f[3].txt
| MD5 | 0e29e11137c1b1d3809f86daa018ca83 |
| SHA1 | a525be6d27bbddbd1678eea0e6caae8deee912e4 |
| SHA256 | 0b608b88a8ac18849a5e5a6d5e3590956cae4c28ff7e2760791d681197b90ef3 |
| SHA512 | 25d6808f0c39b1492126de2db9365fee7e4a56e9596559cbcc9d3538a637c1d440a17c28518d2e6d03c6c4bbcdd60f23cfb04749d5c9098d8edac9b0ceba09a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0d9428e1ad751916d0a3e8152fb25fb |
| SHA1 | 8db77dfa0164e6020935b27bb6733efc28df630c |
| SHA256 | dfd3fe1adf7e9c957ff745abb92ebcc73b76c59c2bc4976537392ebf43ad116a |
| SHA512 | bd6feafa625cce7ca5c4c21a4c41f6146ed732a9aa753199cfc0fbadbbd3148c43e1cebfca4329008320dc83e07feffb99e0d90b993ea64da0c5287c53f86ba4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7495cdc0cb8cc5ee5576db6d2cae4970 |
| SHA1 | e00aa4ae22a21e09696e8a7ef6452657ac9e62ec |
| SHA256 | d7ba2ee40d7d3d872b6161d2ed935af008f98842431897b0a12090f4b36bc242 |
| SHA512 | 36b7e940e4da1c08b1113434588eedd1aa6134d4be495f55cf2a1857ab514a3b7b0702ef33a8f1859f7f4c8396fc655abb0eb10d942948fc2f9a56ec183662bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6973e2662da5b131c129637c192cb41a |
| SHA1 | ce3d27a9c771d9749c6c2dbc668476b550e5b16b |
| SHA256 | a0d9f23c5916d7a50736754e5af9d38730fb47f31e78eb9eeb96d4630292b774 |
| SHA512 | 5b53b985f25707ea3e85ebc0a4b9aa1a79639d34fdc7dee4818f1dd9c9de3a810ceb90f82d072e05526a4edbebbb1d4af1f46861dbe1ab39cb68e39f3aa64c83 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4210e6b45561493d04ef476c574c9d0d |
| SHA1 | e6b049f0f02f6c5376118da97c517deae59696c9 |
| SHA256 | c63cb342f311c9f749da2d8e9d9c66f57233d32c10bea4112c4da7807234bf2c |
| SHA512 | fa21859385022e0b8e39377c21b929af53e445c3c06d581530599812e4f122d8d9ba7661a7576f379567c17f1791d520e43113ab56b5378a506943eba85406fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80c1b282b9da9480961b6f80dabb97cd |
| SHA1 | e6da0dec7b7aa0ce5843dad06625aafec5580bc3 |
| SHA256 | ff86193660e4e8939ce84d1f517b43a83f1364ab2339a861cfa1762818ef99c4 |
| SHA512 | d79728bbbc03ff8e279c6b099d86001305cacba020521ea6744df188cee00c8e7244afbf203632393776805c6062e8d3699068860cb023fbe71b46d676c1fc02 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 192d206a08046f94f31bb233741fad15 |
| SHA1 | 1ad6177a9a7a8134da324bab18a3c13ed87e1731 |
| SHA256 | 59146b1c13ce5a107c3612bd4663aafa97bc34e1323be6fd416f283f7564660e |
| SHA512 | f0736c2635570e8812043f70616f531f8cfa65af880e82ba4120d89011f801e431e79f58377d841fa98289c432bb9082c8811e83e1f07abec34f2f2b69a43ac0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d15ed8af6846cbf07694837101f53d09 |
| SHA1 | 9c5d1d377152bb45034cbea0d6d2322f08d2e007 |
| SHA256 | fcf28cfcfe4dd3997a1ad988216340c8a7e662e2580e81789a7bd76e13e4a4d5 |
| SHA512 | 1ed6f3430f3e8d1ebdc4801b9f8e0f41f53cdc5922bb2a54f7f83194abb193aaa9145036da94df82b713270b52e7e014694bc03dcf9491e4bf09a99df83845f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae3685e5f4125da8ed356866eae769cd |
| SHA1 | aa893a6768dbb468c7a658b8ae009215cc6f8378 |
| SHA256 | 48a6e342a418a7c1e54ddb3695b53c30e08a37c6b011a00e8dd4ba48c6c1f622 |
| SHA512 | 6d3175a31797c352886f07b9ead431ada6ab8845cadc16aa1ed58ecbfc8dcae8989f0c66c9fd25c1e180dfd5ca20b2b0e99899474795de254b132506a2754294 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8d5f0bf94c5c343e317ca78c66649f2d |
| SHA1 | d9307fb796f25d847e3fe34b2266c76a81a1ecaa |
| SHA256 | a331b01a17896f84d86595072649ee1c6d7bdcb64e699cf0ebfa23238d554afc |
| SHA512 | 5d458764ba099cea884339958097dcaa6ed242e699d847c37e4a6a0862ce90d931592e88e64fb11a93343c3b409a0cf81f9b6210ffe6ee3f868b0cccc8593d99 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c85513046ef148952842426b7877ab9f |
| SHA1 | 1449bc08406a5e7356ffa4fb29203b067c537961 |
| SHA256 | 874917da1811ac5800952a2839cf6c2599dc7834d191a7de5f3e2b7aefec8c23 |
| SHA512 | 0f905514390df9adc1a1af62d321eeba737ba446c3dd37925d8a12098885515d76ba04d20759f3860f2790b5efd917ca25eb148bcbc0563fb962e480c86256a6 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\DXNVH2XS\www.google[1].xml
| MD5 | 4ec0b637a1ea113ab425e6ad87f8204e |
| SHA1 | 35cef2d903fd6a7095181c3b58ba88231dac3854 |
| SHA256 | 8cffaf5947dd85cdf6b5e9ffaad9005b7c1dfecbaab2291ac09f1079a334a0d8 |
| SHA512 | 7f8895f069c91d35f627b3db68fa0b65c24ec247c6c4cc76022943186e4097f92d42774bc5da880cc12b7c29c4d38fd82930d8cb667bb6fb82f85a50c9ebf193 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNCIS1YI\sodar2[1].js
| MD5 | 2cc87e9764aebcbbf36ff2061e6a2793 |
| SHA1 | b4f2ffdf4c695aa79f0e63651c18a88729c2407b |
| SHA256 | 61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb |
| SHA512 | 4ed31bf4f54eb0666539d6426c851503e15079601a2b7ec7410ebf0f3d1eec6a09f9d79f5cf40106249a710037a36de58105a72d8a909e0cfce872c736cb5e48 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8SD872Q\Y3HubG91w0oOOPANmf10BzExwHhzwFaEJ6t8s38bQ_c[1].js
| MD5 | 4e525fcdaee8223aaab2d3339578d388 |
| SHA1 | 23978ff3b6ad6b63bc154667c1f54118ee324a8e |
| SHA256 | 6371ee6c6f75c34a0e38f00d99fd74073131c07873c0568427ab7cb37f1b43f7 |
| SHA512 | 424660f9af4d12b2a66a2b6a77581634d7f9d1fc329b6067cafb18497964da970a16bdd536bf52d5db443aebb6177d773d09a7544bbe7c046888f539480f6d5d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6003c3fc7a6d6c14ff6f7901e0d5d8d9 |
| SHA1 | 53044e2fea81af3ac1749496228e13fd3abd99a1 |
| SHA256 | f2ab5d6f9cc371ce1788238de8c220059526a48c8bfd643d773b3139c9064156 |
| SHA512 | 2c8a21a0e7ae9da0bce921d0d78ff9148a5b6dfeda8bc8333c9d77b519630b590b31f67ae612a9461a032561519c8d399a8617ae35631daade8eecf09f83960b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8421947478baa694401a94b58d9b07cb |
| SHA1 | 571a7543eddd805f910033908264ca0ecc33f600 |
| SHA256 | 04273bf808707c0aec795c76628323401710ee04221da4b0791b6831cfe36fb2 |
| SHA512 | 654d081f1081678775d9604c2e97b1f05f85429e20f5f61e1505397902f583397881dae329fb25d435805b2206a44bc933c736056843b4d9c99cce6be50a2690 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b83af0cdcc407ca1f7e283d70bc5ce57 |
| SHA1 | cbcaed48108dd96030a15708f45fe10af6125dd4 |
| SHA256 | a626bbfd16decf53ec3b70f8bd4cb1d1be06e64cbac3ec41f27d954bdefc8edc |
| SHA512 | e525d9e5b4b591dab456870014c378c90e83f80eca1effdfe3ae23ed0bd3cefc2f4428db27aba75759593dd280ac0e45ba8ccf67482ba2629f56ad44b4af5771 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cdbc89f8a73742fe6324255443bc9029 |
| SHA1 | 121f6c30badf7241b1c11551215628c6251f7d8e |
| SHA256 | 43b9eb40ac3e725c65ff2c89f2a4778d4d2a3c7c9d3f3e87738f3db36fa791d0 |
| SHA512 | 2edd9af37f6c1655e8645e5da59dd125e1ac32d227309b3e84e20e8e6789bd885b599d276334f55154749c8a99b10572613f8be8f1d81e6cbdadca10491e403e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4a89dec8cbed7af08a122f2fb9e721e |
| SHA1 | 0f62fe33af45ea87acd12db3f2a61fcd85ba569a |
| SHA256 | 78b9ce40eae543189b971a5db225a27d9602939f53a47f65aeb30b1793f0e0c0 |
| SHA512 | 99a1794a1b19abb6a264589769cc0414f8c73cc4859170857e250963b56c31fe4f7aa848cc04faf2054fe57d75e88915866dcac960b083feccc50a1a80c49ce6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b44cf64eaf8a6af0b2b7bf10087d260c |
| SHA1 | ba3d4d178a55a648c532fd1a5c07090aa94bc32b |
| SHA256 | 779e2d89fa7fdec74239364746b99d3193122f166fb8307190eb1fd6ef1754fd |
| SHA512 | ec938d29e6cbe59a5655f18016d23d3b4eb100d11a9d7295b46615a0a09a80a04f127dacda53ecee8b62398389832f718dcf5d6f6e2a658684ec0d7f83ee8667 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ace8db9b0b8713dfcf517f676b94d7b |
| SHA1 | e76c0d1715ed5be597e84602f471f44d3d503c24 |
| SHA256 | bc2c00e08707e6edc0a588b7c54566c3053f928eb73982fa5e2d28dbbdd95c30 |
| SHA512 | 1a1da6ceece81c4712dd64e489d35108c9b180838c232dae70c39db6b9d0c355fd7e3720188b1f8216bd5a576a1aa32fbda1449ddd6339fe63b10b6d05c7f23a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 30e449866deaf507eed3f76636b4300e |
| SHA1 | 5cbce7380ae22b81dd5a2ba4174069b464b78039 |
| SHA256 | e85f10443950935bee40e40a976cbda4d7194da5a5f6219b0e52da7ea5b7d108 |
| SHA512 | a7777945eabb29ecf818084542eaf2298aefe94e36455a72227cc3b37d99b34536ba45525f0fed1dc603b843e1fb5b1397e34d59a400140f8efa82b180021890 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 35ae70c8ccbe3ca8a1f5d18a562eeb57 |
| SHA1 | 7d776971efc18e1a4220b2bd4aa0de631c70807a |
| SHA256 | 08c6715ac3b44a4e1892fa96dec7996bdbde9ef663cc99485c468aa392929ee7 |
| SHA512 | 5e2a167c9e4de069d0bae7690e32f153ccebdedee8ddb0d1bce188257599b2c5dd38ea65ff3d7c52435a4450f983e4d4cdcd0231bf0ddf5eef34bd61ae8227f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4cd822463f014157844d9cce7986d34a |
| SHA1 | 47e06cfa6aae54cb8430e468e5b24b898f2d29cb |
| SHA256 | ff3cc1c5e7a78051e7388490de094b09d0bc47071aaab773d46b57cb18e111e3 |
| SHA512 | 03a99984321c71ab86de450e5b1be6ea66c75c5056eeea4eab51213c6ad56afa0aa1771da27667030809288ca20d56d064c79eac6ecfa1584b62a67bf693fcc3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 71d6fb01bade40a77fd04a83cd59984d |
| SHA1 | 1ffe4f886f2cec4ba968257000b2978b1539224a |
| SHA256 | 99fb1140834229c380331ba6ebb1991ab901182d663525b23c86eb2aec4ffdd4 |
| SHA512 | ed8e07276423aff4cfc3597dd81484d0d0898be011eeee8a2837711ffc52908f43dd55ea1bef9be9f242d0506093e8ea9c85d31dcbf88831aa52a8eb05615468 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 30d517557946003f6b70f8f9d0684fa3 |
| SHA1 | 277c861402b5109c05f3bdf2c6029a73a3e56574 |
| SHA256 | 714d95d044b1bd1f22b64f5e7f1971d16ac479eeb7e4c62a3a2c8f0176866bd3 |
| SHA512 | 96f9ffa9aa07ba76084c17eaceb4c46143f2ab782f3e719d55ab220b916c227691471f4306d362c386512e77ef8b5d9dd5bb5db3e879c0b76582366ca7e5d4df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 834468221fdc6e79c77509a3b4461ccb |
| SHA1 | c40990bf2a6a805862feebb53d6ced0044cc9d65 |
| SHA256 | 6d15e6b2401c80e94cc45d768264391219ee80d8d62d71e99e625fb966139505 |
| SHA512 | 17110e3bb14c7f2a1f8c5cb2e15c778ba1efeac73cdd1dcfcf8808210f48443b8d4716934930df3be259155d74ea79e6f4ed32c60c88d13f21457f94be2dc2cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59ee01a32b8182526b65c7fe11858c61 |
| SHA1 | 253225f6acc56098d7a3e81a750a51fbd23fb3a8 |
| SHA256 | 0b3b8512a270c6cb968ce647a57657ddc4527e7d8648300d8b77790c8ccc2bc6 |
| SHA512 | fb1a1f4d8127dda8fc35f898db5061c4fff3519f203680f2cf06280f1ef860ff17625ffcf6229b5dec9c70e5f7061d25aeb5957cc49b1b27696ebfe5f2cfa11e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 65e9f4522bcf9541cc8f88d94529a010 |
| SHA1 | 851415ef8e35dff1c24b95adea4d7ca41e3039ea |
| SHA256 | 83ae0e9c5ab940474de2c637ec3c2fe5a9f4173e846486752dc29a07fbd6681c |
| SHA512 | 3450298eeea060dcc8357f793d963d2b79db949a044e455b458cf1021d2617aab4f084c101865af8969813a8b0b87cc59190fa1484a2e73e33567877bbbc7f2f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a16c898696c79c6d6f8710aad252e40e |
| SHA1 | fa2523c0e89127c5689b8d278b8f6f754ecbfa02 |
| SHA256 | 32c02151c960de44d044ae0345e1183d5a79bd2646a9a3f7d4b8df32ce340c70 |
| SHA512 | 6a87a7580b937057daddd22410be268f055be3b555fa0eea74ad9c963527014276c15048008f485107eabd492a35097b41da9cebfd2f0feca5989bca0ef46113 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b6196bffa5787f2249952ad90942194c |
| SHA1 | ef8418ba3c4e5d4c3d1e41c8950bfe5a1f43cf61 |
| SHA256 | 74100a51c233c146ea453839e10c84926f036adec66c9479b7dcb94e4ea9c7fa |
| SHA512 | 39114fef3a6b6dbc6eb076d0ecf0ff681265ba59bad49698af1afa15b2b67535f0bd5bda244d124e55820d88ede8ca90dcf615bf29a7e4b6ad961f18908f5a00 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fd58a12c9e2249f9e30937a72c870e3d |
| SHA1 | 4a40b6fdd6ec3c9059a638fc866a30e105dd98b8 |
| SHA256 | 36bbb8f72d824b0c9bc8840019b02081eddd5abb2da39ba9f4cbe09547c6b5d8 |
| SHA512 | 4f38dccf6c0e60bec6780b9b9f16bf7e80f7f15bbfdf4be65be0fbe64add240c710d863e782b1ed985e701e47760bd8cba7c3ad291d95035d1b305f5a5ced869 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0974ce757ae87e783eaca9e8b6bc9ea4 |
| SHA1 | 32140748ebf7ba3516bcaef9fb2bf1d372f15fb6 |
| SHA256 | 9ef4ea4fbe850e109245aa37ff0ff5ed5a8add7d994b3dba5a044535fdfc1b10 |
| SHA512 | 0a42d653ff827bd29461f35406420ee58d2e9bd8965be14da41453bb045ac9686ab543fe5f2af11d19d39ecbb18c3b950675abb165574a6ec5aa918e63a3489e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 72b83987e118470ec6c3443546cba975 |
| SHA1 | acceb753cf421935c68a8c63d9d0ed7789b841d3 |
| SHA256 | 1df9e2ec1f2627eccd04010be671e676b713bfcc1b26ecdac734aec49ab9b65c |
| SHA512 | e3508983f7e36e869bb3a91f88e04ad1a426f35c77100da3c630729675c6f02fb701d4f6b63ed5adf40303e401a57605dea37bc4340e3c649a094b4a9f2a78e1 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-01 20:11
Reported
2024-06-01 20:14
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8ba290fadcb88ff82a0cbbcd07e633c6_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb2aa46f8,0x7ffbb2aa4708,0x7ffbb2aa4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,1710015578629128037,4903609602345843616,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,1710015578629128037,4903609602345843616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,1710015578629128037,4903609602345843616,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1710015578629128037,4903609602345843616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1710015578629128037,4903609602345843616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1710015578629128037,4903609602345843616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1710015578629128037,4903609602345843616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1710015578629128037,4903609602345843616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1710015578629128037,4903609602345843616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,1710015578629128037,4903609602345843616,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | indexsa.com.ar | udp |
| US | 8.8.8.8:53 | www.footytube.com | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| US | 198.185.159.144:80 | www.footytube.com | tcp |
| GB | 216.58.204.66:443 | www.googletagservices.com | tcp |
| US | 198.185.159.144:443 | www.footytube.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.152:80 | apps.identrust.com | tcp |
| AR | 190.105.228.129:80 | indexsa.com.ar | tcp |
| AR | 190.105.228.129:80 | indexsa.com.ar | tcp |
| AR | 190.105.228.129:80 | indexsa.com.ar | tcp |
| AR | 190.105.228.129:80 | indexsa.com.ar | tcp |
| US | 8.8.8.8:53 | 97.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.159.185.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 6c7a5fe3bb9a167698447036a3bcfd76.safeframe.googlesyndication.com | udp |
| GB | 172.217.169.65:443 | 6c7a5fe3bb9a167698447036a3bcfd76.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | s.footytube.com | udp |
| US | 8.8.8.8:53 | edge.quantserve.com | udp |
| GB | 172.217.16.234:80 | ajax.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| DE | 91.228.74.244:80 | edge.quantserve.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | 129.228.105.190.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | stg.truvidplayer.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 18.245.143.60:80 | stg.truvidplayer.com | tcp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.143.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.220.184.93.in-addr.arpa | udp |
| GB | 142.250.178.2:80 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.178.2:445 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ec2-23-22-102-201.compute-1.amazonaws.com | udp |
| US | 8.8.8.8:53 | syndication.twitter.com | udp |
| US | 104.244.42.72:443 | syndication.twitter.com | tcp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.42.244.104.in-addr.arpa | udp |
| US | 23.22.102.201:80 | ec2-23-22-102-201.compute-1.amazonaws.com | tcp |
| GB | 142.250.178.2:139 | pagead2.googlesyndication.com | tcp |
| US | 23.22.102.201:80 | ec2-23-22-102-201.compute-1.amazonaws.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ftthumbs.s3.amazonaws.com | udp |
| US | 3.5.29.227:445 | ftthumbs.s3.amazonaws.com | tcp |
| US | 52.216.112.211:445 | ftthumbs.s3.amazonaws.com | tcp |
| US | 16.182.34.129:445 | ftthumbs.s3.amazonaws.com | tcp |
| US | 52.217.11.108:445 | ftthumbs.s3.amazonaws.com | tcp |
| US | 54.231.199.233:445 | ftthumbs.s3.amazonaws.com | tcp |
| US | 54.231.136.97:445 | ftthumbs.s3.amazonaws.com | tcp |
| US | 3.5.27.67:445 | ftthumbs.s3.amazonaws.com | tcp |
| US | 52.217.88.44:445 | ftthumbs.s3.amazonaws.com | tcp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ftthumbs.s3.amazonaws.com | udp |
| US | 52.217.160.1:139 | ftthumbs.s3.amazonaws.com | tcp |
| US | 8.8.8.8:53 | 16.24.18.2.in-addr.arpa | udp |
| GB | 142.250.178.2:445 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.178.2:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | www.footytube.com | udp |
| US | 198.185.159.144:445 | www.footytube.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 198.49.23.144:445 | www.footytube.com | tcp |
| US | 198.49.23.145:445 | www.footytube.com | tcp |
| US | 198.185.159.145:445 | www.footytube.com | tcp |
| US | 198.185.159.144:139 | www.footytube.com | tcp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | thumbs.footytube.com | udp |
| US | 8.8.8.8:53 | ftthumbs.s3.amazonaws.com | udp |
| US | 52.216.26.244:445 | ftthumbs.s3.amazonaws.com | tcp |
| US | 3.5.28.33:445 | ftthumbs.s3.amazonaws.com | tcp |
| US | 52.217.114.81:445 | ftthumbs.s3.amazonaws.com | tcp |
| US | 3.5.29.21:445 | ftthumbs.s3.amazonaws.com | tcp |
| US | 3.5.20.19:445 | ftthumbs.s3.amazonaws.com | tcp |
| US | 3.5.9.142:445 | ftthumbs.s3.amazonaws.com | tcp |
| US | 52.217.195.9:445 | ftthumbs.s3.amazonaws.com | tcp |
| US | 16.182.64.137:445 | ftthumbs.s3.amazonaws.com | tcp |
| US | 8.8.8.8:53 | ftthumbs.s3.amazonaws.com | udp |
| US | 54.231.164.241:139 | ftthumbs.s3.amazonaws.com | tcp |
| US | 8.8.8.8:53 | 94.65.42.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 612a6c4247ef652299b376221c984213 |
| SHA1 | d306f3b16bde39708aa862aee372345feb559750 |
| SHA256 | 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a |
| SHA512 | 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973 |
\??\pipe\LOCAL\crashpad_1396_XGNWVVDHAMELKWWR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56641592f6e69f5f5fb06f2319384490 |
| SHA1 | 6a86be42e2c6d26b7830ad9f4e2627995fd91069 |
| SHA256 | 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455 |
| SHA512 | c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5e2ff2eb1adec851a207c06d140e0c4d |
| SHA1 | 0f51a7bd71e5774d1245f9a5a3228d8caa9602ed |
| SHA256 | 9f92913a904d7ab4270ec04bd2a44572476fa8944e8c92084707f830b2ec4b26 |
| SHA512 | 8a7c9ac04dcf2aa11112dae432b7198a36657482a857dc5f6178d6c9d9e3cdf552299ab4b13664ea9311fba7724109f2dac6013821c87d2a54f15cd72722e843 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d38601fb6d9b6070d19f879dcc844a79 |
| SHA1 | 31abe47f6caa1ba60a765484383973b2948210d9 |
| SHA256 | f92078ff9e64580b4658999ebfdbd1dccc94dd0c443618c9bd3032c5c8e73343 |
| SHA512 | 56a2bbd4b5ad5438366b7144e818b74b9a75a6ee542eb0700b4ca83ed3b262b46a04a852c629239274859f170e74322f009c8658c918d1b27782dc49e79d3d9a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b48e818aeac921559b26706778c37807 |
| SHA1 | a9247329d54aa7bcfb3066fe09609db3bcfd33ea |
| SHA256 | ae1ac33bfa655938d3d31038057bc7bccd4bc605c983cc5dcce4942565602d4b |
| SHA512 | 4107f8fa2f53555e62ff7a28fa7528a812ada271d60bdf62b4b548092a870b104c88900e9737edf641430a32c606b943d9afcba78eb26c599aa8a75ec1392f9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a37836456d15eb10b9b35ea52ffc1ca3 |
| SHA1 | 3bd9e0a592a6b54c6c302e02e60b4befcac98484 |
| SHA256 | b4d96d55c38c5069a74d6b20b885b7f71fc286d86872dabb1a6147de9b4a5d13 |
| SHA512 | 95b7ae1d749abd63b5d60b6a2df06c08a66147cdca23852089eeb6b71cfa1c685f9fba75a27903ac926b09745fbe709c3ceddd07ef9ea4b89fb01e5a63c29213 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 48ebdb00f0f90a64c2e3f5695b1928a4 |
| SHA1 | 54a02888bab96487091459ff2a5a1f73b8e97ff3 |
| SHA256 | 751163ccd9f81c8f6629dc13a0bc5c9527505625d5fa848d8b59bd6b7f6a3c12 |
| SHA512 | 95db06add0c08d49a4f50c169abf4a11534fc494e0b397c6e2eee8635159a995ae12d03c326ae16b9f524fdc75baeff51164ce56d35b45c4080162b3ad74b277 |