Analysis Overview
SHA256
440d6a27c926138b41b412198a4837e0d6007108e16747e30f2a6f184f76eae0
Threat Level: No (potentially) malicious behavior was detected
The file 910b5e2f86ab6dae3968725d7782ec9b_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 08:02
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 08:02
Reported
2024-06-03 08:05
Platform
win7-20240221-en
Max time kernel
150s
Max time network
144s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "1477" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "21" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "433" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\Total = "486" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\ = "454" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "1429" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\ = "1464" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "62" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\ = "433" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\Total = "433" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000add398c73af9694aa310194fa5a6beaa000000000200000000001066000000010000200000008e181dee4d5bd8216487b301c59ff454910494282bd9e5a8d3808e7f4c40f196000000000e8000000002000020000000acd5bd013ed55e5e95b4e003cde7703aa91251559c1fef28ced8eee21a0ecfcd2000000052aa9fd8316466f225a987d4bd5bb1913fa371af7da938e6fc62619ba8fdc782400000009062966456808be7b33f17b3b931e3c9a27b46441d7deac36b73f7d4758ea8f2dabc15759cfb5d30461a6a344f52a65780fe0f524bbb30b401b9d46dde82a6d6 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\Total = "27" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\ = "1416" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\ = "21" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\ = "27" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "48" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000add398c73af9694aa310194fa5a6beaa000000000200000000001066000000010000200000002e1093e2746724ca71abd037650c2d02940080e37746e7dc567f2ea1df59985e000000000e80000000020000200000008f148b652e6d3bd0ad57ae9107e63900d7aa7461e10fee25308d813b5b92178790000000e212f5e19c9deb0a72ce4d7827d8c3371bb693eb593787516bfd09dab2aa3df4c9e614d58c8158df03cff2fcd3ad0fea1ea0c4a36f5a6db7f9557c5139c680214002beb00389130a94db8d44e2bdcceea2916c0c1300d998f0cf94e51da954616efb8b77aade06449e82f870cad0f55f487505eaf57ca22b0454bb5be766bbd54c9196770f004d0180a831738178369b40000000cfed646d78ae58fb9c5cf3226d635330bb42a5375c1b31a53401118c959ed18048106fe879b9c7b00e239a01a1a7529af07a94e79fe2fdf386d400b9ae614887 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B0DF9A71-217F-11EF-87AA-FA8378BF1C4A} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\ = "12" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\Total = "1416" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\ = "1477" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "404" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423563646" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\ = "9" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\Total = "9" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\Total = "1429" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\ = "486" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\Total = "21" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "90" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\ = "404" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 405d1f8e8cb5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\ = "48" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "454" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\ = "90" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "12" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\Total = "454" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1688 wrote to memory of 2732 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1688 wrote to memory of 2732 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1688 wrote to memory of 2732 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1688 wrote to memory of 2732 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\910b5e2f86ab6dae3968725d7782ec9b_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1688 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | spmrk.kz | udp |
| US | 8.8.8.8:53 | app.getresponse.com | udp |
| US | 8.8.8.8:53 | api-maps.yandex.ru | udp |
| US | 104.160.64.9:443 | app.getresponse.com | tcp |
| US | 104.160.64.9:443 | app.getresponse.com | tcp |
| RU | 87.250.251.134:443 | api-maps.yandex.ru | tcp |
| RU | 87.250.251.134:443 | api-maps.yandex.ru | tcp |
| KZ | 195.210.46.67:80 | spmrk.kz | tcp |
| KZ | 195.210.46.67:80 | spmrk.kz | tcp |
| KZ | 195.210.46.67:80 | spmrk.kz | tcp |
| KZ | 195.210.46.67:80 | spmrk.kz | tcp |
| KZ | 195.210.46.67:80 | spmrk.kz | tcp |
| KZ | 195.210.46.67:80 | spmrk.kz | tcp |
| US | 104.160.64.9:443 | app.getresponse.com | tcp |
| US | 104.160.64.9:443 | app.getresponse.com | tcp |
| US | 104.160.64.9:443 | app.getresponse.com | tcp |
| US | 104.160.64.9:443 | app.getresponse.com | tcp |
| KZ | 195.210.46.67:80 | spmrk.kz | tcp |
| KZ | 195.210.46.67:80 | spmrk.kz | tcp |
| US | 104.160.64.9:443 | app.getresponse.com | tcp |
| US | 104.160.64.9:443 | app.getresponse.com | tcp |
| KZ | 195.210.46.67:443 | spmrk.kz | tcp |
| KZ | 195.210.46.67:443 | spmrk.kz | tcp |
| KZ | 195.210.46.67:443 | spmrk.kz | tcp |
| KZ | 195.210.46.67:443 | spmrk.kz | tcp |
| KZ | 195.210.46.67:443 | spmrk.kz | tcp |
| KZ | 195.210.46.67:443 | spmrk.kz | tcp |
| KZ | 195.210.46.67:443 | spmrk.kz | tcp |
| KZ | 195.210.46.67:443 | spmrk.kz | tcp |
| KZ | 195.210.46.67:443 | spmrk.kz | tcp |
| KZ | 195.210.46.67:443 | spmrk.kz | tcp |
| KZ | 195.210.46.67:443 | spmrk.kz | tcp |
| KZ | 195.210.46.67:80 | spmrk.kz | tcp |
| KZ | 195.210.46.67:80 | spmrk.kz | tcp |
| KZ | 195.210.46.67:80 | spmrk.kz | tcp |
| KZ | 195.210.46.67:443 | spmrk.kz | tcp |
| KZ | 195.210.46.67:443 | spmrk.kz | tcp |
| KZ | 195.210.46.67:443 | spmrk.kz | tcp |
| KZ | 195.210.46.67:443 | spmrk.kz | tcp |
| KZ | 195.210.46.67:443 | spmrk.kz | tcp |
| KZ | 195.210.46.67:443 | spmrk.kz | tcp |
| KZ | 195.210.46.67:443 | spmrk.kz | tcp |
| KZ | 195.210.46.67:443 | spmrk.kz | tcp |
| KZ | 195.210.46.67:443 | spmrk.kz | tcp |
| KZ | 195.210.46.67:443 | spmrk.kz | tcp |
| KZ | 195.210.46.67:80 | spmrk.kz | tcp |
| KZ | 195.210.46.67:80 | spmrk.kz | tcp |
| KZ | 195.210.46.67:80 | spmrk.kz | tcp |
| KZ | 195.210.46.67:80 | spmrk.kz | tcp |
| KZ | 195.210.46.67:80 | spmrk.kz | tcp |
| KZ | 195.210.46.67:80 | spmrk.kz | tcp |
| US | 8.8.8.8:53 | widget.copiny.com | udp |
| RU | 45.92.177.74:80 | widget.copiny.com | tcp |
| RU | 45.92.177.74:80 | widget.copiny.com | tcp |
| KZ | 195.210.46.67:443 | spmrk.kz | tcp |
| KZ | 195.210.46.67:443 | spmrk.kz | tcp |
| KZ | 195.210.46.67:443 | spmrk.kz | tcp |
| RU | 45.92.177.74:443 | widget.copiny.com | tcp |
| KZ | 195.210.46.67:443 | spmrk.kz | tcp |
| KZ | 195.210.46.67:443 | spmrk.kz | tcp |
| KZ | 195.210.46.67:443 | spmrk.kz | tcp |
| KZ | 195.210.46.67:443 | spmrk.kz | tcp |
| KZ | 195.210.46.67:443 | spmrk.kz | tcp |
| KZ | 195.210.46.67:443 | spmrk.kz | tcp |
| KZ | 195.210.46.67:443 | spmrk.kz | tcp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | d7.c3.b1.a2.top.mail.ru | udp |
| RU | 93.158.134.119:80 | mc.yandex.ru | tcp |
| RU | 93.158.134.119:80 | mc.yandex.ru | tcp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | yandex.ru | udp |
| RU | 77.88.44.55:443 | yandex.ru | tcp |
| RU | 77.88.44.55:443 | yandex.ru | tcp |
| RU | 95.163.52.67:80 | d7.c3.b1.a2.top.mail.ru | tcp |
| RU | 95.163.52.67:80 | d7.c3.b1.a2.top.mail.ru | tcp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | top-fwz1.mail.ru | udp |
| RU | 95.163.52.67:80 | top-fwz1.mail.ru | tcp |
| RU | 95.163.52.67:80 | top-fwz1.mail.ru | tcp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| RU | 87.250.251.119:443 | mc.yandex.com | tcp |
| RU | 87.250.251.119:443 | mc.yandex.com | tcp |
| RU | 87.250.251.119:443 | mc.yandex.com | tcp |
| RU | 87.250.251.119:443 | mc.yandex.com | tcp |
| RU | 87.250.251.119:443 | mc.yandex.com | tcp |
| RU | 87.250.251.119:443 | mc.yandex.com | tcp |
| RU | 87.250.251.134:443 | api-maps.yandex.ru | tcp |
| RU | 87.250.251.134:443 | api-maps.yandex.ru | tcp |
| US | 8.8.8.8:53 | core-renderer-tiles.maps.yandex.net | udp |
| RU | 87.250.251.89:443 | core-renderer-tiles.maps.yandex.net | tcp |
| RU | 87.250.251.89:443 | core-renderer-tiles.maps.yandex.net | tcp |
| RU | 87.250.251.89:443 | core-renderer-tiles.maps.yandex.net | tcp |
| RU | 87.250.251.89:443 | core-renderer-tiles.maps.yandex.net | tcp |
| RU | 87.250.251.89:443 | core-renderer-tiles.maps.yandex.net | tcp |
| RU | 87.250.251.89:443 | core-renderer-tiles.maps.yandex.net | tcp |
| RU | 87.250.251.89:443 | core-renderer-tiles.maps.yandex.net | tcp |
| RU | 87.250.251.89:443 | core-renderer-tiles.maps.yandex.net | tcp |
| US | 8.8.8.8:53 | code.jivosite.com | udp |
| AM | 5.101.37.37:80 | code.jivosite.com | tcp |
| AM | 5.101.37.37:80 | code.jivosite.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\mootools-core[1].htm
| MD5 | 4f8e702cc244ec5d4de32740c0ecbd97 |
| SHA1 | 3adb1f02d5b6054de0046e367c1d687b6cdf7aff |
| SHA256 | 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a |
| SHA512 | 21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f |
C:\Users\Admin\AppData\Local\Temp\Cab4887.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\js[1].js
| MD5 | 3ae3afcd1c20faf3eeed83bdfa6e054a |
| SHA1 | 6cb26bdab97aa5c9a1389ddd11bc6fecc77d897d |
| SHA256 | f0e815dc73069b362fc86bc37300355dd1f646816e62ecbedc4f0a675cfa9e9b |
| SHA512 | 0e1531801781df41ec6cc733e0ddf6b4140afd2d7d75038d98c762a2d21e0cf81b90a15a8d8c44cffcf5ca6599ca2479e8d7929c3d12ac1034ebf99a3c42029d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\watch[2].js
| MD5 | 1c839034bc081f1191f189bc59074329 |
| SHA1 | baa55d2c2d9ecb4cfe7628a8ba229636fdca5607 |
| SHA256 | 6fc6d4f406047a0c2a59835c42d44dc69398ee93a5715b34effb0dddf95f9b3b |
| SHA512 | 38c80214173e207c44aa386fd3a405240315327ede2610ad31b54a81cdbba9ce021e98e526af7d566c1f6dd2fea8535ec7c5a66e87e51de42baa9e819d7203f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\81B9B36F9ABC4DA631A4713EE66FAEC6_3127807E14AC026FFAE1EDED5FD0DA62
| MD5 | d20761e5ef8b0a418f8b858aa8b5867f |
| SHA1 | 2210da4b394fd71833a5a5ecefb4d5cbe1dffc11 |
| SHA256 | fb5cfb4c23d77ededa7292bf5758540ac12172cfd37e6650418045a94f2077e4 |
| SHA512 | aca4a9f7b2e1ff0194a33633c28c71987c010b17305255e83b13f5d9d66ad2c6e18b0400f6777a91ad887d30cf359ddc0d50d7d86c741e2afa403a198547ca5b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\grab[1].cur
| MD5 | ef50ac9e93aaebe3299791c79f277f8e |
| SHA1 | fbd667e863c8278950e7761aee54b394cd93ea0c |
| SHA256 | 13e327b334d10b2b24101040eecace86aaaa2eed03d282fa75a04aa3bebf69c1 |
| SHA512 | 5737dc74030cc0c889a203cb05cf5ec09a9455a249bb6c799b1b0e82b9e8dc3cbfa81db5878551e2ddff11838776f6a8838bd80386be58be99907d224443e205 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_1448C2ADE06763B7161EEF1787EFF4A1
| MD5 | 5b1d17b80e5452ed835d54f878414c04 |
| SHA1 | dc219a1c4bb9b8891c44c642acfd42e44f595636 |
| SHA256 | c806926a3e632e1f8a85a8afaffee5a7682b6fb3ed3a02ad5d3b978deaeb8dda |
| SHA512 | 795bdbfef6290f2ecd0d138c53ab0693b23600a0170d58bb6085034e955d5f985cebcfa8e346848dc93c8aabad9668c29ee1ac3a2544182e4f6f11ba86578b54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e632deb0b555df8dcfa5010f5c4c287d |
| SHA1 | 7bbeb917fd3574b4345b076adc8bfdef2e51ef26 |
| SHA256 | 04c9e403594eeecb2d02ddf1ace045c22f32f5db320add5fea19315379044263 |
| SHA512 | 695ff14395e51443b8a2088c93bec6eb36fd7bbb40c690de9c9c4967eaa14697d613178f1f44c5d94b721f9ad675f1cf01df407c6df86b90551a4bbd2e1a0323 |
C:\Users\Admin\AppData\Local\Temp\Tar6DC5.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 563db9308c19fc9fc36413e6f917cf10 |
| SHA1 | 2164287c18e88e83b8a1d792684061b28cfcaf73 |
| SHA256 | 32ca1d0883d56f34d5101cd2ec029cac9cb3912a46c008bca0d4f01c2e81b2d9 |
| SHA512 | 6edfe8098effe548ebfeb1f92d4b0182b056b1f0372553078f3ed57fb7624ee619a1907993bc9ea607d6cfe4d0d3a1738a7b64a7367e24350b2f41a4667e167c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 85fbc27c55892532e2dab71e875ac046 |
| SHA1 | 401548a25a6114054d903bca875c7a2936ffada0 |
| SHA256 | c3870c6f16e5d4c53bc16080319ce0adc881d8e40992a387f3d143c777d9bbbb |
| SHA512 | 155cde1196261f673ae219e1b78b8c62456430be43b3e795d29d44c901a411e9a05e2036b9960ced116e72a22b0e0260483d8c7ae63a6d8bcbed4560bb95ab80 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 95e7c8d393b171a8921a2322290eb132 |
| SHA1 | 02dfab8430900ce34bfab97f7cc5a329d9f1afc8 |
| SHA256 | 26cac84864eea16d130192dbef2f1c4357127201d99c4ded5f9ffdb8382ca2e3 |
| SHA512 | 2b289a98f3741d2f740d377b5fee0193a69a2e3904ab09546e49486e49445173a52a655df238076d22943a8a3ec69e17c6aff0bd2c0e23aa6f7b47d98910cac4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cfd791ffdb0e171724059ce376d06412 |
| SHA1 | 8d906851d920c884616d3f5ff7ad630887a7404d |
| SHA256 | 655c09b6edf823ee539600e0e36aee2a671a793a0d53f7f4cad4be17b49cbe7d |
| SHA512 | 255a30276300fd48116c60beffa29983283e4fbe39ae4e3cf11ded993d9e616d2e3f414725e8547076934f8787bfd509bf045c70e0c4b845239e93dea7143cf2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 69a51d206448b04983b0e8b6a0e0e28e |
| SHA1 | d881f625e3537e4c4551f65719be29f26fceecb0 |
| SHA256 | 262418ffd01af40e082d6871684b2ef5bd0b6e3c74baf50ab6829d7549e44beb |
| SHA512 | d84dc851cc11f75975668fc9a916441efd48578b6eaa6784541b419200e50710afd06d9f943a20affac59cd6eb56bf65bcf5367ac4713ffd8c0837ec3dc6e86a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 11952a590f96b8ccb5773a275ec544c7 |
| SHA1 | d8739fbf4062ed9e58b680cd5628bac1a4457fd0 |
| SHA256 | 30d2d20863af7e8386a9acf0f62a27cb77570a224ab2fdb332fc1ab6986589cb |
| SHA512 | e41e308c34d450d3f17111cbc577fb9e284017ba3b9981f1ca7ff7a886cad8ab77f2620c0ed9e5d10b3b16392e6e347b18cff60e4fefd6ec6bd6d19a2ab11648 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6fa0312e5acccb426fee28ca2c55a0ae |
| SHA1 | 64e293f04f32dbe7f842a6fb4b3d2d9cfd0ee03f |
| SHA256 | 4c7e19b83f19de9cd2b3b7ccb121a14b785fa015b5fff2ceac39236dc608ed85 |
| SHA512 | 7e48fd26c9f97f6645c673b5afc2dfcb73258e9218238025ee2884d1c0b38fcb51c9180f743e8f8e6d2380af1b2667d5a29d441c144fc7fa8aca81bbaf6a42e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 345b2b07527569525b39bd871e7a03af |
| SHA1 | d26e535168c1ed79409a62cd82d83fc3ab0c383f |
| SHA256 | a712b8a99be4e78ed883dd187399cdedfb229c049a412e212aa2a255df3f4901 |
| SHA512 | 0f80ddf875ce7318ada2258e9354906bb100f264bf3bfcd4759771152add5eb71207d0da2ed0527cad7b4dd30764d608f18c7ef6ae52019eb085d42ef00324c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a369f48539df68310cceb24264f70587 |
| SHA1 | 1077467890d5da5a647b7830af281de32304f86a |
| SHA256 | cb14068c55f74f2946ebb97cfce9fa768e38d8c28bb0f19ee81a6115a4ca0bad |
| SHA512 | 01f6573a9ed4182315aa4f3cc611724f531831e8168aa7144cc39cd70a1a3673236c8521ad92b1d8d838c0284d3afbb8c45214c63e1507bf6d8788e6ae12c9be |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JS0XY24V\yandex[1].xml
| MD5 | 9539caf9b983e3e8569ebf1c747c747a |
| SHA1 | 77f37a95b38ba01b28709774c3e5c0ee6cf3764b |
| SHA256 | 8e2720d8846b33c165bc67db9ff43edde1ea0a929012dea79d48a289d1d7391e |
| SHA512 | 4319e72331efb61eaa2eea1c42560688341ae681980ab7682b00255c03959250bf5db5cd321d185cd93d3df7abf2f94a4444f2edfceaf7a8497e4d84542a46df |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JS0XY24V\yandex[1].xml
| MD5 | 79c19936a8c6ff89c6b919a1f0de10f8 |
| SHA1 | 033376a870dcd6e60b94d40f1d9dd967b202980d |
| SHA256 | 63b6da07143911174621edde41b0c59304e3976f4a0b8f18bc5f0ae554a9ceb6 |
| SHA512 | b098ead7d4ef0fa580d33412809df1bdfb45adca37c7a512d15e81d4d2daa940b72834bd1e183e254433e8b4b97527f8db9a5392c6a3b5147aaaab9cc0dd81f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 850637be6943d3e96e9e6712b0de4f18 |
| SHA1 | 00769e160c8b1373cbf4570ddafcabec23e502f3 |
| SHA256 | 8cb610cbe08ad36d1fae9beb2f4594a7f4e58fccb1555127de3b015de4765b44 |
| SHA512 | 65a6492a007152fd9e84dca99dc032885e63dc04d5ee63109d369bfb6f024050deded4c777bbf707ee548b8ae24e2453186349611691da55f3f29db50e5c9f9c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 4c89deddebc820f1027dc4878ed8e2ef |
| SHA1 | 02ee4bb1538b76c3a89bff0c159af1b7681fd47a |
| SHA256 | 884524f69d7d84ccc6990da2400ee414ea2030431995cb62d326c323e2f95055 |
| SHA512 | d14d3209ab2ada9ec9ca56bbe22da6559eeeec7dd841e877d295df01f1517146e4c2d5f59690e6464e80cdee5a49c5581cf2436ba6153235f98df2b881d62f06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63d57b7c267266105c3488b2013ed84c |
| SHA1 | fc54a3783b67cadb020f6b3268ef0b39a4e72fc5 |
| SHA256 | c053e1f99bee1f7f1de1d7efed4e9db7d113fa3702ec6050ef11e41015188299 |
| SHA512 | 0f4e3e2720e4c6d999302a46a66d08689394527c8c3286c2dc20d33a4574eb9a15bd746f211a63d53e88dbee5cebc6d39d92eadb3ca26f02876b484120735cae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b957068ea7f6409a2a6bfb0c1448d023 |
| SHA1 | d1cd4d7b6fdefabd89550c2a84dc59c31d831cb0 |
| SHA256 | f1eed5d99f0dfd28dd0dea54dbf0e49b082204c525f685083bbe31cb2b05d71f |
| SHA512 | a860057e9be911a069bbb2b2c0c789192c6c2f400c231445a457abfa5c4844f1ea4f2715ac8d7f18e54dc1400ef243ececf667cf624784831203f5a509af8459 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5fd2f1d1ae3a28b2ab9235b049bd4e89 |
| SHA1 | ae215303d01081c5b5e7c81e5f4afe3c41120f12 |
| SHA256 | c921f2635f36049e6b2010dc1124cf2ccc47a338116ed66654a51711df31ce23 |
| SHA512 | 775fc60ef6337ec1a89f434dcf86440cddfeac5b3a5a32be6d925e040791cff93286edab79d0238bf046e55cfa1ed3f034e5b1aa88f2c58895f9a8dd0bed7eac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 54f6ac09acffadfd7c7de781e76f113e |
| SHA1 | 828adddb75a9d3d770d24cc537eb2dcb58bdce0a |
| SHA256 | f48d1cd2f3c231889e6d3e9b506809ce49eaba447e53e1da39a2cdf85c175e74 |
| SHA512 | 17657d124dd9d3365d24c2e19da2aec03f3720c0a853a5b2b6df3aa135a7c4ebc867a0a0e387d5dd82b1c67b060a4f89d7a18d8ede4f9a183b895dd1c4d9ceb8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9773210c9c8ffa9318ef1360e7941afd |
| SHA1 | 850a282ef007bb6226c3f6b76139ad7e3ebe3041 |
| SHA256 | ce470ebdc1fcd31136531050e2e1560b69ae0f0c2c81655b54e75ad4579e444e |
| SHA512 | 3d4dcdaa19f9565faf631cc0e39162c4755845bc7f22b6366fb344fd13fdc922f83c5bf2013b2bee5956089f4f807db9397ccd6a6ecfc21bb9ecd6e604c3cd18 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a2ccaaaf3414bac121eb09307ba8d6d |
| SHA1 | fe996968f40d53618cad11f38fa421f62162c1e9 |
| SHA256 | badf382a8912e4a9a91d6119c7d154059b2a84d7eea77d8d7a2a1e09f8ca64e6 |
| SHA512 | 368128fe6ebb794a3c9a239d88218af2671a40c81cb7b96037fbe7ec8be45b54040d40ae4aa72a09353b378ef03c7983d99f83f0fd8e5f726f5b666422391419 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | ea69906d0fc6e20e9db7f05238b176d3 |
| SHA1 | e8a6537c56b79839fd6576872afc5e58472a52e1 |
| SHA256 | b511b973490daea39fed69574f23f4662850a26fd556078c3fb9b2cbf6e98e35 |
| SHA512 | 78aa95408cbec6983e574d845ef15c79487d6f8c04b4bf15f7ff4ce0a913438ee7f554f755ae60350bfce6858cb09e59c13831237ad32d4fa754ef5fa737b2bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6ea709fd005912cf351e72afdc9b6c0a |
| SHA1 | c343f8a7116823f8976f1f0d23c83322e66ba4b5 |
| SHA256 | 741531c1564f240f96afbb5e394ef40ac5456fc2a1293827f1f9582727fb321d |
| SHA512 | bd22509d445843e067252e59dee0c612e75827b1412b6a3ab9b40e8d052d54de2c9cf33a04424ccd8c140095656d9708badfd343e5c8f82f3a8eae99281751c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 84f57eb6aa682fea139b036da3329335 |
| SHA1 | 11208b1b8257d0b8aed0dde9ef4edf48303f8bbf |
| SHA256 | b6fa87a27ff9ece970ec3ab0be2b71cf5dad111be8cee31a7382b3a53acfd4de |
| SHA512 | 276e55d3ca4671a665155213125fae8591a1bc1a31fb1d2832c5dea9aff6437b0c6873fc6dd6372664e9e14a70af869947541edaf22843fa1f5064bb4c9c732f |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 08:02
Reported
2024-06-03 08:05
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\910b5e2f86ab6dae3968725d7782ec9b_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e77046f8,0x7ff8e7704708,0x7ff8e7704718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,11830154412795285452,16106638074504400062,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,11830154412795285452,16106638074504400062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,11830154412795285452,16106638074504400062,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11830154412795285452,16106638074504400062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11830154412795285452,16106638074504400062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11830154412795285452,16106638074504400062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11830154412795285452,16106638074504400062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11830154412795285452,16106638074504400062,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,11830154412795285452,16106638074504400062,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5976 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2d0 0x2d4
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,11830154412795285452,16106638074504400062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,11830154412795285452,16106638074504400062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11830154412795285452,16106638074504400062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11830154412795285452,16106638074504400062,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,11830154412795285452,16106638074504400062,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | spmrk.kz | udp |
| KZ | 195.210.46.67:80 | spmrk.kz | tcp |
| KZ | 195.210.46.67:80 | spmrk.kz | tcp |
| KZ | 195.210.46.67:80 | spmrk.kz | tcp |
| KZ | 195.210.46.67:80 | spmrk.kz | tcp |
| KZ | 195.210.46.67:80 | spmrk.kz | tcp |
| KZ | 195.210.46.67:80 | spmrk.kz | tcp |
| KZ | 195.210.46.67:443 | spmrk.kz | tcp |
| KZ | 195.210.46.67:443 | spmrk.kz | tcp |
| KZ | 195.210.46.67:443 | spmrk.kz | tcp |
| KZ | 195.210.46.67:443 | spmrk.kz | tcp |
| KZ | 195.210.46.67:443 | spmrk.kz | tcp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| KZ | 195.210.46.67:443 | spmrk.kz | tcp |
| KZ | 195.210.46.67:443 | spmrk.kz | tcp |
| US | 8.8.8.8:53 | 67.46.210.195.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | app.getresponse.com | udp |
| US | 104.160.64.9:443 | app.getresponse.com | tcp |
| US | 8.8.8.8:53 | 9.64.160.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api-maps.yandex.ru | udp |
| RU | 87.250.251.134:443 | api-maps.yandex.ru | tcp |
| RU | 87.250.251.134:443 | api-maps.yandex.ru | tcp |
| US | 8.8.8.8:53 | widget.copiny.com | udp |
| RU | 45.92.177.74:80 | widget.copiny.com | tcp |
| RU | 45.92.177.74:443 | widget.copiny.com | tcp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| RU | 87.250.251.119:80 | mc.yandex.ru | tcp |
| RU | 87.250.251.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | yandex.ru | udp |
| US | 8.8.8.8:53 | d7.c3.b1.a2.top.mail.ru | udp |
| RU | 77.88.44.55:443 | yandex.ru | tcp |
| RU | 77.88.44.55:443 | yandex.ru | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| RU | 95.163.52.67:80 | d7.c3.b1.a2.top.mail.ru | tcp |
| US | 8.8.8.8:53 | top-fwz1.mail.ru | udp |
| RU | 95.163.52.67:443 | top-fwz1.mail.ru | tcp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| US | 8.8.8.8:53 | 134.251.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.177.92.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.251.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.44.88.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.52.163.95.in-addr.arpa | udp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| US | 8.8.8.8:53 | 215.131.154.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | code.jivosite.com | udp |
| AM | 5.101.37.37:80 | code.jivosite.com | tcp |
| US | 8.8.8.8:53 | core-renderer-tiles.maps.yandex.net | udp |
| AM | 5.101.37.37:443 | code.jivosite.com | tcp |
| RU | 87.250.251.89:443 | core-renderer-tiles.maps.yandex.net | tcp |
| RU | 87.250.251.89:443 | core-renderer-tiles.maps.yandex.net | tcp |
| US | 8.8.8.8:53 | node-ya-2.jivosite.com | udp |
| RU | 158.160.45.40:443 | node-ya-2.jivosite.com | tcp |
| US | 8.8.8.8:53 | 37.37.101.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.251.250.87.in-addr.arpa | udp |
| AM | 5.101.37.37:443 | code.jivosite.com | tcp |
| US | 8.8.8.8:53 | 40.45.160.158.in-addr.arpa | udp |
| US | 8.8.8.8:53 | telephony.jivosite.com | udp |
| BR | 185.163.159.177:443 | telephony.jivosite.com | tcp |
| US | 8.8.8.8:53 | 177.159.163.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.143.182.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 87f7abeb82600e1e640b843ad50fe0a1 |
| SHA1 | 045bbada3f23fc59941bf7d0210fb160cb78ae87 |
| SHA256 | b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262 |
| SHA512 | ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618 |
\??\pipe\LOCAL\crashpad_4488_HQGJJFSROMTYPHHD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f61fa5143fe872d1d8f1e9f8dc6544f9 |
| SHA1 | df44bab94d7388fb38c63085ec4db80cfc5eb009 |
| SHA256 | 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64 |
| SHA512 | 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 87e392ab0f2c8d07440371562fd26b71 |
| SHA1 | a618d8fe43c889d92673943fc3beb1622779403f |
| SHA256 | 5e24e499b959ac7972ae4618675513f9af2c07a347b759e1cab1a3decf8b6770 |
| SHA512 | 6ade86b1424b83f8090d5d08f0ea6907e7c458fec686edbcc05f35b55d25d410ed93a68546d00ae8b2d5fe3eadb80c2e8ab96514fafe0fb877a09161ec5ec284 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0286ad134aca4e1c6b173da54bd54139 |
| SHA1 | 5377ce64751f4b1e7b9988f1ca8df4b3a75c09eb |
| SHA256 | d5a9f597ef7057ec395e650054d8d24bf3261928ac8c3f7aaf9b5d9a5134b68f |
| SHA512 | c2b9b657977fdef8ef61f45ecdf16182d4153ec1ab52d66b4ba43480f4916c3f83532a7f2d4cb22dd813f27604d7e2179dcbaf21cb4933a2eeb420e56b2b2099 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 96d658f11c237d7e868ff14af18c1e5d |
| SHA1 | ed5b2ae0f1cfdfc729f367482566437a2c4cdc1d |
| SHA256 | 64c98cb4c84ca97fd8038f1a3764a8df03db0d32e11befb19e64021f83611f11 |
| SHA512 | 71f7c1e5cee3a4bedfd1e6df66cb292eb192d8381c0083bb061e48974c11431b03475adf9ca4a3e909525cb0e6f2c5e84a2a074857e6ee4818ff1161a2e75418 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f354094b9066330b3d17b57e6d2a2640 |
| SHA1 | 96ea271f9997fcf8ca6b2917f662daf9abbd30e0 |
| SHA256 | 3d1ec44a1bf9f76acebc9717fae77a903d32321ea4f537e35a46b4f55139c8df |
| SHA512 | aa5eeacf03f00ebabeedce2500cf48ae70a5a8502fc806b6f6c98954e5c8410ab04a9b34ab961f725c81f65a0dd7e5e758c501e014c85d268bcfdbf0708ffb00 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 93d44dd4500998e7b7cc6bd700f1be10 |
| SHA1 | 51d2d777b352e1e196a1f045bd0fd0c844974441 |
| SHA256 | 3e09595708a6ce4327815a48096fcc5f73085834fa0c1a8e265bca71333670ba |
| SHA512 | e608f6746dc0018a9f4acbbd313ef73436abede722b724cdaf36725c001caecb59dde7c3c658705aafd47dac7e935ff4df1ac743d428829c1a3efa1647b10475 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4694cd71540f318667e53a3f53ff368b |
| SHA1 | 582206ca12d46f278c061c113d6e679e4cf9c14d |
| SHA256 | c33c0fdfcf094337134dc7db9e4e47a1978c584258128b4d4d2ab201c895778b |
| SHA512 | ce4b7899fa8dc7f1ebd3931e01996bb16b800ad98aaf607dd066bffaeafa806b8c88912d53e5483fef61bdabc9528eb71b59bcb47befe5acee0ab405a87889d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d8fb.TMP
| MD5 | 673a2bf66b9ccabbe5922eb5217fd090 |
| SHA1 | 1b75a2471d1a556efc9ae55b0068ecb84fbf2f30 |
| SHA256 | 1729d4015e02190fe6dc24269aa2e391bc701caf2ffe08cbf6041a68a9ce6af0 |
| SHA512 | 4051ade7ed05370218d8333b5f1ca3111e41e9aad98bca256f920d1f13096c3bbf6a9fa4fc39bcddfa897e84dd59b4efb2739e035dd0be34fefe45e59ba8ce68 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e5d990f11f52bfee4edf545944635805 |
| SHA1 | b168cacf2d3db7be10ba4d9c9a0a285e67be04b9 |
| SHA256 | daa5dee0811da13573927ae50f4602174a3a6f2872a29b0b05ecb75e5076a37e |
| SHA512 | 4f540510e9af2e3f4efb8bb67068873264231ed1a7faeb21b57a778882a8950be99e12335e473a049b80a13e05cf797f06708216a4b478211ac36777d5d0e16f |