Analysis Overview
SHA256
5a98ab3eabf8d337ad3682eeff50d646a95fbd552f6906cc73affafd9acc8a85
Threat Level: No (potentially) malicious behavior was detected
The file 91d2f91c88fbe0c45c8b36d7ea9c6b63_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 12:42
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 12:42
Reported
2024-06-03 12:44
Platform
win7-20240221-en
Max time kernel
146s
Max time network
152s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005d6871782aa3a64ba8ae66a9069698d700000000020000000000106600000001000020000000420ca3ff650cb9498c4bce9217426d2f6b48ebb8dd5e441a640ca6ffcfef9da4000000000e8000000002000020000000b4ffa7d0a18be3a92e4ea61364163991593ebf582f6041c300795ec79352dac4200000007e6961138133fc2097ce8c83e80bf1acd465f8f7407c4802f239d23542c8ba7e40000000019ee3bdf03d61ea24b0fd3f5020c785ba1e7754b0d22493678989e41cd029beeb8839570fa7a4981b3ff6b561c0d20e4b7122aa482ab543da11cf64beee6078 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d071839ab3b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005d6871782aa3a64ba8ae66a9069698d70000000002000000000010660000000100002000000030e9d01b6eb83076e0f3a41cbb1cd1fcb95f6b8c29fe93c35613cf8a56dba27d000000000e800000000200002000000096e29ccdca908c88d5e3f90f9be639f8f315a474e8cc730ec64093c2fa2d3c1e90000000fe10a4f26560b1285fb131c6d2304344f27a1e6cb2c5f7a8c3c21fc74dfb0e40f37548ff0d97068abc523e256b3360bf08fe9d16d10f317b3dd5d17e92199f665e89bf0591f2b8dfe94d2101b171b843ac904c0206b5566f1cf6720eea7aeb7ec90eb448553e026cc15cfb3542387d48be79ef2d23ffc325cfeea1ce275823bc5a1edff33953257cbe32f0f2841d4b2340000000e17f174be1f4fb78d845a999f5a7fec2246922586298d432360ddead88faf1711e07a7aef301b346e20788b17ecc210597dfa66b0c0995ae94fc80e89e33af8d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BBE261B1-21A6-11EF-9F3E-D2EFD46A7D0E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423580416" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1688 wrote to memory of 2856 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1688 wrote to memory of 2856 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1688 wrote to memory of 2856 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1688 wrote to memory of 2856 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91d2f91c88fbe0c45c8b36d7ea9c6b63_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1688 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.photobooksingapore.com | udp |
| US | 8.8.8.8:53 | pbww-assets.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | pbww-assets.s3-ap-southeast-1.amazonaws.com | udp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| SG | 52.219.128.36:443 | pbww-assets.s3.amazonaws.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SG | 3.5.150.109:443 | pbww-assets.s3-ap-southeast-1.amazonaws.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SG | 3.5.150.109:443 | pbww-assets.s3-ap-southeast-1.amazonaws.com | tcp |
| SG | 3.5.150.109:443 | pbww-assets.s3-ap-southeast-1.amazonaws.com | tcp |
| SG | 52.219.128.36:443 | pbww-assets.s3.amazonaws.com | tcp |
| SG | 52.219.128.36:443 | pbww-assets.s3.amazonaws.com | tcp |
| SG | 3.5.150.109:443 | pbww-assets.s3-ap-southeast-1.amazonaws.com | tcp |
| SG | 3.5.150.109:443 | pbww-assets.s3-ap-southeast-1.amazonaws.com | tcp |
| SG | 3.5.150.109:443 | pbww-assets.s3-ap-southeast-1.amazonaws.com | tcp |
| SG | 52.219.128.36:443 | pbww-assets.s3.amazonaws.com | tcp |
| SG | 52.219.128.36:443 | pbww-assets.s3.amazonaws.com | tcp |
| SG | 52.219.128.36:443 | pbww-assets.s3.amazonaws.com | tcp |
| SG | 3.5.150.109:443 | pbww-assets.s3-ap-southeast-1.amazonaws.com | tcp |
| SG | 52.219.128.36:443 | pbww-assets.s3.amazonaws.com | tcp |
| SG | 3.5.150.109:443 | pbww-assets.s3-ap-southeast-1.amazonaws.com | tcp |
| SG | 52.219.128.36:443 | pbww-assets.s3.amazonaws.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| SG | 52.219.128.36:443 | pbww-assets.s3.amazonaws.com | tcp |
| SG | 52.219.128.36:443 | pbww-assets.s3.amazonaws.com | tcp |
| SG | 3.5.150.109:443 | pbww-assets.s3-ap-southeast-1.amazonaws.com | tcp |
| SG | 3.5.150.109:443 | pbww-assets.s3-ap-southeast-1.amazonaws.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| SG | 3.5.150.109:443 | pbww-assets.s3-ap-southeast-1.amazonaws.com | tcp |
| SG | 3.5.150.109:443 | pbww-assets.s3-ap-southeast-1.amazonaws.com | tcp |
| SG | 52.219.128.36:443 | pbww-assets.s3.amazonaws.com | tcp |
| SG | 52.219.128.36:443 | pbww-assets.s3.amazonaws.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.44:443 | www.photobooksingapore.com | tcp |
| US | 8.8.8.8:53 | ap-sonar.sociomantic.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m01.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m01.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m01.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m01.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m01.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m01.amazontrust.com | udp |
| GB | 18.172.96.64:80 | ocsp.r2m01.amazontrust.com | tcp |
| GB | 18.172.96.64:80 | ocsp.r2m01.amazontrust.com | tcp |
| GB | 18.172.96.64:80 | ocsp.r2m01.amazontrust.com | tcp |
| GB | 18.172.96.64:80 | ocsp.r2m01.amazontrust.com | tcp |
| GB | 18.172.96.64:80 | ocsp.r2m01.amazontrust.com | tcp |
| GB | 18.172.96.64:80 | ocsp.r2m01.amazontrust.com | tcp |
| GB | 18.172.96.64:80 | ocsp.r2m01.amazontrust.com | tcp |
| GB | 18.172.96.64:80 | ocsp.r2m01.amazontrust.com | tcp |
| GB | 18.172.96.64:80 | ocsp.r2m01.amazontrust.com | tcp |
| GB | 18.172.96.64:80 | ocsp.r2m01.amazontrust.com | tcp |
| GB | 18.172.96.64:80 | ocsp.r2m01.amazontrust.com | tcp |
| GB | 18.172.96.64:80 | ocsp.r2m01.amazontrust.com | tcp |
| GB | 18.172.96.64:80 | ocsp.r2m01.amazontrust.com | tcp |
| GB | 18.172.96.64:80 | ocsp.r2m01.amazontrust.com | tcp |
| GB | 18.172.96.64:80 | ocsp.r2m01.amazontrust.com | tcp |
| GB | 18.172.96.64:80 | ocsp.r2m01.amazontrust.com | tcp |
| GB | 18.172.96.64:80 | ocsp.r2m01.amazontrust.com | tcp |
| GB | 18.172.96.64:80 | ocsp.r2m01.amazontrust.com | tcp |
| GB | 18.172.96.64:80 | ocsp.r2m01.amazontrust.com | tcp |
| US | 8.8.8.8:53 | js-agent.newrelic.com | udp |
| US | 8.8.8.8:53 | a.adroll.com | udp |
| US | 162.247.243.39:443 | js-agent.newrelic.com | tcp |
| US | 162.247.243.39:443 | js-agent.newrelic.com | tcp |
| GB | 13.224.81.44:80 | a.adroll.com | tcp |
| GB | 13.224.81.44:80 | a.adroll.com | tcp |
| US | 162.247.243.39:443 | js-agent.newrelic.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab910A.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Cab9246.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar9344.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c686f3efceaa5dd9d0e96d9d3e3aa9f3 |
| SHA1 | 977b784ae5b293dced5124b04bd93e19250d01eb |
| SHA256 | f8e14db861b07ac4daf91c39cce02ae79d3afb95921296bd73ed7525e518945d |
| SHA512 | 8b547024587e4e09bea60febe97adc4f046c8159a70b32e45b944e890950ffdfa252ce6a26b43fd0c0c7217c95bfeefac2aab59268cda3bb05a246726e5f8c70 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0d0f56d9801070b9a1af66ada8e5bd9 |
| SHA1 | 313576abd86ba3d2f3655f6d8d91c1588dcebfa2 |
| SHA256 | d4a29604120188eabee4ad32b295234de728bda4f1268fc0c3328d1f4b10fed0 |
| SHA512 | 24ec18e39a5d5288d962fd1a97a2bc0f8f8e16c0b1702c018f9de2969922d61a4d8e7bd21e0aebdd87565ee9de14e2f4bab32a9ebe929c9d0673e267be6811a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 9e903e8566ca21f63bcde2e86b5170c7 |
| SHA1 | bd4bf95dd23078e7c2effc88e3ca4ba4cf3b4990 |
| SHA256 | f73c9eb0d844914b10e2a8e101f7bd91502770c95ce475a482d840f33f5cdb69 |
| SHA512 | 60692def18fb47e97b474e5fb2bbd0be72bde174f4a59d0d85c04e262c4d13f1e5880f37d288df95ca777a807f338ea76a7b66c05c8e6762e0d25882ab3ff369 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a796edd0622ea21b977fc7ca956594c1 |
| SHA1 | 48c1d64d95244290aa12579a7ed81a51d3fa7721 |
| SHA256 | 1aaf09ba7e26f48c5b9c9d4bbee771764bc9797b7d75c89bebd0ac2a8d204b57 |
| SHA512 | 524f8ef1aa03de038ab4bf11b57eb272837f871bfdae9d870ccb6f885592a6cf38c636f4e84b790ea7d588352bdf3988b4dd59c1a301b844326d0eda80fff24b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e92ea43e1e9e65276fcce36f84a39cb |
| SHA1 | cd167c3abdf1f4934dae3bcbd35868fb1f9f129a |
| SHA256 | 7d0f6a2a5c8702c5b06519db44c9405323a8282aa917a020da8c32d3ebe381d7 |
| SHA512 | 1f7e8b762fd4b6296d33f1c39c6f13a9c7edc549b67bedefeec7a8f3d1b207284c3b79764a561dcf04b1b0752156e6bd5ba14b0d4b2b87ef7043901c6617e2b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f508a95e2fe5de1b9550038abdd4c3a |
| SHA1 | 979814d3f97a00b133a372acf96eb4f6e0c0957a |
| SHA256 | 4f7d2238821fb99d308c6e83d9ded18c884e1ed1deaedc454b424e551ee1d667 |
| SHA512 | 2aa1319d572b3c09ea8a41dd7be33570bfb63ecf420445dba1c61a73238489784f4399cbd63d5afef4426e7be1f124cd8f02d91b267dd5f7d27c55811651f972 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3e04687056da2ebdbd33a097ebf3ddd |
| SHA1 | 962e7a7beef0a11f9f5cf45dae92cfa66d5804ed |
| SHA256 | 61efcb9c590d60a96a02da81a2ca06547db3c792312f731ad23fd4e2b4637b1f |
| SHA512 | f30a8b29af3ae2719bfb082e7854a1fb7abed5db8980a4c5a8163be67c993e2930423dcaa3a7c72df72c55b0b4e8bc56b309af0a08e84c494fc12661d408cd74 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80d46bbc3640adea90c53e7e2dcfff05 |
| SHA1 | 4663edbcef217a2463b4bf15e6c53d332c217ae6 |
| SHA256 | 925aebe011ea8d8f3a4b698645021591d10834c1984af76bad63a36648f512e9 |
| SHA512 | 657d1d7ee396163b27155b049b6889be89f2c02a9a8caa45bedbf0a48cd7b7b11b9e0e240c3e793e14b3fe1224dad895e68adac058fba889e00a9244719a3cfb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf090eb3d85b77de5c1f8524f1795c67 |
| SHA1 | 24e1300e9a95af33556a253786cd2f58ecfd6251 |
| SHA256 | 8d863f533f8bcbb9fad4a9824c472f5e987ddb6e2645c294f958b8bd2303058e |
| SHA512 | 962deefd2927939dea65cb80cd32f0f202643610199535053fe6c184e66847f9b81a3c9aa13f74cc1cfe6ef5daab0be70dd57af497ccc557d93445ee7e711068 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a29cb925865fec3e48c8e282c57ca8f8 |
| SHA1 | 4ba173fb1cc3e602ba9eb441691b7f803beb6cff |
| SHA256 | c9d4aa590f346aac1148ca4f7005b0b4c11ef268632a70f4524fbc9bec4c276b |
| SHA512 | a710620e75e0fab85a597ccbe8135f62779948fbc52843cb2cbb983d179afa359b6d9c2962571f70783b7bf3cce69b0207231e9264355f98a6375309930b53db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c9e7c5a19d2cfb0f0745d3b656f1b74 |
| SHA1 | f7f435c0271e563180257d3c3c7498592c01dfde |
| SHA256 | 3270bbf0d8f8ee0e4302bb716e21c54023c7bf2cb65c28807499ea0c2bebe1a7 |
| SHA512 | b4e8736551941b68c37ff5daf01d2b0b95e8ee38b8ea49050f0d3fae3cbb3b2480dd15a36ea149a13b2324f13381cb9a942928a6a871447ceb775dfc23458232 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7384fe0d0c134364b976720c32cc6a67 |
| SHA1 | 3d5724123b76a409e74a02f64b0bc4681da85e48 |
| SHA256 | aa72b14fca1d5c6019e4269c8b2dd8e003c1e3ef940e0d09f0e10fa69a1d5704 |
| SHA512 | 30de7e870b74ff84700ec4c314d98f431db629c56568ee15f276d1c5f57d7f469dff9fe3c42a8b0313a9e8ea936d6fadaeb2d83cfbc9c75e5e0b744c7c0e9dd8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | a676e0f423a44ccc72f3d033e9bd1ab4 |
| SHA1 | 1acfbd2b02bd19b359a75cc335fbdc850082e8c9 |
| SHA256 | 5c97e0198ed3990f85593e1774ad055bcfa0dbc02d22268c825c4333515ac5ca |
| SHA512 | 9c93edbc42063a590bc219a9b18139f7255289bfc0d15008ca59e2a7fad3e789d8b08c239355a03b4bb936ae71aa8f0a8a8eac626051e5af3e171b430dd9d1a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | a2f6ca19d0a74d3c29c8ad45731533e0 |
| SHA1 | bee151966bcfa55723950a105c07235298bb3f42 |
| SHA256 | a5717383cb91e7ba9bfb2d35b04e0ed82404f1cda674ac70fe4a8524a142a940 |
| SHA512 | dde2a292063b24d055a7023e43eba142e5724c552b6da15b3d45ae6972d5871fca726439cb5e795ab2b18aa818af15f14e47b0ffe136ebbfa88cf62e348cb971 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | 22d0bcddf87d20ef09293ab586e69db5 |
| SHA1 | d7b4abb218147bb9437b7a2ba7dea76d561fd8b5 |
| SHA256 | 1bfb2ec7ce4282ca339de1f8ff9e27b3543a840ed077366fb99b25ac9a664774 |
| SHA512 | 2daa4843fd455a37f49aa0d9e90ed98237034be3a868467f9a88728992bbb1b24f871a9d233261e4e64fe4fe14e2e32c39b7cba3b09322687fb8f9cb902097b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | 4c594b1253b10c2c70b7bfce9f429520 |
| SHA1 | c99897f441de314af7ea7e76058d75a0094fc219 |
| SHA256 | 48a5f485d2099ea3b6a19183b2f6eea1376a3574aebdac045f7e459fadefd3eb |
| SHA512 | bbe129e64f496d05a39d693a0f929a4f9452e5e2d666eef37d5464e66fd37245e44d990b25571d5c1e1140415ac146dc326b48011bb3efe06b56f2cb5e10439b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | 671e2e720d134810274565b126e44455 |
| SHA1 | 870df695f05e18c81ef3b2cf8c4c0ffeed9ecbf4 |
| SHA256 | 952b8698575f98d7040746126c608ca2c74050daaec2bf8bffecde5f142a39fa |
| SHA512 | a6ee90dca1045eeb4343e0f3b4f6e8bd1693c99688d1404bc55832f3b59d6b1811d71da06726a4193a3475119562c49e919a65796d1b4d08fa3c9d8f13b61802 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | e5e1c61f536253e33b3e55f0110b3a37 |
| SHA1 | ccd84bbcf91d1f221d3ccc4f3e1ecc9d6b82b4e5 |
| SHA256 | e6118eb5464777b6aba2a930ac1909cff9a6a784926ae82a3a8bd589a9694e27 |
| SHA512 | 827ef417f1b5bcef432a552bf2fbc6bb6adc7a714420e4f1df79c4d6c221582b8ab8360966d30265531aee9d474557ac71c60c76636b823058f783af038ab241 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | e0a8d650bc8660ee4283df61959399fc |
| SHA1 | 27e24dff55a8f95b619132d96b0f61b727dfb2d6 |
| SHA256 | 8d085cda8ce7c9555258d203f28b7bb7a277c28491aa4bbcb4897dd96a7504d7 |
| SHA512 | 1f30bab2eaf169f2fc1da4951144bc3960d173f3dc6452e52b35573289e5b5cba1253b9eff576a3703f1c9c0382d95e945f4ee3931e34efff3600977099335a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 3d9ef702df7475ea589ca835aa26336b |
| SHA1 | b8407ef8f4029d6fff08f93cb7e61105385ee20d |
| SHA256 | a7233f4c532d3777fcae87f5f9987e1f74322ea4c70479bcb2bc461ccf2de962 |
| SHA512 | a5f5fd6cdf98e6c55930504bd8e05bfd283fc19afe386f303e20ebc9dae951b964fc55d6fb625011d8e8df737d4c54c0a8854ff454db4599c2fc1a49c63f8311 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8
| MD5 | 54477f515307cc2061ecebe4c9bc821c |
| SHA1 | 45ea7451385b4c9a92741593a2324894ac19cca0 |
| SHA256 | ac8ce1d9535ab9ea761860201961c4fc012ce19cb597cd50a752788d0c6e22f5 |
| SHA512 | 889102eb1838f6c780be960a6d5bceafddd34e8274b8c0171306bd2ace4bea00a48976fd1ce66a285b6c23f1d50c7bea2092035170070d386cfcea2f9a04b257 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8
| MD5 | cb0470d7afd452bbe066412485b628f8 |
| SHA1 | 514eb65bf820622d20131061bc0f949e20802179 |
| SHA256 | 35fae31b6a8cfd6b5e064c52725accb8ad705c4702d2408349748db8c6f92cda |
| SHA512 | becdc6912462b08087e90190a4930dfee569ecdb19be707bdd85b1b77c6f1f8aad36da4a7e4a7b441ed3e2825e9a8fcd96ffdfec1d1ae70d8eaca97f56a853bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8
| MD5 | e74b0916e4459982b064c5892144f7dd |
| SHA1 | 8a04777704657039ce4c95ff7b1b5bd0446c8d39 |
| SHA256 | 87f5327aa1b4f787456a646d62258c10db499b00799d18e0b7d0953f35be128e |
| SHA512 | 5f0201df7ed0c9472ffaa2b5330cbfd66f0652a6a8eab2ef72bec5c8944e85b304db47b921183e275a8ab1a0a140bd08fcafa1ab5ac13e0cf68ec80e4ce3ca25 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8
| MD5 | f71626d5cf2b3745ca99a0b1d8975b66 |
| SHA1 | 4a5513ae4f035664aa8fee2e878b5360ca48f4f5 |
| SHA256 | 4ddeba5d037f9a141ea5288464c1562b46623162edeaae23e25d5d1d686bbb63 |
| SHA512 | 0a06bdc45272071e8dbf2723fbd0c0fbe58baa51ea362b0ae4c5d444843223217cdc086723b14241caeaaf4c019415a7b3c30d94a1a61c42f5a7ae06334d9322 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D03E46CD585BBE111C712E6577BC5F07_FDFA1D9CF081428CC7ED8308BD7A1882
| MD5 | bb792718cebd959077da577c0c379fee |
| SHA1 | ba54357276e0aaf6803188a349672e1f7b746429 |
| SHA256 | f38a1f840667c9a6a0d2ccf1c02f4900d4a5b503f9ac69b68a54b6e39df15db8 |
| SHA512 | 9ff8995396f7b22bbb63d01e2009ce8779036fac3cea71cb899679f75d9303796db76fc2a102701a07b6545f1d6c860c7f553ec2fb41b4ee8f8531170367fad1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D03E46CD585BBE111C712E6577BC5F07_95A4562DEA3FE449C14A6BEBAD97C213
| MD5 | d0f45351c8f6cb26029fd3908fa2fd3f |
| SHA1 | 54df0d9d194288cc13d79a46369379e4f9c1534a |
| SHA256 | e954273671869e7526d34e6d4409e91f50a87406d770461b11dc1cf08bb164d6 |
| SHA512 | abc17bde2b2dc534ca2e501ee6a02f69392d27bd654f4590d2e929051cdabe443412d57e1a65686f5c7aef01e546994f00747957e2e65514ef513f6fc9765f5a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ac97726bfda49a66bd4397ad147c0dc |
| SHA1 | 8f19ba0e8b3c7a7c60b5bea985898f5c70609b41 |
| SHA256 | ea2b153c75ba75cddb42c3f37a1a64623b2546d3ba4f5beb45e3eb2b2534dbd3 |
| SHA512 | da84d4f43e1285ff08d29e4bba07d91cd650659b648395c8e307b31fa4df9fc8dd479b55ddee71d7c181c9ff525c64b005cf185c7d949a2a5140340d21abb7ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 79e470d5770db02cbdce6004b2386dcb |
| SHA1 | d3d1c7af5958559cafce024ad1fc330fb1835b13 |
| SHA256 | c54440057ae5ed0cb2f2ec5e5ad7d6a7c8b39978d3da130149496a095a2711f0 |
| SHA512 | 5aaee2f35df2279bd2b09099fcf3ff8d973372efc26025eec6ead3e4699c7e2790f54a7f7ba8564abbd93f74c99464a1dd6b758bcbdfa065dc35517278450d2c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f0c587021bc2d8dde5b927216a296cdb |
| SHA1 | 38eecdc76f88e7785fdb4d084fe020b3f6435f04 |
| SHA256 | 8347b1d2c269bc8aaeaa3dfd8edd0002ec17396d84461d47db2a42fd5ff353bf |
| SHA512 | 2688031b13eb3a0ad29584122bec0cd9a5801fd853d6db73e19e05d759ed451a406c332f9087abf9c002e401e28a862b1eb2295fd9226c5630c971a9980dab5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 114fec699df72cf96ed92f85b3786d1c |
| SHA1 | de8d8272976ae0935f091a4b50013395443e0664 |
| SHA256 | c3da9f7a675b254ba9fe85491e6dd0f59024648b527a1809c3a35c0e39e430c5 |
| SHA512 | eda9d12ee989d4d46a2171b67fef7818a9314ebd5af661dde614e723c1418e09690ae1ce4628ef7deb79f203f0afcb2ab83e08cf8a576855e1e15d00b048e8a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c4efe078c4b875db5d26e7c1d047d4d |
| SHA1 | cda1bc1843c92a871069b44d7e34809a88059e6c |
| SHA256 | 573a9af5085df23a3a4a2961d6db914d43e7b2e3b82c7cf08ebd200880effd92 |
| SHA512 | 382086ac88a9020221a379c9ee124d7e75c784c14b4b547e8afa2ff05c57b4f9f49fbc87a1249343a685d44d73c0cf5218c984c6fedb3839d1ef21a0008240b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1
| MD5 | c5dfb849ca051355ee2dba1ac33eb028 |
| SHA1 | d69b561148f01c77c54578c10926df5b856976ad |
| SHA256 | cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b |
| SHA512 | 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b421401cf3d4a21e63262fa5881ff4d |
| SHA1 | 6795e494c9eaaf8e89706cda02ff20a9df8ba44f |
| SHA256 | f35c822150ee4b9d14575e6f84cdaaa4aa54e15b792b6580204126983bae07b7 |
| SHA512 | 7d3a41dd15935e68f4c67989df5f52647ef3b32b72e7be2ea9f9e14f1e96e28b4bb2d8882a7ed658ce580e54866945faa60acaa59b531dca7cbec0482daa3042 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1
| MD5 | 086f41129a800f0e3586144e96da4499 |
| SHA1 | 9e5e2864342c13ce7e20ed793ab84c99b62fd0ac |
| SHA256 | 49dc3b83d52053d7dff1e1bc2eb840a03d8124d00280472a5f84ae8bce5bda7c |
| SHA512 | 5d27e40fbc49c6187900a8d4862c4129c9b490b408116a990c0579a15bc334e277aa49c20d3c22d578177b8a2a130599cb4a3fba2a5050ac1f5e09e0eca4dca8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ad598a4364ae88ca3588660c2b4cd4e |
| SHA1 | ccede30b9437313fd383ceae047a6c8973fd6724 |
| SHA256 | a4c0167daca099eae795d99252f7a6e9657ae3fe69e43674a4545673505b6ed0 |
| SHA512 | bf8943d2ae1c7ade32e797156f803c8e749f2a2fc27a6170d5d2574dfcbf64b82d395c979f93a4b641fc09fd5b5092b2ac77f81173621f3f3083b2547460c7be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b0473b3881946ea6b0777e106b8744f0 |
| SHA1 | 45b93bd25a8694582bbef4d16bc20dedcb3a7eae |
| SHA256 | 4726210f2d35746708046c03897942c589d426857b2c11d5bc8dd45519d9b372 |
| SHA512 | ea60eb1f7102bd5f36f9f0c09319f597384768a352ca67bd3394a1c171481836e8515e4d9fb44c4b360eeb1557d6cecdc40d3563526334b1a7076a1b6bb6ed00 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a9f05912058f2afca8f7f185ed87247e |
| SHA1 | 415e5dfa4283d185330d524bdbb3ae647ee5dd36 |
| SHA256 | db511de1b243faed1b4eb5db72144567cc8696facf8c359030051415f48906fd |
| SHA512 | 6381c9500f8093439100bb342494b75add842582bd3447a73d56102b8e01d9c95ffa1fb84ae347784c8e48a3a605cb66bd8109d30a4e8f9c2f42c7ae2837160c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a1b317af794583f4cd84e9aaa75dca3 |
| SHA1 | 6c71567f7bd4e87ee6c1c980fbcfc84bb0fa045c |
| SHA256 | f8d258dd7dca7185cb18e303bc88c4c0c0c9dfcae2fc2984e2b47ac6bfebf697 |
| SHA512 | 4b20073cee88111609aaa0bc01a7934eece97761b6ba3231b7fc96276ef0b02bbcb0c309999a548aa7a04e2e8fa1ecd964ce479d94aeb84b47a422efd2ad94e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 56e1f05e6db0036f18fb4ca23eb953b5 |
| SHA1 | e6b298c492ebde1eb9a676ba3a92418343126cb0 |
| SHA256 | 421b8de2b4cb2bd21bd539f21f4451a100934156dee6b25e323205caa727679d |
| SHA512 | fa6c756d9d3d1b39a95faa786265083b1efe710621ea824d516c7ded0ff82c4a9c1d568555eec1ecab58672354b80b22e8953763ddef4aa68147d57e1e105dc4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a0c8300608b47fd3ba0a70f531d03709 |
| SHA1 | 1aa0064b613ef8445dfa76830cf7c44c9fe63c8f |
| SHA256 | 8e60910b0660bb51612d98f63cc6100044f0b572fe00eec2e2b3fbdf474b0680 |
| SHA512 | 596435ed53b7c593560381966bd73093e7a90ae8fa84097c616254dcc621e727f068c5bbd51ca27813697df3a8e355d0f230466bf872496f0536b62847aa2327 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e8181e363809ceeae111342be23ae6b |
| SHA1 | d640b46740288c8108b649296ebf5af33f80f251 |
| SHA256 | 741dfb883ee23ed3b0410f124ced30c61a83a247d1a6d82f3087d0bd6846e181 |
| SHA512 | 0d597a22c8baedf9ea83241120aa1fb6747ee13889fc71c4d0f38ec3cc62b7b9d4ae62cafad478ea87ff13ebafd1942174bb9d742daf762a8a46e341ad4044c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 15fdd498f18912cb19d1fc838065e097 |
| SHA1 | dd84dec2c495a26c409e19604d133074ea80f485 |
| SHA256 | 8f43662492884cf5f14bbcb6dccfcf696401264dca82325e7b1f85317bee9f0c |
| SHA512 | 1a86ef901ea826c4b1cb153054362c686010d0b37a3a08a4c6a86b8166154b735b1b5738653004264c8cf77b84204dfadba98a367d30dcf285d396f52bbface9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 85a0fbac138c1604935fe99ec1410e67 |
| SHA1 | 55589bed1c871eae800fc4926f403eace44e8671 |
| SHA256 | 1d258cd30eab392fe8547592f1a016ebed9a9265ebf595dc144ac3c01acaa532 |
| SHA512 | ec3e2a9eb9c22d190d3449c9e24923b540917b51050f5f664fae8346512e511becc866fee194cd46b824e6723ac57c1a1640b8dd38f87ee12bc239e7f81a7235 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | debde9261e7b246103f225f420e599b8 |
| SHA1 | fbb0ccf95e36f574edb57a938166db7bdb707b62 |
| SHA256 | abf75902adcb1392436fdb34968db127f88a647436fa00c2bbdf06c6abf30674 |
| SHA512 | 7bbe4d5c41d220d883444431ab796e98fabc04082b665fb2a106a6094752f1544c7454fb1c6ef9d2f039ab2be897e40e05e8602c69cfbb8ae1e4e0bc79848a01 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4d6bc1cc8d0e13ee5f11d15e2a610b3e |
| SHA1 | acd4b960d61974c14e677b8432c73967ec04b2bf |
| SHA256 | 622c6b2bca758c6ab6596a7a50238c4a6c8caba1da1d53349d99bdc85868f3b4 |
| SHA512 | 18932568d6bd3ce5efd15d68185c698c3ebdce1355061371a9da822145a879ff80d7ab8dae55f2de0b350a9c6a9a8cac676adf6c9bcff16a8250792f7f418d55 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee9d32f9fa1b09cb88fd21a0720b54c8 |
| SHA1 | e68b7a13665c5a7bcdcf6cc83697ce41c5d4457e |
| SHA256 | a1b4b81d21cbfd9c7d9d750c2ba7452d095e9ccd1ecb0c94f776507d3645166a |
| SHA512 | 322212b5274bc8df0cbe61eb69e87ca0a3c7463a91277c27ccd6d027a3a328b2f73f0dd7665d7610170f498d23f4e5fbbf1db40b81ca4d70bc5ea303bd99cdc6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 46621a1f4dba94f9924cc29a44f70b3d |
| SHA1 | d9e6de5089f44c37cd2ee7b02d1be425a2b2f8de |
| SHA256 | 79e7fd4351031c1cf8d0d69186558461210939497fa1a4e0a2ce625a61beef66 |
| SHA512 | 63ecadfb7f86bfdca2efe3598859ab12667fadc0cc114d9e1ee184ae1315184c31fe630b77c31d650b5272c602bdc3db73f0cbc8d132289e44e5d4f03c0c52c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a277d2cb1ebae20fbbd3f395046aab3f |
| SHA1 | f95e77d445e495aa34614bc32b4c77d963470933 |
| SHA256 | 73e2ac302d769c1cd49c45dd4283af41a7dd09670b888deadeaeabc68efc681e |
| SHA512 | 552c03c5ad1491927cb0d437c6be69fc632dd509da971a94ca2e558a02df5e65ae2854b59ddbec541551f1303c2f87731ff561c98d4ab9b9841d445ff8ccc690 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9630959eb2eb312a6588fce95878759f |
| SHA1 | ea095bf6f2ec23ca5df3a02960c016ec60a66651 |
| SHA256 | 92daeb4636a166b8dcb4f40d7cbc4a2a176b01f7858298897d468c42f6fbc7b7 |
| SHA512 | de1835d99c0064bd53be384c5712ffce99a68599df0f75a33b9153e24303dfdca0604c2f9013571ed9294f92f53faa49e600be24e7185939e8ea20f65ec43563 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 28ac9b5de0c560e3fbb29c1e376ad2e5 |
| SHA1 | 5df89e6487fec57f50419bef911a95cfdaf3346d |
| SHA256 | b9e5835c110ecc6398f2da229cfbf306479dc5e25c0e9acc0197cf0a19a4fb4e |
| SHA512 | 76cd5e7e4e0d27de0311c1458f9e8d6a777f878403e376fae879ca8f3262abdc09ce6c3c1f961552cfa935a1985edb6d74b458df172b56d80a7e348dcdc60b69 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d05ade31123f77da5fa6201ba786691f |
| SHA1 | 0224268921d0f8591f8624ae482b8c7a85bfce72 |
| SHA256 | ea89dfe608a7ee48ddd51bd2105eb4e10bdbc2c87bec8bec356bf530a744f136 |
| SHA512 | 725996b5b720b969bde8132ee169bb3785ca0e5e6b09146aa8bd0ceaf34b78495f6fb63b7835a2023ee060c83d1186d5686b662653ac7b3de66ae9176d27905b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c53dd2410ccdd324a95c9884d95123f1 |
| SHA1 | c428645b06538f084ed6738a356f4eb68b4a8e31 |
| SHA256 | 3cc24cea16ee5f659ed760bebe843f7ac9c19357058e7a2b5b0ad548a4c8f92f |
| SHA512 | cb5f0e5ba9a00579bacaba0b90e3c50bc34a67f59cab54c20c4bb36b8797b60993a1b05bea0aea13c4778d0125349000c84fe569ba57141338e1a377005d52f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab9e37bc70f745a50a8c913cfbc90216 |
| SHA1 | 131fb10e14b7ad2c63ac96b5ad3a7131b57f6d47 |
| SHA256 | 7def5c15043ecc98838de8841ed03857df6c306247bfe89b19e029a172aa2115 |
| SHA512 | ae0a7089e39febba6893510c3694ba83e3faa32b61e2e69f79607dd6545d3f303f490ba3535be42fa24d1e5d2ba1d6b7276fc7d56518acc0b09a7ab31b57bae8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8dc9ef98b92ab2a91f75324e123f3587 |
| SHA1 | 09f6f26e7c880b66892d458514810631653dbd4e |
| SHA256 | 62f0d5f463ac86e6bd91877bf6dab24cbe0b521f45dd96f0cc4734b6501908a3 |
| SHA512 | 4c7c798198763e542862df26ac51cc90b31a7cf5083b7036a393730bb6d0ad72de39adac8d771e5b84dda659ca1d60792268b46eca78d88e70b7102828c585fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e72f04eb01534c1e3670b71027872a1 |
| SHA1 | de4c13136201040c5d799b186f0b51e581e307b6 |
| SHA256 | 4e0ea3e171aeeabbc714504e80a211c4e8cf86a1071f76d09c01ea04fc0296a2 |
| SHA512 | 9a5a111454934edcc1e22e2fd6f819a332429a774138a5788d80cfda92556d11c154a181c75b45f57ef9f05a92e300706b41b5dbd8e9effaaea3473163073f43 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | fc979d4620a302beaf0655edb2289c74 |
| SHA1 | 0cce7a6dc2159771bbaa370de91b465a31c225ee |
| SHA256 | 5d752226c03ef4653a9b4988804d7794b96d400bfc278314cdff933b6d2b6a11 |
| SHA512 | 4a94fe57a43a66c9540b21aabefd8507fc9acb5b5953d702f200993a0608ccc813e7d1593398837c1ef442af7ad98b19951ca39bd34b1b6dda721227110ae5d4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 107727c3645b7512c10a13bb4da4d9b2 |
| SHA1 | 7132b807a113a109bc6d2cd88f94680b94512ba8 |
| SHA256 | b2ee14f7ac3cdf5cd819f89498afd0a7d6442b4ebfa22888da08271846ea58bf |
| SHA512 | ca21f736e06fe93716f2cd302b7653bb8f3368f900681aeb524f2761f904f2364e9d67062ec06f9468ffb8168f35248ca7ffdfb3019deb6383d6f949dc9753be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ff9457c7a92a5cbef4166f9a766e1639 |
| SHA1 | 22fa38e5fe714fb304b51fbbc0df79baed6a5af2 |
| SHA256 | ed24d91ad64f1b0b2b349b8b59240ba845c7f1159c54bfef3e78bfcd1cc5b94c |
| SHA512 | 29d46fb838e4f1f38e1fc8babf3ba80b95e256ca2bdda02007aa7d20ac12cdd9d8c3d9fc6c51d81f358eccbe3e75c6cfa1a24b9dc6dc3d8b44eef4eb2a81c83b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 28f0b400ebdb17ca18e186e90b7c36ef |
| SHA1 | a0d15151e50fd7a241ee21b43a82905e39336715 |
| SHA256 | 390d9b31fb1fe657fd875de0da9c55a2ed7c52fdd1efff9303b3a1643b6ed01c |
| SHA512 | 40a2a13eba83b1c7106a1be7be125a93e4059f574d4108fcb94d1aeb55707db4d5e0dad80daa21d8ab82b6a4881caecdd6c5d614315ec6d16e621bf74d71c00a |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 12:42
Reported
2024-06-03 12:45
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
158s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91d2f91c88fbe0c45c8b36d7ea9c6b63_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e7e446f8,0x7ff8e7e44708,0x7ff8e7e44718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,2276202806030253808,1422671902827767786,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1992,2276202806030253808,1422671902827767786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1992,2276202806030253808,1422671902827767786,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,2276202806030253808,1422671902827767786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,2276202806030253808,1422671902827767786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,2276202806030253808,1422671902827767786,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,2276202806030253808,1422671902827767786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,2276202806030253808,1422671902827767786,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,2276202806030253808,1422671902827767786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,2276202806030253808,1422671902827767786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,2276202806030253808,1422671902827767786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,2276202806030253808,1422671902827767786,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | www.photobooksingapore.com | udp |
| NL | 178.250.1.3:445 | static.criteo.net | tcp |
| GB | 18.165.160.120:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.120:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.120:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.120:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.120:443 | www.photobooksingapore.com | tcp |
| GB | 18.165.160.120:443 | www.photobooksingapore.com | tcp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.160.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| NL | 178.250.1.3:139 | static.criteo.net | tcp |
| US | 8.8.8.8:53 | 55.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | pbww-assets.s3-ap-southeast-1.amazonaws.com | udp |
| US | 8.8.8.8:53 | pbww-assets.s3.amazonaws.com | udp |
| SG | 52.219.125.113:443 | pbww-assets.s3.amazonaws.com | tcp |
| SG | 52.219.125.113:443 | pbww-assets.s3.amazonaws.com | tcp |
| SG | 52.219.125.113:443 | pbww-assets.s3.amazonaws.com | tcp |
| SG | 52.219.125.113:443 | pbww-assets.s3.amazonaws.com | tcp |
| SG | 52.219.36.131:443 | pbww-assets.s3-ap-southeast-1.amazonaws.com | tcp |
| SG | 52.219.36.131:443 | pbww-assets.s3-ap-southeast-1.amazonaws.com | tcp |
| SG | 52.219.36.131:443 | pbww-assets.s3-ap-southeast-1.amazonaws.com | tcp |
| SG | 52.219.36.131:443 | pbww-assets.s3-ap-southeast-1.amazonaws.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| SG | 52.219.36.131:443 | pbww-assets.s3-ap-southeast-1.amazonaws.com | tcp |
| SG | 52.219.36.131:443 | pbww-assets.s3-ap-southeast-1.amazonaws.com | tcp |
| SG | 52.219.125.113:443 | pbww-assets.s3.amazonaws.com | tcp |
| SG | 52.219.125.113:443 | pbww-assets.s3.amazonaws.com | tcp |
| US | 8.8.8.8:53 | ap-sonar.sociomantic.com | udp |
| GB | 163.70.151.35:445 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 25.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.125.219.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.36.219.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pbww-assets.s3-ap-southeast-1.amazonaws.com | udp |
| SG | 3.5.146.189:445 | pbww-assets.s3-ap-southeast-1.amazonaws.com | tcp |
| SG | 3.5.151.177:445 | pbww-assets.s3-ap-southeast-1.amazonaws.com | tcp |
| SG | 52.219.133.23:445 | pbww-assets.s3-ap-southeast-1.amazonaws.com | tcp |
| SG | 52.219.128.175:445 | pbww-assets.s3-ap-southeast-1.amazonaws.com | tcp |
| SG | 52.219.40.167:445 | pbww-assets.s3-ap-southeast-1.amazonaws.com | tcp |
| SG | 3.5.148.142:445 | pbww-assets.s3-ap-southeast-1.amazonaws.com | tcp |
| SG | 3.5.150.110:445 | pbww-assets.s3-ap-southeast-1.amazonaws.com | tcp |
| SG | 3.5.148.133:445 | pbww-assets.s3-ap-southeast-1.amazonaws.com | tcp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pbww-assets.s3-ap-southeast-1.amazonaws.com | udp |
| SG | 3.5.150.120:139 | pbww-assets.s3-ap-southeast-1.amazonaws.com | tcp |
| GB | 216.58.213.14:445 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:139 | www.google-analytics.com | tcp |
| GB | 216.58.201.104:445 | www.googletagmanager.com | tcp |
| GB | 216.58.201.104:139 | www.googletagmanager.com | tcp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| NL | 23.62.61.75:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 151.101.1.35:445 | t.paypal.com | tcp |
| US | 151.101.65.35:445 | t.paypal.com | tcp |
| US | 151.101.129.35:445 | t.paypal.com | tcp |
| US | 151.101.193.35:445 | t.paypal.com | tcp |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 8.8.8.8:53 | js-agent.newrelic.com | udp |
| US | 8.8.8.8:53 | a.adroll.com | udp |
| US | 162.247.243.39:443 | js-agent.newrelic.com | tcp |
| GB | 13.224.81.85:80 | a.adroll.com | tcp |
| US | 8.8.8.8:53 | s.adroll.com | udp |
| GB | 18.172.89.43:443 | s.adroll.com | tcp |
| GB | 18.172.89.43:443 | s.adroll.com | tcp |
| US | 8.8.8.8:53 | d.adroll.com | udp |
| US | 8.8.8.8:53 | bam.nr-data.net | udp |
| IE | 52.50.205.156:443 | d.adroll.com | tcp |
| US | 162.247.243.29:443 | bam.nr-data.net | tcp |
| US | 8.8.8.8:53 | 39.243.247.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.89.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.205.50.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.247.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.73.42.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 87f7abeb82600e1e640b843ad50fe0a1 |
| SHA1 | 045bbada3f23fc59941bf7d0210fb160cb78ae87 |
| SHA256 | b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262 |
| SHA512 | ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618 |
\??\pipe\LOCAL\crashpad_1036_EXELRTWCFYAASVHI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f61fa5143fe872d1d8f1e9f8dc6544f9 |
| SHA1 | df44bab94d7388fb38c63085ec4db80cfc5eb009 |
| SHA256 | 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64 |
| SHA512 | 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ba2f6c70abc00c8fb39065caa1a66339 |
| SHA1 | c7c230351733a3b24371ab05735a3c59660fe0e9 |
| SHA256 | 3d85575e040ffabdd84673ec0ec944d67b7de4dd96e6a02f961dd0de5ac7fd46 |
| SHA512 | 938d1a6e0b8308f5457f5c4f1fd6d0fe2691d4c5f83dc48504a6a9d6479ed3e06c708011be93d32427922f00f33d2d0af4b0e2ce8c18228599034114b02100f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 58a24d63e0aa4c47760dfc508ab80dae |
| SHA1 | 4dde6a901830c756d2fe8f2e21d393b601daa72c |
| SHA256 | fde6a4210f6081eaadbd64fa7ed6dffc1ac993f25985ca3516fa87ae16ca1716 |
| SHA512 | 739d2d3e4a83a24e53d6bc72ca0fa7ac53addd58af5a9127749e059c2eddd7426a460a53b8c91b33dc55c160dd172929866a86d55d0e57eb8a68d888fc5951b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9a5ec578de906b30403565f377797805 |
| SHA1 | d17773fe4701b9fdca635b7583f5bebf3df92b89 |
| SHA256 | 27828d9ff3bf2832931ed985ab87f332de9c855889fcd1fb24fb5d75c1bb21f2 |
| SHA512 | ca36f2a531b96908a530a31cade32a28199d11322c4be41e21d70517a6375a29d8e99101b68945bcad5210c0522baed24f761a3414634d143e61ea98797a594d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e01d705b628f3d2cd5cd2ac335ce5cd0 |
| SHA1 | 054de3168baf8c4507d7a471c65806188dc4bbfa |
| SHA256 | e741e8d77febb982933635c3fa89a442fa247b308fdc7b80c1ce6220ee0d0e01 |
| SHA512 | 6602350fb564b5379408a23062d7b73888d907d6b8d399df18ee93dc3a6c37c7c405bc62bdc932d1971ae21a481b4ddc204a4b60290fbec8f1662487ab073bcd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2f33e13e0dfd5fb591fc30fd3254f738 |
| SHA1 | 23ec40accbb9d21dc8cb79f62f5f5ccb129fcaf0 |
| SHA256 | 63519694437c630aee2964edd1b5f7886d09b7d5be1c070436811dbfa1ef1479 |
| SHA512 | f40f3254e446318d39d0a0031ec1f1075f556ea1eeb19b69466b1a137d77939958ecc16c9c94d1da940b9b57fdb749c0c3d31a0d035fae50b5594d23303c6269 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe596db4.TMP
| MD5 | abdedac0327a19eb3731e0dc2cd1c0b4 |
| SHA1 | 9ab71d522c61c870720f9473fe24194dc86ad3cb |
| SHA256 | e874ff20133244c25e5346a26410c35c2750c16dd9a9919672ca5b3e35778a40 |
| SHA512 | 51b422d5c76cebc621befbf08a72a54375efc4dcf63c22fc41ec21da6e28f2a89cdc68c89212633c5310b8864ccd249df3f827b395eb084110dcd00ce5d5837f |