Analysis Overview
SHA256
6d50622e39a48dc8f46fdb91afe7af75939f1259243652e1c52b4217abf3ae1a
Threat Level: Known bad
The file 963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Cerber
Deletes shadow copies
Blocklisted process makes network request
Contacts a large (517) amount of remote hosts
Reads user/profile data of web browsers
Loads dropped DLL
Deletes itself
Executes dropped EXE
Sets desktop wallpaper using registry
Suspicious use of SetThreadContext
Drops file in Program Files directory
Program crash
Enumerates physical storage devices
Command and Scripting Interpreter: JavaScript
Unsigned PE
Modifies Internet Explorer settings
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Runs ping.exe
Suspicious use of WriteProcessMemory
Kills process with taskkill
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Uses Volume Shadow Copy service COM API
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-04 20:48
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral20
Detonation Overview
Submitted
2024-06-04 20:48
Reported
2024-06-04 20:50
Platform
win10v2004-20240426-en
Max time kernel
150s
Max time network
154s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\index1449123078.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe344246f8,0x7ffe34424708,0x7ffe34424718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,11190573247304807262,7487773141818312874,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,11190573247304807262,7487773141818312874,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,11190573247304807262,7487773141818312874,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11190573247304807262,7487773141818312874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11190573247304807262,7487773141818312874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,11190573247304807262,7487773141818312874,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,11190573247304807262,7487773141818312874,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11190573247304807262,7487773141818312874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11190573247304807262,7487773141818312874,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11190573247304807262,7487773141818312874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11190573247304807262,7487773141818312874,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,11190573247304807262,7487773141818312874,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4900 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| GB | 216.58.213.14:445 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 216.239.38.178:139 | www.google-analytics.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8b167567021ccb1a9fdf073fa9112ef0 |
| SHA1 | 3baf293fbfaa7c1e7cdacb5f2975737f4ef69898 |
| SHA256 | 26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513 |
| SHA512 | 726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54 |
\??\pipe\LOCAL\crashpad_932_VPIDBYYIIZJHDGZS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 537815e7cc5c694912ac0308147852e4 |
| SHA1 | 2ccdd9d9dc637db5462fe8119c0df261146c363c |
| SHA256 | b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f |
| SHA512 | 63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d8f010d5f09e73b2217d24eb1aa74c61 |
| SHA1 | 8921c8ae93b6e85ef8f1b1e6996611c5bf5c4bf4 |
| SHA256 | 092b22af7b8488558c46682d53461b11dc098fb9d2de637e859519e41a225bd5 |
| SHA512 | 895a99591efe2c194510abdc1de2a47c3f9233af22276e4c8ec45cdfeec22335464b653747fc93a40b892afaa46cddcc5cbed7546706790371c5be3890e940d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 761f5b41491fc49b39ae62f7aba4e4da |
| SHA1 | 91a13f419dac5d68d9ec7b17ea021ba04a810534 |
| SHA256 | 5baf17e64155acedaf16056e177701afd0adc27e01c3b250c3989fb99160f8de |
| SHA512 | 890650596e5e717cc5f1dd02ac89c34136df93a5882e0730a9d69b6ac4779ffe905579a0e5d0f90266fab5305baed25303ce1361fd6c65f704a5e7f17a0b31ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c52aa002bdb2dfb1c2c2c05bc1c8d360 |
| SHA1 | bd136488fc661c0fa63fdf33414cd15bdf0691ae |
| SHA256 | e8c386813943809136f13928715ab3b96082d99877a74b6652d04be4fd7b60b7 |
| SHA512 | 4531bd59de84928a7310afdd8d0ff72ff641fad7c0c9497116a8b8e77723dc57bac3f17fd140a85162747434aa0b9dc48d7bb34a94505de527436f789cfab7c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-04 20:48
Reported
2024-06-04 20:50
Platform
win7-20240419-en
Max time kernel
121s
Max time network
144s
Command Line
Signatures
Cerber
Deletes shadow copies
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
Contacts a large (517) amount of remote hosts
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\cmd.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe | N/A |
Reads user/profile data of web browsers
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmpCA41.bmp" | C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 840 set thread context of 2708 | N/A | C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe | C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\PLANNERS.ONE | C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\ACADEMIC.ONE | C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\README.hta | C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\BUSINESS.ONE | C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\BLANK.ONE | C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\DESIGNER.ONE | C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe | N/A |
Enumerates physical storage devices
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SysWOW64\mshta.exe | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\system32\wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\mshta.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\system32\wbem\WMIC.exe
C:\Windows\system32\wbem\wmic.exe shadowcopy delete
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Local\Temp\README.hta"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\system32\taskkill.exe
taskkill /f /im "963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe"
C:\Windows\system32\PING.EXE
ping -n 1 127.0.0.1
Network
| Country | Destination | Domain | Proto |
| AM | 31.184.234.0:6892 | udp | |
| AM | 31.184.234.1:6892 | udp | |
| AM | 31.184.234.2:6892 | udp | |
| AM | 31.184.234.3:6892 | udp | |
| AM | 31.184.234.4:6892 | udp | |
| AM | 31.184.234.5:6892 | udp | |
| AM | 31.184.234.6:6892 | udp | |
| AM | 31.184.234.7:6892 | udp | |
| AM | 31.184.234.8:6892 | udp | |
| AM | 31.184.234.9:6892 | udp | |
| AM | 31.184.234.10:6892 | udp | |
| AM | 31.184.234.11:6892 | udp | |
| AM | 31.184.234.12:6892 | udp | |
| AM | 31.184.234.13:6892 | udp | |
| AM | 31.184.234.14:6892 | udp | |
| AM | 31.184.234.15:6892 | udp | |
| AM | 31.184.234.16:6892 | udp | |
| AM | 31.184.234.17:6892 | udp | |
| AM | 31.184.234.18:6892 | udp | |
| AM | 31.184.234.19:6892 | udp | |
| AM | 31.184.234.20:6892 | udp | |
| AM | 31.184.234.21:6892 | udp | |
| AM | 31.184.234.22:6892 | udp | |
| AM | 31.184.234.23:6892 | udp | |
| AM | 31.184.234.24:6892 | udp | |
| AM | 31.184.234.25:6892 | udp | |
| AM | 31.184.234.26:6892 | udp | |
| AM | 31.184.234.27:6892 | udp | |
| AM | 31.184.234.28:6892 | udp | |
| AM | 31.184.234.29:6892 | udp | |
| AM | 31.184.234.30:6892 | udp | |
| AM | 31.184.234.31:6892 | udp | |
| AM | 31.184.234.32:6892 | udp | |
| AM | 31.184.234.33:6892 | udp | |
| AM | 31.184.234.34:6892 | udp | |
| AM | 31.184.234.35:6892 | udp | |
| AM | 31.184.234.36:6892 | udp | |
| AM | 31.184.234.37:6892 | udp | |
| AM | 31.184.234.38:6892 | udp | |
| AM | 31.184.234.39:6892 | udp | |
| AM | 31.184.234.40:6892 | udp | |
| AM | 31.184.234.41:6892 | udp | |
| AM | 31.184.234.42:6892 | udp | |
| AM | 31.184.234.43:6892 | udp | |
| AM | 31.184.234.44:6892 | udp | |
| AM | 31.184.234.45:6892 | udp | |
| AM | 31.184.234.46:6892 | udp | |
| AM | 31.184.234.47:6892 | udp | |
| AM | 31.184.234.48:6892 | udp | |
| AM | 31.184.234.49:6892 | udp | |
| AM | 31.184.234.50:6892 | udp | |
| AM | 31.184.234.51:6892 | udp | |
| AM | 31.184.234.52:6892 | udp | |
| AM | 31.184.234.53:6892 | udp | |
| AM | 31.184.234.54:6892 | udp | |
| AM | 31.184.234.55:6892 | udp | |
| AM | 31.184.234.56:6892 | udp | |
| AM | 31.184.234.57:6892 | udp | |
| AM | 31.184.234.58:6892 | udp | |
| AM | 31.184.234.59:6892 | udp | |
| AM | 31.184.234.60:6892 | udp | |
| AM | 31.184.234.61:6892 | udp | |
| AM | 31.184.234.62:6892 | udp | |
| AM | 31.184.234.63:6892 | udp | |
| AM | 31.184.234.64:6892 | udp | |
| AM | 31.184.234.65:6892 | udp | |
| AM | 31.184.234.66:6892 | udp | |
| AM | 31.184.234.67:6892 | udp | |
| AM | 31.184.234.68:6892 | udp | |
| AM | 31.184.234.69:6892 | udp | |
| AM | 31.184.234.70:6892 | udp | |
| AM | 31.184.234.71:6892 | udp | |
| AM | 31.184.234.72:6892 | udp | |
| AM | 31.184.234.73:6892 | udp | |
| AM | 31.184.234.74:6892 | udp | |
| AM | 31.184.234.75:6892 | udp | |
| AM | 31.184.234.76:6892 | udp | |
| AM | 31.184.234.77:6892 | udp | |
| AM | 31.184.234.78:6892 | udp | |
| AM | 31.184.234.79:6892 | udp | |
| AM | 31.184.234.80:6892 | udp | |
| AM | 31.184.234.81:6892 | udp | |
| AM | 31.184.234.82:6892 | udp | |
| AM | 31.184.234.83:6892 | udp | |
| AM | 31.184.234.84:6892 | udp | |
| AM | 31.184.234.85:6892 | udp | |
| AM | 31.184.234.86:6892 | udp | |
| AM | 31.184.234.87:6892 | udp | |
| AM | 31.184.234.88:6892 | udp | |
| AM | 31.184.234.89:6892 | udp | |
| AM | 31.184.234.90:6892 | udp | |
| AM | 31.184.234.91:6892 | udp | |
| AM | 31.184.234.92:6892 | udp | |
| AM | 31.184.234.93:6892 | udp | |
| AM | 31.184.234.94:6892 | udp | |
| AM | 31.184.234.95:6892 | udp | |
| AM | 31.184.234.96:6892 | udp | |
| AM | 31.184.234.97:6892 | udp | |
| AM | 31.184.234.98:6892 | udp | |
| AM | 31.184.234.99:6892 | udp | |
| AM | 31.184.234.100:6892 | udp | |
| AM | 31.184.234.101:6892 | udp | |
| AM | 31.184.234.102:6892 | udp | |
| AM | 31.184.234.103:6892 | udp | |
| AM | 31.184.234.104:6892 | udp | |
| AM | 31.184.234.105:6892 | udp | |
| AM | 31.184.234.106:6892 | udp | |
| AM | 31.184.234.107:6892 | udp | |
| AM | 31.184.234.108:6892 | udp | |
| AM | 31.184.234.109:6892 | udp | |
| AM | 31.184.234.110:6892 | udp | |
| AM | 31.184.234.111:6892 | udp | |
| AM | 31.184.234.112:6892 | udp | |
| AM | 31.184.234.113:6892 | udp | |
| AM | 31.184.234.114:6892 | udp | |
| AM | 31.184.234.115:6892 | udp | |
| AM | 31.184.234.116:6892 | udp | |
| AM | 31.184.234.117:6892 | udp | |
| AM | 31.184.234.118:6892 | udp | |
| AM | 31.184.234.119:6892 | udp | |
| AM | 31.184.234.120:6892 | udp | |
| AM | 31.184.234.121:6892 | udp | |
| AM | 31.184.234.122:6892 | udp | |
| AM | 31.184.234.123:6892 | udp | |
| AM | 31.184.234.124:6892 | udp | |
| AM | 31.184.234.125:6892 | udp | |
| AM | 31.184.234.126:6892 | udp | |
| AM | 31.184.234.127:6892 | udp | |
| AM | 31.184.234.128:6892 | udp | |
| AM | 31.184.234.129:6892 | udp | |
| AM | 31.184.234.130:6892 | udp | |
| AM | 31.184.234.131:6892 | udp | |
| AM | 31.184.234.132:6892 | udp | |
| AM | 31.184.234.133:6892 | udp | |
| AM | 31.184.234.134:6892 | udp | |
| AM | 31.184.234.135:6892 | udp | |
| AM | 31.184.234.136:6892 | udp | |
| AM | 31.184.234.137:6892 | udp | |
| AM | 31.184.234.138:6892 | udp | |
| AM | 31.184.234.139:6892 | udp | |
| AM | 31.184.234.140:6892 | udp | |
| AM | 31.184.234.141:6892 | udp | |
| AM | 31.184.234.142:6892 | udp | |
| AM | 31.184.234.143:6892 | udp | |
| AM | 31.184.234.144:6892 | udp | |
| AM | 31.184.234.145:6892 | udp | |
| AM | 31.184.234.146:6892 | udp | |
| AM | 31.184.234.147:6892 | udp | |
| AM | 31.184.234.148:6892 | udp | |
| AM | 31.184.234.149:6892 | udp | |
| AM | 31.184.234.150:6892 | udp | |
| AM | 31.184.234.151:6892 | udp | |
| AM | 31.184.234.152:6892 | udp | |
| AM | 31.184.234.153:6892 | udp | |
| AM | 31.184.234.154:6892 | udp | |
| AM | 31.184.234.155:6892 | udp | |
| AM | 31.184.234.156:6892 | udp | |
| AM | 31.184.234.157:6892 | udp | |
| AM | 31.184.234.158:6892 | udp | |
| AM | 31.184.234.159:6892 | udp | |
| AM | 31.184.234.160:6892 | udp | |
| AM | 31.184.234.161:6892 | udp | |
| AM | 31.184.234.162:6892 | udp | |
| AM | 31.184.234.163:6892 | udp | |
| AM | 31.184.234.164:6892 | udp | |
| AM | 31.184.234.165:6892 | udp | |
| AM | 31.184.234.166:6892 | udp | |
| AM | 31.184.234.167:6892 | udp | |
| AM | 31.184.234.168:6892 | udp | |
| AM | 31.184.234.169:6892 | udp | |
| AM | 31.184.234.170:6892 | udp | |
| AM | 31.184.234.171:6892 | udp | |
| AM | 31.184.234.172:6892 | udp | |
| AM | 31.184.234.173:6892 | udp | |
| AM | 31.184.234.174:6892 | udp | |
| AM | 31.184.234.175:6892 | udp | |
| AM | 31.184.234.176:6892 | udp | |
| AM | 31.184.234.177:6892 | udp | |
| AM | 31.184.234.178:6892 | udp | |
| AM | 31.184.234.179:6892 | udp | |
| AM | 31.184.234.180:6892 | udp | |
| AM | 31.184.234.181:6892 | udp | |
| AM | 31.184.234.182:6892 | udp | |
| AM | 31.184.234.183:6892 | udp | |
| AM | 31.184.234.184:6892 | udp | |
| AM | 31.184.234.185:6892 | udp | |
| AM | 31.184.234.186:6892 | udp | |
| AM | 31.184.234.187:6892 | udp | |
| AM | 31.184.234.188:6892 | udp | |
| AM | 31.184.234.189:6892 | udp | |
| AM | 31.184.234.190:6892 | udp | |
| AM | 31.184.234.191:6892 | udp | |
| AM | 31.184.234.192:6892 | udp | |
| AM | 31.184.234.193:6892 | udp | |
| AM | 31.184.234.194:6892 | udp | |
| AM | 31.184.234.195:6892 | udp | |
| AM | 31.184.234.196:6892 | udp | |
| AM | 31.184.234.197:6892 | udp | |
| AM | 31.184.234.198:6892 | udp | |
| AM | 31.184.234.199:6892 | udp | |
| AM | 31.184.234.200:6892 | udp | |
| AM | 31.184.234.201:6892 | udp | |
| AM | 31.184.234.202:6892 | udp | |
| AM | 31.184.234.203:6892 | udp | |
| AM | 31.184.234.204:6892 | udp | |
| AM | 31.184.234.205:6892 | udp | |
| AM | 31.184.234.206:6892 | udp | |
| AM | 31.184.234.207:6892 | udp | |
| AM | 31.184.234.208:6892 | udp | |
| AM | 31.184.234.209:6892 | udp | |
| AM | 31.184.234.210:6892 | udp | |
| AM | 31.184.234.211:6892 | udp | |
| AM | 31.184.234.212:6892 | udp | |
| AM | 31.184.234.213:6892 | udp | |
| AM | 31.184.234.214:6892 | udp | |
| AM | 31.184.234.215:6892 | udp | |
| AM | 31.184.234.216:6892 | udp | |
| AM | 31.184.234.217:6892 | udp | |
| AM | 31.184.234.218:6892 | udp | |
| AM | 31.184.234.219:6892 | udp | |
| AM | 31.184.234.220:6892 | udp | |
| AM | 31.184.234.221:6892 | udp | |
| AM | 31.184.234.222:6892 | udp | |
| AM | 31.184.234.223:6892 | udp | |
| AM | 31.184.234.224:6892 | udp | |
| AM | 31.184.234.225:6892 | udp | |
| AM | 31.184.234.226:6892 | udp | |
| AM | 31.184.234.227:6892 | udp | |
| AM | 31.184.234.228:6892 | udp | |
| AM | 31.184.234.229:6892 | udp | |
| AM | 31.184.234.230:6892 | udp | |
| AM | 31.184.234.231:6892 | udp | |
| AM | 31.184.234.232:6892 | udp | |
| AM | 31.184.234.233:6892 | udp | |
| AM | 31.184.234.234:6892 | udp | |
| AM | 31.184.234.235:6892 | udp | |
| AM | 31.184.234.236:6892 | udp | |
| AM | 31.184.234.237:6892 | udp | |
| AM | 31.184.234.238:6892 | udp | |
| AM | 31.184.234.239:6892 | udp | |
| AM | 31.184.234.240:6892 | udp | |
| AM | 31.184.234.241:6892 | udp | |
| AM | 31.184.234.242:6892 | udp | |
| AM | 31.184.234.243:6892 | udp | |
| AM | 31.184.234.244:6892 | udp | |
| AM | 31.184.234.245:6892 | udp | |
| AM | 31.184.234.246:6892 | udp | |
| AM | 31.184.234.247:6892 | udp | |
| AM | 31.184.234.248:6892 | udp | |
| AM | 31.184.234.249:6892 | udp | |
| AM | 31.184.234.250:6892 | udp | |
| AM | 31.184.234.251:6892 | udp | |
| AM | 31.184.234.252:6892 | udp | |
| AM | 31.184.234.253:6892 | udp | |
| AM | 31.184.234.254:6892 | udp | |
| AM | 31.184.234.255:6892 | udp | |
| AM | 31.184.235.0:6892 | udp | |
| AM | 31.184.235.1:6892 | udp | |
| AM | 31.184.235.2:6892 | udp | |
| AM | 31.184.235.3:6892 | udp | |
| AM | 31.184.235.4:6892 | udp | |
| AM | 31.184.235.5:6892 | udp | |
| AM | 31.184.235.6:6892 | udp | |
| AM | 31.184.235.7:6892 | udp | |
| AM | 31.184.235.8:6892 | udp | |
| AM | 31.184.235.9:6892 | udp | |
| AM | 31.184.235.10:6892 | udp | |
| AM | 31.184.235.11:6892 | udp | |
| AM | 31.184.235.12:6892 | udp | |
| AM | 31.184.235.13:6892 | udp | |
| AM | 31.184.235.14:6892 | udp | |
| AM | 31.184.235.15:6892 | udp | |
| AM | 31.184.235.16:6892 | udp | |
| AM | 31.184.235.17:6892 | udp | |
| AM | 31.184.235.18:6892 | udp | |
| AM | 31.184.235.19:6892 | udp | |
| AM | 31.184.235.20:6892 | udp | |
| AM | 31.184.235.21:6892 | udp | |
| AM | 31.184.235.22:6892 | udp | |
| AM | 31.184.235.23:6892 | udp | |
| AM | 31.184.235.24:6892 | udp | |
| AM | 31.184.235.25:6892 | udp | |
| AM | 31.184.235.26:6892 | udp | |
| AM | 31.184.235.27:6892 | udp | |
| AM | 31.184.235.28:6892 | udp | |
| AM | 31.184.235.29:6892 | udp | |
| AM | 31.184.235.30:6892 | udp | |
| AM | 31.184.235.31:6892 | udp | |
| AM | 31.184.235.32:6892 | udp | |
| AM | 31.184.235.33:6892 | udp | |
| AM | 31.184.235.34:6892 | udp | |
| AM | 31.184.235.35:6892 | udp | |
| AM | 31.184.235.36:6892 | udp | |
| AM | 31.184.235.37:6892 | udp | |
| AM | 31.184.235.38:6892 | udp | |
| AM | 31.184.235.39:6892 | udp | |
| AM | 31.184.235.40:6892 | udp | |
| AM | 31.184.235.41:6892 | udp | |
| AM | 31.184.235.42:6892 | udp | |
| AM | 31.184.235.43:6892 | udp | |
| AM | 31.184.235.44:6892 | udp | |
| AM | 31.184.235.45:6892 | udp | |
| AM | 31.184.235.46:6892 | udp | |
| AM | 31.184.235.47:6892 | udp | |
| AM | 31.184.235.48:6892 | udp | |
| AM | 31.184.235.49:6892 | udp | |
| AM | 31.184.235.50:6892 | udp | |
| AM | 31.184.235.51:6892 | udp | |
| AM | 31.184.235.52:6892 | udp | |
| AM | 31.184.235.53:6892 | udp | |
| AM | 31.184.235.54:6892 | udp | |
| AM | 31.184.235.55:6892 | udp | |
| AM | 31.184.235.56:6892 | udp | |
| AM | 31.184.235.57:6892 | udp | |
| AM | 31.184.235.58:6892 | udp | |
| AM | 31.184.235.59:6892 | udp | |
| AM | 31.184.235.60:6892 | udp | |
| AM | 31.184.235.61:6892 | udp | |
| AM | 31.184.235.62:6892 | udp | |
| AM | 31.184.235.63:6892 | udp | |
| AM | 31.184.235.64:6892 | udp | |
| AM | 31.184.235.65:6892 | udp | |
| AM | 31.184.235.66:6892 | udp | |
| AM | 31.184.235.67:6892 | udp | |
| AM | 31.184.235.68:6892 | udp | |
| AM | 31.184.235.69:6892 | udp | |
| AM | 31.184.235.70:6892 | udp | |
| AM | 31.184.235.71:6892 | udp | |
| AM | 31.184.235.72:6892 | udp | |
| AM | 31.184.235.73:6892 | udp | |
| AM | 31.184.235.74:6892 | udp | |
| AM | 31.184.235.75:6892 | udp | |
| AM | 31.184.235.76:6892 | udp | |
| AM | 31.184.235.77:6892 | udp | |
| AM | 31.184.235.78:6892 | udp | |
| AM | 31.184.235.79:6892 | udp | |
| AM | 31.184.235.80:6892 | udp | |
| AM | 31.184.235.81:6892 | udp | |
| AM | 31.184.235.82:6892 | udp | |
| AM | 31.184.235.83:6892 | udp | |
| AM | 31.184.235.84:6892 | udp | |
| AM | 31.184.235.85:6892 | udp | |
| AM | 31.184.235.86:6892 | udp | |
| AM | 31.184.235.87:6892 | udp | |
| AM | 31.184.235.88:6892 | udp | |
| AM | 31.184.235.89:6892 | udp | |
| AM | 31.184.235.90:6892 | udp | |
| AM | 31.184.235.91:6892 | udp | |
| AM | 31.184.235.92:6892 | udp | |
| AM | 31.184.235.93:6892 | udp | |
| AM | 31.184.235.94:6892 | udp | |
| AM | 31.184.235.95:6892 | udp | |
| AM | 31.184.235.96:6892 | udp | |
| AM | 31.184.235.97:6892 | udp | |
| AM | 31.184.235.98:6892 | udp | |
| AM | 31.184.235.99:6892 | udp | |
| AM | 31.184.235.100:6892 | udp | |
| AM | 31.184.235.101:6892 | udp | |
| AM | 31.184.235.102:6892 | udp | |
| AM | 31.184.235.103:6892 | udp | |
| AM | 31.184.235.104:6892 | udp | |
| AM | 31.184.235.105:6892 | udp | |
| AM | 31.184.235.106:6892 | udp | |
| AM | 31.184.235.107:6892 | udp | |
| AM | 31.184.235.108:6892 | udp | |
| AM | 31.184.235.109:6892 | udp | |
| AM | 31.184.235.110:6892 | udp | |
| AM | 31.184.235.111:6892 | udp | |
| AM | 31.184.235.112:6892 | udp | |
| AM | 31.184.235.113:6892 | udp | |
| AM | 31.184.235.114:6892 | udp | |
| AM | 31.184.235.115:6892 | udp | |
| AM | 31.184.235.116:6892 | udp | |
| AM | 31.184.235.117:6892 | udp | |
| AM | 31.184.235.118:6892 | udp | |
| AM | 31.184.235.119:6892 | udp | |
| AM | 31.184.235.120:6892 | udp | |
| AM | 31.184.235.121:6892 | udp | |
| AM | 31.184.235.122:6892 | udp | |
| AM | 31.184.235.123:6892 | udp | |
| AM | 31.184.235.124:6892 | udp | |
| AM | 31.184.235.125:6892 | udp | |
| AM | 31.184.235.126:6892 | udp | |
| AM | 31.184.235.127:6892 | udp | |
| AM | 31.184.235.128:6892 | udp | |
| AM | 31.184.235.129:6892 | udp | |
| AM | 31.184.235.130:6892 | udp | |
| AM | 31.184.235.131:6892 | udp | |
| AM | 31.184.235.132:6892 | udp | |
| AM | 31.184.235.133:6892 | udp | |
| AM | 31.184.235.134:6892 | udp | |
| AM | 31.184.235.135:6892 | udp | |
| AM | 31.184.235.136:6892 | udp | |
| AM | 31.184.235.137:6892 | udp | |
| AM | 31.184.235.138:6892 | udp | |
| AM | 31.184.235.139:6892 | udp | |
| AM | 31.184.235.140:6892 | udp | |
| AM | 31.184.235.141:6892 | udp | |
| AM | 31.184.235.142:6892 | udp | |
| AM | 31.184.235.143:6892 | udp | |
| AM | 31.184.235.144:6892 | udp | |
| AM | 31.184.235.145:6892 | udp | |
| AM | 31.184.235.146:6892 | udp | |
| AM | 31.184.235.147:6892 | udp | |
| AM | 31.184.235.148:6892 | udp | |
| AM | 31.184.235.149:6892 | udp | |
| AM | 31.184.235.150:6892 | udp | |
| AM | 31.184.235.151:6892 | udp | |
| AM | 31.184.235.152:6892 | udp | |
| AM | 31.184.235.153:6892 | udp | |
| AM | 31.184.235.154:6892 | udp | |
| AM | 31.184.235.155:6892 | udp | |
| AM | 31.184.235.156:6892 | udp | |
| AM | 31.184.235.157:6892 | udp | |
| AM | 31.184.235.158:6892 | udp | |
| AM | 31.184.235.159:6892 | udp | |
| AM | 31.184.235.160:6892 | udp | |
| AM | 31.184.235.161:6892 | udp | |
| AM | 31.184.235.162:6892 | udp | |
| AM | 31.184.235.163:6892 | udp | |
| AM | 31.184.235.164:6892 | udp | |
| AM | 31.184.235.165:6892 | udp | |
| AM | 31.184.235.166:6892 | udp | |
| AM | 31.184.235.167:6892 | udp | |
| AM | 31.184.235.168:6892 | udp | |
| AM | 31.184.235.169:6892 | udp | |
| AM | 31.184.235.170:6892 | udp | |
| AM | 31.184.235.171:6892 | udp | |
| AM | 31.184.235.172:6892 | udp | |
| AM | 31.184.235.173:6892 | udp | |
| AM | 31.184.235.174:6892 | udp | |
| AM | 31.184.235.175:6892 | udp | |
| AM | 31.184.235.176:6892 | udp | |
| AM | 31.184.235.177:6892 | udp | |
| AM | 31.184.235.178:6892 | udp | |
| AM | 31.184.235.179:6892 | udp | |
| AM | 31.184.235.180:6892 | udp | |
| AM | 31.184.235.181:6892 | udp | |
| AM | 31.184.235.182:6892 | udp | |
| AM | 31.184.235.183:6892 | udp | |
| AM | 31.184.235.184:6892 | udp | |
| AM | 31.184.235.185:6892 | udp | |
| AM | 31.184.235.186:6892 | udp | |
| AM | 31.184.235.187:6892 | udp | |
| AM | 31.184.235.188:6892 | udp | |
| AM | 31.184.235.189:6892 | udp | |
| AM | 31.184.235.190:6892 | udp | |
| AM | 31.184.235.191:6892 | udp | |
| AM | 31.184.235.192:6892 | udp | |
| AM | 31.184.235.193:6892 | udp | |
| AM | 31.184.235.194:6892 | udp | |
| AM | 31.184.235.195:6892 | udp | |
| AM | 31.184.235.196:6892 | udp | |
| AM | 31.184.235.197:6892 | udp | |
| AM | 31.184.235.198:6892 | udp | |
| AM | 31.184.235.199:6892 | udp | |
| AM | 31.184.235.200:6892 | udp | |
| AM | 31.184.235.201:6892 | udp | |
| AM | 31.184.235.202:6892 | udp | |
| AM | 31.184.235.203:6892 | udp | |
| AM | 31.184.235.204:6892 | udp | |
| AM | 31.184.235.205:6892 | udp | |
| AM | 31.184.235.206:6892 | udp | |
| AM | 31.184.235.207:6892 | udp | |
| AM | 31.184.235.208:6892 | udp | |
| AM | 31.184.235.209:6892 | udp | |
| AM | 31.184.235.210:6892 | udp | |
| AM | 31.184.235.211:6892 | udp | |
| AM | 31.184.235.212:6892 | udp | |
| AM | 31.184.235.213:6892 | udp | |
| AM | 31.184.235.214:6892 | udp | |
| AM | 31.184.235.215:6892 | udp | |
| AM | 31.184.235.216:6892 | udp | |
| AM | 31.184.235.217:6892 | udp | |
| AM | 31.184.235.218:6892 | udp | |
| AM | 31.184.235.219:6892 | udp | |
| AM | 31.184.235.220:6892 | udp | |
| AM | 31.184.235.221:6892 | udp | |
| AM | 31.184.235.222:6892 | udp | |
| AM | 31.184.235.223:6892 | udp | |
| AM | 31.184.235.224:6892 | udp | |
| AM | 31.184.235.225:6892 | udp | |
| AM | 31.184.235.226:6892 | udp | |
| AM | 31.184.235.227:6892 | udp | |
| AM | 31.184.235.228:6892 | udp | |
| AM | 31.184.235.229:6892 | udp | |
| AM | 31.184.235.230:6892 | udp | |
| AM | 31.184.235.231:6892 | udp | |
| AM | 31.184.235.232:6892 | udp | |
| AM | 31.184.235.233:6892 | udp | |
| AM | 31.184.235.234:6892 | udp | |
| AM | 31.184.235.235:6892 | udp | |
| AM | 31.184.235.236:6892 | udp | |
| AM | 31.184.235.237:6892 | udp | |
| AM | 31.184.235.238:6892 | udp | |
| AM | 31.184.235.239:6892 | udp | |
| AM | 31.184.235.240:6892 | udp | |
| AM | 31.184.235.241:6892 | udp | |
| AM | 31.184.235.242:6892 | udp | |
| AM | 31.184.235.243:6892 | udp | |
| AM | 31.184.235.244:6892 | udp | |
| AM | 31.184.235.245:6892 | udp | |
| AM | 31.184.235.246:6892 | udp | |
| AM | 31.184.235.247:6892 | udp | |
| AM | 31.184.235.248:6892 | udp | |
| AM | 31.184.235.249:6892 | udp | |
| AM | 31.184.235.250:6892 | udp | |
| AM | 31.184.235.251:6892 | udp | |
| AM | 31.184.235.252:6892 | udp | |
| AM | 31.184.235.253:6892 | udp | |
| AM | 31.184.235.254:6892 | udp | |
| AM | 31.184.235.255:6892 | udp | |
| AM | 31.184.234.0:6892 | udp | |
| AM | 31.184.234.1:6892 | udp | |
| AM | 31.184.234.2:6892 | udp | |
| AM | 31.184.234.3:6892 | udp | |
| AM | 31.184.234.4:6892 | udp | |
| AM | 31.184.234.5:6892 | udp | |
| AM | 31.184.234.6:6892 | udp | |
| AM | 31.184.234.7:6892 | udp | |
| AM | 31.184.234.8:6892 | udp | |
| AM | 31.184.234.9:6892 | udp | |
| AM | 31.184.234.10:6892 | udp | |
| AM | 31.184.234.11:6892 | udp | |
| AM | 31.184.234.12:6892 | udp | |
| AM | 31.184.234.13:6892 | udp | |
| AM | 31.184.234.14:6892 | udp | |
| AM | 31.184.234.15:6892 | udp | |
| AM | 31.184.234.16:6892 | udp | |
| AM | 31.184.234.17:6892 | udp | |
| AM | 31.184.234.18:6892 | udp | |
| AM | 31.184.234.19:6892 | udp | |
| AM | 31.184.234.20:6892 | udp | |
| AM | 31.184.234.21:6892 | udp | |
| AM | 31.184.234.22:6892 | udp | |
| AM | 31.184.234.23:6892 | udp | |
| AM | 31.184.234.24:6892 | udp | |
| AM | 31.184.234.25:6892 | udp | |
| AM | 31.184.234.26:6892 | udp | |
| AM | 31.184.234.27:6892 | udp | |
| AM | 31.184.234.28:6892 | udp | |
| AM | 31.184.234.29:6892 | udp | |
| AM | 31.184.234.30:6892 | udp | |
| AM | 31.184.234.31:6892 | udp | |
| AM | 31.184.234.32:6892 | udp | |
| AM | 31.184.234.33:6892 | udp | |
| AM | 31.184.234.34:6892 | udp | |
| AM | 31.184.234.35:6892 | udp | |
| AM | 31.184.234.36:6892 | udp | |
| AM | 31.184.234.37:6892 | udp | |
| AM | 31.184.234.38:6892 | udp | |
| AM | 31.184.234.39:6892 | udp | |
| AM | 31.184.234.40:6892 | udp | |
| AM | 31.184.234.41:6892 | udp | |
| AM | 31.184.234.42:6892 | udp | |
| AM | 31.184.234.43:6892 | udp | |
| AM | 31.184.234.44:6892 | udp | |
| AM | 31.184.234.45:6892 | udp | |
| AM | 31.184.234.46:6892 | udp | |
| AM | 31.184.234.47:6892 | udp | |
| AM | 31.184.234.48:6892 | udp | |
| AM | 31.184.234.49:6892 | udp | |
| AM | 31.184.234.50:6892 | udp | |
| AM | 31.184.234.51:6892 | udp | |
| AM | 31.184.234.52:6892 | udp | |
| AM | 31.184.234.53:6892 | udp | |
| AM | 31.184.234.54:6892 | udp | |
| AM | 31.184.234.55:6892 | udp | |
| AM | 31.184.234.56:6892 | udp | |
| AM | 31.184.234.57:6892 | udp | |
| AM | 31.184.234.58:6892 | udp | |
| AM | 31.184.234.59:6892 | udp | |
| AM | 31.184.234.60:6892 | udp | |
| AM | 31.184.234.61:6892 | udp | |
| AM | 31.184.234.62:6892 | udp | |
| AM | 31.184.234.63:6892 | udp | |
| AM | 31.184.234.64:6892 | udp | |
| AM | 31.184.234.65:6892 | udp | |
| AM | 31.184.234.66:6892 | udp | |
| AM | 31.184.234.67:6892 | udp | |
| AM | 31.184.234.68:6892 | udp | |
| AM | 31.184.234.69:6892 | udp | |
| AM | 31.184.234.70:6892 | udp | |
| AM | 31.184.234.71:6892 | udp | |
| AM | 31.184.234.72:6892 | udp | |
| AM | 31.184.234.73:6892 | udp | |
| AM | 31.184.234.74:6892 | udp | |
| AM | 31.184.234.75:6892 | udp | |
| AM | 31.184.234.76:6892 | udp | |
| AM | 31.184.234.77:6892 | udp | |
| AM | 31.184.234.78:6892 | udp | |
| AM | 31.184.234.79:6892 | udp | |
| AM | 31.184.234.80:6892 | udp | |
| AM | 31.184.234.81:6892 | udp | |
| AM | 31.184.234.82:6892 | udp | |
| AM | 31.184.234.83:6892 | udp | |
| AM | 31.184.234.84:6892 | udp | |
| AM | 31.184.234.85:6892 | udp | |
| AM | 31.184.234.86:6892 | udp | |
| AM | 31.184.234.87:6892 | udp | |
| AM | 31.184.234.88:6892 | udp | |
| AM | 31.184.234.89:6892 | udp | |
| AM | 31.184.234.90:6892 | udp | |
| AM | 31.184.234.91:6892 | udp | |
| AM | 31.184.234.92:6892 | udp | |
| AM | 31.184.234.93:6892 | udp | |
| AM | 31.184.234.94:6892 | udp | |
| AM | 31.184.234.95:6892 | udp | |
| AM | 31.184.234.96:6892 | udp | |
| AM | 31.184.234.97:6892 | udp | |
| AM | 31.184.234.98:6892 | udp | |
| AM | 31.184.234.99:6892 | udp | |
| AM | 31.184.234.100:6892 | udp | |
| AM | 31.184.234.101:6892 | udp | |
| AM | 31.184.234.102:6892 | udp | |
| AM | 31.184.234.103:6892 | udp | |
| AM | 31.184.234.104:6892 | udp | |
| AM | 31.184.234.105:6892 | udp | |
| AM | 31.184.234.106:6892 | udp | |
| AM | 31.184.234.107:6892 | udp | |
| AM | 31.184.234.108:6892 | udp | |
| AM | 31.184.234.109:6892 | udp | |
| AM | 31.184.234.110:6892 | udp | |
| AM | 31.184.234.111:6892 | udp | |
| AM | 31.184.234.112:6892 | udp | |
| AM | 31.184.234.113:6892 | udp | |
| AM | 31.184.234.114:6892 | udp | |
| AM | 31.184.234.115:6892 | udp | |
| AM | 31.184.234.116:6892 | udp | |
| AM | 31.184.234.117:6892 | udp | |
| AM | 31.184.234.118:6892 | udp | |
| AM | 31.184.234.119:6892 | udp | |
| AM | 31.184.234.120:6892 | udp | |
| AM | 31.184.234.121:6892 | udp | |
| AM | 31.184.234.122:6892 | udp | |
| AM | 31.184.234.123:6892 | udp | |
| AM | 31.184.234.124:6892 | udp | |
| AM | 31.184.234.125:6892 | udp | |
| AM | 31.184.234.126:6892 | udp | |
| AM | 31.184.234.127:6892 | udp | |
| AM | 31.184.234.128:6892 | udp | |
| AM | 31.184.234.129:6892 | udp | |
| AM | 31.184.234.130:6892 | udp | |
| AM | 31.184.234.131:6892 | udp | |
| AM | 31.184.234.132:6892 | udp | |
| AM | 31.184.234.133:6892 | udp | |
| AM | 31.184.234.134:6892 | udp | |
| AM | 31.184.234.135:6892 | udp | |
| AM | 31.184.234.136:6892 | udp | |
| AM | 31.184.234.137:6892 | udp | |
| AM | 31.184.234.138:6892 | udp | |
| AM | 31.184.234.139:6892 | udp | |
| AM | 31.184.234.140:6892 | udp | |
| AM | 31.184.234.141:6892 | udp | |
| AM | 31.184.234.142:6892 | udp | |
| AM | 31.184.234.143:6892 | udp | |
| AM | 31.184.234.144:6892 | udp | |
| AM | 31.184.234.145:6892 | udp | |
| AM | 31.184.234.146:6892 | udp | |
| AM | 31.184.234.147:6892 | udp | |
| AM | 31.184.234.148:6892 | udp | |
| AM | 31.184.234.149:6892 | udp | |
| AM | 31.184.234.150:6892 | udp | |
| AM | 31.184.234.151:6892 | udp | |
| AM | 31.184.234.152:6892 | udp | |
| AM | 31.184.234.153:6892 | udp | |
| AM | 31.184.234.154:6892 | udp | |
| AM | 31.184.234.155:6892 | udp | |
| AM | 31.184.234.156:6892 | udp | |
| AM | 31.184.234.157:6892 | udp | |
| AM | 31.184.234.158:6892 | udp | |
| AM | 31.184.234.159:6892 | udp | |
| AM | 31.184.234.160:6892 | udp | |
| AM | 31.184.234.161:6892 | udp | |
| AM | 31.184.234.162:6892 | udp | |
| AM | 31.184.234.163:6892 | udp | |
| AM | 31.184.234.164:6892 | udp | |
| AM | 31.184.234.165:6892 | udp | |
| AM | 31.184.234.166:6892 | udp | |
| AM | 31.184.234.167:6892 | udp | |
| AM | 31.184.234.168:6892 | udp | |
| AM | 31.184.234.169:6892 | udp | |
| AM | 31.184.234.170:6892 | udp | |
| AM | 31.184.234.171:6892 | udp | |
| AM | 31.184.234.172:6892 | udp | |
| AM | 31.184.234.173:6892 | udp | |
| AM | 31.184.234.174:6892 | udp | |
| AM | 31.184.234.175:6892 | udp | |
| AM | 31.184.234.176:6892 | udp | |
| AM | 31.184.234.177:6892 | udp | |
| AM | 31.184.234.178:6892 | udp | |
| AM | 31.184.234.179:6892 | udp | |
| AM | 31.184.234.180:6892 | udp | |
| AM | 31.184.234.181:6892 | udp | |
| AM | 31.184.234.182:6892 | udp | |
| AM | 31.184.234.183:6892 | udp | |
| AM | 31.184.234.184:6892 | udp | |
| AM | 31.184.234.185:6892 | udp | |
| AM | 31.184.234.186:6892 | udp | |
| AM | 31.184.234.187:6892 | udp | |
| AM | 31.184.234.188:6892 | udp | |
| AM | 31.184.234.189:6892 | udp | |
| AM | 31.184.234.190:6892 | udp | |
| AM | 31.184.234.191:6892 | udp | |
| AM | 31.184.234.192:6892 | udp | |
| AM | 31.184.234.193:6892 | udp | |
| AM | 31.184.234.194:6892 | udp | |
| AM | 31.184.234.195:6892 | udp | |
| AM | 31.184.234.196:6892 | udp | |
| AM | 31.184.234.197:6892 | udp | |
| AM | 31.184.234.198:6892 | udp | |
| AM | 31.184.234.199:6892 | udp | |
| AM | 31.184.234.200:6892 | udp | |
| AM | 31.184.234.201:6892 | udp | |
| AM | 31.184.234.202:6892 | udp | |
| AM | 31.184.234.203:6892 | udp | |
| AM | 31.184.234.204:6892 | udp | |
| AM | 31.184.234.205:6892 | udp | |
| AM | 31.184.234.206:6892 | udp | |
| AM | 31.184.234.207:6892 | udp | |
| AM | 31.184.234.208:6892 | udp | |
| AM | 31.184.234.209:6892 | udp | |
| AM | 31.184.234.210:6892 | udp | |
| AM | 31.184.234.211:6892 | udp | |
| AM | 31.184.234.212:6892 | udp | |
| AM | 31.184.234.213:6892 | udp | |
| AM | 31.184.234.214:6892 | udp | |
| AM | 31.184.234.215:6892 | udp | |
| AM | 31.184.234.216:6892 | udp | |
| AM | 31.184.234.217:6892 | udp | |
| AM | 31.184.234.218:6892 | udp | |
| AM | 31.184.234.219:6892 | udp | |
| AM | 31.184.234.220:6892 | udp | |
| AM | 31.184.234.221:6892 | udp | |
| AM | 31.184.234.222:6892 | udp | |
| AM | 31.184.234.223:6892 | udp | |
| AM | 31.184.234.224:6892 | udp | |
| AM | 31.184.234.225:6892 | udp | |
| AM | 31.184.234.226:6892 | udp | |
| AM | 31.184.234.227:6892 | udp | |
| AM | 31.184.234.228:6892 | udp | |
| AM | 31.184.234.229:6892 | udp | |
| AM | 31.184.234.230:6892 | udp | |
| AM | 31.184.234.231:6892 | udp | |
| AM | 31.184.234.232:6892 | udp | |
| AM | 31.184.234.233:6892 | udp | |
| AM | 31.184.234.234:6892 | udp | |
| AM | 31.184.234.235:6892 | udp | |
| AM | 31.184.234.236:6892 | udp | |
| AM | 31.184.234.237:6892 | udp | |
| AM | 31.184.234.238:6892 | udp | |
| AM | 31.184.234.239:6892 | udp | |
| AM | 31.184.234.240:6892 | udp | |
| AM | 31.184.234.241:6892 | udp | |
| AM | 31.184.234.242:6892 | udp | |
| AM | 31.184.234.243:6892 | udp | |
| AM | 31.184.234.244:6892 | udp | |
| AM | 31.184.234.245:6892 | udp | |
| AM | 31.184.234.246:6892 | udp | |
| AM | 31.184.234.247:6892 | udp | |
| AM | 31.184.234.248:6892 | udp | |
| AM | 31.184.234.249:6892 | udp | |
| AM | 31.184.234.250:6892 | udp | |
| AM | 31.184.234.251:6892 | udp | |
| AM | 31.184.234.252:6892 | udp | |
| AM | 31.184.234.253:6892 | udp | |
| AM | 31.184.234.254:6892 | udp | |
| AM | 31.184.234.255:6892 | udp | |
| AM | 31.184.235.0:6892 | udp | |
| AM | 31.184.235.1:6892 | udp | |
| AM | 31.184.235.2:6892 | udp | |
| AM | 31.184.235.3:6892 | udp | |
| AM | 31.184.235.4:6892 | udp | |
| AM | 31.184.235.5:6892 | udp | |
| AM | 31.184.235.6:6892 | udp | |
| AM | 31.184.235.7:6892 | udp | |
| AM | 31.184.235.8:6892 | udp | |
| AM | 31.184.235.9:6892 | udp | |
| AM | 31.184.235.10:6892 | udp | |
| AM | 31.184.235.11:6892 | udp | |
| AM | 31.184.235.12:6892 | udp | |
| AM | 31.184.235.13:6892 | udp | |
| AM | 31.184.235.14:6892 | udp | |
| AM | 31.184.235.15:6892 | udp | |
| AM | 31.184.235.16:6892 | udp | |
| AM | 31.184.235.17:6892 | udp | |
| AM | 31.184.235.18:6892 | udp | |
| AM | 31.184.235.19:6892 | udp | |
| AM | 31.184.235.20:6892 | udp | |
| AM | 31.184.235.21:6892 | udp | |
| AM | 31.184.235.22:6892 | udp | |
| AM | 31.184.235.23:6892 | udp | |
| AM | 31.184.235.24:6892 | udp | |
| AM | 31.184.235.25:6892 | udp | |
| AM | 31.184.235.26:6892 | udp | |
| AM | 31.184.235.27:6892 | udp | |
| AM | 31.184.235.28:6892 | udp | |
| AM | 31.184.235.29:6892 | udp | |
| AM | 31.184.235.30:6892 | udp | |
| AM | 31.184.235.31:6892 | udp | |
| AM | 31.184.235.32:6892 | udp | |
| AM | 31.184.235.33:6892 | udp | |
| AM | 31.184.235.34:6892 | udp | |
| AM | 31.184.235.35:6892 | udp | |
| AM | 31.184.235.36:6892 | udp | |
| AM | 31.184.235.37:6892 | udp | |
| AM | 31.184.235.38:6892 | udp | |
| AM | 31.184.235.39:6892 | udp | |
| AM | 31.184.235.40:6892 | udp | |
| AM | 31.184.235.41:6892 | udp | |
| AM | 31.184.235.42:6892 | udp | |
| AM | 31.184.235.43:6892 | udp | |
| AM | 31.184.235.44:6892 | udp | |
| AM | 31.184.235.45:6892 | udp | |
| AM | 31.184.235.46:6892 | udp | |
| AM | 31.184.235.47:6892 | udp | |
| AM | 31.184.235.48:6892 | udp | |
| AM | 31.184.235.49:6892 | udp | |
| AM | 31.184.235.50:6892 | udp | |
| AM | 31.184.235.51:6892 | udp | |
| AM | 31.184.235.52:6892 | udp | |
| AM | 31.184.235.53:6892 | udp | |
| AM | 31.184.235.54:6892 | udp | |
| AM | 31.184.235.55:6892 | udp | |
| AM | 31.184.235.56:6892 | udp | |
| AM | 31.184.235.57:6892 | udp | |
| AM | 31.184.235.58:6892 | udp | |
| AM | 31.184.235.59:6892 | udp | |
| AM | 31.184.235.60:6892 | udp | |
| AM | 31.184.235.61:6892 | udp | |
| AM | 31.184.235.62:6892 | udp | |
| AM | 31.184.235.63:6892 | udp | |
| AM | 31.184.235.64:6892 | udp | |
| AM | 31.184.235.65:6892 | udp | |
| AM | 31.184.235.66:6892 | udp | |
| AM | 31.184.235.67:6892 | udp | |
| AM | 31.184.235.68:6892 | udp | |
| AM | 31.184.235.69:6892 | udp | |
| AM | 31.184.235.70:6892 | udp | |
| AM | 31.184.235.71:6892 | udp | |
| AM | 31.184.235.72:6892 | udp | |
| AM | 31.184.235.73:6892 | udp | |
| AM | 31.184.235.74:6892 | udp | |
| AM | 31.184.235.75:6892 | udp | |
| AM | 31.184.235.76:6892 | udp | |
| AM | 31.184.235.77:6892 | udp | |
| AM | 31.184.235.78:6892 | udp | |
| AM | 31.184.235.79:6892 | udp | |
| AM | 31.184.235.80:6892 | udp | |
| AM | 31.184.235.81:6892 | udp | |
| AM | 31.184.235.82:6892 | udp | |
| AM | 31.184.235.83:6892 | udp | |
| AM | 31.184.235.84:6892 | udp | |
| AM | 31.184.235.85:6892 | udp | |
| AM | 31.184.235.86:6892 | udp | |
| AM | 31.184.235.87:6892 | udp | |
| AM | 31.184.235.88:6892 | udp | |
| AM | 31.184.235.89:6892 | udp | |
| AM | 31.184.235.90:6892 | udp | |
| AM | 31.184.235.91:6892 | udp | |
| AM | 31.184.235.92:6892 | udp | |
| AM | 31.184.235.93:6892 | udp | |
| AM | 31.184.235.94:6892 | udp | |
| AM | 31.184.235.95:6892 | udp | |
| AM | 31.184.235.96:6892 | udp | |
| AM | 31.184.235.97:6892 | udp | |
| AM | 31.184.235.98:6892 | udp | |
| AM | 31.184.235.99:6892 | udp | |
| AM | 31.184.235.100:6892 | udp | |
| AM | 31.184.235.101:6892 | udp | |
| AM | 31.184.235.102:6892 | udp | |
| AM | 31.184.235.103:6892 | udp | |
| AM | 31.184.235.104:6892 | udp | |
| AM | 31.184.235.105:6892 | udp | |
| AM | 31.184.235.106:6892 | udp | |
| AM | 31.184.235.107:6892 | udp | |
| AM | 31.184.235.108:6892 | udp | |
| AM | 31.184.235.109:6892 | udp | |
| AM | 31.184.235.110:6892 | udp | |
| AM | 31.184.235.111:6892 | udp | |
| AM | 31.184.235.112:6892 | udp | |
| AM | 31.184.235.113:6892 | udp | |
| AM | 31.184.235.114:6892 | udp | |
| AM | 31.184.235.115:6892 | udp | |
| AM | 31.184.235.116:6892 | udp | |
| AM | 31.184.235.117:6892 | udp | |
| AM | 31.184.235.118:6892 | udp | |
| AM | 31.184.235.119:6892 | udp | |
| AM | 31.184.235.120:6892 | udp | |
| AM | 31.184.235.121:6892 | udp | |
| AM | 31.184.235.122:6892 | udp | |
| AM | 31.184.235.123:6892 | udp | |
| AM | 31.184.235.124:6892 | udp | |
| AM | 31.184.235.125:6892 | udp | |
| AM | 31.184.235.126:6892 | udp | |
| AM | 31.184.235.127:6892 | udp | |
| AM | 31.184.235.128:6892 | udp | |
| AM | 31.184.235.129:6892 | udp | |
| AM | 31.184.235.130:6892 | udp | |
| AM | 31.184.235.131:6892 | udp | |
| AM | 31.184.235.132:6892 | udp | |
| AM | 31.184.235.133:6892 | udp | |
| AM | 31.184.235.134:6892 | udp | |
| AM | 31.184.235.135:6892 | udp | |
| AM | 31.184.235.136:6892 | udp | |
| AM | 31.184.235.137:6892 | udp | |
| AM | 31.184.235.138:6892 | udp | |
| AM | 31.184.235.139:6892 | udp | |
| AM | 31.184.235.140:6892 | udp | |
| AM | 31.184.235.141:6892 | udp | |
| AM | 31.184.235.142:6892 | udp | |
| AM | 31.184.235.143:6892 | udp | |
| AM | 31.184.235.144:6892 | udp | |
| AM | 31.184.235.145:6892 | udp | |
| AM | 31.184.235.146:6892 | udp | |
| AM | 31.184.235.147:6892 | udp | |
| AM | 31.184.235.148:6892 | udp | |
| AM | 31.184.235.149:6892 | udp | |
| AM | 31.184.235.150:6892 | udp | |
| AM | 31.184.235.151:6892 | udp | |
| AM | 31.184.235.152:6892 | udp | |
| AM | 31.184.235.153:6892 | udp | |
| AM | 31.184.235.154:6892 | udp | |
| AM | 31.184.235.155:6892 | udp | |
| AM | 31.184.235.156:6892 | udp | |
| AM | 31.184.235.157:6892 | udp | |
| AM | 31.184.235.158:6892 | udp | |
| AM | 31.184.235.159:6892 | udp | |
| AM | 31.184.235.160:6892 | udp | |
| AM | 31.184.235.161:6892 | udp | |
| AM | 31.184.235.162:6892 | udp | |
| AM | 31.184.235.163:6892 | udp | |
| AM | 31.184.235.164:6892 | udp | |
| AM | 31.184.235.165:6892 | udp | |
| AM | 31.184.235.166:6892 | udp | |
| AM | 31.184.235.167:6892 | udp | |
| AM | 31.184.235.168:6892 | udp | |
| AM | 31.184.235.169:6892 | udp | |
| AM | 31.184.235.170:6892 | udp | |
| AM | 31.184.235.171:6892 | udp | |
| AM | 31.184.235.172:6892 | udp | |
| AM | 31.184.235.173:6892 | udp | |
| AM | 31.184.235.174:6892 | udp | |
| AM | 31.184.235.175:6892 | udp | |
| AM | 31.184.235.176:6892 | udp | |
| AM | 31.184.235.177:6892 | udp | |
| AM | 31.184.235.178:6892 | udp | |
| AM | 31.184.235.179:6892 | udp | |
| AM | 31.184.235.180:6892 | udp | |
| AM | 31.184.235.181:6892 | udp | |
| AM | 31.184.235.182:6892 | udp | |
| AM | 31.184.235.183:6892 | udp | |
| AM | 31.184.235.184:6892 | udp | |
| AM | 31.184.235.185:6892 | udp | |
| AM | 31.184.235.186:6892 | udp | |
| AM | 31.184.235.187:6892 | udp | |
| AM | 31.184.235.188:6892 | udp | |
| AM | 31.184.235.189:6892 | udp | |
| AM | 31.184.235.190:6892 | udp | |
| AM | 31.184.235.191:6892 | udp | |
| AM | 31.184.235.192:6892 | udp | |
| AM | 31.184.235.193:6892 | udp | |
| AM | 31.184.235.194:6892 | udp | |
| AM | 31.184.235.195:6892 | udp | |
| AM | 31.184.235.196:6892 | udp | |
| AM | 31.184.235.197:6892 | udp | |
| AM | 31.184.235.198:6892 | udp | |
| AM | 31.184.235.199:6892 | udp | |
| AM | 31.184.235.200:6892 | udp | |
| AM | 31.184.235.201:6892 | udp | |
| AM | 31.184.235.202:6892 | udp | |
| AM | 31.184.235.203:6892 | udp | |
| AM | 31.184.235.204:6892 | udp | |
| AM | 31.184.235.205:6892 | udp | |
| AM | 31.184.235.206:6892 | udp | |
| AM | 31.184.235.207:6892 | udp | |
| AM | 31.184.235.208:6892 | udp | |
| AM | 31.184.235.209:6892 | udp | |
| AM | 31.184.235.210:6892 | udp | |
| AM | 31.184.235.211:6892 | udp | |
| AM | 31.184.235.212:6892 | udp | |
| AM | 31.184.235.213:6892 | udp | |
| AM | 31.184.235.214:6892 | udp | |
| AM | 31.184.235.215:6892 | udp | |
| AM | 31.184.235.216:6892 | udp | |
| AM | 31.184.235.217:6892 | udp | |
| AM | 31.184.235.218:6892 | udp | |
| AM | 31.184.235.219:6892 | udp | |
| AM | 31.184.235.220:6892 | udp | |
| AM | 31.184.235.221:6892 | udp | |
| AM | 31.184.235.222:6892 | udp | |
| AM | 31.184.235.223:6892 | udp | |
| AM | 31.184.235.224:6892 | udp | |
| AM | 31.184.235.225:6892 | udp | |
| AM | 31.184.235.226:6892 | udp | |
| AM | 31.184.235.227:6892 | udp | |
| AM | 31.184.235.228:6892 | udp | |
| AM | 31.184.235.229:6892 | udp | |
| AM | 31.184.235.230:6892 | udp | |
| AM | 31.184.235.231:6892 | udp | |
| AM | 31.184.235.232:6892 | udp | |
| AM | 31.184.235.233:6892 | udp | |
| AM | 31.184.235.234:6892 | udp | |
| AM | 31.184.235.235:6892 | udp | |
| AM | 31.184.235.236:6892 | udp | |
| AM | 31.184.235.237:6892 | udp | |
| AM | 31.184.235.238:6892 | udp | |
| AM | 31.184.235.239:6892 | udp | |
| AM | 31.184.235.240:6892 | udp | |
| AM | 31.184.235.241:6892 | udp | |
| AM | 31.184.235.242:6892 | udp | |
| AM | 31.184.235.243:6892 | udp | |
| AM | 31.184.235.244:6892 | udp | |
| AM | 31.184.235.245:6892 | udp | |
| AM | 31.184.235.246:6892 | udp | |
| AM | 31.184.235.247:6892 | udp | |
| AM | 31.184.235.248:6892 | udp | |
| AM | 31.184.235.249:6892 | udp | |
| AM | 31.184.235.250:6892 | udp | |
| AM | 31.184.235.251:6892 | udp | |
| AM | 31.184.235.252:6892 | udp | |
| AM | 31.184.235.253:6892 | udp | |
| AM | 31.184.235.254:6892 | udp | |
| AM | 31.184.235.255:6892 | udp | |
| AM | 31.184.234.0:6892 | udp | |
| AM | 31.184.234.1:6892 | udp | |
| AM | 31.184.234.2:6892 | udp | |
| AM | 31.184.234.3:6892 | udp | |
| AM | 31.184.234.4:6892 | udp | |
| AM | 31.184.234.5:6892 | udp | |
| AM | 31.184.234.6:6892 | udp | |
| AM | 31.184.234.7:6892 | udp | |
| AM | 31.184.234.8:6892 | udp | |
| AM | 31.184.234.9:6892 | udp | |
| AM | 31.184.234.10:6892 | udp | |
| AM | 31.184.234.11:6892 | udp | |
| AM | 31.184.234.12:6892 | udp | |
| AM | 31.184.234.13:6892 | udp | |
| AM | 31.184.234.14:6892 | udp | |
| AM | 31.184.234.15:6892 | udp | |
| AM | 31.184.234.16:6892 | udp | |
| AM | 31.184.234.17:6892 | udp | |
| AM | 31.184.234.18:6892 | udp | |
| AM | 31.184.234.19:6892 | udp | |
| AM | 31.184.234.20:6892 | udp | |
| AM | 31.184.234.21:6892 | udp | |
| AM | 31.184.234.22:6892 | udp | |
| AM | 31.184.234.23:6892 | udp | |
| AM | 31.184.234.24:6892 | udp | |
| AM | 31.184.234.25:6892 | udp | |
| AM | 31.184.234.26:6892 | udp | |
| AM | 31.184.234.27:6892 | udp | |
| AM | 31.184.234.28:6892 | udp | |
| AM | 31.184.234.29:6892 | udp | |
| AM | 31.184.234.30:6892 | udp | |
| AM | 31.184.234.31:6892 | udp | |
| AM | 31.184.234.32:6892 | udp | |
| AM | 31.184.234.33:6892 | udp | |
| AM | 31.184.234.34:6892 | udp | |
| AM | 31.184.234.35:6892 | udp | |
| AM | 31.184.234.36:6892 | udp | |
| AM | 31.184.234.37:6892 | udp | |
| AM | 31.184.234.38:6892 | udp | |
| AM | 31.184.234.39:6892 | udp | |
| AM | 31.184.234.40:6892 | udp | |
| AM | 31.184.234.41:6892 | udp | |
| AM | 31.184.234.42:6892 | udp | |
| AM | 31.184.234.43:6892 | udp | |
| AM | 31.184.234.44:6892 | udp | |
| AM | 31.184.234.45:6892 | udp | |
| AM | 31.184.234.46:6892 | udp | |
| AM | 31.184.234.47:6892 | udp | |
| AM | 31.184.234.48:6892 | udp | |
| AM | 31.184.234.49:6892 | udp | |
| AM | 31.184.234.50:6892 | udp | |
| AM | 31.184.234.51:6892 | udp | |
| AM | 31.184.234.52:6892 | udp | |
| AM | 31.184.234.53:6892 | udp | |
| AM | 31.184.234.54:6892 | udp | |
| AM | 31.184.234.55:6892 | udp | |
| AM | 31.184.234.56:6892 | udp | |
| AM | 31.184.234.57:6892 | udp | |
| AM | 31.184.234.58:6892 | udp | |
| AM | 31.184.234.59:6892 | udp | |
| AM | 31.184.234.60:6892 | udp | |
| AM | 31.184.234.61:6892 | udp | |
| AM | 31.184.234.62:6892 | udp | |
| AM | 31.184.234.63:6892 | udp | |
| AM | 31.184.234.64:6892 | udp | |
| AM | 31.184.234.65:6892 | udp | |
| AM | 31.184.234.66:6892 | udp | |
| AM | 31.184.234.67:6892 | udp | |
| AM | 31.184.234.68:6892 | udp | |
| AM | 31.184.234.69:6892 | udp | |
| AM | 31.184.234.70:6892 | udp | |
| AM | 31.184.234.71:6892 | udp | |
| AM | 31.184.234.72:6892 | udp | |
| AM | 31.184.234.73:6892 | udp | |
| AM | 31.184.234.74:6892 | udp | |
| AM | 31.184.234.75:6892 | udp | |
| AM | 31.184.234.76:6892 | udp | |
| AM | 31.184.234.77:6892 | udp | |
| AM | 31.184.234.78:6892 | udp | |
| AM | 31.184.234.79:6892 | udp | |
| AM | 31.184.234.80:6892 | udp | |
| AM | 31.184.234.81:6892 | udp | |
| AM | 31.184.234.82:6892 | udp | |
| AM | 31.184.234.83:6892 | udp | |
| AM | 31.184.234.84:6892 | udp | |
| AM | 31.184.234.85:6892 | udp | |
| AM | 31.184.234.86:6892 | udp | |
| AM | 31.184.234.87:6892 | udp | |
| AM | 31.184.234.88:6892 | udp | |
| AM | 31.184.234.89:6892 | udp | |
| AM | 31.184.234.90:6892 | udp | |
| AM | 31.184.234.91:6892 | udp | |
| AM | 31.184.234.92:6892 | udp | |
| AM | 31.184.234.93:6892 | udp | |
| AM | 31.184.234.94:6892 | udp | |
| AM | 31.184.234.95:6892 | udp | |
| AM | 31.184.234.96:6892 | udp | |
| AM | 31.184.234.97:6892 | udp | |
| AM | 31.184.234.98:6892 | udp | |
| AM | 31.184.234.99:6892 | udp | |
| AM | 31.184.234.100:6892 | udp | |
| AM | 31.184.234.101:6892 | udp | |
| AM | 31.184.234.102:6892 | udp | |
| AM | 31.184.234.103:6892 | udp | |
| AM | 31.184.234.104:6892 | udp | |
| AM | 31.184.234.105:6892 | udp | |
| AM | 31.184.234.106:6892 | udp | |
| AM | 31.184.234.107:6892 | udp | |
| AM | 31.184.234.108:6892 | udp | |
| AM | 31.184.234.109:6892 | udp | |
| AM | 31.184.234.110:6892 | udp | |
| AM | 31.184.234.111:6892 | udp | |
| AM | 31.184.234.112:6892 | udp | |
| AM | 31.184.234.113:6892 | udp | |
| AM | 31.184.234.114:6892 | udp | |
| AM | 31.184.234.115:6892 | udp | |
| AM | 31.184.234.116:6892 | udp | |
| AM | 31.184.234.117:6892 | udp | |
| AM | 31.184.234.118:6892 | udp | |
| AM | 31.184.234.119:6892 | udp | |
| AM | 31.184.234.120:6892 | udp | |
| AM | 31.184.234.121:6892 | udp | |
| AM | 31.184.234.122:6892 | udp | |
| AM | 31.184.234.123:6892 | udp | |
| AM | 31.184.234.124:6892 | udp | |
| AM | 31.184.234.125:6892 | udp | |
| AM | 31.184.234.126:6892 | udp | |
| AM | 31.184.234.127:6892 | udp | |
| AM | 31.184.234.128:6892 | udp | |
| AM | 31.184.234.129:6892 | udp | |
| AM | 31.184.234.130:6892 | udp | |
| AM | 31.184.234.131:6892 | udp | |
| AM | 31.184.234.132:6892 | udp | |
| AM | 31.184.234.133:6892 | udp | |
| AM | 31.184.234.134:6892 | udp | |
| AM | 31.184.234.135:6892 | udp | |
| AM | 31.184.234.136:6892 | udp | |
| AM | 31.184.234.137:6892 | udp | |
| AM | 31.184.234.138:6892 | udp | |
| AM | 31.184.234.139:6892 | udp | |
| AM | 31.184.234.140:6892 | udp | |
| AM | 31.184.234.141:6892 | udp | |
| AM | 31.184.234.142:6892 | udp | |
| AM | 31.184.234.143:6892 | udp | |
| AM | 31.184.234.144:6892 | udp | |
| AM | 31.184.234.145:6892 | udp | |
| AM | 31.184.234.146:6892 | udp | |
| AM | 31.184.234.147:6892 | udp | |
| AM | 31.184.234.148:6892 | udp | |
| AM | 31.184.234.149:6892 | udp | |
| AM | 31.184.234.150:6892 | udp | |
| AM | 31.184.234.151:6892 | udp | |
| AM | 31.184.234.152:6892 | udp | |
| AM | 31.184.234.153:6892 | udp | |
| AM | 31.184.234.154:6892 | udp | |
| AM | 31.184.234.155:6892 | udp | |
| AM | 31.184.234.156:6892 | udp | |
| AM | 31.184.234.157:6892 | udp | |
| AM | 31.184.234.158:6892 | udp | |
| AM | 31.184.234.159:6892 | udp | |
| AM | 31.184.234.160:6892 | udp | |
| AM | 31.184.234.161:6892 | udp | |
| AM | 31.184.234.162:6892 | udp | |
| AM | 31.184.234.163:6892 | udp | |
| AM | 31.184.234.164:6892 | udp | |
| AM | 31.184.234.165:6892 | udp | |
| AM | 31.184.234.166:6892 | udp | |
| AM | 31.184.234.167:6892 | udp | |
| AM | 31.184.234.168:6892 | udp | |
| AM | 31.184.234.169:6892 | udp | |
| AM | 31.184.234.170:6892 | udp | |
| AM | 31.184.234.171:6892 | udp | |
| AM | 31.184.234.172:6892 | udp | |
| AM | 31.184.234.173:6892 | udp | |
| AM | 31.184.234.174:6892 | udp | |
| AM | 31.184.234.175:6892 | udp | |
| AM | 31.184.234.176:6892 | udp | |
| AM | 31.184.234.177:6892 | udp | |
| AM | 31.184.234.178:6892 | udp | |
| AM | 31.184.234.179:6892 | udp | |
| AM | 31.184.234.180:6892 | udp | |
| AM | 31.184.234.181:6892 | udp | |
| AM | 31.184.234.182:6892 | udp | |
| AM | 31.184.234.183:6892 | udp | |
| AM | 31.184.234.184:6892 | udp | |
| AM | 31.184.234.185:6892 | udp | |
| AM | 31.184.234.186:6892 | udp | |
| AM | 31.184.234.187:6892 | udp | |
| AM | 31.184.234.188:6892 | udp | |
| AM | 31.184.234.189:6892 | udp | |
| AM | 31.184.234.190:6892 | udp | |
| AM | 31.184.234.191:6892 | udp | |
| AM | 31.184.234.192:6892 | udp | |
| AM | 31.184.234.193:6892 | udp | |
| AM | 31.184.234.194:6892 | udp | |
| AM | 31.184.234.195:6892 | udp | |
| AM | 31.184.234.196:6892 | udp | |
| AM | 31.184.234.197:6892 | udp | |
| AM | 31.184.234.198:6892 | udp | |
| AM | 31.184.234.199:6892 | udp | |
| AM | 31.184.234.200:6892 | udp | |
| AM | 31.184.234.201:6892 | udp | |
| AM | 31.184.234.202:6892 | udp | |
| AM | 31.184.234.203:6892 | udp | |
| AM | 31.184.234.204:6892 | udp | |
| AM | 31.184.234.205:6892 | udp | |
| AM | 31.184.234.206:6892 | udp | |
| AM | 31.184.234.207:6892 | udp | |
| AM | 31.184.234.208:6892 | udp | |
| AM | 31.184.234.209:6892 | udp | |
| AM | 31.184.234.210:6892 | udp | |
| AM | 31.184.234.211:6892 | udp | |
| AM | 31.184.234.212:6892 | udp | |
| AM | 31.184.234.213:6892 | udp | |
| AM | 31.184.234.214:6892 | udp | |
| AM | 31.184.234.215:6892 | udp | |
| AM | 31.184.234.216:6892 | udp | |
| AM | 31.184.234.217:6892 | udp | |
| AM | 31.184.234.218:6892 | udp | |
| AM | 31.184.234.219:6892 | udp | |
| AM | 31.184.234.220:6892 | udp | |
| AM | 31.184.234.221:6892 | udp | |
| AM | 31.184.234.222:6892 | udp | |
| AM | 31.184.234.223:6892 | udp | |
| AM | 31.184.234.224:6892 | udp | |
| AM | 31.184.234.225:6892 | udp | |
| AM | 31.184.234.226:6892 | udp | |
| AM | 31.184.234.227:6892 | udp | |
| AM | 31.184.234.228:6892 | udp | |
| AM | 31.184.234.229:6892 | udp | |
| AM | 31.184.234.230:6892 | udp | |
| AM | 31.184.234.231:6892 | udp | |
| AM | 31.184.234.232:6892 | udp | |
| AM | 31.184.234.233:6892 | udp | |
| AM | 31.184.234.234:6892 | udp | |
| AM | 31.184.234.235:6892 | udp | |
| AM | 31.184.234.236:6892 | udp | |
| AM | 31.184.234.237:6892 | udp | |
| AM | 31.184.234.238:6892 | udp | |
| AM | 31.184.234.239:6892 | udp | |
| AM | 31.184.234.240:6892 | udp | |
| AM | 31.184.234.241:6892 | udp | |
| AM | 31.184.234.242:6892 | udp | |
| AM | 31.184.234.243:6892 | udp | |
| AM | 31.184.234.244:6892 | udp | |
| AM | 31.184.234.245:6892 | udp | |
| AM | 31.184.234.246:6892 | udp | |
| AM | 31.184.234.247:6892 | udp | |
| AM | 31.184.234.248:6892 | udp | |
| AM | 31.184.234.249:6892 | udp | |
| AM | 31.184.234.250:6892 | udp | |
| AM | 31.184.234.251:6892 | udp | |
| AM | 31.184.234.252:6892 | udp | |
| AM | 31.184.234.253:6892 | udp | |
| AM | 31.184.234.254:6892 | udp | |
| AM | 31.184.234.255:6892 | udp | |
| AM | 31.184.235.0:6892 | udp | |
| AM | 31.184.235.1:6892 | udp | |
| AM | 31.184.235.2:6892 | udp | |
| AM | 31.184.235.3:6892 | udp | |
| AM | 31.184.235.4:6892 | udp | |
| AM | 31.184.235.5:6892 | udp | |
| AM | 31.184.235.6:6892 | udp | |
| AM | 31.184.235.7:6892 | udp | |
| AM | 31.184.235.8:6892 | udp | |
| AM | 31.184.235.9:6892 | udp | |
| AM | 31.184.235.10:6892 | udp | |
| AM | 31.184.235.11:6892 | udp | |
| AM | 31.184.235.12:6892 | udp | |
| AM | 31.184.235.13:6892 | udp | |
| AM | 31.184.235.14:6892 | udp | |
| AM | 31.184.235.15:6892 | udp | |
| AM | 31.184.235.16:6892 | udp | |
| AM | 31.184.235.17:6892 | udp | |
| AM | 31.184.235.18:6892 | udp | |
| AM | 31.184.235.19:6892 | udp | |
| AM | 31.184.235.20:6892 | udp | |
| AM | 31.184.235.21:6892 | udp | |
| AM | 31.184.235.22:6892 | udp | |
| AM | 31.184.235.23:6892 | udp | |
| AM | 31.184.235.24:6892 | udp | |
| AM | 31.184.235.25:6892 | udp | |
| AM | 31.184.235.26:6892 | udp | |
| AM | 31.184.235.27:6892 | udp | |
| AM | 31.184.235.28:6892 | udp | |
| AM | 31.184.235.29:6892 | udp | |
| AM | 31.184.235.30:6892 | udp | |
| AM | 31.184.235.31:6892 | udp | |
| AM | 31.184.235.32:6892 | udp | |
| AM | 31.184.235.33:6892 | udp | |
| AM | 31.184.235.34:6892 | udp | |
| AM | 31.184.235.35:6892 | udp | |
| AM | 31.184.235.36:6892 | udp | |
| AM | 31.184.235.37:6892 | udp | |
| AM | 31.184.235.38:6892 | udp | |
| AM | 31.184.235.39:6892 | udp | |
| AM | 31.184.235.40:6892 | udp | |
| AM | 31.184.235.41:6892 | udp | |
| AM | 31.184.235.42:6892 | udp | |
| AM | 31.184.235.43:6892 | udp | |
| AM | 31.184.235.44:6892 | udp | |
| AM | 31.184.235.45:6892 | udp | |
| AM | 31.184.235.46:6892 | udp | |
| AM | 31.184.235.47:6892 | udp | |
| AM | 31.184.235.48:6892 | udp | |
| AM | 31.184.235.49:6892 | udp | |
| AM | 31.184.235.50:6892 | udp | |
| AM | 31.184.235.51:6892 | udp | |
| AM | 31.184.235.52:6892 | udp | |
| AM | 31.184.235.53:6892 | udp | |
| AM | 31.184.235.54:6892 | udp | |
| AM | 31.184.235.55:6892 | udp | |
| AM | 31.184.235.56:6892 | udp | |
| AM | 31.184.235.57:6892 | udp | |
| AM | 31.184.235.58:6892 | udp | |
| AM | 31.184.235.59:6892 | udp | |
| AM | 31.184.235.60:6892 | udp | |
| AM | 31.184.235.61:6892 | udp | |
| AM | 31.184.235.62:6892 | udp | |
| AM | 31.184.235.63:6892 | udp | |
| AM | 31.184.235.64:6892 | udp | |
| AM | 31.184.235.65:6892 | udp | |
| AM | 31.184.235.66:6892 | udp | |
| AM | 31.184.235.67:6892 | udp | |
| AM | 31.184.235.68:6892 | udp | |
| AM | 31.184.235.69:6892 | udp | |
| AM | 31.184.235.70:6892 | udp | |
| AM | 31.184.235.71:6892 | udp | |
| AM | 31.184.235.72:6892 | udp | |
| AM | 31.184.235.73:6892 | udp | |
| AM | 31.184.235.74:6892 | udp | |
| AM | 31.184.235.75:6892 | udp | |
| AM | 31.184.235.76:6892 | udp | |
| AM | 31.184.235.77:6892 | udp | |
| AM | 31.184.235.78:6892 | udp | |
| AM | 31.184.235.79:6892 | udp | |
| AM | 31.184.235.80:6892 | udp | |
| AM | 31.184.235.81:6892 | udp | |
| AM | 31.184.235.82:6892 | udp | |
| AM | 31.184.235.83:6892 | udp | |
| AM | 31.184.235.84:6892 | udp | |
| AM | 31.184.235.85:6892 | udp | |
| AM | 31.184.235.86:6892 | udp | |
| AM | 31.184.235.87:6892 | udp | |
| AM | 31.184.235.88:6892 | udp | |
| AM | 31.184.235.89:6892 | udp | |
| AM | 31.184.235.90:6892 | udp | |
| AM | 31.184.235.91:6892 | udp | |
| AM | 31.184.235.92:6892 | udp | |
| AM | 31.184.235.93:6892 | udp | |
| AM | 31.184.235.94:6892 | udp | |
| AM | 31.184.235.95:6892 | udp | |
| AM | 31.184.235.96:6892 | udp | |
| AM | 31.184.235.97:6892 | udp | |
| AM | 31.184.235.98:6892 | udp | |
| AM | 31.184.235.99:6892 | udp | |
| AM | 31.184.235.100:6892 | udp | |
| AM | 31.184.235.101:6892 | udp | |
| AM | 31.184.235.102:6892 | udp | |
| AM | 31.184.235.103:6892 | udp | |
| AM | 31.184.235.104:6892 | udp | |
| AM | 31.184.235.105:6892 | udp | |
| AM | 31.184.235.106:6892 | udp | |
| AM | 31.184.235.107:6892 | udp | |
| AM | 31.184.235.108:6892 | udp | |
| AM | 31.184.235.109:6892 | udp | |
| AM | 31.184.235.110:6892 | udp | |
| AM | 31.184.235.111:6892 | udp | |
| AM | 31.184.235.112:6892 | udp | |
| AM | 31.184.235.113:6892 | udp | |
| AM | 31.184.235.114:6892 | udp | |
| AM | 31.184.235.115:6892 | udp | |
| AM | 31.184.235.116:6892 | udp | |
| AM | 31.184.235.117:6892 | udp | |
| AM | 31.184.235.118:6892 | udp | |
| AM | 31.184.235.119:6892 | udp | |
| AM | 31.184.235.120:6892 | udp | |
| AM | 31.184.235.121:6892 | udp | |
| AM | 31.184.235.122:6892 | udp | |
| AM | 31.184.235.123:6892 | udp | |
| AM | 31.184.235.124:6892 | udp | |
| AM | 31.184.235.125:6892 | udp | |
| AM | 31.184.235.126:6892 | udp | |
| AM | 31.184.235.127:6892 | udp | |
| AM | 31.184.235.128:6892 | udp | |
| AM | 31.184.235.129:6892 | udp | |
| AM | 31.184.235.130:6892 | udp | |
| AM | 31.184.235.131:6892 | udp | |
| AM | 31.184.235.132:6892 | udp | |
| AM | 31.184.235.133:6892 | udp | |
| AM | 31.184.235.134:6892 | udp | |
| AM | 31.184.235.135:6892 | udp | |
| AM | 31.184.235.136:6892 | udp | |
| AM | 31.184.235.137:6892 | udp | |
| AM | 31.184.235.138:6892 | udp | |
| AM | 31.184.235.139:6892 | udp | |
| AM | 31.184.235.140:6892 | udp | |
| AM | 31.184.235.141:6892 | udp | |
| AM | 31.184.235.142:6892 | udp | |
| AM | 31.184.235.143:6892 | udp | |
| AM | 31.184.235.144:6892 | udp | |
| AM | 31.184.235.145:6892 | udp | |
| AM | 31.184.235.146:6892 | udp | |
| AM | 31.184.235.147:6892 | udp | |
| AM | 31.184.235.148:6892 | udp | |
| AM | 31.184.235.149:6892 | udp | |
| AM | 31.184.235.150:6892 | udp | |
| AM | 31.184.235.151:6892 | udp | |
| AM | 31.184.235.152:6892 | udp | |
| AM | 31.184.235.153:6892 | udp | |
| AM | 31.184.235.154:6892 | udp | |
| AM | 31.184.235.155:6892 | udp | |
| AM | 31.184.235.156:6892 | udp | |
| AM | 31.184.235.157:6892 | udp | |
| AM | 31.184.235.158:6892 | udp | |
| AM | 31.184.235.159:6892 | udp | |
| AM | 31.184.235.160:6892 | udp | |
| AM | 31.184.235.161:6892 | udp | |
| AM | 31.184.235.162:6892 | udp | |
| AM | 31.184.235.163:6892 | udp | |
| AM | 31.184.235.164:6892 | udp | |
| AM | 31.184.235.165:6892 | udp | |
| AM | 31.184.235.166:6892 | udp | |
| AM | 31.184.235.167:6892 | udp | |
| AM | 31.184.235.168:6892 | udp | |
| AM | 31.184.235.169:6892 | udp | |
| AM | 31.184.235.170:6892 | udp | |
| AM | 31.184.235.171:6892 | udp | |
| AM | 31.184.235.172:6892 | udp | |
| AM | 31.184.235.173:6892 | udp | |
| AM | 31.184.235.174:6892 | udp | |
| AM | 31.184.235.175:6892 | udp | |
| AM | 31.184.235.176:6892 | udp | |
| AM | 31.184.235.177:6892 | udp | |
| AM | 31.184.235.178:6892 | udp | |
| AM | 31.184.235.179:6892 | udp | |
| AM | 31.184.235.180:6892 | udp | |
| AM | 31.184.235.181:6892 | udp | |
| AM | 31.184.235.182:6892 | udp | |
| AM | 31.184.235.183:6892 | udp | |
| AM | 31.184.235.184:6892 | udp | |
| AM | 31.184.235.185:6892 | udp | |
| AM | 31.184.235.186:6892 | udp | |
| AM | 31.184.235.187:6892 | udp | |
| AM | 31.184.235.188:6892 | udp | |
| AM | 31.184.235.189:6892 | udp | |
| AM | 31.184.235.190:6892 | udp | |
| AM | 31.184.235.191:6892 | udp | |
| AM | 31.184.235.192:6892 | udp | |
| AM | 31.184.235.193:6892 | udp | |
| AM | 31.184.235.194:6892 | udp | |
| AM | 31.184.235.195:6892 | udp | |
| AM | 31.184.235.196:6892 | udp | |
| AM | 31.184.235.197:6892 | udp | |
| AM | 31.184.235.198:6892 | udp | |
| AM | 31.184.235.199:6892 | udp | |
| AM | 31.184.235.200:6892 | udp | |
| AM | 31.184.235.201:6892 | udp | |
| AM | 31.184.235.202:6892 | udp | |
| AM | 31.184.235.203:6892 | udp | |
| AM | 31.184.235.204:6892 | udp | |
| AM | 31.184.235.205:6892 | udp | |
| AM | 31.184.235.206:6892 | udp | |
| AM | 31.184.235.207:6892 | udp | |
| AM | 31.184.235.208:6892 | udp | |
| AM | 31.184.235.209:6892 | udp | |
| AM | 31.184.235.210:6892 | udp | |
| AM | 31.184.235.211:6892 | udp | |
| AM | 31.184.235.212:6892 | udp | |
| AM | 31.184.235.213:6892 | udp | |
| AM | 31.184.235.214:6892 | udp | |
| AM | 31.184.235.215:6892 | udp | |
| AM | 31.184.235.216:6892 | udp | |
| AM | 31.184.235.217:6892 | udp | |
| AM | 31.184.235.218:6892 | udp | |
| AM | 31.184.235.219:6892 | udp | |
| AM | 31.184.235.220:6892 | udp | |
| AM | 31.184.235.221:6892 | udp | |
| AM | 31.184.235.222:6892 | udp | |
| AM | 31.184.235.223:6892 | udp | |
| AM | 31.184.235.224:6892 | udp | |
| AM | 31.184.235.225:6892 | udp | |
| AM | 31.184.235.226:6892 | udp | |
| AM | 31.184.235.227:6892 | udp | |
| AM | 31.184.235.228:6892 | udp | |
| AM | 31.184.235.229:6892 | udp | |
| AM | 31.184.235.230:6892 | udp | |
| AM | 31.184.235.231:6892 | udp | |
| AM | 31.184.235.232:6892 | udp | |
| AM | 31.184.235.233:6892 | udp | |
| AM | 31.184.235.234:6892 | udp | |
| AM | 31.184.235.235:6892 | udp | |
| AM | 31.184.235.236:6892 | udp | |
| AM | 31.184.235.237:6892 | udp | |
| AM | 31.184.235.238:6892 | udp | |
| AM | 31.184.235.239:6892 | udp | |
| AM | 31.184.235.240:6892 | udp | |
| AM | 31.184.235.241:6892 | udp | |
| AM | 31.184.235.242:6892 | udp | |
| AM | 31.184.235.243:6892 | udp | |
| AM | 31.184.235.244:6892 | udp | |
| AM | 31.184.235.245:6892 | udp | |
| AM | 31.184.235.246:6892 | udp | |
| AM | 31.184.235.247:6892 | udp | |
| AM | 31.184.235.248:6892 | udp | |
| AM | 31.184.235.249:6892 | udp | |
| AM | 31.184.235.250:6892 | udp | |
| AM | 31.184.235.251:6892 | udp | |
| AM | 31.184.235.252:6892 | udp | |
| AM | 31.184.235.253:6892 | udp | |
| AM | 31.184.235.254:6892 | udp | |
| AM | 31.184.235.255:6892 | udp | |
| US | 8.8.8.8:53 | xrhwryizf5mui7a5.j0n83w.bid | udp |
| US | 8.8.8.8:53 | btc.blockr.io | udp |
| US | 8.8.8.8:53 | api.blockcypher.com | udp |
| US | 172.67.17.223:80 | api.blockcypher.com | tcp |
| US | 8.8.8.8:53 | chain.so | udp |
| US | 104.22.65.108:443 | chain.so | tcp |
Files
\Users\Admin\AppData\Local\Temp\nsd1151.tmp\System.dll
| MD5 | 3e6bf00b3ac976122f982ae2aadb1c51 |
| SHA1 | caab188f7fdc84d3fdcb2922edeeb5ed576bd31d |
| SHA256 | 4ff9b2678d698677c5d9732678f9cf53f17290e09d053691aac4cc6e6f595cbe |
| SHA512 | 1286f05e6a7e6b691f6e479638e7179897598e171b52eb3a3dc0e830415251069d29416b6d1ffc6d7dce8da5625e1479be06db9b7179e7776659c5c1ad6aa706 |
memory/840-15-0x0000000001C30000-0x0000000001C33000-memory.dmp
memory/2708-17-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2708-21-0x0000000000400000-0x0000000000431000-memory.dmp
memory/840-20-0x0000000001C30000-0x0000000001C33000-memory.dmp
memory/2708-19-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2708-26-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2708-27-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2708-30-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2708-31-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\Contacts\README.hta
| MD5 | 8cd65351f145eac3630c3530992a056d |
| SHA1 | d4431ba729815839ad1fe0b39310127e1cc151ae |
| SHA256 | 3da8483a814102fd2b538c8a98f597f26e6cdcaf3d125539c4da058951465277 |
| SHA512 | 805e2f35def02344fa63714f54cb253ee32611ebbc148d9f222cdbd942f43a5e6f568e1ceaf065eb3b2bbf678c94bc7ed6c333d40cda44469936fcb484a84df5 |
memory/2708-302-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2708-305-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2708-308-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2708-311-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2708-314-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2708-317-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2708-320-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2708-323-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2708-326-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2708-329-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2708-332-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2708-335-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2708-338-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2708-341-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2708-344-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2708-347-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2708-349-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2708-355-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2708-364-0x0000000000400000-0x0000000000431000-memory.dmp
Analysis: behavioral8
Detonation Overview
Submitted
2024-06-04 20:48
Reported
2024-06-04 20:50
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
153s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2372 wrote to memory of 1184 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2372 wrote to memory of 1184 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2372 wrote to memory of 1184 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 1184 -ip 1184
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1184 -s 612
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 27.73.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-06-04 20:48
Reported
2024-06-04 20:50
Platform
win7-20240221-en
Max time kernel
133s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a63261f9139c8f4aa4dff500dbf78628000000000200000000001066000000010000200000005ce6b970ff6e2a48bb1c13112db94a846ca22ac2e7ffd3f9ccb15562115a048f000000000e8000000002000020000000b0e59c9ce1a99fa5513e2a3e03aa4ce95d755f0b0676a43a89764d18399e99c090000000b23f932f69af4546e6199438ff27702d1b1d65637ae4ba15246af66a65cfc381bd371a2e08b16bc7253c58cef2fa495098e0689347b96cde0776f8a9a809659e7c2ed1a353054bbd72daf2f6fe4ef4ffc68a5db53d3a4d963b8e6adea8db84903a09a1b00457ef9e34390b13c8ed4758610a5dba1702fbe67f76804b226badcfec14e87bfa140e1307f9bbb4a26fe7c040000000b9d7b351d536516d62f4367ab2a6431220f90229304f2b3f8643e35cd4340e7fbae25deeb40a971907d3786b656ea4bed8ee71c94c99b04ac5361dc397670f0a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C0F9DE91-22B3-11EF-8356-E61A8C993A67} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423695958" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a63261f9139c8f4aa4dff500dbf7862800000000020000000000106600000001000020000000422dfed9e7c53a0336204c50e606470e437c82015dd6cb48d7ee52be9ebcb9ec000000000e8000000002000020000000fd56c3b2c8fe60447a14df3227da9db71f051bb2cd8e4cdd471a75c93df3b2de20000000e53e9de1a6a2f6bdbb2fdd8c2d0f315934e722e6e5af261a208e141a76782f9840000000e739139561f663692620101362db2078276927b7ebde43455fd883e1e8840f20959d0f6dce481b548815f4311c3b9bce9ddc6dbf76a7f2428dc74e67c45bc85d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0b07c9ac0b6da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2964 wrote to memory of 3016 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2964 wrote to memory of 3016 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2964 wrote to memory of 3016 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2964 wrote to memory of 3016 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\home1259317828.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2964 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.twimg.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab11BC.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar11C1.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar12EE.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d6a3c25fe77935677f22a2847c44d9c |
| SHA1 | 76ded077861912c73f78066da817ea4069c6666b |
| SHA256 | 47488144d67f7090cafa9ef1c648e1a8d376698c31e976fe3500c44729ce4a65 |
| SHA512 | 6317599d2487ee0d2d64b6d7a5fb694eaf82dcb1763c1158d0d1de2dda25791730dd6e2a1825a19b32b0223306128ccb3e0afaa46bdf3ce4f5e7c521b958ac1b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20ea60d49480ecd57dc3e0974c2f9d36 |
| SHA1 | d6eecfbb8cccc30679779206d841be6db5ba0d34 |
| SHA256 | cdd96bc327e97f581d235b4116706ab979bbff2b5170bba0b65660e3cb8da79b |
| SHA512 | 6cd152270756ecc6109fdeec5a11eb603a15b06bc6434061e9567619f81062ef7f5891028ffdaf6275d7da5b2fa61c27036276ce2fe69df48a1917c11e92b0a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b1e39f76508f6bbaa9e57373ee259d5f |
| SHA1 | 8affa66ab2afdaa66bb4be7d704e9f282e318b37 |
| SHA256 | 6dd9a199c6b038d59044f5fb9863085e5575c02ea025aaae629aac31c184f58b |
| SHA512 | b1f14b70412e6607aa43ec82f32ab9ce5d3a83f6601dd6724f92d948a59ce9e7c9d9704feba8aacafc5c4e3a7a2b5e7a0edee0104cf8eb562cb654ad10ebae4a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8bac546f3efdd49e6a1686babdd8a827 |
| SHA1 | 8492e6560c327e7c7ceeab54111497afaf6d23d5 |
| SHA256 | 7dab5b56a59404af8d576734a8ab79826890cfbed7c91e5cd4b01714a3a6656d |
| SHA512 | 0eeb06baa8095a275277fcc9c4fc19416b0dbfdb4f102a9e279f68502ed908bc702f4d51c90bfef96b79c455c9f5392a8d313b69f06f1a262ab360576a474558 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e5919ae92bbfeec48d46719b8d28e7f9 |
| SHA1 | 9d3d563855651b09f3514723171fdaa115c5d85f |
| SHA256 | b4227f1228e0b490bce3fdc415bac729adfe2786f2ac1c2ed62f1ecffe4c8ae5 |
| SHA512 | 014599c970c40828bb5bbb8c3dcd66f10d0557bacd602705eb974cc4a490c3d02d9faa3b348e0242ddf81ede4c64acb38a60321038a30463113cc2f8451224cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5accf7ebdd8759745b1f1e7650eaaeb6 |
| SHA1 | e224ae8ce0fc0b8bc89be5ebdb51635ea8cd3c71 |
| SHA256 | 48cf761b7a18ce8ccaf1fdda3c8b1a7ee892b6036dd2475ab05e2bd1d1eae036 |
| SHA512 | ff4524db64baf9029e6c4490dad1b263cf4d1e9779c73da2a2dff40d9fda3d87869457166b8f293d624d2522ef38140dad89a4e32b09aaf56575d3e03f5a6a28 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 398b9fdb40ca39d781ab44c66c01bc06 |
| SHA1 | 65aadf019af5fa91fe7fbc97e7026ab0b41760f1 |
| SHA256 | 9a04f40364ecf29dbfd30477026d23b0cd010c565cdc098c92f14cac8d359a53 |
| SHA512 | 2be7a9f1dec5c26bc38839eaef9e67e0e5e85d0dd1faf0c095c53a9019d6055a1ac0366be2e49ffacee2926e1a5941d18958eaeda6792bc1301b026bc59ac187 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3990fd904dfa5701940267e10cdda81e |
| SHA1 | 17488219acf9e0fb0e590a40e1940215639c630f |
| SHA256 | 3d46249926a3f15f831985a1765467d89343f608ee0665537b809db2db4fef8d |
| SHA512 | 4c8e0c6feccd44ce793c4e4ca764f490619e36a303aa5cb510b032c6cf14e86fffa400867b75a67a170a22dc176c4a5621056bebd1e482e7819fbd25546f8e3e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b36d7d2218bc8c9a08a290684dedfed |
| SHA1 | 3d820cc8e899b66e1f05644145dd13cfb5239558 |
| SHA256 | 2a356bff19086a379b51faeab9be82aa29ccfdd450b819fc6e6a17461ae17817 |
| SHA512 | 11a51fedf5781c3eccfc4ce491ded2061d64e6c4e891c3ab83c735c9a3eecffa0b58f67dea34a73215c0d19c0a0c7bd062df5bc28a8a995d2a78e83b028aee90 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a38b4cc44b4e18f6ed3f8b37a499742 |
| SHA1 | 4f768562c22e6bdfbd5ad6016d71f9f9524edcfe |
| SHA256 | 5566592bd9dc25f08e52e6b1a907430032c7d8e2c7b52d3961d2b8c522ffc9f2 |
| SHA512 | 4b4e973d725b39ee8f818d7a16c01c8b2fa8f7667d62a19e1f2d38b18b9f2c5d86bc9b7992a4fbf8f7cb5b54b51224b14d8be0993aca7c9314737d6c14eabba9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b540b4fa56f96cb61295ae5a67163ebc |
| SHA1 | 42c9d567440eb6698a28e3cc2117c7a5f3187187 |
| SHA256 | 84678d3fed33974d90f0c4bc269d4e5f6edaa76616cc5835a99d0b072e27f080 |
| SHA512 | b647f838df07969ce6bc3f5d30de5898f832fd81a5d462104088b3c517a29ce60a0279eba3de33fd45911965206a7fb456c7145844133f3d2a7b47da47b6b975 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eabcbfb7323e7afa83efc942fc1ab62b |
| SHA1 | 243bc5a30a280336ae966a275e5a7b5307fc1d16 |
| SHA256 | e5cddf2ae9a0e416c23696f91e8aafd5455ba539a0dc6de06b1cbf103800ef99 |
| SHA512 | 3b319e7e1e7ab4636f8da749cbe16b69be66d077d61032fcc350b5d1127a022c8e238e43db9329623823517e3c05fa5eec145447bf5d258faf180acf148ac900 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b1fb45bf1efe99edebeac0df87bd087 |
| SHA1 | 3465cae63594b35519cc22b7bf1e9fc0f52b298b |
| SHA256 | 309dad7f0d38d1015cb6a541d7a722e0219830e309a031181a487e90c13aa9c7 |
| SHA512 | 462f620f57c52b6a59358b8ff87326e99e71785c6ed591c743f0887ea8db1e237dd2cd2c7ad26629220eba9f4a1307bc31351cac09199ae345880855d2b28f2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a6dd3ce5b30ad7d319da6099410278f |
| SHA1 | 082e913b22142f91243894a64012bb3e09a05472 |
| SHA256 | e6481d11ba12f2616caf2612e84a2d25e69335d9220393cf9dc08668f37aec01 |
| SHA512 | d22dea78133a1ea65162af582d082f18eb2cb9ad6dde1a862accdd842e56e1abfd93e0deee68e7100b72d957436e80d419f01483ecff4ca0d6565a197ec268af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb71d5946e30886d5639bbd81a27a57d |
| SHA1 | cd082bf231b4002e17b5f30ec336bab86d85b4ae |
| SHA256 | 89ab70e322be0dcbf1ec996b129a79e85eab1a28f474d0bf2465766335a3b3da |
| SHA512 | debee22b5409c8d48605b916128d64aa7e95eeece3a7eee186ebb7495659fa5a4307b89634283edec501b9c1986cd50e488ccac7bf74e5c57c516c00a7e742ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b64a9c68ac6e07f757bd268d202a5e95 |
| SHA1 | 816b5761cdf2162c35889ad6f97fabccba69ab7d |
| SHA256 | 3d49c0a01c1cf13f94637de0d8ffb95116860bc297b726051ff54abe276a60fa |
| SHA512 | 2ce450c8ea704760f883e9038d456eb638bc91a5b7180858e79c2b9ba85e9580b6d69c5aff731674f8e0a23d6a05fee773e0d5cf3ef0757a995d55781484fdf7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6008b398686d5f647a8ffbe9a6e94c96 |
| SHA1 | f7e01f087f430207f8664f465aea7319ddb76f1a |
| SHA256 | a952c6b4820924a2f0b576dd6e5872ee9b1215eeed5d73c13242cdad02a33d91 |
| SHA512 | b98e3bf430d654d0980684ff21d0a675691e12e3d728a00c2d1ddf61c2e3a13fe9c75bb4a7dd4ff94a580eb2474266365e8a15bd0d1619e903043ab0caf87e05 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f273a72a956736354fda634f9aeb24b8 |
| SHA1 | 36530e46fce0a1b9671716baf0cb02bcf0707c4f |
| SHA256 | 885792249d3631f5ee441c2b9fad743c01e5dc1aeab4f390b68f26b7aadbbee1 |
| SHA512 | e1d3401cf6823480d10b29e1ae0b9fa7ae504710fdfd0369df200d409fee07efb0e445d539a1853e05ecca567c35075a1439f25ac01ea5152aa9c04827b2e753 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40c8650cb20b180d121e3a25b902e40c |
| SHA1 | 81df5cd261b66467db5654f06b22d0909ecb3ae8 |
| SHA256 | a8e54a8cfadbadd323dc21e5f2540e747118d694575b085cfe167b2774a07fda |
| SHA512 | ec58f23f8091f771d38057c4313d16b524af1bee936e5e98faea7af4b0d3e18899b6ba983cf23e982f360f7e98c9ae78868b48f3a1603f32c385d27397be992c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 93ffc67b682db53ec315790404af15ce |
| SHA1 | 2eff1daba7107cf5fdf3a8440e3b882b6e3f9b4d |
| SHA256 | 9eb6a5a6f4cdcb5fa8db8bbf419cfeac2efa8cc6015b46435eda4df93431cd49 |
| SHA512 | 1695114aadea6b8fdab62edb9f88596f83b58742e920d411323dd9097af40ae867601845ece8ff6a4887b3fdd2bf0f1c6686e363c8143413d19ce10897720b36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58eccb4a42d73fea942c7930753614d5 |
| SHA1 | facbbffefe0b094dc51265704ce0abc19f221789 |
| SHA256 | c708b9c375bdb1ecde6ae92c5dbcb3deb9bcc0f9d21ae49170e100042bde53cb |
| SHA512 | 8295e06e682c0c6bc82399f1ea6017d7e81d03585a0e9fedca4e80ad3b3d8c24e5613e51946ddf375f43c407d56259166c86bb3157836a3bed5d3fd511ff9b04 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b83cff4667a72717c7795163419526f6 |
| SHA1 | 211d1c5368cd286b312e57b30f0ba772135d29cc |
| SHA256 | 35c7b2a398d2532e9d70f39c1b0b344ab94d3b5cf655762ae506039db297d9f6 |
| SHA512 | 221e2559a0771b7144c329cf448177072cd863caff2d54c9d9f4eb285fde02ef00ecf80bb034904861340202def19b232f0032503142490cfc7d95226edb71f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc1e341776ed7ed8beb1ba69004c377f |
| SHA1 | e111dada6066dbeea9dd973a35a61ee94fddbd24 |
| SHA256 | 67975b3c2c0fa12aefd182c4aa6aee335290406e2c82bd4a6abd3f3b74776056 |
| SHA512 | 516dec3adc5db993a61b486e60b448219e25f55f4c39ba3b925fa7255ef3343f6f0b5cb2280cd8cb92a21f64557bfec0dab90e1cb69332e589420b1116fb21bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58b0a50c8f81ccd223e5b5a49fb819a8 |
| SHA1 | 1e5da25924bac75f9b0f7f7696d9251a75b6b140 |
| SHA256 | eff238385e2404d01fa977207a93d89e1549929e62e13fe057b72207af2ef6d1 |
| SHA512 | d9052b6f528eab2635c4cb6ab9acc284454215cf3374a6a3846002df06618435fcb03d8bfccdc306bfd551c930204c1f31ff30e186cfbf45fab2870be1aed0e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 785583d1dfc0235debab55d8cc25bcc1 |
| SHA1 | 29344fc0e06ee25f4bf2625a2130b7a2dd2fbd99 |
| SHA256 | 57a350057cff6588bdc2a17f5b42f091b22dd90f06808e5d70c0a78043fde65f |
| SHA512 | ce75e0f5261aa234cb14fd183392d52975d443221209efa1779d0cbb5319bf0fc20fbce3f012b5fa9d3dc1790e9b9aebf3315d79a7301296c44615048e9ee3d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad0937c4cd44e875fd58f8a3b2ca2cc0 |
| SHA1 | 9342d7ae545bcd1dde4d63e5135007b378facfe0 |
| SHA256 | c804b60586274aa03652009aaf4c91ba8e5e974b137fe04c0bdbbeeb55388a36 |
| SHA512 | f75df0e6d1791816547f7f9c326314bf92a331d282f5e66d404af0450d84be605fd6f90d1981e967c4f51fc02c2a978d14fbc60d7993d09aae4d4012a1a748af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 718fd61d5cba637f2b6084597a143825 |
| SHA1 | 967565eb68e25076cc6a10502b58abcbabe041db |
| SHA256 | f64f895395879e1ef74a8b41540844b649134c7b002f123db691f38bdb81904e |
| SHA512 | c7cc434167c001a52c9f3e28a8b12fcf67e8517c5d3b5c8cc5cd6bb8b1c1cd6b728baaf6bc522988cd3792a0247a29eb1026beb5a561917b3a7dbff4b80b7125 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f73dae544dcd7abb00647e6956de4b3 |
| SHA1 | 69c7979e7381463bc51bbb29bf7f1b462ebb2686 |
| SHA256 | 4a063c61f42f8af091ceb75c53d5a0294f7e40cc7c05a50ed5a3a3246e375859 |
| SHA512 | 185c8a8380476879690103301a29694081343ad9ef494cd68ebf6a598f504f975cb974c2286aad8d750f5a427e567a502eea91e649a2a849289492879e6ad58e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 41082602e802443ab3d015193f66a536 |
| SHA1 | 41fffbb01b412065a4f12214b9a8055e1e076084 |
| SHA256 | 6af6605f180b6acdcfbb72c5ed4efa20a3dabb8111a015f237a0bbb27386b07c |
| SHA512 | 046d4ef612f52d46c17b0fb1030b1a48b48c1ecf779fc95a776630eff29e6a6d5d3eff12a0168fa3172ee09c8431bf290046df33029dd219dac090684f6ebaa6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d097535d56615ba3afafb754249efffa |
| SHA1 | d5661d64b2d9cbf6406880962c4b99789ad04eb4 |
| SHA256 | 81525e5a8406fa081d7ba7bf6f308524127acdf389c64e921945f93169abbcfb |
| SHA512 | abae5ad36ea015c20ec60ba3dff28dcc049503c21da5e00af5758effa676c7b7e2457134346ad8687f763eb0d893c4d2e225fb841629fea97312c4fad0e4a6c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bbc8b4fb6e58239bf08603f12acc487e |
| SHA1 | da051ddc4e20cc5b9d3b79bdf34b653e8d6594be |
| SHA256 | a8cd34e06cf3c34aa1a28a285470b0132bb9e4d94c8d78a6d5de42021d72b6a6 |
| SHA512 | 9b87aba17857e65211ce0c3cb3f8b17206e93bf6601a124c5f9bdaa935adfe2dc736b1ede4ede463813f19c82d611cb6a4c11933797823bc1903fe5df0dbb094 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1109d6c72795dc0c0ed31dcff4e2afbe |
| SHA1 | f16152de8e68bcaa51604ad0f7515be8524b4595 |
| SHA256 | 28b3b0417a26fdbc8613a8e9f4dd8d5c060e31811721eecd5010dcab6ece0bb6 |
| SHA512 | 0c2fa07ac1cd1b8d75a118a62931c246783667cb080e64963ad54aef6c77483e5219eef6fd674c44b360e48dabc5706aebc154490916b9f72a3d5453f96b05d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca4071abda4ff70a636554964b26395d |
| SHA1 | 2b2ebc2d79a91fdc3b8c8798ec617cd61573664e |
| SHA256 | 1b8d5861e11d87877db8888a557d0c8d11641b19556a9d1a73ab564f82e450e7 |
| SHA512 | 858e04623fe2f0ec9a50f3d09e02d6cb065edd18d1ca424f49e4e62f3e9c7eb25aa3794c3c9321fb9b4577bf4b0a795ef4c217f3c246e57801ca5bf14be387a5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b015b41337267589bfef09c8da9be09 |
| SHA1 | 7febf90ebfc9e3c31ab86550d1b50a9b6a0613b6 |
| SHA256 | 54f3a4dd122848ef83c28948a11ee6acdc337b25955a86b6431ceb08121a3b32 |
| SHA512 | 97d1e68af80185f3152b5ffd1fe04eb5cdf928272efae23ee6cd595d342bbc4effecdd74d5a7780a9474dd4695830d5bb79ff9260e9acfa277b38089a90506f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b1766b3d962081183f23a6181d8f21f7 |
| SHA1 | 9188d040cf493c095106a4997e388d33e8ba7ea6 |
| SHA256 | 3159127c69abd0f8f2a3e364bd4baa2254c37ac1e15663301ebab6b99d80be43 |
| SHA512 | c55e3cfc76eaf6e4ab205ef2a87fbddf897d0d5cc10cafab32bf0bf2c26cbdb62dbd47ee41ae809f5d69aad13e7adbad6d2082e0405af09a7cd3d7c4a1180090 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05ef97bacf13b1cabce6eb76fba619c3 |
| SHA1 | 50d2d9dd172d5765a5f68cfbe9bf9675c40fe99d |
| SHA256 | 693116e25bd0afdc00c8726645f1dc62164ddbab3f48b6905bc141640e332ccb |
| SHA512 | 82647980849d561f33f65d6ff1ac544c901cd42a447c891985b1acdadf13e26a48874fb1657abcb53926e0ae259a06f897d31ac1c22abd4c3e1ccca0550f1437 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d23b535642f38bf120fefab132850c38 |
| SHA1 | 907b7195998f3bf4e4eacdb5fb1606932b8c3ad5 |
| SHA256 | 47ca4555e70cb4856ae4982fb482be55166a14a3c32b7216efb6c912fb9806c4 |
| SHA512 | a80959cd9513398e2b206a2e5c9928dbee192955d9f351c836641abb5e7948b5a10590a5f2c16a743dbffa147731193afe3207c4999c34a877324673f8f56d67 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f68a4280833100768c547be25d6ad74c |
| SHA1 | 8b95f08eceb91320d1157fddd37a5f5150acb91e |
| SHA256 | bbada1f498ca008c42a1f30ac933f83c160cb23092cf703c2e58f9cb07059e80 |
| SHA512 | 7433c1de76293c9d6f2b77a997e553dbf89702f80264c17d2e200f5d9e121e9697b4387c58c85274bb11efd47a9e93b0c89edc67e08d37c99541379b811c5b9b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a1b49d511c0c21ed3097c8a34d37bd9a |
| SHA1 | 73e46601094245a3ade0b0a353f097e6fbf64bf8 |
| SHA256 | 724c385c1101c4a6179edb413c0990fc697aa3b007501fdde4cd30a4ec5f69db |
| SHA512 | 5a2b196391b9768e1e7ed6b101b828c0e794f23a9fec030261321108687b1c4880f9f0378dc2a918170331b64c3bb938b899f3f2e0fb33a058cdaaab4d88c2aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 54c132d3ae64c45d9b848bb3273985f5 |
| SHA1 | c4e71dcc54b34a8f0eca095fa70f6d679f736b26 |
| SHA256 | 3ec58254228c873b516377ae408b5854dbd16aafd77861d309647c85df48a95c |
| SHA512 | 6f46fef3724be9a31d94df9899382edc55109b06704fc1783d48e8e92f83a2627fa534acd39614b9a4d10c363df810fb8233b4d648fec6f49726bef07bf74a26 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a1081505e5c638d54b3852e8e11429e0 |
| SHA1 | 94cb2ce4a2d401937b08ce2d7624fe6c5f85e439 |
| SHA256 | 22d25967d03c349f635292a0213eb1930cd6eb6d96a5ead67fa69a95142a4662 |
| SHA512 | aeacfe0a435ab3e3bb143f16abbf990c0ed31e9c949e0388150e5185c669a38eeb378b406a20de848160d6b7bec493e1eb963cb3565c7ce5d221fb4cd369dc2d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa4ff481a7c33520c933f2c62f8a8d8f |
| SHA1 | 1aaa1fca46785784dc7b5c62d5c99c5f322f0753 |
| SHA256 | 2a76f1f4a0294730b1c66f0ecf990b552915951123dd44e7c997c366b2bc523f |
| SHA512 | 364ae093285f5acc1dfcf68584d0560c278e393d82a547d61b6b9b82cd0db48e2920be6ff3a70699c31f8667168ce2ffe23cdcfa7f068c52c0d1edee1738a516 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dfc9155b76019703e1735eec6085202e |
| SHA1 | 53f20a8adbef6d1a58bd377571556dd0825ef00d |
| SHA256 | a2ed1939c6ffa2814c6e6b21666054c9086152899496a6a6dfe0303b9c45f707 |
| SHA512 | e1a967dcbfeedc68344a6fa95a50158082c906fc68589104d7ef77f49c5ae562de0a841fa8e8d189d8e6ba0865681b8ee6d5887af30ffb8df9fbe7b021ab66bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee08194d838b50dcfa05bdad43e1fbb2 |
| SHA1 | 0c0e275a49a4d2196bb053adeb9587dae181d238 |
| SHA256 | 2f0fc6dd8944355cab470af4b0a499f5615f32e50956743c8ffcb0a8c2f55b18 |
| SHA512 | 4ff69d9aab58aa54b9e976c306358cad7a40db5179b5bd011ba3616cafe57d70e87e6b8065f0153f0f5372e7f37a56817a177c5248f01bb1accb65f2bd0937a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7cd4b61045369c8b2105ccd35eb6deaa |
| SHA1 | de96802fb8e1ad4c3f06a187e17cd62e98b5744b |
| SHA256 | 9f19e0d01dd93f844ecdf4d1d845e670f2f8616838cdadcc9e6ccc8fa71017b3 |
| SHA512 | ede4f385432730570f0c2211410850803c2d2cde85bcf2f0bbbc349c98a28183de89148510151f249d202ae5598103df0152771922af70dd517a57c2d479b932 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1696de2b57fea4532c7719ee8f81d270 |
| SHA1 | 6ffca23b8c52546e199bdee91aadc8d308bccb01 |
| SHA256 | 15e3cfb1527fb8d2b1335e480617bc67001b41fbfd85accba41ac742256efa05 |
| SHA512 | 0098662825258d72940d3b912db5f99cf552a823c5690618ce831aa4f6d988dfd59c911d1880fb3b9027a99390e5ed232fd6d7467591a45d5df50c8e2cf9a68b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe7b53cbcbcb49bdcf36f10eb7675d30 |
| SHA1 | 9710fa8c6f98bc3650da31308070199f3fb8ef8a |
| SHA256 | defe3ff0ec1f86462e4e57824e47a8e15ab7d7aab848e4f570409210cb5f90e3 |
| SHA512 | 4d55275e36c89bb92791d347fa41cd9520451f27ab13a209ca763411dcd225dfe6df4f1ae609744928dbabd05b5ba9ee5ae3cc0d8c6c517f362e5ca146149a22 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80c685367d162135cba457aa7557c4f4 |
| SHA1 | 8b57b3e91d86bdc9c4b61372045c8e3263b0e296 |
| SHA256 | 84658147b9d932ba50fc80d76960e9ef383dca74264686366dd48fe6acca5b22 |
| SHA512 | a255d838468cd0e748d2c7920b86d63ac7ecb1489ef45ffa1884d8decbab563a4bde52fc38cf26d2395141d4403073aaab819867963d850c03f4184d75ab2c88 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b8a64927b1b343fe4065969c99a4033 |
| SHA1 | 89510aab1ae502461e3c8275e3dc7bc3fa8c174d |
| SHA256 | 6ffd4bff9fdd4c28ac32560a9d3de503e38589dd73c6744a5bd9b8c69edaa0d6 |
| SHA512 | 30deda912a445813bc070d13ea7b74697b2ed276c5590b5a0c9b164c93a22d30875b2bd85f2d9a06b88a4d5400dc24bcb0dc52462ef556a7d539b6206cf05e5a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b227ea9e5174145da4f42bcb99810005 |
| SHA1 | d473b706d8c19025e96b114b6851a74686c92ab9 |
| SHA256 | 1b2bec4167ad456b5b49b604284a52b06862f8caf4c0bc9f98314e023348d118 |
| SHA512 | 6e1f42c37d4ffab94a76a515170a87bd5401b915b9cf6687ca74d7a2e2ea6ce0f2628b1736af6f86bab253d69d49d2d8829f7fc37784e688e71e2e7de4081dcd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 34b697101a0b9ac6069c8f79d533fc98 |
| SHA1 | 9af40102ebd59d60b04eb1ffb3f0a258354b5b7e |
| SHA256 | 5ed2cab920e887f91bfe53fa678d0e49ac3742f6abba31d0a9da2bef52134b4b |
| SHA512 | 111c4a86000c0e2a7883fbe161298b74ea80c7853d095cddfb937840b8118ee5ef5f537fbc32861c4e2975123329099beee1b149be4ef25b978e5971189f7513 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e2d870fb25428aae0f0f2b23ea0e50f3 |
| SHA1 | e86851ff0d9402f9eed020aa9c1a3aa434fa19d8 |
| SHA256 | 6862a166b7a95b2ad7f955c299eb238c51914dd3a560ee75794d326fa7754035 |
| SHA512 | 1b64d25279204ef8147ab001f8cb2afe967469200e1439bb734e605fdd318d5156fee48f1e4ab6ffb9c85b7bf17f9c00805ed69e65e6e1ad6d886b1977abdb0a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4dfcf2691d0ed774c822880b56276131 |
| SHA1 | c5a40fd266e9b814258795bb3238747231a1142c |
| SHA256 | 96801c4454e050412175ad2b78e02a7e29bcf155f84fc8075889d691a58626dc |
| SHA512 | 1e342ba1596056b8c13de7504a48f5ee250b77cd2d60810cf3f57234741406cf083003432bbacb4474b9ef41d424e134891cdda890afb3e60fa7272ee4fa3c97 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 501f3854cf27783cc12174b62fc77f7a |
| SHA1 | 49703fc0e2f8e91e1f9d6447b9480d90b2940604 |
| SHA256 | 375149ba4734538ba4d6a93f480d2561fdfab5e55c7fdfc34ea639be79e52ae8 |
| SHA512 | 8c7cafe32c3bbf8b37a67401aae3629f48a94ea36a3a59d29ee2bbc177cb322d84861210230e30dd29e8d5796e02cd1dc652f22b53c6e1ce6c203215c9e06015 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6795b529e0c80dab0b42650a603d68f2 |
| SHA1 | da8582f0ab760287bdf9f5653eb4f978ecfede7b |
| SHA256 | 66312af5237b80d3857246a939336cf475e354d85e8c6d98a16342c4f4a90110 |
| SHA512 | 8871cb034c36cb892530756544a346ac2fcd1863039896125a235235b559ee66f213ffcd99d1f31ca33868b92640ac859bd66ca30b7f53de4a3e9496eaf5070c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 36195c2873c621add19cd720984698dc |
| SHA1 | bd0a20abfcbb0f10887e0466840130b9d61490d0 |
| SHA256 | 2ad02979973f68c68b99a75b4b0ff3139047a961f29a149e82b1c524f04a7831 |
| SHA512 | ff087f4b150ac2a771910f42f03f803ed60e0420e241c134840c0003d6408823a646e4a1b7be99a09594ddc943e32bda1a31ada07394992570e0124bb7896553 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 99c2da199da8b4f4aeda904702993e17 |
| SHA1 | 6f74916832dc9e31c3d03d9f1e5df4d78dd89271 |
| SHA256 | 2ac376bc794eecf927f0e1df62dc012dad48c733cd55a8510aa0ea88201387d8 |
| SHA512 | 5fec4cca3d81d6378c844fd0788b4f0fcbbbb053bbaff8c3bc01dc197475cc13d21df818284eddaf85f883d44f3fc6293122b8313d75aad302cd6f4a32d5079d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a724097430dbf6318fe4122715c079ba |
| SHA1 | 9e1d852b27455c1657230933035e05843963c7d0 |
| SHA256 | 23d43da635fcd2a9f55e6a6b4845eb1c8e9ef824f81f15882315077cedc4874d |
| SHA512 | c6d86b4bcb667f3d87752459d4356822a2b21c13f3596c7165e8f2b1b2843a866b6033a9ea594e929ea51100107428a55f49cba760290dceaf9964b7f2454115 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 742bea363bee9188340592c0f2bfea8c |
| SHA1 | 62642151ac45ddd299f036fe2838136ccae0fec2 |
| SHA256 | 55c56c0f8f037b5f6608867edf415459e23b310f58b090d971b5f9509dd36ace |
| SHA512 | adb68acc7561b5d76f68bd0095cb1cdf484b09703d335fce6be9bebde7f74a21f751b5ad36c72045a66881215de1520877ff09fa5c27cb7f94f52e3f42936f67 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0989cd0d5ebf2dd9bdcdfcbd8fa17474 |
| SHA1 | 042ac27109145562102991333b928682ba47eed9 |
| SHA256 | d3659419f5da9686ce7e79c1709a062c8853e4591491794663f9e7a42e27d68a |
| SHA512 | a8f94fe0c3210d31c6eef45593bafd25b2682f1a403d21a5e49ac87efd6f7b076f22ee7d1be82a6672000e30bbbb6db62e20b4aca29f1325d43815befe5e0e04 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5bd36bdd233f89ff30ff89216e13f977 |
| SHA1 | 6109d041bd0fb287cca9bab85cacaf4fa3d3b1fb |
| SHA256 | 7c65899b15cb47a098f3fbc5fe4b202fc86ddf0de046e14430bcbf0b6f5fc5bb |
| SHA512 | afc8395db1577518adb2bde3fe76918d34c11abb4af3b0cbc13b1928b40296275fe719c6d74a8b99967758a0ab528681498f394bc78a1854d9a106ed8681d5fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 826a0bcb558c8f53acdea5d2bfc2a53f |
| SHA1 | 225e0d7674029119920203fb0d815b5f8156d6c4 |
| SHA256 | b0cfba291dd3a49db44912ad73092703ef6dbfd16860993a8bbf4c32bfedb735 |
| SHA512 | 06d2b9b909c0dd4fc36de2aa094c93c09eb5e2a008a1ce6b2433e60f9b5114e6750ff931005d46342de9aaaec5672a0b3aa92d711b7652c4659fe1d0dac8a2df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1bdc80ef52bd5386b2a9001a131a032e |
| SHA1 | a2d58fbfbdaf7ea1936856fe32eda6b2b48595bb |
| SHA256 | 6759a10498024b07fcb1c55f2d8011cfceed8c080ce978a91ea9dfc6ed05b5e6 |
| SHA512 | 4acbe49138a63e16697428355d38a2a22d5454c839aac05e374af944721957f87b02c6cbf3f370756011e3cf96a4ab209d141f382f5a075c014664da5822c115 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a0e5db3bfcdb9e8cfcb409a49d6d5f65 |
| SHA1 | ff9e053a8a2057ec51f3872bdc4b204e141f8364 |
| SHA256 | 48265a5ea001e0226a5d837b739f060f9f9b8f4f29ce598f1642ac82d1d7cecf |
| SHA512 | 828eac7dc4399d8237463ae084110e4ffdf11d7d7027c91da53d63982e4fadecb9ea4a56acd50c5155f1dbf76e1f6d133da14b2e04cb7fe6c31df3e03d2e3327 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5ff38cedc9fb19cb10e3a9108ed7cf6b |
| SHA1 | 3aefbd452b74af94040fe58d5ed2d6a7e5579e81 |
| SHA256 | 38f0827366ea20b4f948401b502d1dc2174a884998cbb1e18b9e5c0f7791aef0 |
| SHA512 | bb60a951150811e9dfef8ef889f67866ce09565cd77964dbbaa213ae11134683352dadb2c850a2ab369bcdd958036a440c26bdd7f9c2b9bc2e760fbff57f86da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b68d897480c471e1b5896a34bca68997 |
| SHA1 | c2abbced8308d48ebfb85062599ffc7abd00d7d0 |
| SHA256 | aa8ce9610d176ac293fc85a85e80e8d42179f50f64ba920ff6974eb9d260467a |
| SHA512 | f7c731397eced4bb591bf2b45cdc3baf81b67c46e562bd6e6d8327cb5061f1ca51c058e8ccd51774acb6acb7367647c834dc85c441dfd02eaf60b357b9d60512 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e20c1b772da06682d4738da0c4f519e |
| SHA1 | bf98404d7e9994b47ea06b7c0c783f53a148a5c1 |
| SHA256 | 7cd4c39a0b7b7cb26cb13f9b83cc72445be0529f4b07fdd43eeeb8394fd4870a |
| SHA512 | d42876ca3d54bd2a9161bf2ea8dc0a16121aae727a54b28b5bba0b277128caa43c232b1bd7cec589c7c93eaea4619c85245f31ab84a5e54cea196b6fd105f05f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7014583b61bacabf8d290ba21fdcfa70 |
| SHA1 | 361bb307c1fae214c40f68920cef2e3f786c8c01 |
| SHA256 | bfc29d6d1ded7c0057f45e9de31b83d124b52047cd539a4f90d802a7eebc9ee8 |
| SHA512 | 4fe8a1756b34d9627a483a9e58f70cd8ab0eac086d8e3c54bc054e04d1f194b35d69ee571d9e9012566704c8304ad3f0fc0980104598724a08111913f457dac0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 221154900275b272ffc9572efb16ac57 |
| SHA1 | edd0f7569fdea1bd44d33a33a04137f76f92e282 |
| SHA256 | f690103c4aff9ac057eabf9e27adf676bd0b4e1079d99f7b7ef6e3d45e908b5b |
| SHA512 | b65b30ffaeb640aa5fd753ed37227f5e06a88c9172f45fbb8d1be2110d95fd319a2dda174a49c3ff762eb6ba3a7db4b7c1985f182bd7c129d510f5861eb0dee4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67f215df87b44f5942311ea140047296 |
| SHA1 | 80a8983fbefbb1aeeeaa488799cc6cdc1444847b |
| SHA256 | 8678e7bcad8ea6f787952d3d87432905d7c33131ca8fb608778f4f6d38923924 |
| SHA512 | 27e63cfcda4ae686fe40cdcb2cc36b97d9ddf8032f6ee4ae38892c6eea5b8ae25b0a965d94f6f9d533c610caabaf46e070132aa6cb5d365401f0d81277158755 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7948d0fdb97287ddceb25d82ae979237 |
| SHA1 | 3081308993bea4c42de171ff1b71703446894541 |
| SHA256 | 8d1597a23fbeda4d8481f0c6c97942d9c919a31c9baabf0bdd55496c4d131bed |
| SHA512 | 603744a7c2dad6012aeb4cd6a817424f6d81164ef409729eed19a7aef900b76abd4bec6f8d542cb8aaec35df59b9f1aa14d1e629f6b41eb2f95986bccb13b116 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 752ee567406998b430886611f49f5aa1 |
| SHA1 | c206104de51c57f18dac0114b839caa1faec8d32 |
| SHA256 | af32e69bfb9bb5c9201327d38ee728063e22566adbd139f60f0cb7b6af5943f6 |
| SHA512 | 330f91ad54f342dc652bfe6adc687f25fa02b9d19dd45bf5bb6d339cfab31b9b8af3d080d1369f096a8c8377d1afa99c6f6b306448ee8ae1a9551bf57c1f67f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ccb30861747e8f0c7875590ce17e223b |
| SHA1 | a90e393269da78d06b81f3a3aac07ae078951ed4 |
| SHA256 | 40494e09accb80804b931562c97afa114471fe65e85c5164c5647bddc8e1b581 |
| SHA512 | 897d09619873dcda9f17cf6c28ec8db89f1f7612341aaf6ac2b718e77eb15e5d5b22240d011ec6093cf968f433d5d2c437e3b95594f0a4102d333826dea094e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5180df75ab4d98cc4a84a2645bca1710 |
| SHA1 | cb39acee29d480f90993a88fe4f62d310fce7356 |
| SHA256 | 0197cb1607694bd92cb1c3f8a811c8768663525be052fea85dff12a45793fc03 |
| SHA512 | cc642744196b2c0d30611187b13336253324e9b18f16cb4c32e5491d0cf5b631cec529df74f0343a4504553bbde3f7c0d91d7558eac0681a606408ff20ff7d6e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8b06c87676a230442b299705a50c9ebf |
| SHA1 | 7f902c5357333cdeb4ce037f2f9c6b572e35d45b |
| SHA256 | 1a2851d6fa98741e15d9abb7f1f6ee247eda5a2452a400bac2144fc4fa595f2b |
| SHA512 | cef5f57c940059595addf3b6c0cae682a76e691985c05f9fb062defa42f611d360bbe654ab8ded3fb64847f26f5ddddbf4f6132c9f36a0df990718c470cc5655 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 85bd8dd731f2579b77ea97e8e5275070 |
| SHA1 | 75097949c08e461fd658d58a2f0814ab24711a96 |
| SHA256 | 5bf3ff0ff95b525b18b605e3586b1de9aa556d968107179dc8276b96159eab93 |
| SHA512 | edadba78225278d3a548a7351a2715e76ac310a1230a330133b7eff914b20c237485ca61b92096aec85ac79f8e21413274302e2f18a0ec4185acb80d342a7f22 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 90cee936e395f9b5fd052bdaa0a8363f |
| SHA1 | a34f8e7821ee04cc6d9b8933f63dd3cfdbc6ef3c |
| SHA256 | 36125d9239579282c10fd33ef2aef3866b8752f84ec3b3e5cb6971fc57a69655 |
| SHA512 | c9e9dad47464f794f155fe9af21037187a841fa2fd7cb9c98e16187c576142acdf25c91d17a18b951e86ba50e0029022a5120d79c45f902744cbd8232b4e947b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a575d1c023104604dc5790b1789d35cb |
| SHA1 | 6f096f93081bd76b1be7427e8521a810dbd52859 |
| SHA256 | 1a0592d0c7b2d750cc9b1fd9f2d3865eab7079ff7c77aa87264dd9a8650edf66 |
| SHA512 | 42c91327a4fa17211624695a5150d1de258ddaeaf63e9b6699e99cfe53f617da861788df8992c3c20aa22f325f9f37a45b7c601bb1846ece5ef51309869edb92 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4151477d73d1236b23bb5320b0f13d1c |
| SHA1 | c3c0d3158bd224e85a49e2364263318528363c38 |
| SHA256 | 8f874e47ee28f5ee63cbb87f07a9b6bababfec49a5277b7209dee4fd361c3a74 |
| SHA512 | e7f489d7e82411f6dda596606b87b0a0a7fabff526d7f65b112d2f667de4fe326e90efb8bcd5aa259456de7a2d45cda419b225e3bee95b645000331704aeb7c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3fae7e5ef0682639ae0e62d735235a47 |
| SHA1 | e1ac7ab8dce2ce35a2adcc73ba8f5c2b1d8cd682 |
| SHA256 | c23293769950566b68100043947984d27eb3ee75afb4f34eae3bf8b907342681 |
| SHA512 | caf581bb0ed76ecc34af629297fa5f4e98f2b8f16e5242cd54505f3e93a9384a3cc55ad6259dec5048d7d439d3201d9f3dad548bfec2231b231da0533e9d7b85 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7bc11a8147f9d4f025304dc4f318ad8d |
| SHA1 | 90f7ecb65aacdf71efe1b2ef1ff06ea3d5687313 |
| SHA256 | ad64e4d4738f9b951c53ff10d396a81b44652240b980c834f6a5ec7447cbb66c |
| SHA512 | a8b3bc91a5eb97d1f74189be1a0189c7c068164d969a4cbce86fb947eaf39df54a2370c617f93fc87e38ae4812801dfbea8f184b4e3ba03d7286680c12d26e8c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f4b9aa465f6c55143dbf11612238036 |
| SHA1 | 3a04a7aa5e6a3033e421f9cebb68fef7942b4964 |
| SHA256 | 6eb533a2a5bc59dc3bc947e0919a10340f18a5543d863bf0d3cb8efa1f8d72de |
| SHA512 | 2bfb89992f0c10387c31e9c5dccca9d19f301c8aea7320c94a5cbae6fbdc8ef9e42e29e323ddf69e59d244d411d9e1ba9e2ca15e06baab7d21e2b94c1908335c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a772f3f3955680ecde3bde6fb8e3c275 |
| SHA1 | 56f7e65fa549a1855d836c65d52d5393b1539fc5 |
| SHA256 | d175758b23855f9de9816199bd4d17c14ebd8dda2cfecb85d7c184723b8386c2 |
| SHA512 | 87ddb111f2ba823c20730e39bb2cf7eacc58712dec5f2d72a6c171f933cc6d94e5607c2f419f702bb623fe8b45b885329ae66aa7ed751f6674e87eee7746f00a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ce82ead988aef5ae2de6bf3df45fe2d |
| SHA1 | 0a5763209641e5188c9733fd8f655438697b9815 |
| SHA256 | c3afb9297d0da61425de43876801a215050dab1a7006e73ae3a049b8e6234201 |
| SHA512 | 3f47502eb0dde14db9b2531c20228af9a837db32a3f12a5fdad8e2262cddac375d8cadd1e7facccbb356369415cb30f91cd6ed0d3627515d27e0ae18cab93d5f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e7d9ee47d7be9d05f5cdc7066fd6e24 |
| SHA1 | 92e2447aa9dd163dc1bfece8704dda594fc87d24 |
| SHA256 | 51f49e7166b2df9720c7bdbbbb5f5313fb05c601a0ab9f6f548578beffc3c7fd |
| SHA512 | 37198aab5a50ae56d979816a867d64688cf0d1b5cd4d959cd02a42782333a2c8e2e94a708d9403568916ed7c2e3f5b87ec54423b05c1c3013c938abcb8c5fbc2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb623dbc1040af062b2980f0d2edba38 |
| SHA1 | bac885ad2b31259fca8ad8194871ebaa553c0e65 |
| SHA256 | 1b6d6b7d49c22ae1fb2aab148bae192bb3777071dc0cf874c96a189038c7fe33 |
| SHA512 | 13b4ccb9fb67d35ed78f4db3a9ffebd08197c9f2e1c93b07aacde2ffccd5da26e171826ed99b90f393b400537e954575a05eb0dcac9e4b04dbf0cb1ee3f08a24 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd09e26e264c62b914f955fd85e48c4f |
| SHA1 | 9160b69380f56455707de4b0eeb651d586d87f4a |
| SHA256 | 1e4f8a8a7f6ac1b2f605f3c15536da2e1d581dc77dad4c0f8378726c9dc7897c |
| SHA512 | 70be3885242d3aaa309d5778232eebe415f97b363b7be48271cf40cc95310583c6ce054e5fd564de19535f8327eea125d37ed7e8ab4b3f00f74b6003566b9cf6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eee059343391638a40b6a4f8f1f0f357 |
| SHA1 | c101434dbe142ac41665f29d0c68a34bff38ff88 |
| SHA256 | ad3918a4658585a003577d44b347daac00b1688b8cce5a8fa89bd9b279f03fe2 |
| SHA512 | 19a5317ff4ba6f8c892be05a671f4f8d3922ccc1108e98316875b2eff54addf3d519dab6f0140dd0f15d9f035d32886829160685afcb28b44685cd5528532fa3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d96a137e2540d262377f75ba0236c705 |
| SHA1 | 4e6033687b8868b9f2fff321277ac5b078a2ce9f |
| SHA256 | b75297dc1d76f6b044082461a6cedad914801b430e25cda09b9248c43c92fd7d |
| SHA512 | 4799e5c90252e652a0cae8ff1056d38310cf411df3250f131d5ad94a9ca76acc872a3ffd358cd7b2550ad461d0786954c2d532f69783b57bb8ec239821b3b1e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 51d8711edf46f3683904e18f20683b27 |
| SHA1 | 122a033cf94d264796ec88a5104d86804816442a |
| SHA256 | cbb6a8aaa11cb482bfdc15647567412940ca4ec9258c9631db1b1bb4f1a11f35 |
| SHA512 | c1080bada1a4574ba6552f90f0b4473bb77bb9866d35507ad093a08729d96dbae3b0cc88e1ae8c4a4eb871602046b52b40850cb7a1396edf0bf1f4425444840c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1927062e9d05795fad536979d87a6b79 |
| SHA1 | 6ee3f5a70ceccce0c38ddacd5ba81b838009947b |
| SHA256 | 1d9f6f32a24baf64ef79f054017b5e8761e7a6244644dc98073c06e804de1349 |
| SHA512 | d8492de513658f850849dc6a7c798bd5d02da5e5b1ba8c54771bea9449b75e1b35879dca45e8bd5da7a534b2a37a8a9d591a0d63c553e84cfa37f14945fb3031 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 170ce3bc10e911a383281699d21020b7 |
| SHA1 | 035aa0dc081a64d2cfae7209024bfc5e74be266f |
| SHA256 | 4d76a5aab7b63eea7a175506e741c5aec968596e3cdfed588491db168f6220df |
| SHA512 | 9a19a6c1be7fe550c62f297094e73eb5608a6c86da044287684779ab777174f0b78c9e32f449f29acf6ab9e12dc94329ba3d8a2fb2d75e3084ae4154c12d6386 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c007201af57bc5e367f74df35bbe4487 |
| SHA1 | 229fed72b9024a3b050a82ba48f4722e5c28f3b8 |
| SHA256 | a5190c63e9500cd9369e3e7c749dd0b110edb460f5254a83d81eb7b71ade0544 |
| SHA512 | 17bca6e82832df3acca40460931b2cda5e4422baf9b40467e4e874c6d958ec0ccab45f2c4f329a202f8fc3bf9646758ba5bb2f4a56694348c92f9d60ba0350af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e26eefcdd7d58852a3181c8b5ec817c |
| SHA1 | 050c7290455cbfa59ac98055a104edf0fef0fe6b |
| SHA256 | 70f3468994002b08c9fa0dce5db1057cd304e7a963c62300cd781116c302c4d0 |
| SHA512 | 469a1095416e685c027db3c2da24fcc959583ec34ef5fb925de503c7e3f05c8188bece122c8964b8a2a9f52da13cfddd59205aa3f34e9c18ebdbe4fd040d7e9b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 73a7ca1734792ddfc1540a23fcd1f7d8 |
| SHA1 | 8bd031eb7505d8170698fb350206ef07d470468e |
| SHA256 | f2ed9e21893bcbfe904fcead420e65cfafb889879551fc34a35f83ef9a16b526 |
| SHA512 | d96a9100edcc988f03847748fc5de58c3dc3c9dd1d13ea7d743a28e0f08144758d9d2e575e0584c440ffdb648de29aa5c2c532d0aed25fff77ae14d0555f86e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7297a78079da716debb10475765591ed |
| SHA1 | 675841d9188fcb4df7da277870d2c5b12c5fd999 |
| SHA256 | 53c109115c57f64001eabcdc2c3e2266950b5015c8227e641af0f4a77272a905 |
| SHA512 | ea50eedc364510d4bba62be463c06deec813aac3d80cb766a82c405cf1c799781b0a1aa279699f9b7e9a30421427a25cc6ac2a4ac0f260245504fe8a53a860a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3dd2cdf70502c7cb6e5df9faaaa08ec6 |
| SHA1 | 880233e11e9bd8d858c25bef0cedd3765c62d8b3 |
| SHA256 | 1ec8a231d50969f0603f20a44bbdd3d5662596f242510813d94ae15b030ac2e7 |
| SHA512 | 97d810225ce1c2d645a5b2a386d23d95b3968c34f4400154c8919046e45201278fe6b1d93071cdb1b9f5f153408f9af7c5091cc7362fc14844e953b1aa954402 |
Analysis: behavioral10
Detonation Overview
Submitted
2024-06-04 20:48
Reported
2024-06-04 20:50
Platform
win10v2004-20240426-en
Max time kernel
150s
Max time network
154s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2611067143.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd329346f8,0x7ffd32934708,0x7ffd32934718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,7264852725245695081,17730510538513568837,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,7264852725245695081,17730510538513568837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,7264852725245695081,17730510538513568837,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7264852725245695081,17730510538513568837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7264852725245695081,17730510538513568837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,7264852725245695081,17730510538513568837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,7264852725245695081,17730510538513568837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7264852725245695081,17730510538513568837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7264852725245695081,17730510538513568837,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7264852725245695081,17730510538513568837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7264852725245695081,17730510538513568837,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,7264852725245695081,17730510538513568837,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5032 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.028jiaxiao.net | udp |
| US | 202.5.18.17:80 | www.028jiaxiao.net | tcp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.18.5.202.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8b167567021ccb1a9fdf073fa9112ef0 |
| SHA1 | 3baf293fbfaa7c1e7cdacb5f2975737f4ef69898 |
| SHA256 | 26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513 |
| SHA512 | 726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54 |
\??\pipe\LOCAL\crashpad_1200_YDPARBQFUSKTSJAK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 537815e7cc5c694912ac0308147852e4 |
| SHA1 | 2ccdd9d9dc637db5462fe8119c0df261146c363c |
| SHA256 | b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f |
| SHA512 | 63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d68a928ed6520f29329dd50ab8ff1726 |
| SHA1 | 676840d64745d97cac1cb7eba7eaf37985076907 |
| SHA256 | f22f79861ffce62be49fe10f10364c0c0ca0706b08a3fa25152d3ba6d8d9ddf7 |
| SHA512 | 4549eb37c4c6632d088b11c4665e56cbc64119db970e0e3fa542d284c4a6805181bfb338ff1e120a4697dad3fcd352b2c3ee34a0948147ddb6ddf13252fb18f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b45f967d29d493b71996186034706a3d |
| SHA1 | 1740a28b30c14718ff405c87468e39cfc8107760 |
| SHA256 | 0dcb0692fc74d1e7f3aff30b3108fe6df4b5a2b4a14c13fdba9132e92c7455af |
| SHA512 | 089f1900fedea61802f2dfda46376cfd364fd6e0c834ea6de1868b18e35d83e28a870905ceb2a3d129e06cd773d0bcc392ab3389c8b4d2fe7f1df5150451ebea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b1ab2a709b3a9a7ef3324f4070f12ffe |
| SHA1 | b4f77fb855ad7e00fefb437784234f671b3ddcf2 |
| SHA256 | 888813ec3fa91ada5d497c59a49301db5705ce13cf6beee98fa483959beffc5e |
| SHA512 | ecc46e5c43bb80029e3cf6651e5043441e16df3c0fbd5d81234c9a23ac7cb40ca5674099f9f6525eea81a7ef417833cb8297361e9ccb4432dfb4af21fbd48b4e |
Analysis: behavioral11
Detonation Overview
Submitted
2024-06-04 20:48
Reported
2024-06-04 20:50
Platform
win7-20240508-en
Max time kernel
139s
Max time network
144s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423695958" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C1935F71-22B3-11EF-BB1E-6A387CD8C53E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000006878806f7f8bf652cb0d0dd3a937b816b7039c6687e700919374033ca2681ae6000000000e80000000020000200000002437eb056600e97053d941ced0b6261df052246f17a7b3bf3f0e476eab4aa0f52000000094d246556a13e52915170e9a42c938c459f9757a8f075595023ac2e8b76968d7400000009c197b96f02966284e4cbd2bba7344a60d25809339771907619fce5f405a8b623b172a30c20415811d252ac7c411e12021766a70ae06bc7b8d58ab9b43df9eb9 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e003db97c0b6da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b0000000002000000000010660000000100002000000015153224804b686e351127e8ce146df35cdb306f054b222d89e7bef7236c3872000000000e800000000200002000000094bb06ddfa0452c81c166958635526acb797ac35e86080efd2d77441c893ba3b9000000060d5b9c35356b07e9185b1cfcf64e29f0e5d731a0b908c0e794cd4eeefc13a73d7c40e2b2e75fe72b53f979fadddfaf7a22cfa92fc7f7d24a83287eca9942838e85ffb9d2e4db2c7e1a03404b0853fe70988ddc09b08fe03d94ab4ce881ee6afd938d7775d3ba4a2150579155837cc896b624a393dfe2ece62abc6f0423a51a629f4bf84bea27120192895766c292939400000004088d27d48b3bbc19df22063b573ba45b35f5ac818f6116a8e23eb230255d0e62368be533ca234fb8a12ef4ffb6c1f16b70bf163adac5c504855af8e699343f2 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2280 wrote to memory of 3020 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2280 wrote to memory of 3020 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2280 wrote to memory of 3020 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2280 wrote to memory of 3020 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\contact-domains-org.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2280 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 8.8.8.8:53 | www.domains.org | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| BE | 104.68.81.91:80 | s7.addthis.com | tcp |
| BE | 104.68.81.91:80 | s7.addthis.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 50.28.32.168:80 | www.domains.org | tcp |
| US | 50.28.32.168:80 | www.domains.org | tcp |
| US | 50.28.32.168:80 | www.domains.org | tcp |
| US | 50.28.32.168:80 | www.domains.org | tcp |
| US | 50.28.32.168:80 | www.domains.org | tcp |
| US | 50.28.32.168:80 | www.domains.org | tcp |
| US | 8.8.8.8:53 | domains.org | udp |
| US | 50.28.32.168:80 | domains.org | tcp |
| US | 50.28.32.168:80 | domains.org | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SVBQZB4R\recaptcha__en[1].js
| MD5 | 82eb347ff9829de451400d8b672df1ef |
| SHA1 | d7419d4ccb8696bb2a90519a4e2b916d64d7d537 |
| SHA256 | 44ec88fca0b915a741f9efcf5ef13d40133cb7e6501aa18d56490532c83adc95 |
| SHA512 | 6ffa79ec2f3b2941b72050c72307933c39c0c7a56a970ce9c90c2d5aac21609274b833a790b1235217995151700274732ea18cb87c0c7969235304052a4cf380 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 326e0404c2c7b4ea32f42a2548ce5f56 |
| SHA1 | ae3407dd1fa514f7b3643a3bcdbe682b1bb01740 |
| SHA256 | 90de01fdd12b24b9af0c1516130dd755daf6024eab94b6f52ca13f85dfee04f0 |
| SHA512 | 18bb8009bd8b66ba12579e756ba8389709dac30d2cc5cb98fe38528c1415b9e75d059ac442fa68f684f2ab025a4f5f054eb70deb22788ccb0d13d9425c8a451a |
C:\Users\Admin\AppData\Local\Temp\Tar35C4.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\Local\Temp\Cab35C1.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar3666.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e13c747eedca3998387955ae1194e658 |
| SHA1 | 12f9f0df0756a2c3fa5e9cfb5f03e85771d992a1 |
| SHA256 | c1c79bb846c65d40965e86f6b72e9363a392d66480c0161f2a2c767f22a02a72 |
| SHA512 | 87d693e0e1062d43b7d1cbfcce716b50030b746681cbec951f4f63e8360124ee68f74369c670e3dec4444b089ac6482d5e05885436212d3a70479c22621040d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c418de807c408d5e70b5a063ebb322f0 |
| SHA1 | 140206325b386568879483ebab2fd0063eb883cc |
| SHA256 | 817d1bf0bd6e921896615c3ef90932fdf075a69e9a458be84ff4fd5b30dcf56c |
| SHA512 | e128eb77fc58c00f72dde95acb3c99e7a7ada1e39aa28c1eea9a1b0cc3cd8fe0166b58e5d1bd4862529676313c2d3bb5edaae37d6553234f9bf159846dee179d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d6f29d906b3f1c0eeee84584a693215 |
| SHA1 | 96c57e251e379f56bbf6a84093ebaa1bfaf6e7a0 |
| SHA256 | a57b3959590fdba9a41742e32b671b1bddd8cb74125c84667d19b76d993eaf6c |
| SHA512 | e2c2823334865ec033c5abd91356488599163f0ba38da1ba0015005b31d31884c653992bd4c22cae4aaffe6c3ca8da6fdd20a1653a03f6c0ad22b7bbdcacec83 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f2be1356001e4c7bece7fcec9aac7c8 |
| SHA1 | 89a4c051bbd0063bc0c30e3a590fbabe71c87c3d |
| SHA256 | 713efa98dbdbc06fd6b172ba66bc6b3a629ee21802279a29233cb318fe7e361f |
| SHA512 | 2906c605d477104c1b1b193a93890df69d3fa34fe4aa7ffe89d294ae0ee92272f5aebce117234faf4e22cd7e2ef5d68a8cf8806714fa4c3d2472c904ef8e63fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c05e8bc34578a4d32d0e9447b5f2a0f |
| SHA1 | cab5d0edab56ff78c5f9cfab37a48bcbcfca72dc |
| SHA256 | 72bfc6161a291d8921eb5ee8dc10cd6e0eb3ed127963eecdff58da2865def3a9 |
| SHA512 | 6dda18f07f5ae72110d2d96d2ccc4427aead35b38d905585478e9ec3a34c8d1775aed1043aa35bab32a96a3c8ce49ac26e552d69e2a3d8ea13397eca75a147c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80758e4d502f20c815c03c7082a87667 |
| SHA1 | 851ce4e734fae4047c77e06b8e8f831f088f4eb6 |
| SHA256 | a069aac9457206e62f349d1d884fb3f271d07b4489c227baf2011a4b7ae3af43 |
| SHA512 | 1133eb3cb336b9f662d63f0e46dad91d370bedf52569337d9c67723e49109193c42e057dab7c8e6260ec2e3f4ea04994bd098ddf06663fb8ffdebe3d7253148a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c928f998a9c8adfab41f6ad3bb28d4e2 |
| SHA1 | cf9f0da80a0e89b4cc9b4e0507dcbe7691910206 |
| SHA256 | b43b5a1e800c5e9cd5c6b2f0937bb1aaeb6165f79e9a557f9a21153266515d5b |
| SHA512 | 599363e52e6b9572e76b36db0b51ad57f3a374a9f217ed354926a1cbe74ddbb657bf8e1c78e1a54fed09095f1e7a3a5e9bd824108a852a0b5203b3d2ecbf9ef5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3cf2b0abb9c6f9c639105508299d9f58 |
| SHA1 | 13737c7543e0699921031b77db7c701660464a13 |
| SHA256 | d730350eb7bbb3f312ccfa67ef1cd3cb11c2d1269eb723000381ed78cba67cff |
| SHA512 | 21e5850f0d10de71821fd72b3b64b53441e282bf48323445ba68f879d7402c9a23b8aa39a9806baa190b41b77b1318759c379b1e8584680beddb6a8459a3d577 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9632a6c873c99f3b5c80b9030615c77d |
| SHA1 | efd54a9227b545123572f1aab9390560875fe4f1 |
| SHA256 | 0da98f5552df69c4866095637316dc1851e4a3ca94a0f54113e7fa475d4a0fb2 |
| SHA512 | 42e3af042d3e99577bd8ccd9593a72ee3c88fad432a5220f94c02b609e6ae042daff351fa65859b31dcd0bf5e12bf94268af839d6fd87a7b5202e09ea4602222 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e2f0c9aeeb4e8ef18b53baaac50b8f0 |
| SHA1 | 7b27720fbe1b539be83768046b404cdb8ef7382c |
| SHA256 | 8e21b577bacb8e60a45c473c48d789b49625be736d469663e0c67e17391bfadb |
| SHA512 | 9b38c36fe4008d7579ccf85d8e5519fcad4b5d390e22534c448b17e190dbe1e059e811bd2287b6687369c9aa23d88e0417ec367ced784448561fe8280a641cd1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd821289ff563f307fefcc1fb5de9f05 |
| SHA1 | 27a3355bd86d6737576027cb0af8b9ec11bd2be1 |
| SHA256 | 492f0f3cb8da29d73f57bacc233388fdd89a92831b92e59b1c0a4b598c741c50 |
| SHA512 | 98ec0f681dff9c47fa9e50faaa4064a3db4f61dfaa56e8c57361567a4c49802a90d092bcb81f29def9bcf501788499ca63754d45e84ba0416f8a93490389a2a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0144e59c9ce888f9f03f2026f1f96b6b |
| SHA1 | 050d26a73228fce8a5b2d8bdffea37bc7254597b |
| SHA256 | 235155f41881c313aaf1313c568fec3289d598fdd72086127460c9f7a0a02b49 |
| SHA512 | f2f3271370048baeeae67b08056057e1e1835d35e40700123547bc0d68f40465a9a37b856ffc5cc02930b197bad41bd6e0a17d75a5896b9178f9e057ded8ad73 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de3821d8bf7fae3cbd269362b33756b9 |
| SHA1 | ee7ed4b8c8c56376358f6c2a85d6684c6f634cef |
| SHA256 | cd91092c2fb458a3508cf7e03e67f67f62e23916660895c064fde4d69a2e0137 |
| SHA512 | 179ee9f95eb8949970c2086e7d1a8c23fb20113f216c5c161cfbe9eca1234339bc40f7ceedbef4991a93d72493e2574afca945bae4747912431b3221893a8bb4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cba84a96bcac0f299dc2954eb7bc3df3 |
| SHA1 | 185346b957ba91357a7aef00d48939f0be7637f4 |
| SHA256 | cc25944c2c20d94a0fdc49b6530bb4eaa747943d494e436a2387746a10681e4f |
| SHA512 | 9e51cea1158e65cafaea7e00c8cabf5f00d2f0ea8a949a3bb4071f4a49d9c558f8b70b0ffa455d230e908b085d8f1d5220ea0e8be107badd1d358b70e0ea6d52 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 50abc773e3c7e231dbc05098d81963d1 |
| SHA1 | c1f931f6b8addcd76751e2571b8370911e683875 |
| SHA256 | e0da8fdfe911f9abe38aae6e20f500f444ca1a63cd9799de63932188e471d751 |
| SHA512 | db54779374185cdf78346e15b878d2a96977e066bdb40155d8e9256aff77f2e656be19a84fa59d3d7bc1aedc3cd02dfd48b212196f7e09c50fabd037e93f37a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c647fb9cdcb9eef50fff202494cd6f06 |
| SHA1 | b5aab1fd57ddc3db55f6353acc50aff0b4cbe610 |
| SHA256 | 653ae2f2c05d63878dc56c6ead4821e35625f6a9366f752063cea423e4e2177a |
| SHA512 | b084ab20525324be0327ef8ebacf7009d8d430e4524f198ea68a3ebf377dd7538df69d7db45bc2e3619928b4a5d3660d8baba27d7bbe8765a31a2608781e4f46 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f6b1bab6a9c73c6f2d5bf7c5231b1a7 |
| SHA1 | 1a2c601e921f950888e77621a6a758877146a52a |
| SHA256 | f745184a80184b4162d038b3b90f0078a3fc040c90b38f12561cf558bed85cd3 |
| SHA512 | 06b77bd7c8418625606ffe10100c6100fd11fb6a9660e777097bbcbe0deaf82f86e788c7ad85d8a38c3fc89847843c22e4b3afc6ec9fad540101c095d6daaedb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad2f984f59510fadf4169ce454ac954e |
| SHA1 | 6c11a186f967d960ef5c33089b9b3b531f27f6ff |
| SHA256 | 2afb85a5392c4d1d10a4d1af175a8f9bbd20c32ecae372f82d59b81361612b9a |
| SHA512 | 4a4dc7c5e3ee54be82f19342640c9336286198dbf1789dd3560b99475da8a24c5a52112586d337d84225e438b0d3bc8e348192f3790006e4ca2d6416774a6ad6 |
Analysis: behavioral15
Detonation Overview
Submitted
2024-06-04 20:48
Reported
2024-06-04 20:50
Platform
win7-20240508-en
Max time kernel
122s
Max time network
131s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e93610000000002000000000010660000000100002000000002d98cbf4414ccba871362e619807d038c470cd052a0d9474b90ca7ab182cfae000000000e800000000200002000000027f2fa98f8be87ef1bfb941e6edc12e6583b22dffdea525b1d91d5c7e6c2876f2000000000cf86cb36507b606fd24384b5bbbca48c1e7b5f877fa967519e36ff0203dd454000000068f2471d8443e1446a31100cb430d6b8eda3a5940437f744a739d1efe1236c7d90eb26fb86d04033c32deeef61da76d851ece2d79e4770a82610d630f6b1b192 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423695960" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C2C3E091-22B3-11EF-A57D-4637C9E50E53} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000a5c3ba585e2b7dee840b44b1f376a3e127e8dacf4cae4fd53666a5ec69eb4bd1000000000e800000000200002000000077d6d20f8ee312831ce8dbd727e2ec26b4185f376edda2ad78533e2703805c5990000000e94dbfbe357414c02b0fb62770a85e25494524b7e0bb5a776b1c54cdba35801ace84659e2b17c012d5c32c568bab964fd8d8b11853ff137354b2ea2e98bbf9c7350c60de8edc29cf4bc0b2f81c92007176cba5866be9d713b2736f79e4789bf5d309a856ca6c6ec4c5b83bf9992fc4507b5f96c5112233fa6c430717676f0cac5bc19f4030a5329fa0bd8cafb4c22f2940000000ea1bf6dc3284c042eae7b13b2c4c525948c1a18b18c487e3ff6f02acc438e26dd934289f1c7506534b37be3c59120646aeaca4a09102dff23b5b34d44e63a3dd | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9068e59bc0b6da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1788 wrote to memory of 2772 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1788 wrote to memory of 2772 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1788 wrote to memory of 2772 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1788 wrote to memory of 2772 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\home1099482986.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1788 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.twimg.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab20AB.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar20B1.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar216B.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 96faeda2055ea468fb8bb4f0d805e0c8 |
| SHA1 | 6d4984734eca363f258906decfb43ad0f66244af |
| SHA256 | 11a34ff05cb3427bfe68357b98f61a7796d31ee7e9dafd88511aa81d1aba054d |
| SHA512 | 7214bcfd4e5a7ce52caff5defbb34afd0f6fa75f3c6f3e39d175ec21ad4293b46a2ea690880012905e5e07d0c7381ce1796cce99b18a93bdfa9a92928ebc6fc8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc19b93d96de57449416145b5d0e6a32 |
| SHA1 | f260e40ce73c524eef93d887d44fbb7e89a354c2 |
| SHA256 | 85705bc8120c9534049ed65986af535f385775c5c14b2ab2fb56fc00e4359399 |
| SHA512 | 36af91fa19b8e7944a8cc5f7ca97e275eaaaf0263193e659d68a8bfda0bdf7638fe29daf4c13b67fb7d74cdf5cca884f56fd7f4666d1a55d46b66c859dd487ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0fc97ed4d144cf9fdb92c48ed07dca98 |
| SHA1 | f6175623303a096879d5fc711bf67a90dcd97800 |
| SHA256 | 975f2a81e4f024ac8c2d3fb6cc533d7d74f8900f42c429f39d3ecc1023137b55 |
| SHA512 | fe0dc255bc3a6221d8374a32032451a6424ff9f71c9ab0582954047331bb8f790805c8be0d8b813e98cdf8d68cb01662b13522e6ea33110e79ef8b8a6a888d4c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f038082dc36404388e5fcd50c6efc158 |
| SHA1 | e16be743004871619dccb11f83c2daf14fa2e49a |
| SHA256 | 9cbf2168a5a065ef3dad33bc364b590cbc357962988f39ed50fd41c7ad1d7b2e |
| SHA512 | d95ef8177fd8a779f04491d34d782ff9441aaacbee4f95f25a0d161be213b2881080130b7d240ba6d52ce149a7fcb341001f15698baeb5bb869650323368332f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec9176631a44c46bf40785045ce1da90 |
| SHA1 | dd9d3edde2ded89fc37064121a517c0a4aeed691 |
| SHA256 | 6990ab7070cbd486c4f768ca16daaceae5316df65e7d960b58039985a1724cc2 |
| SHA512 | e8c5e8d3b908f3adcc719c14220c99d331806c8680e0799313acc28f0c03e66efe4c445330dbda49cc95fa0a88772e68c3f4b3bea8473a76442cf1d2f522085e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ea56c1450f294f836010c4144d57585 |
| SHA1 | bf8b5da264dd88fdd6c817a77a97cc6ad2908d87 |
| SHA256 | 933f76f0008f9c7d071708370012e35254e6294cd90f7b2be75f24205e9bd19c |
| SHA512 | a83970b2ce36f1618de9140a6219fbd0d84d605f37089d0f2b12d3c14c0bf9b5ca02e4b42453c743d197641f6d336b584199ffdb74e97dad450c30dca3322b65 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 30b39f5eaf689e33273105efd687f356 |
| SHA1 | dbd33035f7a320b1da5223c5933b6ee2f6f3ac70 |
| SHA256 | 27af2b8fd89ce7470a15d21a0832b0263892e16e810b8ba6dd0e790d2ec3298f |
| SHA512 | d7ca03fa2b8064d5fead941fe9d01d3f9a06e5bbb46e067f3d43e6e669f682d9b3df2ba881b97662f6fff8c9959e22914eef2cdb15150902a10ddcecff6a0c48 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10a8114bd475c6145aadd20072322f2d |
| SHA1 | 98a3b2cc988b88975397bad3affcbcb11c1f27ed |
| SHA256 | 225c1f7eae3d5a5829498b49cac9ed1274b8b9c6310192ebd67203992f4635b1 |
| SHA512 | 5c46563c68c7da951bafb695ed4568d5424d1ed97111bd477427b9ab47f58b79251556ca9d4596c8a58a3a9e015d1d741e34722ad572b03ab870838986d82a59 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0dd1bbf078d9f67a5b6f784fdee3c49f |
| SHA1 | 400982300196fdb1ef7184ae4eed90aa7baa1b6e |
| SHA256 | a4151af18ac2827c400b732d424ec878791873c579a9502f418e3c1b29ca89f3 |
| SHA512 | 80a56a181413bf57635d941023e5b38aee6d977ec676516ca050f29efb247281e4e20fd5ab275fc416d2992c4b1a900a892033e7b167a89cb297378dbcf9a2a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 34767f69c64aa33ff7e7890ebf33873c |
| SHA1 | b22a9d6c64a21329ef4fd2247f2b2ceabe7b8515 |
| SHA256 | c3297c13baa611ee62a80cf1e6fa917156f974241fe2bb7336bcc3b43af95e79 |
| SHA512 | 17743f714d566ba94bec2ea5e429b65db69a83a14bfb60eeb7e5fee257250540824ef6396466c972be76d4c5e9eee7b216efe0578d3cd52a560aa623d4fcf6e5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4d7268edaadf5bf901c373bbcabc6bfb |
| SHA1 | ef72b454ae59cd3333e887371c8edad968cc3526 |
| SHA256 | c99ce4f4bc0e2b27cf7f56f929072eb9e7e95392569247f20a23fd4686470d03 |
| SHA512 | f3befd9d4fa84cdd0f8ae21797299228fc9c92413cb5d19561556d6845c003372a9442c7964f569dcc8c72d72a95fb7409c64182496625028f6a626d0a9c5a87 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4bc2a228fc5fc997e10728cebb02c68 |
| SHA1 | b2d92173347f8d58712cadbe67bb048271e180ee |
| SHA256 | 8c496e82aeb72489c79aada77d5f4c2b8efc8bb1e225b130a9510248b1031eec |
| SHA512 | f36cb9b223209afd704137a76ad778d6361ce9cb8e7e9c109daa9420936b3039a644d6d72a890dc5d92e62bd65b3c9c804c2bc4e85ecd7a421724fe33844e962 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f10fb06cf4ad505331d5dda01529e6bd |
| SHA1 | b3cbb4d599f2ac03bda8d51e5573f1b79b19a36f |
| SHA256 | 53812a9d51772bcb905f14eaa72da6d1eea69efd78d6dbd33ead1909c890a4aa |
| SHA512 | 9d710cb83a84bba18daaaa01f96a3fcceba3a42c437015634c01e8e6414a8561a5df5b149a42d44753c2ff637ebe22bb1755a2136785a3381110b4c1c59f0ea7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ac7950ada6067ca558f814749855b19 |
| SHA1 | 8448dbc6b3da88a5831b5097c02775a8bbe252bf |
| SHA256 | 3aef27e2fb4acced9a86426ff6f04465c7b1d39585facb8bead101677892f1b7 |
| SHA512 | 47f926bb059bb3313015abcd3e31804b6fa1d983a81f1fb305ef47cf1e873dafc264d14eb63d9e0319790e860c38c5c54f20256bca102c6f2c36f80169d8877d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ad34b525eaf04b7b2bac9a0c88686f4 |
| SHA1 | 6fd1bfe091ba8510cc3be1eb43918a2499d730de |
| SHA256 | 96d657865dcf5e1b93965092b34970fa57eb9608dec779bde5469fc913e49a90 |
| SHA512 | 65ee5155b2d06b4633b8f244457b1fd90972ea33a21ed52864a76b9f5ab8d122a1948d9abdb7f2a0dedbb98bc6be270df48bf54eca7603bd27bd6c104cbbc305 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a9d7dca45c717b428bb091d98fe5b26d |
| SHA1 | 67b7fb46a2fe65b0048d4702766f3aab52615858 |
| SHA256 | 57aa180116d0f1c6ab72b5adcec7b9f22b9cc3538e0b5f642e406d3066fbb38c |
| SHA512 | de2ae5a90fce9f5fb8ddc49cd73d2d70c4eafef567c3d2475fd7d594219a842c996e0a9d36b1a09f6eb95bc8757882cb63e7e47c3fa48ccc8d3fbe6458b903c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed256f42d8a2e400bbadceb8db055ed2 |
| SHA1 | 01d055fcd05115bf47da5560b38e3826545ac945 |
| SHA256 | 7be6e70b72be8f8d2d7f04cb6067da3eee0aa190b7cea891b483b0f930df0a81 |
| SHA512 | 05df379430f1d3e052032e64636cd3e2d49801b5fe5e0f0b3dcb1e5a7ab9552a61f86d5c11f5e5637689dac12cef882c5286073fe63753931f2caaf44e518fe8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee2fd19485da293f5d01d3bb66dce029 |
| SHA1 | 1d7093d9ab52b3bef7bf722a3af87f6ac131316d |
| SHA256 | 404b07dedfc361989a9a47753e75583577e6ba49f4a50678fa1855e03140fc4f |
| SHA512 | ee2b2d020a37b91fdb7e6564d623f8888397e836298cc3d623061eb4f9c83da612fcf6c62711d5f8fef023b8709750c227a98b42ce55261eafa699f3cc89995a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d62a51670748994de005a96104060b15 |
| SHA1 | bf12eb637538dc856aa4952774644a2c0b2e286f |
| SHA256 | 99e2070a297ee933350ee0218e7a27b8563ef660646f8da45f159c105bad8607 |
| SHA512 | 301360cbae3c46b2920c9bc16e8b62ef91a09fb54ff0062aa1f7d7b93320e80c68cead26d0aee095818cb921f0b3061ba1e43084a392aae1f037bf9a8c2e9919 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 51f91d0df0da9661495a7c9af9212991 |
| SHA1 | d90b15fdfe0159b736eef5142c6f55ddd0503460 |
| SHA256 | f40826c8e4de8ca45d865a24d9b2df5926831460562cd97ee074299d128e8675 |
| SHA512 | f6928b1ae8c19d7bbd8aa78c6ea6198aa2989246cb8949b8ce08e39a8a807ac147092fd7c3c92be564773a8e7417d12f13cad54dc571de49e642771f71428003 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7fbf9967f79317e360b15e9ae922120e |
| SHA1 | bba8b54878378846b123c073191208c937374a40 |
| SHA256 | cb98f90ee9b098154c8b73e99e05e63ebc2e591d269f734076ee35aa1cdae9ac |
| SHA512 | dbbb6eb7a44ce22f51954252e563f5aa73f88e6fc923f6105758cea7fd1ddf8400e304ffa9eb36b678ea7a5e56f567b4092a2465912e4d333958a949a03e86c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 914748e6d4e37bb2ff8388b4d8b95949 |
| SHA1 | 553f900554695f3828f435edb694c9fc8f141b60 |
| SHA256 | 29472443e339a8c2d6846cca7818a31196ed095bedc5ae8b0a49cf807d69ecd9 |
| SHA512 | 0054447af131dcb8a6bd887a577783227d744fb3c12c98f046d027110ef56ba4154679d284cbd010d33f67fdebde3217a9a93682278902c2d2866090bafed28f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ffff974b20ab0ca4072ba75a48b84d6 |
| SHA1 | eab402aeacd82f25e20d487544ff847ad120f778 |
| SHA256 | 7e49a3ca64831f2437beb8f84e998a5798c940f79681e1f6cc8586651cc70884 |
| SHA512 | 7db8176eb622fbfafedfd64b0c526a1cf055d3ef1cc01c2b70dbdb02954fa718a5613afd106705920ba4a474a1d24cd3b92e67caf29151db122d2beeb804f721 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dae3500fd1a03392e3410cb32f43d785 |
| SHA1 | f9731ef7712b3d06123734603bda87adad60cb3e |
| SHA256 | adbfecee308f4931cb510d0faba2c9160e0f27c0a215284d7267381b8c0006dc |
| SHA512 | f97c7af249e9b758ef8b8ba2070da1fb0c444658e0351cc685fe4ae0561cd78eeb9931fc056372f4c160bbdd1693ada985e4548f4ba20709eb75702aa2dabf13 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d30a886c0fee7d3271514ac6ab443461 |
| SHA1 | b17c5147c86247b8cdafa78276bbdb4ac18183a0 |
| SHA256 | 03d2b1337e12fc52857d89a4715db7cbc0478249e314eab66d8ee187e8131696 |
| SHA512 | e2f6ccaa20263f9d0dca56a2fcba1b338b8b99c6c771b48c9fe1072ee5409eff2ba707365d42352643ff15b0135b9587e7647e923c7e383369b5cfa473493351 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f9fa0d982ca851e44c7b81b03c30a556 |
| SHA1 | fd9ba43a8d2ac454ca0b0de9a42f9b21f349db4d |
| SHA256 | bdaab2ab4320d2e6003e0bea4e38f2f777237aca3f2f3c4ab55a66871307f73e |
| SHA512 | 8db522c8bc62b564cab8487ecb715909394ee9959a1667edfc4e862d9c66646f104a46df47646368677098a8813ca6965c9e49c4e7e02a3c8ebac75087b4052f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 405b44e6ebb38ca286aad201c8ff61d7 |
| SHA1 | f0b56dad9faf4837ce4c2eb21267f36b59c9534e |
| SHA256 | 81d41cfbb6f8d5496e3ad9e6d70fb07a7352f2dc1e4c5cbd51edbf28884f3ec3 |
| SHA512 | 206ca79174864bbfe8f3ef3d6a19ea04def35d179433b77656652d9a902183b808296f08c0d66457cda34ff25d02e16199e002da3f9aebbf3d6d2771f285e69a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de043e98fcee5b359537f837c05e90b2 |
| SHA1 | eacf91be8af17e47ddd00c533498d2ce702d4274 |
| SHA256 | a0564053c870658c40bef00ca8ad48285e49b050dcef03eeb009c7cbd01c93ef |
| SHA512 | 2f7fe1c33d7b6a354831a8bf169fd28c8c8d13d32365ccbd6b68d290cc43cdf8b812d722d9943de34246cabf793e61d6b9047210c631c21b8ebffc7b1131f97b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5ef0ebb623df5896d85f9fbcb51044de |
| SHA1 | 824115bc9ea7636cbbc8147f89362423d1c35eca |
| SHA256 | e1d3850dc8861c6be2ff6562e11d3c361c8cc3693ef5e5b8fbd5d0856dcdbc83 |
| SHA512 | 6a4f1c0860b6562260b51d7d4e0cad447813365e763dba7228e544fe6e80f916e980f028052b321a588611189841b3884c52a22263903c67c0116815939418c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d94b0f98f5411d9b8580766ca7f78a1 |
| SHA1 | 1f7672e7fe0e4fcbcfcf4671d6dcb1ff78d4c543 |
| SHA256 | 4f45ac5cdc9ab104db3371643c939023688ad498fa7903b3a36a8170ab1a4d57 |
| SHA512 | 0c3cae3dea6c75892e67fceb107b59a5e4d570288f6c5033e30f05a3acee081baa72d56a5ac2a53ba7aac6d76a80f9445a156ebc59ea0740d32fd2b33008b2d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 298778f6a0b61e6ae84e71cba024816e |
| SHA1 | 21ab8ae01731b81a3847a9a81260419f57cd1e27 |
| SHA256 | 271c8ebe21689747e4516f7d127d3ddefe989d2c71441df7e479744507c21847 |
| SHA512 | 32c66aaf3323889762924bf92d0deca021a327caad1096c11dc324fab3fbe2fe8b6f3498b96167146495d8b172935a731ad287d570d4c34a2e479cf051f2f81f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23dfcedd3009c4695b55bb85054a0df2 |
| SHA1 | 9661cd6b7df27f09f8bf3fd7e66cae8a461d7d81 |
| SHA256 | 59f1b4982070a11f95bad3678b117dbdf00b9727657848687d135193e7203e58 |
| SHA512 | b8d22638bea8ac72f6e15fddcd7a25255dc6c932523ab40cd2e5231061bbb5a903410d79eea343080082146b5f3243bae7c0da40bc42536655b573ceba3d5288 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cbf8bb5bec45b40353b4c7359eaeeac0 |
| SHA1 | 3161d4fb89e482afed07e7eaedc38e84dd3af9a8 |
| SHA256 | 16d6455f556080053d09ea3fbec53d1cfece8aebf62916faf803077cb4f97b1c |
| SHA512 | bb1abc6f01e2412755ff7b136792cb27faf0095200d05897ec9e4404bfa0d1dcdf77525d6f697ca2286be4ea7e954f44269d514a9435a5fae127fcdccfe100b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18e67652b2ac24259dadae73a04d09d0 |
| SHA1 | 0d303a0656880c28e4fbb1fc011ae8282c8841b0 |
| SHA256 | 67e2fa1113e76d57e41ab5de9efa090dbf144deafa4bc5535a05cbdb5b5eb3da |
| SHA512 | 9bf958fd3b6f0a195ee37647b80952d3b59e6bf86c035ffe7c896ff55aef20113cf16f6baa8c520c267471c5675c69a91a38f81e7db944544026b99571d1e783 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa1ee835106f33305e8ea47df76bed5a |
| SHA1 | eed2022a8334a8bd921e43e4450c8455b56b2c3d |
| SHA256 | ae41cf452e4d2156ee0a2f4c44463bcab83e08e5a652bdaa26b64fceea6a6b80 |
| SHA512 | b2016bde3bd408593b2cf48698005572f29bcb1d3900b9ccb097eede2891e1b72d285a446fe5556b27143f774d23b5221ce1aae982db865b4686a5d0635e5b60 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b1884f412c7c87d1a2903f3721b7251b |
| SHA1 | 863bacc9a89550ebf1365de51ec3672c52c610af |
| SHA256 | fea0c2338c458d6cbce5d7b83528fca52ac6fcbf40df7140a9b4f2af0fb87376 |
| SHA512 | 38c2a1fdf892088b993f3165d084aa201db6a9b72632e47338818eb395cac050239ca81bad0eb3430a5c7e7353d60a992bcde548bfb08bede80722b50922ae6f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a5abdd56b131abd6b257e2e0c8949177 |
| SHA1 | 7a018fa73c59e5af292934abee92625e13748fbf |
| SHA256 | 03b26108f74a7d368ad933133f5edded188516815095059bd24b51faf16af6a3 |
| SHA512 | 5cdcc583a0942d4bbab624b3d6ece3e80fec6e760b0729e5eabe7828450b89c47bc5e2c660d2f79c07b9e1bd90a9d3475f61317077a69a8b2479f317573f3e41 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 973657d38119b0f911a5220a800bea73 |
| SHA1 | cca789a5eda2c78c8accea4ee176196158b38565 |
| SHA256 | 1850df3f81a963a19df3f71483848d96844bcb0ad321b5f77fa43ad77fcd8b66 |
| SHA512 | 9f3df2418472f84a93fafcbdeafe96a064702cb9c5e10ceb3c1d15953a8db3140bd1bc441aad65bac62e8ed9d4fad93841b3670ad88ed70730e2006033535c77 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd504a0ed5f1d092fdff8e9e41a17d3c |
| SHA1 | ef8aa878b5c63adad730fb4756e7feeac58e659a |
| SHA256 | b71e877ca747b6ccfe338f88ea05d6136402e38f3ca12686eaba03e9f5e4a839 |
| SHA512 | 766f346e33ab39260e8980c003f1560dd857e363f07556054a88ddb0026ffa2e17de2d6f0f72c91c1963ee3abfebe2fb5675ed1e0301a22d768017a5b065214f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf6fbc0d650dac7cb69aa9f80862fc5f |
| SHA1 | e1ce69c10dcc4df7ff4fdea873a414bb11915c2e |
| SHA256 | 5c1e757db322b90e8cd3bc108e04c6169723d7b0905002e400d1fbbcf890fbce |
| SHA512 | 274cb69ab7eb7320ab744b67c25983628daa4e31d9db0115c2993ddfe77c12c04c2cad5db935e6d802273df16c12926ddc9056b527aa8b88560bfb3f0ad61611 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7166c40380a499947b060f28ebb5c49 |
| SHA1 | b79a09c01487127a0c9ae3151cb5a29f17c4bea4 |
| SHA256 | 927a36ce35d2f9419679b89af789154ba3add3294f75e9579319e9c5e533e2f6 |
| SHA512 | 06f898b67745f1c819e64e1511b120c986f820d57dbf7d199473d1b9f705a94ee61bda9552fa2e0c7b93ecf17a60875a1c1a52c67cdfda4375355b03c02b8c6f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 75943cd0417f82416e618d09f32fe966 |
| SHA1 | 2d090b52a9b3b7e3c92c8ff20969387e1c9eb40a |
| SHA256 | 649639a00f606ebf3f74a1ae08e0b0bb1103eb2e6e5c884acc83dcbcae7de8e2 |
| SHA512 | 0473f16648edf248440d10cf73b3e83546af00406c172bcfe7892a060651443f8d4b3b44a478450e8689f072186bce8657f4970250be0198d526cc618e8dbf3a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b53c831e5d45f0e5ecdf9d6c0a4752b3 |
| SHA1 | 4be137261e916497c7c8de06881bb1c3ad3cf708 |
| SHA256 | a6e4c4a69613e57024856239055bda919196eaf1566b52b4682b7987397e4b36 |
| SHA512 | b8807c18ca6d16e3956e6168016000f4b12a41624e95cca99849040d53759a6c986e8b765cf26369a801d9630efa7f5686ce8764a2371c88279d6decac138337 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f5967b0cfa24572b64bfb12588a02d1d |
| SHA1 | 51990e2f1c5e279e23295c687014acb1b31b15ee |
| SHA256 | 84678209c5206b41624d07ea439f16881ea479a401f763a59f2273aeb203b714 |
| SHA512 | 22fa1a1597e7da18b78a12dafda961e321706e54ecc0baa8b0490d8ed6e61d599ff262fae76366f7abf83310928b6561d185958bf085f2ad5c3fd05739587081 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 369bfb129ecc2260199192107c17c2a3 |
| SHA1 | 66f3594889748ec3e5f8a3ad99ecc99365a30c4f |
| SHA256 | 72bdda24f33a0ca42cb8864e7a0b9758de4b479bcc7dd0c0511d1efe3783db25 |
| SHA512 | 45136634e33ccfbc7284a85384073d4ae294e6007e95c421fb9b1b06e5e42f9a2432985970b8ca58534796109a2445fe5dae8c0a520d91ed1d496886a0b505bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09941bc64b7d4566e3e7c1a2cd71db01 |
| SHA1 | a239c5b1d363db43120d3378d180be1ed4496788 |
| SHA256 | 509e3089a4399263012a77260200a9b176326d34e56f25b20b392bafa81aac49 |
| SHA512 | 42702cf1f7b43f6d96bdb4756d009716ec975b4b2ad62560c64c8ee090823e6a0e872d7a747327e902f0eef1bad98462d398ea1ef1e0feb6741eb786954eb97d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 71600d78d29b8c76011702baad67cebf |
| SHA1 | 67e10332854e556c5036a71e889d135478351120 |
| SHA256 | 4fb9d6a4f54686e9a0af043f47905459c221b0e6384443ab076cfc1236508853 |
| SHA512 | 46b2418b8f6013ff5300238df7a5c3196b959e54097fcc3fab1a9b6ff2a9e332aa3a1496a8cb84369c283b27dccfe7ab7eca6a4f3f578b0fb4bba0f0fbadc33d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d7360284d32576e2ea73cd1149898109 |
| SHA1 | 14445b353e48ed62b91965067b59710b04e9e54f |
| SHA256 | 6ecfd3fbc720e0f066d381dc10db5a6d68cbf0f765e99e9c0fd3c5ce562df01d |
| SHA512 | 12976db03df08d7b5dd361cd31a28da4e303b0cffd95f14596adfa90389179564d4c182307caa5ebf9af4b383ea015b0e6f8a4abb3db2f0d612bdaa1c438a349 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb06695facde6da6884664feb1b2725d |
| SHA1 | 9f20bbed39a89ba95555e535e35630c3181f7039 |
| SHA256 | 1e83e6509b0227e05515363768354ce144c74e44394e84fe286b2ac18c9c1a28 |
| SHA512 | d0541099c6148fed15841bb6ea5f5d4c2c310673d43864ac8ab141b6e135b1746d82013f843bff01fb24c92efa51848a5e70a041a2eaca8020e9deb0c3f14e13 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 447eb2baf429f09c3c173a4d2e246dfd |
| SHA1 | 35f6d8d9978dbe959d8e072b0ff5e260cf9bbecf |
| SHA256 | 8e4e28dd30d3c99340189cb3222a7dc61e807ac646086cf18b79b3f4de6e024e |
| SHA512 | 562aff0ffc3874ea5a1ea96a0c62980d5e3cda36938db3c136b5a8b75fdecb491387528d1cfb50044a1a379c02b8eb58150532aad168dfb5fa8145460877f2ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 51b3faa84b701483d2345668e3f75347 |
| SHA1 | 78578221144852a2a7f1c733283ae011cc3b84de |
| SHA256 | 5b6f9d50d07799229a4db390b54051401492314efbc44d15615f4b1fdd668de1 |
| SHA512 | 1ce96fa17baa4c96694b98b778769857bf3b8f6c43c90c6ad6c33b5131a449a57ec473b9c66950ca1ea4f259ba5c6b45bf1a5ec0663ccbc179b7e7fdbc6990a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d4fd75cffe6f7c8bb0c9657d72e82b2 |
| SHA1 | 02868ff93b42708b7f740c3777d689b815d75162 |
| SHA256 | 3ae0af1b825e361dbcf3bdc0a0aa661e67be532b3c3ccf53d835ee351e7266e2 |
| SHA512 | 6750ea120d3f35a37dc627b3dd55968ae3667f9b9eb8a8c64b9463bed71d09529fde87ec4f9108ff88f985725c76f116e995de7f3351395cd397c02e182aaab7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1eee503b6f5a222454f6a2879a5eb650 |
| SHA1 | eb2e3ffa4f7fea7260c21269295c1061eafc8e73 |
| SHA256 | b93858f6645cc0eb026c619c180bb4c04281e1fd29db340c3b0b0d657017d259 |
| SHA512 | f57a82f5fff348277ea290631690ab9c393ae4ce01b3e235f37ec729fa443d3f7a95115caf938d72247382761b80886c505dd1116b05d14eb63a4728629f9e46 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e68b17da9933a5222fe39ab64b372c7 |
| SHA1 | ce43b05f5639324208b736a752e6dd462de2e35b |
| SHA256 | fe56c99acf1dab3d3b149d22a65bb19f89a66b4fe43fb3835f191b12be388f6c |
| SHA512 | 420574fb49702bb8fe61f1eee4785892cdd291fc54597b8bf78dc12f22c55378decfac89ab1369e9f9b1558711f004384781c5e6e80c35376dc6d4e1fb0324f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a5ee5c1a25dd6eac569061a068c52e6a |
| SHA1 | 6f20c16eafacf8428d310dffec15b6bc0dacc5f8 |
| SHA256 | 1263d2920c5201aa4db984feb7b0b1903aa63076174b2e5933bd4c0c21f74205 |
| SHA512 | e6f3a79cebd466bf70ea5c9639887b0c932e8496999aee60defd958d80cea1a9068249e609cd07db6788c3b83f3b94dd2b30ac444afe68e55340aaaed295fb47 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 48ce1f10dc4b2f8ea867fdec03104a2d |
| SHA1 | 2e1e7281470631f6269da508764887933471ef9f |
| SHA256 | ae00a029e107035fa4b70250ee664f1e63a56304424e655f86006907e876d46d |
| SHA512 | 8607ac9aa8326a6e47f9f4f77de82e3f5d4a0a0809996cdee4689543177878597178b14fe89d683b544229ccc63368829e94702d9644fef16b5db3e8f07dc6f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b5c406f16f1f037b4da23783d5e0cf45 |
| SHA1 | 7d799fbfbc340b35c516073d32d75b563b3b6867 |
| SHA256 | 5326c5f0c4b980532df6bedf46afc060e99cd5757ada59f796eae664616de1fd |
| SHA512 | 648d37041cc131d2f85c2c70727ec98390fb4477ff40bf311a7c071ecdc257a424dc5eaa70f7d9a8d2590902fcfa787f5406ba9f56687c511e6db99e01248e32 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 192976e1a56ad9257e6cbcae9e3e80ac |
| SHA1 | 3ecbe618d828e9f4ecaa6f0bb0881f0303cfa492 |
| SHA256 | 6e045ee28978c0a9a96fd3806b6d6fe64c24115399147476fcb2aec78fa86876 |
| SHA512 | 17eb64200ab88b3a0dae1638024523dfb9fc3ac3a89f80077d46093829f7257b2f48ef9d6da203ae0ee89553c38ed72d1e7389615f13c9fbd0cf5e06c9294206 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4abd9880b3184debfded3b40ce30d503 |
| SHA1 | ccae01899fa4b0aa78a262ee409548e4f7d29566 |
| SHA256 | ef4314b4a4fcb07274074f8fc281d6118de8e541959c6499f62c5e03d7014207 |
| SHA512 | bacfbe72bea8145297b39777219e2f09b0b0b6408444f86c0d832e2b56f223f50b78b60784f292d24af82de12b6219d3e64d65154034e99471e92cf526c6b744 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 02af9d4d3ee6ba5d3d27de2aac81866e |
| SHA1 | 974675da3395e4f00ad495b14cfd04abb0004c83 |
| SHA256 | 3aeac368cd0b165e9c45bdc2ea20155ad8de4aafafba71a197cbe77c23b1c2e6 |
| SHA512 | 2effae356b3a127e0212dfbd5519232b3c0a377f03c2664680f89079f7b4023413cf31b97be8a77bffecfd561b484247d8792b5ac61f863fb818c4492747092a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 81a24108edc2dc06a8f6c83bab13b92c |
| SHA1 | 84af7764cefab9597384e6fdf85fa3948605b9e9 |
| SHA256 | b0f2fbd87dbd178113ce17747f812e5bc706a61603e669e3203422fa3c68a024 |
| SHA512 | 400ecf71d1cedbc3276cfbafa32d6c363bb8d0d7fa698f0380011a20d024ec960750ec34f11cef82fd1200b14aa69267b10b22e7f596277a35f608dd272efc6c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bcb8ffd922edd00266f7c67e1b5c04d2 |
| SHA1 | 2ab766b463a25ff98d8083cbccfa87d08655e6ed |
| SHA256 | d6d4b11cd4580818530cd4b09214d53531b2c0ef0531c33e6849b167dc2c2f42 |
| SHA512 | 891c36fb56d92226a3cb99c2086ab1491d736a6d760a08e99deb7173ecbc490606c2ee724a7634fef98b1d14c9ac87aaffab96d4eb6d859779c8080d2d7834c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 56cf9aa4106c4fc54bfbe5c0f5368fc2 |
| SHA1 | d546440cf012b5ba091eff8a343fca146b4ca226 |
| SHA256 | 0e0483195a86a0bf6fbb796344b075f64ac4a17c64694904a548555fa1bf9dec |
| SHA512 | b852da9330be1faf8a03994fe2e1b3467740d1d502b81f3bc7afc4c51ae25f8102a17ffc8825c700527165be2d7e8503c2e38f9d1d7cde5b51f2f77b373e3554 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eee81ef26d15b3bf360ac92b144a0a7b |
| SHA1 | ccbccf56994a46180d14d44cb7d9b8473c56c807 |
| SHA256 | 0700238d306acd81199f2965c11655d8810aa955a6da36727dfee8feb6090ea9 |
| SHA512 | 67bbac1ccc2968ce2e09a97ac8c3823172589dc2b4c1d23dc984b0a1dc7c6b592bf21eaab74cf835a5c657e3894d403f538a8f29e504f6e0f8b39637094e1726 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 697b5591e850ab540280b23972db1710 |
| SHA1 | 47491d3603ac5e860b0a37d63109d86ae9180bce |
| SHA256 | 334d7495007fda4d8570973775f55ab564e8bbee9516e51a0056c58fb8f9233c |
| SHA512 | a24450109f5378ce5d7fd202bb9cf45cc692ccbcc53071cd2baf6c70e8d2d8ce23a09a2f47b97ab8f9a04d2f0ed6f4dc00e009b075e8295c6c73264322573222 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 296ed927293465ad25c3a6780b022593 |
| SHA1 | 9fa02f887a8310e264efce952e5db203c866ea6c |
| SHA256 | b6fbe50a8be99aab0742c71b9d2f4f7c6d1c50851304fbc5484c85ca33f4171d |
| SHA512 | 5c61a6ea5955f738518b87c23fc68548953427ef161e5f5552b73bec3f9255b0f0307abe4ea7ab0cda5d3c66eb661bff26c3fa866984a4aae0ed94ef7f47ae3e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63712b0c9ea7db7607ca7df93302d735 |
| SHA1 | c3439c2c6a368ac58a332002c7c5624383bf9e4e |
| SHA256 | 25ac6468e6c015b87d9b9c0c0fffc82bf8cc4743d5ec160eed11b230449a83c2 |
| SHA512 | 1e3e720c13459327c956b16c869d05024aa6375d05ef383aea5cff82b46203343e243633a5925c87ae6fa3b117d1a9d50c9add78c9d5c6ee45857408d4b2f33b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7828c35f7bec9a1971f382f04812268f |
| SHA1 | 9446a499ec4b3aa074903440f9b9b27ae3cb986a |
| SHA256 | 35d6446036c8470262b6f29b3b7adeeff61d18b4ceba7c4ec3df43c5c245c61d |
| SHA512 | c3899eb3991f8d752fbc75ba59df36107503f78309f8aaaca591a392a42bf409582fc759c02a21e6b22499746de6c865717f11f9728ba92de40dee4f5a0fdba9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f6c47b454961fd47a2cd2ba38369aac5 |
| SHA1 | 32107d03f38a25b153b1e6cc2cd4fbd7582581d9 |
| SHA256 | ed52ac8e431e6c8f54fee76df2aeb545b09d7649adca9edb7383504943eb2afe |
| SHA512 | ed1e9cbda0eeac0346e8b401ba941af15f06dfc279324214fd134e18262c55145df0b4bf299901734f1ef89ed0cc50802f7ebe43775925730825b436c1a60bbc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4066c6f49723f7e850f866cc8c9d97cc |
| SHA1 | 8b2fb57656cf3fdc9e874247214cfd752f1b92b4 |
| SHA256 | feba47cfe680a59b2d26d9aa36da8e134f04be4f7fca424ab519e6ce5738b96a |
| SHA512 | 166abaf0d9351931755b54bb7e453b75e9b5dc31d8cf64410275e31975395144535a89e98ba9210bd2dd927c7df0d6c27cd0f5fa9c22b4bbe9eb4775bd5e4c8e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd88f1fbb6e0ccb1f8979e5c5af2d4aa |
| SHA1 | 164b39feaf22ddf3e36c30eb41f0e1a6345c7e5d |
| SHA256 | 19dc47781da4ae5ab88d4c2cc67124f24a472da5009b7b292e4baf6c82486d7b |
| SHA512 | 1042b691bbac05763b186a54ddc9a5910bc5c5c9095e848e980b3bb271acf956ddd4e1893e0a40a04312a1ac547c2620a57a909269702d540f6fbf9be0b4cf4d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6852d6a9a62604229658669fdb266aff |
| SHA1 | 336fcc43e9e86397b5cd57068cb9806cc5d30087 |
| SHA256 | 4498a1c839760a5377521b05ba06f1ba8fb2655063d02491c58cd0b6d75b6c27 |
| SHA512 | 8d391afdc0e17883edd681b4bca45c3b14d6e3469436438a76d7f01d39e8f23e7394e0d405b2ea7239aac9c74515275db463e53fe4673a277e5e52cbcc7c8d8e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0cbc735faa7b2775b7f90f42d3d3a1ea |
| SHA1 | afb5e0c5ca20ab4221eb2a5ee8ce6f01682d3497 |
| SHA256 | 6255a6ac101adf3a18d3be84e9f265086644b6f5118d0bb304b25d4878363a74 |
| SHA512 | db8aab6e344b06c8ca67cf468c96f4c07299ba3ac39216d3f6ad366aa719c018e61e88cbc5e56a8acc0c1be206ced53e9c94bde30ae1693c56f968042fe19ef1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 219b9c69e6647d272476151db92c8df0 |
| SHA1 | 42693182a82e7df3657ad839849208344d499603 |
| SHA256 | 6e73925f0624bb30306f0bdf83d36e6d1cf729221bd8a5fb36b2bf32f3ee1d18 |
| SHA512 | 2201b294bd6a0df64b0fb46280d489e890ffc51dbd7ac4c1e8c6dc7d0f6d218064d05a1ed0ac0635e5fbaabd7b504cbee3e6c7e8ff40ca150e68c0dbef31efc3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 55eaafd3c43fa0670a9a04e4e0a97f5f |
| SHA1 | 11cea8f0413e4057e9b793814752c184c198e4a0 |
| SHA256 | bc6445a636bd01d29ef837b936527d54b28176254e227750bec3031653b05375 |
| SHA512 | d4c06e57315633fb35013364200e3941c46c5b30b24b0f79746dcc9e10fb9f350540b778729ea084ac00bd6ae0bd9e2c21d7a0fc815c768debf54b6a38918221 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7508f43a33aec73a42fe006e0f439111 |
| SHA1 | 77d2fb3dbc2059fe075797c54a8c05227f46929f |
| SHA256 | 2f41fe1b49d7f229ba83e78cbcac4c676d1698f7dd840754debedc6a1e4722db |
| SHA512 | a91d655c5136234c057b91be9fc99f460e1cc8f09dad0255af9338a88528031e67ee4ad65cf089acd07229616e2e9a6514b81ce0d7743a4adaaba6abe9fcf813 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9220becceed68f37b89731c46e42cd27 |
| SHA1 | 8dfe5fa2e9215e9ea8f595b90de7e745ab89491d |
| SHA256 | 5ef0d27dc307b7c27c1aeb2376c629c7559bf0f97e95e6430340cfc69fa7aa44 |
| SHA512 | b10f2c33e2a0cacd67851b68511c465e10c6925c85bccff6c0a04bd7e7d4e8e0b9f576834e6d5f2ce934ceb0cc47b9730109efc83be7392605ec03d5d29c313a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2f6d516ce948302800ae7e4413b2830 |
| SHA1 | 906dc0909e817187287901570a8db5537b81e770 |
| SHA256 | 795b36be81eef914de27e2505503ede58a56a5e8027e4b3ab243681daac1e986 |
| SHA512 | 76cc47226496cf6fc158fbd2dc06fae3b4e944eb6e126de38456e648a9560584fb612306c5521784de5ee6743543eaeb2ceb30df10b74c7d37e70d3c8b0988e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f91e6d24d2fce3f4397753fd717c6077 |
| SHA1 | ddf15a1d35afc695604603b0aee9e5b321cb1d4b |
| SHA256 | 9ad54414cff953078ae7d329132ccb1aff423e7512ce17e9b344e946b274239f |
| SHA512 | 75a27a431d579456c4ceed11b9e2794d1a91bf3c6b75f6df9bc99dc76038dd428f53aa4e696040391677bbcc5b71724ba08039393d2ec4f5a5e9b5e572daaa96 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3c6a04dc28e91bea17e13b660c91ecab |
| SHA1 | 8bc4bf0e95ef09dbf41fc12efc04be444a28f5db |
| SHA256 | 2e186ddbe3e2d08a4d2e0fe9e0da9a6238434cabe7d97c2d5ee5ec3508472bfa |
| SHA512 | e4582fd127bf957920a8df8386e138dd9359f76100473ed039ef9e290ecdcbb4ebe25a36ecd04357f360d00bb8fcb819bd2c08e4a739c9c08faf5b8a180e7394 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed32a0d339a7e866bd22a2560a909b55 |
| SHA1 | b56a24ec2a08e29fbe169f345fb5357c71a162c8 |
| SHA256 | 23eb4f6a0501a0d5f138067d6cfcdab96b48227770237f0bede04e607e9a385c |
| SHA512 | 4db7371dc6f2beb2426286e4f8b5c2f8256eb1784c144cd3e55f7e36040454e2fc86a07cccd40901357ea1ab967027993458716e0bc5e0e6f095314ee8712ac6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b5ea6673ed2a5ac954d6421190e43047 |
| SHA1 | 90733e28157a71683ba43fdef8a32674e870ccd0 |
| SHA256 | c0d5922c50ab91bde87b46abc9d03a96ea128daf9bb1ce74ebe7861601b74998 |
| SHA512 | 5147a26c60c4f8b1d03c6f182bbfdfa768b4cdecb89cd2fdf5a7973466cfe29fb4fa59ef9f40f97ce4702862359e8409a4ebdf1a309f29376b7488b72bf84deb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 75a117f21f5cb6f62d0c6f75ac147e52 |
| SHA1 | 9fdc817a11bdef4f43477bc5831ea187d3848971 |
| SHA256 | 08d967e94c11774c10c9b68b357150f0b6c959cdb99cfb0bf76b790e7adc2042 |
| SHA512 | d4f9550779f860f4c12a8175cfbc9ac4095afb70268a00aad5938fdf36d4648ff992f0674eafa16676242c69bce48f4b13774349d9e4f00256977371c269a4e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab82dd11dc6f8e977eda418548a46ceb |
| SHA1 | 972f362890ff842a594fde9a40a5d174f708faaa |
| SHA256 | 0ffad2be0a7f07438eda797e0e6b698d9344bded7a8b673b37704fc8d13c478e |
| SHA512 | ddd0dd9ed51d26dc9af9f1231a6f76dfbe0401e9fedea30125d2e0e1573fcd428378954cbe3326f8007ffec7e2229b949cb769ac966a47f5b3ac91a1b371fe54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb920f0bad5601eb91c62f882bb1385d |
| SHA1 | 9dfed0095c8a1751918ba787b15013d74536afb9 |
| SHA256 | fe0a0796ac57212ce513b0107f591ba730c161167a9aae103af882eca5aefed8 |
| SHA512 | bf3fcf9ffe3f0bdf400be332fe86e92c6c789ee5b7a3be186b247d0ed6171a3a3bf96659577eba3c6fbd39c635bd18e92f8862798f39a875c1882603dd757a81 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b29c96374c6a6cfbbb6857504ce8341 |
| SHA1 | 47802446d84d0e6b1fe0b94ba0a65a9b601b15d8 |
| SHA256 | 8e4bfa17585273ad4e30aed88942189ab90a92ca04658e26697cffcec7f5e75a |
| SHA512 | b27471a3b3d7fe9bdcc7d9a827d5fe6fecf59a6930b0c87d1b537602c3c5323127716c492482ca976a31735523666690b298d2db4ec6ad370cf402f3749d8de4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e60e93850203c8103fb534ee49905615 |
| SHA1 | a3ea6c35d1925beec6d84ae5b245eabb58fbaa24 |
| SHA256 | 749918ef0c8748944b012bc712a8d62446365c7abfaa27877e7ed4290536a7f7 |
| SHA512 | 61e17d5dd73393da82d23ae3c687f34e3323c607d89d773f59b4e838ebbf51685acdd7ae040dfdc57435d3d69eb494ababc1f0d3189678ca74f12b9f9a6f6713 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a35b74a438a67e1c022602e07b72bc1d |
| SHA1 | d35ea195e8b167cb9da980f3cacfbd1e3c646adb |
| SHA256 | 83e933972d1b406a002bda4ca476ee7f9339cf350c2386d6ae1737ba1880b81d |
| SHA512 | d0e4ccb43682aaa894fd717ef5c0cc7d295eec30f47cd69d1732c346efc84d7195d66692e1b4459364b13f8f4df3845a732806ec52f214b91f67127420abd3d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ff5e46bb531a40c747c8e5ec1a12731 |
| SHA1 | 59a2ca7a19d48ab896259f5f649b31ff482ed171 |
| SHA256 | ad35c4cc95aee0a1077ec2a9bbd180050a636347929cf3228042e31e146e9d18 |
| SHA512 | 2dcaf6eb2339463d1c21aa5b02e1ad93ef5f46da40fd98a9f648af4addcbe9ff063f07a069e309c85a090d153501539f769c89c710ed648d0a37029c097478a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63e5b19dbb73fd037091abed62d7ce39 |
| SHA1 | 5bbe33cdf799f0a9bf2bc173cb4aec457d77572f |
| SHA256 | 63492cb92568a6a6975b07c674177c13445b5eb331180578402bf7dc6603cd27 |
| SHA512 | 901a2270969e76215aa0d529ced52ba40a46d06dd776b71773b71419d688ec132a376f55d01eb443d0c3683b34bad476562b629526fe482b443c4741a94406dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2cff58189438323839cd912c559356b8 |
| SHA1 | 77f5de26a36d87ffeb43697eeb0e607863f0d8e5 |
| SHA256 | ff4219c612ab62c4f82407ff8d1a54d6a63a05b68ffa2c0293816c3a76edacff |
| SHA512 | f2b50586ad75a35bc4f0549c371151f65fabbea8cbea17cebf4ee333acfee7e2329f9b07f06badcabaf715ad27416844fa08b952f9bbabe7d6d1dd7cd86e8c78 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | abf6c528a18cfbd5297b1d5f6e9f6503 |
| SHA1 | 66881a30a0f1af5cc00aab5b430de65e2f0b4b7d |
| SHA256 | cef5a54d613f68f0c0f50f0339c49d6ebf5c3e0414db4e526790cfd104d7ba93 |
| SHA512 | c633565e065e5d8aac342c40adad9b2dd4bb6eeba2a89582206bc1d8f0aaffcbdd21a46264937496c691f1dc14de858cac069c9b34829ec63a2c48f83fff1a8f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4807dded068340d37833c0eccb59af64 |
| SHA1 | 3b0d8e1457597880d09d271f3221f93824f781c0 |
| SHA256 | 5a58eb5f92e24573097df83f6f127fa06c84d5aeea254aeb1a40988502baf2fc |
| SHA512 | 336ac45295fb24cb29a8d9a00bc3721482904376e8ee630651cf20de41e80df061ad606318b8f64c919bfe4b46c39948c4e2b7ce12e8d297274a0bbb7cc8b2a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a11f5a00cb99b16783661c40664fb52c |
| SHA1 | 70307a1ff0db111c1d26496149b7424ad1d0dfc5 |
| SHA256 | efcab3e6ae80690a517567d386ae852f587da82f03f559cf0f2110b31f821d6e |
| SHA512 | 7660b8f4d5e2581683d3cef4b59b2b445fea4ec0bd9dcdf9897c2a1630093b5c69e062df015bf86710ea84feaa6563504c723434e497273fd30eb0a678569b92 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 03be72de7d6061c797a42b1843c058d5 |
| SHA1 | f2df375731e74e96853141fb1e2db164ef3af68d |
| SHA256 | 734079c7ce0099dd0b3e58f1b3a799def9b11f4d5e2165821b5dc6cc6b70b439 |
| SHA512 | 52560cf0b8eed5cf74db983504ac10b387595499020230d925acf4f3385b24e69ff67913a62c01d9565cf1874bdf53c2e463f6474d5fa1c35d97cacdd56b6a79 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2556ab60ed6c283a907699cf3cd9381f |
| SHA1 | 5cd99b01bcdff691f441a949716e978cc7249576 |
| SHA256 | 503afd9e2e396ddbab21b4f573336c6b2e7fb53570de9f68124c030ffa66da3c |
| SHA512 | d9476dbfd4379cde95f117d74ae66bc69779da989b22992764754ded45f6a245e0894af80b52024822e8b4f7b5b4b924419d5d7a515569304d6a664a3dab86c3 |
Analysis: behavioral16
Detonation Overview
Submitted
2024-06-04 20:48
Reported
2024-06-04 20:50
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
143s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\home1099482986.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd6fe746f8,0x7ffd6fe74708,0x7ffd6fe74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2272,8624637803665034134,7851622517125009479,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2280 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2272,8624637803665034134,7851622517125009479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2272,8624637803665034134,7851622517125009479,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2576 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,8624637803665034134,7851622517125009479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,8624637803665034134,7851622517125009479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,8624637803665034134,7851622517125009479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2272,8624637803665034134,7851622517125009479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2272,8624637803665034134,7851622517125009479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,8624637803665034134,7851622517125009479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,8624637803665034134,7851622517125009479,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,8624637803665034134,7851622517125009479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,8624637803665034134,7851622517125009479,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2272,8624637803665034134,7851622517125009479,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.twimg.com | udp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | static.ads-twitter.com | udp |
| GB | 199.232.56.157:443 | static.ads-twitter.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.220.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.56.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | syndication.twitter.com | udp |
| US | 104.244.42.200:443 | syndication.twitter.com | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | 200.42.244.104.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ecdc2754d7d2ae862272153aa9b9ca6e |
| SHA1 | c19bed1c6e1c998b9fa93298639ad7961339147d |
| SHA256 | a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7 |
| SHA512 | cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2 |
\??\pipe\LOCAL\crashpad_1440_EQFURDZMULSWNKNW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2daa93382bba07cbc40af372d30ec576 |
| SHA1 | c5e709dc3e2e4df2ff841fbde3e30170e7428a94 |
| SHA256 | 1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30 |
| SHA512 | 65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 787d561a254bfbdde13db35aa9bfd802 |
| SHA1 | 610be6f465d8a678bfb270c75aad41f4bb2fbc0d |
| SHA256 | aea846258f75bb69eb93dea402da927fbd5069da052e4bf5373047aed8649bc6 |
| SHA512 | c5cd2cdd282f52f329a35ce07749e304eff3d7516c8a7f685171650305c12d73d96b58b1d425d1b9b9bb2da80ab54a8612077d3e2ad421dd634b6625aca6c451 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 16ac27bea1ffb00ccdd79a711a4e7b78 |
| SHA1 | 759e4cb01c6e71dcee759a62302e5a4fcf150e87 |
| SHA256 | d0e74e4c5ad1d8a38a9d9282931cb50fdcb012deadb3db4be2812cb86375e2c4 |
| SHA512 | f8cfa6df47a8cebfe5eb16a099bd8d6f3ffffdaeadaa84a4ac9a6048e6c56679c32c52964ca9157aa1a47db4825a2be2caaff9c49193fd7e7eb94dc61bb18dc0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7faec5affa2df4066ace41948da4f626 |
| SHA1 | 5967f1a98d3f418d7adfa57b7c1981e74ffdad33 |
| SHA256 | c5c2f7c45c44fb15fd68b8ef6cd5bf33f12ad0b9d2fccba4584be63e765fac90 |
| SHA512 | 69be2caf5c8dd527ccb1ae34bd545a820191db9e0b1f378078d62792caf6a0a8deae1014ddaa76d913922306a2489eaadb190d06b40bd8be0057c9cc03bc12c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ea5e500bcb69f0ef87cbe14aa6960809 |
| SHA1 | 0527013e91ebb58e1e30c7ad8227f49d37f7cd17 |
| SHA256 | defc048a0724b9e5ef76e746b13160149c9511aae1af665c4f5f7888a9fbf0d8 |
| SHA512 | f9ad3f049cb3e009459a8126b981629257e736a7ac86c77e6aa5867d7554cd514100eed84701df4503d3b95cd09e4419154464f3a2a94479f5be22dc1a9ac26e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | bcbc96dfb9da7db39528afa21c1c35eb |
| SHA1 | 2e0821ad6883e8fb13afd441315c582f4e6a6522 |
| SHA256 | f912bdde3d2f5f02513730a690a774dcb89c45215c72f73f393022d6588a7735 |
| SHA512 | 6457f7e23cfed821eda8eb3aee29083a7fffce2375bb3fc162f110be543f8545e3d5108f00b69fa253f1eb1359d3efc4deb71f512822769ea75c9f88c7062239 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-04 20:48
Reported
2024-06-04 20:50
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe | N/A |
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 996 wrote to memory of 4148 | N/A | C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\tc_sftp_uninstaller.exe | C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe |
| PID 996 wrote to memory of 4148 | N/A | C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\tc_sftp_uninstaller.exe | C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe |
| PID 996 wrote to memory of 4148 | N/A | C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\tc_sftp_uninstaller.exe | C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\tc_sftp_uninstaller.exe
"C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\tc_sftp_uninstaller.exe"
C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
"C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| BE | 88.221.83.202:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 52.111.229.48:443 | tcp | |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.73.42.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
| MD5 | e04b1bbeaff6221daf4d4ae0ed7fd00c |
| SHA1 | cbe6a9e349a6711dc9e040e15ec32345c1bb7aee |
| SHA256 | 36b1104781e2c77a1e76593e697ac99621f27db3bfd5c282f7ae3579bf510a5b |
| SHA512 | 2f8523b1fd5bed682dc841292a5523eabbd49fea71b1e088a5080c375ed8e67b22e95e60129516d96bd720845a1c27fd37fd993d1cadfd81296176f683066334 |
Analysis: behavioral9
Detonation Overview
Submitted
2024-06-04 20:48
Reported
2024-06-04 20:50
Platform
win7-20231129-en
Max time kernel
134s
Max time network
129s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423695958" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 306fcc95c0b6da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C0F25CB1-22B3-11EF-B459-56A82BE80DF6} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d95bd1ac89f88a45a7930a71cc4fdc79000000000200000000001066000000010000200000008934a76df39a8915dbad036d12a51b113b950cf6fcaa9cbaf8a445fd46b79ef3000000000e80000000020000200000006e1db0ba8cb467bc492885e47f634d4e872e30c2a43ccf3336ae1f588325c19a90000000ec9ddbf1aabf0a71e72b280af4abac35183768d28b4a7fc584788edbdca882cf70e31523b30cfeda609348b91af2ff47891b180e55c4a195142c4b7b82c01f2d492e14be271f2887060b565e3f9b894bda8d5ef46917b7b9b0127180e6fef2bdb3b978fc64d2e5f0d3a5d730df0a176570f7e851a5b5a133e0c21473b4db389221427a10d013d5e760c18f147972531840000000cb6145f982cac0ed67c59702d73b91f6907b5ba8112acaefd1349e25c667ac06c6292fd36c5f71b4519b35a380c26745cf242084af325b3f8151bf9c468b7b87 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d95bd1ac89f88a45a7930a71cc4fdc7900000000020000000000106600000001000020000000dca5fad2597e21fdff692bd1c2aa40527e6e467b9434584b2b525561f9c7fb4e000000000e80000000020000200000003b2407d61402898c1cea281a925486f05e8cdcff3719a7e5e9c916017bfbfbe02000000027f7b059a65de426c344b27d37aae06fbc8e13660402f4e01d24787ce725972c4000000006cdafbed719cb2b9b7c3ab7278c5a3be06b7adb79cabd51ba2bdf479684ba0538bb87cf5a44ee7596c67f2e5766506c243dd8574e152525d7b6ee7ac3bbbe7d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2868 wrote to memory of 2592 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2868 wrote to memory of 2592 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2868 wrote to memory of 2592 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2868 wrote to memory of 2592 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2611067143.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2868 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.028jiaxiao.net | udp |
| US | 202.5.18.17:80 | www.028jiaxiao.net | tcp |
| US | 202.5.18.17:80 | www.028jiaxiao.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 88.221.83.209:80 | www.bing.com | tcp |
| BE | 88.221.83.209:80 | www.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2FAE.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49194f816a08ea113f30e50b731493ca |
| SHA1 | 86c76c81c42ecb3e327808434baf5e54c8d1367d |
| SHA256 | 735f31bd0e5ae8c89750bd444b838ff7b6e601b77c15d345e0d7a08f87a68381 |
| SHA512 | c4af092e8882de6fce6dafec2bfdbb4ae7f3eb58b99f0727a3013855aa85c0bb80cc97f506bec20af23a087ffa312ec27949deac40766c9c4a9d334deda16d61 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d34e55adc38fe2c93c5339c108bed88 |
| SHA1 | 9ab9928f82fec202e3fd42f60600269cf1e4af41 |
| SHA256 | a553209de769fff1fb4d35554831e64215dfb85cb874790759fed927ad2e630f |
| SHA512 | 147ccc06191b21f66a7f8f1c598ee443e3b640531b273d305841ccd4b7c56e11e3040ea10acc56c0664f2f89e4e2e96bb58a3ecdd44211fd61efbc00b7e26d64 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 0d32aa6eb1c19c9d648fb3ca54ae0218 |
| SHA1 | 89f048afc68be25cb3707eb0e3949d6708a1c649 |
| SHA256 | b1a7ab3b880bd2b5427a15559bd34292d597fcdd6e9938e0f677c727df5069f4 |
| SHA512 | ba461e0bdaa65b95c2d576fbf643d1b0d8d0edf0757a1f570ad54a8ca061f33c35ee85027ecca04559c47eb075dab1d847740237fee2c16638b97aa2d0a94c30 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c986512897c1fa052d60dbdd5217c2b |
| SHA1 | 42fcd3af0369b0c0b391ef4b4e1a72c65b33eca1 |
| SHA256 | ef99db40aae4b2858c51648b1802c3aae54b308b5a50e26470c371fa3f19150e |
| SHA512 | 2515f70a5b987ed1733615f50812c9ad7230a3e657373f2cbbec8e5ff1c8a68714822091e56270c27109580208734af5a68a6b9661678fa3b72435507116af9a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 187e21157a0ac57ef5e9a9e38dfdbae0 |
| SHA1 | 6bdeaeaeb1da60e591047b064224202a7e9bbb82 |
| SHA256 | b786ff0d2db15950f148011260d78d159c793d7dcb71efe4a663865cccc28074 |
| SHA512 | 0fd8ae6a4ec145930c251dbdb5d7992cb0d2225f3e77b86e6c1336d6a08d981314fa8e67fb0b7fc72dffb46407bbe6a1f3d1a1aad72da6ed014852c4b7bc1fc8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1779f5d31144dcf7ae495b479c530c00 |
| SHA1 | a905d70f7bc51abba395dda39c2ec392d8f62b50 |
| SHA256 | 9e72d3a227267c3ad6756d4033c1c8f9cdc5e0d2d291d55312d2997fff4c8e18 |
| SHA512 | 25a15587f5ec879245969945fbe9307c27bc13097f78d58b0376b79abb36cd6526a72a049a68f075942f5b4cd8f1e682bebdd8e6c1679bb188b00b5f003b6484 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | a0c6244a7d6e451b9be8c10d3f354082 |
| SHA1 | fa3c4daa8da1c00b932c92f1f469404f392eea2a |
| SHA256 | 5bcbcc1d8325f9faf228fc90780f96a1b43eb5a1eee8a85e91a87357ca1b4822 |
| SHA512 | 186807ca554abf54ef27e02e7bb0b62a9b68f027381a128a68c99b6f18493ebe640424aaee38d047a3134d3d41a8870fd05616a5e76af01ff0ebe2519b35fb3a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e47083962ef2baed01411362ec186e7 |
| SHA1 | bd592c58c8e08e8c4d7d3b2c1d00b08d6d2ce112 |
| SHA256 | 243302c010a49d258231c80787c650a936988407f306fb5da75e40eb60d4e744 |
| SHA512 | 0414d44b21299e5e36ae552a8511dcc02a222f64c42c38af1061e6b8e9b6b2df96f199ff58fb1bcca5d100020ca51889606370814d9c24a9421a543a83acec74 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa761e240e09caee654b41d823e6fe46 |
| SHA1 | e9ec90dafc835414afd3574859779b0cedaf5c04 |
| SHA256 | 5cba25c66d594c092bb4be79a875de6b452e047f74879d4105bab197291a0340 |
| SHA512 | 7e3564cf9a9e0fd456758da0fba3033eb4ce6f9352d21331cc1b1abe056721e29c86f71cb71a955826035f5a2c8324470937e3939fc8d442ed0b353d7f393ac1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3967952e1435c4723c27106923e892d9 |
| SHA1 | cb06556305bf29fbc75e89f160a2b557ddac55e6 |
| SHA256 | ab693d650d87388c3ea8b8ba1b9638511ebb42b1bf76d98b903bd9f159b8a785 |
| SHA512 | f0497b763d02357ab4ea6cbfcc82c96ebcb72fc536df7e78061dc99fbc7aa6eea4d7255ed7b5f6d2c7a890492d62c99b0ec6b858c89e7c4dc0929e71dc719098 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f59a9379d3b0623036eb9b720742a26c |
| SHA1 | e0557c705cbd994776b9699b1cf13a7128cee864 |
| SHA256 | 34c100725bf674fb34d5c610b9b3b203da60f2542fa1221dd9881931e0e5dce5 |
| SHA512 | d921a07cdc85caba4f7eb0c67501feaba2df8e76e1aa58fe2bc9d88190559dd908dd26cbe6b06fd3f744caac926bbd3b4b2350eef50ce841a305d75cbefa71fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 28acfda044450e005e3a8df7c55dc9e1 |
| SHA1 | 2747122a834a7575067939b2a9ceef181706a6e9 |
| SHA256 | a7517ed9d4b55f1d0b76566a3e01d61606041e10a0c8fa1807ce126a66196d8a |
| SHA512 | 5bda22012f929071b796bf9fd88e13eeb424baae286087e78353fc1754126339e674076574549f492547c72aa1f5c640cd5dc61d4e1d3451618abd177871a17b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5cdce0b7c24226559915ffe379e7878b |
| SHA1 | 315d46c97403aa3c043717fa2a4215b74a5537cb |
| SHA256 | 54d43b3f373f3a9dc8302f5a8647b26f5fe200ab2906544495707145c5e928e0 |
| SHA512 | 8336bcb34a6ac240e39c0071507d3395de3ce6a15115f8d716d8daf872eb161cc35f8fcb1229a52a550e28f38e08fada316f540f13787625ce26a0551babd7c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 533748ab8f095a41dc3a27d1b2dac35f |
| SHA1 | c622d6410ca989da9864b9dfe8640ce8f3a57a28 |
| SHA256 | af804d1f1be588bca1efc202c590869e3510b97e5386d3e1a6bde193129b0a7e |
| SHA512 | 169e14686271757e79544bb4ad6d68649676fcc9494f16848136e443f8ff95dc08746a3300f494ba0bf9909f4abc2a5bb65564b0dce92270608c2eb89bab1a48 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 637a6f9da87ed2ff5c4e4c3e110f0470 |
| SHA1 | b83bb007c12c2d216195db9edf408493be012027 |
| SHA256 | 3a980c11012e970dce1f16656cea4cafb4c06e291915ac346dc1470b8a6ae5d1 |
| SHA512 | c1b21f59c5a1e72de98fa0622378d4409b035f58919eb77ba901a2bbe1988272e30037f349b96625b3abb6dabfa02aeeec637e2214277be3ba9a8ecd86bde16d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d14fc10d5302877ca49a5250e068176 |
| SHA1 | 03043fed920634d05b684025f46a078688dfdfec |
| SHA256 | 768a158ab01479566f786f92bf2aecb645bb5873a2e3d6d62b47384c23bce3de |
| SHA512 | 41dc42007686f420129d9c139b4aa678fdea9a25fc346e61faf59afa3e726bb198d50802d05c091f2894f46daed2bc47a8389fecb1e4ccc627b6cd6a9fe5d21d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b10c4a6f2d650c0f97cf1c95317816c4 |
| SHA1 | 745056f73be1e5b2a5e772e75735cb49b4d96465 |
| SHA256 | b7d963e6efa15072b8c31970f294f52a09a16e9612c1c096756672a7784de34a |
| SHA512 | d5893428c620792d8d37cae7ed2e3416d6da21880ce5da5872d450f5d150a74dd99ca10019a208688621730f6e31c851af66ec326563af7940f592a8e58574d8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4da2fc4f7c7af7d0fcd6f2371b128a52 |
| SHA1 | d829768ace4b09020577aba06a12ec30e54640a3 |
| SHA256 | a2b3ff428fa2c42a84b8caa94d1bad45a606fed8a5a89e90f56b1632145c2d47 |
| SHA512 | e1d60304a21ed7e61c5b2c155342dbe466c57c039a8755d0242c52f668e5c33982b00fce0e513d68b49e3e5b392f8bc6ca4b59034423b11f4253e6592ee745ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa13e3cb2fc5afc797f9c3ac77631269 |
| SHA1 | d4087dfe921f20b392dce68717db8267d0f725a5 |
| SHA256 | c7597b8c80877d8886935e4003b430a9c97d32f9309db9e12b33b75a54c26377 |
| SHA512 | 47cb94325d8f8b577004201ec9c546cf20b264dfeb1a3de1cf4d5e30b59c8d85876f50c89ffbf0e0aa5ceea7fbc1cb5b068f9801823b3c5aa2d442944c3c446e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf80f6176faa7c03793f7a8b9992544a |
| SHA1 | 9c4e9152882a8c1600b389b467586af042e8b6b1 |
| SHA256 | d2e600b26d79efaf309c178221254c1826499d7139995541780e2b6e46e9afc9 |
| SHA512 | 01d4450196dded6b7bff5c15ab04996af43ac2adfecb12ea0d0f6de02fc22b08951c78c7c3f0c44dc9d597cbd52848f0f4c5f0013a3932bafb5f7e29e53fb20b |
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-04 20:48
Reported
2024-06-04 20:50
Platform
win7-20240221-en
Max time kernel
117s
Max time network
119s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 224
Network
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-06-04 20:48
Reported
2024-06-04 20:50
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
147s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\contact-domains-org.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8517946f8,0x7ff851794708,0x7ff851794718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,15539264216658482789,10948392925263465387,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,15539264216658482789,10948392925263465387,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,15539264216658482789,10948392925263465387,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15539264216658482789,10948392925263465387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15539264216658482789,10948392925263465387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15539264216658482789,10948392925263465387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15539264216658482789,10948392925263465387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15539264216658482789,10948392925263465387,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,15539264216658482789,10948392925263465387,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,15539264216658482789,10948392925263465387,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15539264216658482789,10948392925263465387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15539264216658482789,10948392925263465387,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,15539264216658482789,10948392925263465387,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3232 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.domains.org | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 50.28.32.168:80 | www.domains.org | tcp |
| US | 50.28.32.168:80 | www.domains.org | tcp |
| US | 50.28.32.168:80 | www.domains.org | tcp |
| US | 50.28.32.168:80 | www.domains.org | tcp |
| US | 50.28.32.168:80 | www.domains.org | tcp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| BE | 104.68.81.91:80 | s7.addthis.com | tcp |
| BE | 104.68.81.91:443 | s7.addthis.com | tcp |
| US | 50.28.32.168:80 | www.domains.org | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 168.32.28.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.81.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | domains.org | udp |
| US | 50.28.32.168:80 | domains.org | tcp |
| US | 50.28.32.168:80 | domains.org | tcp |
| US | 50.28.32.168:80 | domains.org | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| BE | 88.221.83.217:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 217.83.221.88.in-addr.arpa | udp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_2720_KROOLSVZWDWXNAVH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 88b6c45cdc0c627bf7e7e732a0840471 |
| SHA1 | 67e0f875c9424e89889d3959a2be8b076082f4d4 |
| SHA256 | 7d1ec4a2c4031ce4ac7778f9ee73c15d422dc0c97fb493d1cce035c1467a1398 |
| SHA512 | fb73f68186fa76425f24c4cf21b33d5802d0a79a8acb404ea3cea5f61ff67a3d996207f53d9126dd0b462f1666815e6bad335a9f14482a399940687db0211621 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 58f7f005bbc602a4ad57b2ffd7026758 |
| SHA1 | 487c76abd946a34a4927fa0a640f469675b84f36 |
| SHA256 | 7352bdc335145fe57bff09ac88e93fbb52c88e932fb810674154eee925728ad1 |
| SHA512 | 20391738b3dc0e87d362bb57f16289fa832b51ebd4d18e96dfde37d0ce49b1f8a80bc0de7faba3a1e7656675ca957c806baf4ba2169c9c5dc597c75b8d58cda2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9ba0f630beda05528b60eb967886be90 |
| SHA1 | af6b355e427ccf80ee65c9361bdf2222ce34b72e |
| SHA256 | ace3c81ab6427ccba86a15d60d78501694a49ab0ca93587df8d1de752931e934 |
| SHA512 | e62b31bbcf9a6ef20247ac9763c769ce1e1dc2278902a74ff62057766a52692006f8b4ef9c5d7afe69c182eb680873428f0c5a2f3d52499d835a9b7e9e0988bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8374c13b00f0ae0fc1914ea6d4000fed |
| SHA1 | 4e83cef6d9876ec789a782d34306a9be7d5297dc |
| SHA256 | ed58fc132d1a194f066aa1c7118a338755ff7daec4dce458cddba3fe5641f331 |
| SHA512 | be6756c4e6d4281655dd8fe741295cecd13660aca8078f84f455c0a73237df2491dee4cabbf0aa4411cb223a83e48cdddadb5065d68e9ecd2572ac011d618ce0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6e3cd090a2457c0055f008d563051976 |
| SHA1 | a9a2f9bf50982339e16597635dd4c5c4f847a753 |
| SHA256 | 957b269d746332fa9afc5fcd3732129052c3db3145949b56ede32dc6fd577fad |
| SHA512 | 0e383d9694f0321db3e9fed0c4fe3b947804729adb07e990b627aafc662e3e30a5164e0f83181592238d02af7299bd723465944302029ee8034c4e19d85e3af6 |
Analysis: behavioral13
Detonation Overview
Submitted
2024-06-04 20:48
Reported
2024-06-04 20:50
Platform
win7-20240220-en
Max time kernel
120s
Max time network
122s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\home.js
Network
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-06-04 20:48
Reported
2024-06-04 20:50
Platform
win7-20240508-en
Max time kernel
133s
Max time network
131s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0df8e97c0b6da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000dc586f1fcd43b5dec659e4ab60f8e8f5ea58d245acfa49b6e482daeb7ce26d1c000000000e8000000002000020000000f4b26b2e6be7f03e2c215b31b1b1b446e798f12dfc3090814085a6c4782a284220000000c9e997ecf80c387012337e89c1a56582de3bb419c0b1f14d43ca646a15b96a1040000000463444b35c5d3d3b8a8b5ad951897a4d99e34d7b138acd99fa8638e512c514844c7d238b778ab6cbe29698eb16f4e2a02bc0fa65d75abf949d82eed61d88d5b1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C2D8A8E1-22B3-11EF-B44D-5A451966104F} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423695961" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000df3976a2e7ce1d631326aceeb1adf74ad665851c2006a307518f1405df5055ac000000000e8000000002000020000000a06207a490d6f1031e000adcc11840a12164e1b05ebdf19e71096fc734b39bea90000000dbc93cc3b3bdc0b9ef24aa19481fce318d91996cf8f07c7f15e409822fa9c324e7c8028e63163b9d700ddce736e6d15420c80f100ab3485aea39f1b1514bc6ee1617cec4f15b46098c96c4da9d96baf9e47baad1a97cd8f5da6ca11239a47fa2421b9fb43491a3c6b980aa02751c5f2ac5f6ea277f865f3bc570abb10e9cae1cde733574bafbb17c81b0272711ce6fce4000000017ec972240b2fefeffd8b7fa449de5e8d9e3a495033a45de8b58e9cc8d2b8d7da321836e8dcb31327581d69a3e3c064194b984973af3cec1d513acf5a967789e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2604 wrote to memory of 2296 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2604 wrote to memory of 2296 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2604 wrote to memory of 2296 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2604 wrote to memory of 2296 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\index1449123078.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2604 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab3A55.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3B17.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 45199d76173efd49319999e6921999fc |
| SHA1 | ef039556ae09ee94966911b325c7e96ca1b1747b |
| SHA256 | 3ee5f2c7a52887e1d1c8db076806e322dcf4acc57db25581682afa69bf86cfd8 |
| SHA512 | 8eb961431b65a521599c3c32d610dc102d9e48e5d59d38895ae3dcfdf6ea7f9750be54859b97acbc56beb510cc305067020f09ff81456a9c7cc55cf9cf65dfde |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b0fabb0131858d04fe1202aba08a3c87 |
| SHA1 | d8ddc6150898ff7575837907bdb442f20bd4c391 |
| SHA256 | 7fb9300112dd5ba6e237acae9835616114a540514190728c191293eb33309605 |
| SHA512 | 29910a4743f8354ddc4bd2ac650951b9892092ce5e283cad9367d4f61d34dcf7fcfdc6f458229de95890d9a36332862e8779cff17b47440b4b811fe96ae2b6af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 388c1d14005fabbc361ee5f137fd0128 |
| SHA1 | 35087915eefb1c2d06dc379f83c4d398559a6bb7 |
| SHA256 | 96dd559cd9ca17eca1c4c38d396be395bb92797f8aa69a50590daee22e58b5c1 |
| SHA512 | b6601792287a74acdfb79283007fa5ba86c831ab40a05d9683456ecd9b8777a4495095c814afbc9ef0a9774e3797d08ab1ed70b6aa2a19acbc1d32f1ce145460 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2cd2776bce12e094f281a8995098bf2d |
| SHA1 | 8bfbd11d00c533b5c9ede440d8d4c860dc19ebea |
| SHA256 | 1cc9248c64be3d9ca6e130864d014f8bca6b57cf4aaf3acbc62744368ef983e1 |
| SHA512 | a6152943f99536b48772ee804f1c3b543b3f835154da08b0fdbf3cd832cee5bc1739f6d76df19cb5141ada8020a3bb1277707d297031565941b802e7c8c5d6ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba406fd91c41815c851a4f779f66d04d |
| SHA1 | fa5eaa9a6bcb71a62677f83e536e4f296440df50 |
| SHA256 | a3ffdc718a91b42e85caf1d6c12edff81b38420c4a1d0bb47b235014776c5ce1 |
| SHA512 | c24e327778c5c777c91a5082cac425248b2a9d1fd4dde3bc35adffdb365e39e2cffa23ebdf0e95864df8886112bcd5a013f57d147e39fd1f68c719c8ecda59b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d57bf41621830fa8b46a0401b0867b1a |
| SHA1 | eb0a375f4822487366c29c182bf59d7750911c2d |
| SHA256 | 412419bc4ad1ba92771d8f8c0d6ca08eab0bb79263d25d90fabae47c0f8b50fc |
| SHA512 | 4deb5ae6cdda3e55e6e29afe83dcaac07427a034157971da4274b7a5d67ac25f4260af2759790c8d07fb1dbe799a855200428f6699b937464671f86f81d9380d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91bb647735b4f50e913469804d1380f8 |
| SHA1 | 487f50b8f96cce15f87a2b3eaba87c6b7cbe2f11 |
| SHA256 | 600f01f470f0e4beb1afec683a0f7bc8da0b926ad26023fe429edfa7b8c9ca23 |
| SHA512 | 4cfc99933292766bced97cc769765e995830f02a6e330cc5e77f32a4c8f314eae9d3b76bf547561d35dd8696155163695427b0b048e6cd47d92874e3d277cce5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 630d7c58b61291ec09eb660cdcdde218 |
| SHA1 | 861e07e72ee3cc771e31eafc5a8be26bf2fe1e50 |
| SHA256 | 137e19205ed28290ec55c260370a6e48f922217bf8784f988cf87d336d20360a |
| SHA512 | 9e51cc21db9e05ced28e68c7a0494b246a2a7c16fdfa924a9cdbdb1f5f42f0136a041279698c1133d1b775ccf04e3280b00013668b14190334785fba3ddc8aa4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dfec9eaeda60547ba41a868571088b65 |
| SHA1 | 6c56b6894bca9ae17a4e90550bb6f78b1d5095c8 |
| SHA256 | df534eccb46017f8c72f808cbb986eb889de4446355cbcc17d8408c672f930ee |
| SHA512 | 9165984175f3833499d4bd18cc849b8f706dda65688443c7a4b0d9f996adb5468a83b98ee417069885b3a0656f242a03905d23e6ac572dfb54e48a5d4e7a9310 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 54f074fe2acd6a8cb741cf6b3743de98 |
| SHA1 | 9b4c30f0722741d4f735267f89d9055fbc810b33 |
| SHA256 | df31f85fe997c51a779a675b1bc0375ad54f4eea1d2efb62a0e52877cdf443cc |
| SHA512 | afb273f01a293f831ff90aa5a366943f2ed2d6c8f9acd5db3cdf0e658a9f3a9163bf7aa9efcefee37a88c01093e102964f6400151d1d1e24715f0a00c4052b71 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49521af7f9ed3d74120f12a788c15797 |
| SHA1 | fd5d995051f1c50e3f1679023a47445704b9984c |
| SHA256 | 7e7996c98851b6e96e7be42985146d5a24dffccbea2d1a143145c33973253796 |
| SHA512 | 875e7a4a89a2be75c33f8266a206ec2e1123321160f3291e2a6383e1d5c4aa5b98baed13e6a1223b480f263f1f94e72475023dae9da608e56fe22044d94055a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f2b6f9000b221fd0a7ea9a59cff43c2 |
| SHA1 | 3c60b66e74f7162dbb1aed22b27efa94187485b0 |
| SHA256 | 65042c0dac25a79653e80423505ae686d7633dbf4a2de9883d639a6b67b312d1 |
| SHA512 | 6c3c36918d922746127e6b627728c3842c8168db800e1ddc6f0dc928c3e1b2a634ea71771a6ce0582db248ec88908fd11161b56ac31f70a4545ac1f1fe461be4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22879a401eda173186e17c64870fa060 |
| SHA1 | 65c5870f1c71fa5ec9101e205e1e015d4641b5ea |
| SHA256 | d33ce2ffbd156f6a0b26350a0d94bda16b6e321b93cf47baabfa19afb2c4fb0e |
| SHA512 | 58bfafd18aa7da7e5f71e4c85c8a3f8998345d596cda443482f0c9953ec3bf4c519533faec74ac7f032b32121e2f42ca99c7a2807ceba7a3a6453cc0e867eb64 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ffd9d114e86f9abab36f2ace80328717 |
| SHA1 | 5e9e6d4ab093d12ec322eb8993dee9c03791d157 |
| SHA256 | 1836abde9cb515a1634a56ee5713dcb2ac881aa04846a247769286959be9b941 |
| SHA512 | 1c53bfe2b42414bdbb8c2fa37060c3b6c85bf0fdd7b085c430e88a0fbcac7ca5617c8e0b40243a5b321c852073fbb991333883d674b244d43091e30add3c766b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | af1c856472f96f17c0c2f83814d6cbb6 |
| SHA1 | 80b0ef704aa0db05c01f5e1880437c4c829792d2 |
| SHA256 | a942a6545fd41b9e5a9c4622075059c54e37357c43060c62b25b99b2697d9e29 |
| SHA512 | 3643f5f2d11b8ff80ddf28ad60b05fe4eff9470f316ed8b81680c7172fa48a2c3ea01fb718a3191e6cb1086c6569e94b4b07ffcf3c7eff75171ddc0fdf91bc1f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a5e99382ee352b2fa4b6255d0845266b |
| SHA1 | c6afed7ad98f83a28eea8d6457b0f93ba4909daa |
| SHA256 | 1e82015f982ac387b10a2d04db56557524cd5adbd3c0be34717d0a6d5cc54186 |
| SHA512 | a6e694075d7ab5c51047dfe34d1fa036b9c42f1c653e8826c3e48f1750233b067d6b0e038e525f67ea556022931ed833567ee32304d4c12ece32968e87710028 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 02841b6ddad53aee47508f921a9d6166 |
| SHA1 | f676120d5a1be6a62637e5c29c543ddab13c533d |
| SHA256 | 32731f59ab985d776497369098184491c10639d7905402568965df500f57e26f |
| SHA512 | 8f2602ea9f5596e9d80c77c5435c9a4492294e7b4fb00bf71533cd5639771cfaa68dc2a9741a542de7933e4ab77a3aa3e339cf9c5479b4820a4824d2ff9b0624 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-04 20:48
Reported
2024-06-04 20:50
Platform
win10v2004-20240508-en
Max time kernel
92s
Max time network
96s
Command Line
Signatures
Loads dropped DLL
Enumerates physical storage devices
Processes
C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\nsp7801.tmp\System.dll
| MD5 | 3e6bf00b3ac976122f982ae2aadb1c51 |
| SHA1 | caab188f7fdc84d3fdcb2922edeeb5ed576bd31d |
| SHA256 | 4ff9b2678d698677c5d9732678f9cf53f17290e09d053691aac4cc6e6f595cbe |
| SHA512 | 1286f05e6a7e6b691f6e479638e7179897598e171b52eb3a3dc0e830415251069d29416b6d1ffc6d7dce8da5625e1479be06db9b7179e7776659c5c1ad6aa706 |
C:\Users\Admin\AppData\Local\Temp\nsp7801.tmp\InstallOptions.dll
| MD5 | f8d9d9418e6e1827ed2b53dd930e48fb |
| SHA1 | c78b0e5b274dbbfd032a0f3ed795d82d5ea617c8 |
| SHA256 | 2a2878b54550178144665d4c5f67309f71f1089679ae0f84fa419b8a309a88e4 |
| SHA512 | 510ac31f9e330ec2e6133c1cbe775a955b79b94dc5a84d94b2c59d9b513c35f3786ff8a7f706d04ec2503a4ffc16535624a34e0dcc53e91eedd2321691b617fc |
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-04 20:48
Reported
2024-06-04 20:50
Platform
win7-20240508-en
Max time kernel
122s
Max time network
127s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\InstallOptions.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\InstallOptions.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 244
Network
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-04 20:48
Reported
2024-06-04 20:50
Platform
win10v2004-20240508-en
Max time kernel
148s
Max time network
152s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2456 wrote to memory of 3812 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2456 wrote to memory of 3812 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2456 wrote to memory of 3812 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\InstallOptions.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\InstallOptions.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 3812 -ip 3812
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 636
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| BE | 88.221.83.202:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 202.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.15.104.51.in-addr.arpa | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-04 20:48
Reported
2024-06-04 20:50
Platform
win7-20240220-en
Max time kernel
118s
Max time network
120s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\tc_sftp_uninstaller.exe | N/A |
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2924 wrote to memory of 2908 | N/A | C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\tc_sftp_uninstaller.exe | C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe |
| PID 2924 wrote to memory of 2908 | N/A | C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\tc_sftp_uninstaller.exe | C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe |
| PID 2924 wrote to memory of 2908 | N/A | C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\tc_sftp_uninstaller.exe | C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe |
| PID 2924 wrote to memory of 2908 | N/A | C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\tc_sftp_uninstaller.exe | C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\tc_sftp_uninstaller.exe
"C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\tc_sftp_uninstaller.exe"
C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
"C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\
Network
Files
\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
| MD5 | e04b1bbeaff6221daf4d4ae0ed7fd00c |
| SHA1 | cbe6a9e349a6711dc9e040e15ec32345c1bb7aee |
| SHA256 | 36b1104781e2c77a1e76593e697ac99621f27db3bfd5c282f7ae3579bf510a5b |
| SHA512 | 2f8523b1fd5bed682dc841292a5523eabbd49fea71b1e088a5080c375ed8e67b22e95e60129516d96bd720845a1c27fd37fd993d1cadfd81296176f683066334 |
Analysis: behavioral14
Detonation Overview
Submitted
2024-06-04 20:48
Reported
2024-06-04 20:50
Platform
win10v2004-20240508-en
Max time kernel
133s
Max time network
102s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\home.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| BE | 88.221.83.184:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 184.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-06-04 20:48
Reported
2024-06-04 20:50
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
143s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\home1259317828.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffefd5946f8,0x7ffefd594708,0x7ffefd594718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,13713476781994838494,5924798979534812219,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,13713476781994838494,5924798979534812219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2520 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,13713476781994838494,5924798979534812219,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13713476781994838494,5924798979534812219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13713476781994838494,5924798979534812219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13713476781994838494,5924798979534812219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,13713476781994838494,5924798979534812219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,13713476781994838494,5924798979534812219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13713476781994838494,5924798979534812219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13713476781994838494,5924798979534812219,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13713476781994838494,5924798979534812219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13713476781994838494,5924798979534812219,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,13713476781994838494,5924798979534812219,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4800 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.twimg.com | udp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | static.ads-twitter.com | udp |
| GB | 199.232.56.157:443 | static.ads-twitter.com | tcp |
| US | 8.8.8.8:53 | 66.220.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.56.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | syndication.twitter.com | udp |
| US | 104.244.42.200:443 | syndication.twitter.com | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | 200.42.244.104.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_4312_DHHMIQMBBMSUCWCL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f49c0270738ff90fa8da9ba4fdb6c40d |
| SHA1 | a0d7f12a54a4ff75773a729dd093fd71cfa26eb8 |
| SHA256 | c772bac17902310037127039a099fd8fcaabbb2af31ffb9cbc5cb75209516e28 |
| SHA512 | 117a503b152138f97a30e3c5a1b4533d19ffe5f94bd4a00ee71a4608eba46083a6319b208783c51a352698b7c34819df7abd30940f3da07b99ea2eace0f83ab5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5f4a7dd8604dc048d7d393224550f674 |
| SHA1 | 9a49515daf51e0b1442682e243159b81eb0fe458 |
| SHA256 | 67154d2417e01daa1d9ed1a640a38770e5dbc22fb8085705dd71f6a75c492994 |
| SHA512 | cf2195c08e5b20085ae705d8c6aa9ace986ad8d2426ebe75c8500c14ecdd340c80287041516ca2457e09cdc63250669929a2f001cacebb489a7ad0dae2b97a4f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 483f92c5d3b25160881983901c0a783e |
| SHA1 | a5d73b8433a0524192049e1a7cfb096807f680f5 |
| SHA256 | 163e7064724d61323b46a00791a32abc95a1f81e3bfdbef58463d2311c4feb56 |
| SHA512 | a703ae954dd1d40571c0b95b3de8e0e803e6bc2ba800d0d7f6984e2d0cb64d02186013b1de1ec2cf6a3091234661de03a5a4c1d69662a6fd28e70ea3216d2dc5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4a59824c5686d91feb1c09b5d2ea37d6 |
| SHA1 | 30550f90cc60f53317185d445595dc8c234bc36d |
| SHA256 | 4386888238857836105629a5cee7ad7eed27f774cafa17572a9deecd31da3f8a |
| SHA512 | 647af92319407f68d6fae51486c72e56d2700148f07a506cac7f2ad72f325321e7dfed83c02a7099b77e2c4a5d416e4812a37cedf95b8fa210a4da2688a70666 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f68e94ec-c6d7-44d7-b887-613f1355ff97.tmp
| MD5 | bcbc96dfb9da7db39528afa21c1c35eb |
| SHA1 | 2e0821ad6883e8fb13afd441315c582f4e6a6522 |
| SHA256 | f912bdde3d2f5f02513730a690a774dcb89c45215c72f73f393022d6588a7735 |
| SHA512 | 6457f7e23cfed821eda8eb3aee29083a7fffce2375bb3fc162f110be543f8545e3d5108f00b69fa253f1eb1359d3efc4deb71f512822769ea75c9f88c7062239 |