Malware Analysis Report

2024-09-22 14:29

Sample ID 240604-zlfzmsbf68
Target 963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118
SHA256 6d50622e39a48dc8f46fdb91afe7af75939f1259243652e1c52b4217abf3ae1a
Tags
cerber defense_evasion discovery execution impact ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6d50622e39a48dc8f46fdb91afe7af75939f1259243652e1c52b4217abf3ae1a

Threat Level: Known bad

The file 963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

cerber defense_evasion discovery execution impact ransomware spyware stealer

Cerber

Deletes shadow copies

Blocklisted process makes network request

Contacts a large (517) amount of remote hosts

Reads user/profile data of web browsers

Loads dropped DLL

Deletes itself

Executes dropped EXE

Sets desktop wallpaper using registry

Suspicious use of SetThreadContext

Drops file in Program Files directory

Program crash

Enumerates physical storage devices

Command and Scripting Interpreter: JavaScript

Unsigned PE

Modifies Internet Explorer settings

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Runs ping.exe

Suspicious use of WriteProcessMemory

Kills process with taskkill

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: MapViewOfSection

Suspicious use of AdjustPrivilegeToken

Uses Volume Shadow Copy service COM API

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-04 20:48

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-06-04 20:48

Reported

2024-06-04 20:50

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

154s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\index1449123078.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 932 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 4604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 1836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 1836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 932 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\index1449123078.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe344246f8,0x7ffe34424708,0x7ffe34424718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,11190573247304807262,7487773141818312874,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,11190573247304807262,7487773141818312874,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,11190573247304807262,7487773141818312874,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11190573247304807262,7487773141818312874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11190573247304807262,7487773141818312874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,11190573247304807262,7487773141818312874,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,11190573247304807262,7487773141818312874,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11190573247304807262,7487773141818312874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11190573247304807262,7487773141818312874,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11190573247304807262,7487773141818312874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11190573247304807262,7487773141818312874,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,11190573247304807262,7487773141818312874,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4900 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
GB 216.58.213.14:445 www.google-analytics.com tcp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 216.239.38.178:139 www.google-analytics.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 26.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8b167567021ccb1a9fdf073fa9112ef0
SHA1 3baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA256 26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512 726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

\??\pipe\LOCAL\crashpad_932_VPIDBYYIIZJHDGZS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 537815e7cc5c694912ac0308147852e4
SHA1 2ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256 b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA512 63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d8f010d5f09e73b2217d24eb1aa74c61
SHA1 8921c8ae93b6e85ef8f1b1e6996611c5bf5c4bf4
SHA256 092b22af7b8488558c46682d53461b11dc098fb9d2de637e859519e41a225bd5
SHA512 895a99591efe2c194510abdc1de2a47c3f9233af22276e4c8ec45cdfeec22335464b653747fc93a40b892afaa46cddcc5cbed7546706790371c5be3890e940d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 761f5b41491fc49b39ae62f7aba4e4da
SHA1 91a13f419dac5d68d9ec7b17ea021ba04a810534
SHA256 5baf17e64155acedaf16056e177701afd0adc27e01c3b250c3989fb99160f8de
SHA512 890650596e5e717cc5f1dd02ac89c34136df93a5882e0730a9d69b6ac4779ffe905579a0e5d0f90266fab5305baed25303ce1361fd6c65f704a5e7f17a0b31ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c52aa002bdb2dfb1c2c2c05bc1c8d360
SHA1 bd136488fc661c0fa63fdf33414cd15bdf0691ae
SHA256 e8c386813943809136f13928715ab3b96082d99877a74b6652d04be4fd7b60b7
SHA512 4531bd59de84928a7310afdd8d0ff72ff641fad7c0c9497116a8b8e77723dc57bac3f17fd140a85162747434aa0b9dc48d7bb34a94505de527436f789cfab7c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-04 20:48

Reported

2024-06-04 20:50

Platform

win7-20240419-en

Max time kernel

121s

Max time network

144s

Command Line

"C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe"

Signatures

Cerber

ransomware cerber

Deletes shadow copies

ransomware defense_evasion impact execution

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A

Contacts a large (517) amount of remote hosts

discovery

Deletes itself

Description Indicator Process Target
N/A N/A C:\Windows\system32\cmd.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A

Reads user/profile data of web browsers

spyware stealer

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmpCA41.bmp" C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\PLANNERS.ONE C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\ACADEMIC.ONE C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\README.hta C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\BUSINESS.ONE C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\BLANK.ONE C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\DESIGNER.ONE C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A

Enumerates physical storage devices

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SysWOW64\mshta.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\system32\wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 840 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe
PID 840 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe
PID 840 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe
PID 840 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe
PID 840 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe
PID 2708 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe C:\Windows\system32\cmd.exe
PID 2708 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe C:\Windows\system32\cmd.exe
PID 2708 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe C:\Windows\system32\cmd.exe
PID 2708 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe C:\Windows\system32\cmd.exe
PID 2748 wrote to memory of 2672 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\wbem\WMIC.exe
PID 2748 wrote to memory of 2672 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\wbem\WMIC.exe
PID 2748 wrote to memory of 2672 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\wbem\WMIC.exe
PID 2708 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe C:\Windows\SysWOW64\mshta.exe
PID 2708 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe C:\Windows\SysWOW64\mshta.exe
PID 2708 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe C:\Windows\SysWOW64\mshta.exe
PID 2708 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe C:\Windows\SysWOW64\mshta.exe
PID 2708 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe C:\Windows\system32\cmd.exe
PID 2708 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe C:\Windows\system32\cmd.exe
PID 2708 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe C:\Windows\system32\cmd.exe
PID 2708 wrote to memory of 3060 N/A C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe C:\Windows\system32\cmd.exe
PID 3060 wrote to memory of 824 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 3060 wrote to memory of 824 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 3060 wrote to memory of 824 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 3060 wrote to memory of 1252 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\PING.EXE
PID 3060 wrote to memory of 1252 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\PING.EXE
PID 3060 wrote to memory of 1252 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\PING.EXE

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Windows\system32\wbem\WMIC.exe

C:\Windows\system32\wbem\wmic.exe shadowcopy delete

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Local\Temp\README.hta"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Windows\system32\taskkill.exe

taskkill /f /im "963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe"

C:\Windows\system32\PING.EXE

ping -n 1 127.0.0.1

Network

Country Destination Domain Proto
AM 31.184.234.0:6892 udp
AM 31.184.234.1:6892 udp
AM 31.184.234.2:6892 udp
AM 31.184.234.3:6892 udp
AM 31.184.234.4:6892 udp
AM 31.184.234.5:6892 udp
AM 31.184.234.6:6892 udp
AM 31.184.234.7:6892 udp
AM 31.184.234.8:6892 udp
AM 31.184.234.9:6892 udp
AM 31.184.234.10:6892 udp
AM 31.184.234.11:6892 udp
AM 31.184.234.12:6892 udp
AM 31.184.234.13:6892 udp
AM 31.184.234.14:6892 udp
AM 31.184.234.15:6892 udp
AM 31.184.234.16:6892 udp
AM 31.184.234.17:6892 udp
AM 31.184.234.18:6892 udp
AM 31.184.234.19:6892 udp
AM 31.184.234.20:6892 udp
AM 31.184.234.21:6892 udp
AM 31.184.234.22:6892 udp
AM 31.184.234.23:6892 udp
AM 31.184.234.24:6892 udp
AM 31.184.234.25:6892 udp
AM 31.184.234.26:6892 udp
AM 31.184.234.27:6892 udp
AM 31.184.234.28:6892 udp
AM 31.184.234.29:6892 udp
AM 31.184.234.30:6892 udp
AM 31.184.234.31:6892 udp
AM 31.184.234.32:6892 udp
AM 31.184.234.33:6892 udp
AM 31.184.234.34:6892 udp
AM 31.184.234.35:6892 udp
AM 31.184.234.36:6892 udp
AM 31.184.234.37:6892 udp
AM 31.184.234.38:6892 udp
AM 31.184.234.39:6892 udp
AM 31.184.234.40:6892 udp
AM 31.184.234.41:6892 udp
AM 31.184.234.42:6892 udp
AM 31.184.234.43:6892 udp
AM 31.184.234.44:6892 udp
AM 31.184.234.45:6892 udp
AM 31.184.234.46:6892 udp
AM 31.184.234.47:6892 udp
AM 31.184.234.48:6892 udp
AM 31.184.234.49:6892 udp
AM 31.184.234.50:6892 udp
AM 31.184.234.51:6892 udp
AM 31.184.234.52:6892 udp
AM 31.184.234.53:6892 udp
AM 31.184.234.54:6892 udp
AM 31.184.234.55:6892 udp
AM 31.184.234.56:6892 udp
AM 31.184.234.57:6892 udp
AM 31.184.234.58:6892 udp
AM 31.184.234.59:6892 udp
AM 31.184.234.60:6892 udp
AM 31.184.234.61:6892 udp
AM 31.184.234.62:6892 udp
AM 31.184.234.63:6892 udp
AM 31.184.234.64:6892 udp
AM 31.184.234.65:6892 udp
AM 31.184.234.66:6892 udp
AM 31.184.234.67:6892 udp
AM 31.184.234.68:6892 udp
AM 31.184.234.69:6892 udp
AM 31.184.234.70:6892 udp
AM 31.184.234.71:6892 udp
AM 31.184.234.72:6892 udp
AM 31.184.234.73:6892 udp
AM 31.184.234.74:6892 udp
AM 31.184.234.75:6892 udp
AM 31.184.234.76:6892 udp
AM 31.184.234.77:6892 udp
AM 31.184.234.78:6892 udp
AM 31.184.234.79:6892 udp
AM 31.184.234.80:6892 udp
AM 31.184.234.81:6892 udp
AM 31.184.234.82:6892 udp
AM 31.184.234.83:6892 udp
AM 31.184.234.84:6892 udp
AM 31.184.234.85:6892 udp
AM 31.184.234.86:6892 udp
AM 31.184.234.87:6892 udp
AM 31.184.234.88:6892 udp
AM 31.184.234.89:6892 udp
AM 31.184.234.90:6892 udp
AM 31.184.234.91:6892 udp
AM 31.184.234.92:6892 udp
AM 31.184.234.93:6892 udp
AM 31.184.234.94:6892 udp
AM 31.184.234.95:6892 udp
AM 31.184.234.96:6892 udp
AM 31.184.234.97:6892 udp
AM 31.184.234.98:6892 udp
AM 31.184.234.99:6892 udp
AM 31.184.234.100:6892 udp
AM 31.184.234.101:6892 udp
AM 31.184.234.102:6892 udp
AM 31.184.234.103:6892 udp
AM 31.184.234.104:6892 udp
AM 31.184.234.105:6892 udp
AM 31.184.234.106:6892 udp
AM 31.184.234.107:6892 udp
AM 31.184.234.108:6892 udp
AM 31.184.234.109:6892 udp
AM 31.184.234.110:6892 udp
AM 31.184.234.111:6892 udp
AM 31.184.234.112:6892 udp
AM 31.184.234.113:6892 udp
AM 31.184.234.114:6892 udp
AM 31.184.234.115:6892 udp
AM 31.184.234.116:6892 udp
AM 31.184.234.117:6892 udp
AM 31.184.234.118:6892 udp
AM 31.184.234.119:6892 udp
AM 31.184.234.120:6892 udp
AM 31.184.234.121:6892 udp
AM 31.184.234.122:6892 udp
AM 31.184.234.123:6892 udp
AM 31.184.234.124:6892 udp
AM 31.184.234.125:6892 udp
AM 31.184.234.126:6892 udp
AM 31.184.234.127:6892 udp
AM 31.184.234.128:6892 udp
AM 31.184.234.129:6892 udp
AM 31.184.234.130:6892 udp
AM 31.184.234.131:6892 udp
AM 31.184.234.132:6892 udp
AM 31.184.234.133:6892 udp
AM 31.184.234.134:6892 udp
AM 31.184.234.135:6892 udp
AM 31.184.234.136:6892 udp
AM 31.184.234.137:6892 udp
AM 31.184.234.138:6892 udp
AM 31.184.234.139:6892 udp
AM 31.184.234.140:6892 udp
AM 31.184.234.141:6892 udp
AM 31.184.234.142:6892 udp
AM 31.184.234.143:6892 udp
AM 31.184.234.144:6892 udp
AM 31.184.234.145:6892 udp
AM 31.184.234.146:6892 udp
AM 31.184.234.147:6892 udp
AM 31.184.234.148:6892 udp
AM 31.184.234.149:6892 udp
AM 31.184.234.150:6892 udp
AM 31.184.234.151:6892 udp
AM 31.184.234.152:6892 udp
AM 31.184.234.153:6892 udp
AM 31.184.234.154:6892 udp
AM 31.184.234.155:6892 udp
AM 31.184.234.156:6892 udp
AM 31.184.234.157:6892 udp
AM 31.184.234.158:6892 udp
AM 31.184.234.159:6892 udp
AM 31.184.234.160:6892 udp
AM 31.184.234.161:6892 udp
AM 31.184.234.162:6892 udp
AM 31.184.234.163:6892 udp
AM 31.184.234.164:6892 udp
AM 31.184.234.165:6892 udp
AM 31.184.234.166:6892 udp
AM 31.184.234.167:6892 udp
AM 31.184.234.168:6892 udp
AM 31.184.234.169:6892 udp
AM 31.184.234.170:6892 udp
AM 31.184.234.171:6892 udp
AM 31.184.234.172:6892 udp
AM 31.184.234.173:6892 udp
AM 31.184.234.174:6892 udp
AM 31.184.234.175:6892 udp
AM 31.184.234.176:6892 udp
AM 31.184.234.177:6892 udp
AM 31.184.234.178:6892 udp
AM 31.184.234.179:6892 udp
AM 31.184.234.180:6892 udp
AM 31.184.234.181:6892 udp
AM 31.184.234.182:6892 udp
AM 31.184.234.183:6892 udp
AM 31.184.234.184:6892 udp
AM 31.184.234.185:6892 udp
AM 31.184.234.186:6892 udp
AM 31.184.234.187:6892 udp
AM 31.184.234.188:6892 udp
AM 31.184.234.189:6892 udp
AM 31.184.234.190:6892 udp
AM 31.184.234.191:6892 udp
AM 31.184.234.192:6892 udp
AM 31.184.234.193:6892 udp
AM 31.184.234.194:6892 udp
AM 31.184.234.195:6892 udp
AM 31.184.234.196:6892 udp
AM 31.184.234.197:6892 udp
AM 31.184.234.198:6892 udp
AM 31.184.234.199:6892 udp
AM 31.184.234.200:6892 udp
AM 31.184.234.201:6892 udp
AM 31.184.234.202:6892 udp
AM 31.184.234.203:6892 udp
AM 31.184.234.204:6892 udp
AM 31.184.234.205:6892 udp
AM 31.184.234.206:6892 udp
AM 31.184.234.207:6892 udp
AM 31.184.234.208:6892 udp
AM 31.184.234.209:6892 udp
AM 31.184.234.210:6892 udp
AM 31.184.234.211:6892 udp
AM 31.184.234.212:6892 udp
AM 31.184.234.213:6892 udp
AM 31.184.234.214:6892 udp
AM 31.184.234.215:6892 udp
AM 31.184.234.216:6892 udp
AM 31.184.234.217:6892 udp
AM 31.184.234.218:6892 udp
AM 31.184.234.219:6892 udp
AM 31.184.234.220:6892 udp
AM 31.184.234.221:6892 udp
AM 31.184.234.222:6892 udp
AM 31.184.234.223:6892 udp
AM 31.184.234.224:6892 udp
AM 31.184.234.225:6892 udp
AM 31.184.234.226:6892 udp
AM 31.184.234.227:6892 udp
AM 31.184.234.228:6892 udp
AM 31.184.234.229:6892 udp
AM 31.184.234.230:6892 udp
AM 31.184.234.231:6892 udp
AM 31.184.234.232:6892 udp
AM 31.184.234.233:6892 udp
AM 31.184.234.234:6892 udp
AM 31.184.234.235:6892 udp
AM 31.184.234.236:6892 udp
AM 31.184.234.237:6892 udp
AM 31.184.234.238:6892 udp
AM 31.184.234.239:6892 udp
AM 31.184.234.240:6892 udp
AM 31.184.234.241:6892 udp
AM 31.184.234.242:6892 udp
AM 31.184.234.243:6892 udp
AM 31.184.234.244:6892 udp
AM 31.184.234.245:6892 udp
AM 31.184.234.246:6892 udp
AM 31.184.234.247:6892 udp
AM 31.184.234.248:6892 udp
AM 31.184.234.249:6892 udp
AM 31.184.234.250:6892 udp
AM 31.184.234.251:6892 udp
AM 31.184.234.252:6892 udp
AM 31.184.234.253:6892 udp
AM 31.184.234.254:6892 udp
AM 31.184.234.255:6892 udp
AM 31.184.235.0:6892 udp
AM 31.184.235.1:6892 udp
AM 31.184.235.2:6892 udp
AM 31.184.235.3:6892 udp
AM 31.184.235.4:6892 udp
AM 31.184.235.5:6892 udp
AM 31.184.235.6:6892 udp
AM 31.184.235.7:6892 udp
AM 31.184.235.8:6892 udp
AM 31.184.235.9:6892 udp
AM 31.184.235.10:6892 udp
AM 31.184.235.11:6892 udp
AM 31.184.235.12:6892 udp
AM 31.184.235.13:6892 udp
AM 31.184.235.14:6892 udp
AM 31.184.235.15:6892 udp
AM 31.184.235.16:6892 udp
AM 31.184.235.17:6892 udp
AM 31.184.235.18:6892 udp
AM 31.184.235.19:6892 udp
AM 31.184.235.20:6892 udp
AM 31.184.235.21:6892 udp
AM 31.184.235.22:6892 udp
AM 31.184.235.23:6892 udp
AM 31.184.235.24:6892 udp
AM 31.184.235.25:6892 udp
AM 31.184.235.26:6892 udp
AM 31.184.235.27:6892 udp
AM 31.184.235.28:6892 udp
AM 31.184.235.29:6892 udp
AM 31.184.235.30:6892 udp
AM 31.184.235.31:6892 udp
AM 31.184.235.32:6892 udp
AM 31.184.235.33:6892 udp
AM 31.184.235.34:6892 udp
AM 31.184.235.35:6892 udp
AM 31.184.235.36:6892 udp
AM 31.184.235.37:6892 udp
AM 31.184.235.38:6892 udp
AM 31.184.235.39:6892 udp
AM 31.184.235.40:6892 udp
AM 31.184.235.41:6892 udp
AM 31.184.235.42:6892 udp
AM 31.184.235.43:6892 udp
AM 31.184.235.44:6892 udp
AM 31.184.235.45:6892 udp
AM 31.184.235.46:6892 udp
AM 31.184.235.47:6892 udp
AM 31.184.235.48:6892 udp
AM 31.184.235.49:6892 udp
AM 31.184.235.50:6892 udp
AM 31.184.235.51:6892 udp
AM 31.184.235.52:6892 udp
AM 31.184.235.53:6892 udp
AM 31.184.235.54:6892 udp
AM 31.184.235.55:6892 udp
AM 31.184.235.56:6892 udp
AM 31.184.235.57:6892 udp
AM 31.184.235.58:6892 udp
AM 31.184.235.59:6892 udp
AM 31.184.235.60:6892 udp
AM 31.184.235.61:6892 udp
AM 31.184.235.62:6892 udp
AM 31.184.235.63:6892 udp
AM 31.184.235.64:6892 udp
AM 31.184.235.65:6892 udp
AM 31.184.235.66:6892 udp
AM 31.184.235.67:6892 udp
AM 31.184.235.68:6892 udp
AM 31.184.235.69:6892 udp
AM 31.184.235.70:6892 udp
AM 31.184.235.71:6892 udp
AM 31.184.235.72:6892 udp
AM 31.184.235.73:6892 udp
AM 31.184.235.74:6892 udp
AM 31.184.235.75:6892 udp
AM 31.184.235.76:6892 udp
AM 31.184.235.77:6892 udp
AM 31.184.235.78:6892 udp
AM 31.184.235.79:6892 udp
AM 31.184.235.80:6892 udp
AM 31.184.235.81:6892 udp
AM 31.184.235.82:6892 udp
AM 31.184.235.83:6892 udp
AM 31.184.235.84:6892 udp
AM 31.184.235.85:6892 udp
AM 31.184.235.86:6892 udp
AM 31.184.235.87:6892 udp
AM 31.184.235.88:6892 udp
AM 31.184.235.89:6892 udp
AM 31.184.235.90:6892 udp
AM 31.184.235.91:6892 udp
AM 31.184.235.92:6892 udp
AM 31.184.235.93:6892 udp
AM 31.184.235.94:6892 udp
AM 31.184.235.95:6892 udp
AM 31.184.235.96:6892 udp
AM 31.184.235.97:6892 udp
AM 31.184.235.98:6892 udp
AM 31.184.235.99:6892 udp
AM 31.184.235.100:6892 udp
AM 31.184.235.101:6892 udp
AM 31.184.235.102:6892 udp
AM 31.184.235.103:6892 udp
AM 31.184.235.104:6892 udp
AM 31.184.235.105:6892 udp
AM 31.184.235.106:6892 udp
AM 31.184.235.107:6892 udp
AM 31.184.235.108:6892 udp
AM 31.184.235.109:6892 udp
AM 31.184.235.110:6892 udp
AM 31.184.235.111:6892 udp
AM 31.184.235.112:6892 udp
AM 31.184.235.113:6892 udp
AM 31.184.235.114:6892 udp
AM 31.184.235.115:6892 udp
AM 31.184.235.116:6892 udp
AM 31.184.235.117:6892 udp
AM 31.184.235.118:6892 udp
AM 31.184.235.119:6892 udp
AM 31.184.235.120:6892 udp
AM 31.184.235.121:6892 udp
AM 31.184.235.122:6892 udp
AM 31.184.235.123:6892 udp
AM 31.184.235.124:6892 udp
AM 31.184.235.125:6892 udp
AM 31.184.235.126:6892 udp
AM 31.184.235.127:6892 udp
AM 31.184.235.128:6892 udp
AM 31.184.235.129:6892 udp
AM 31.184.235.130:6892 udp
AM 31.184.235.131:6892 udp
AM 31.184.235.132:6892 udp
AM 31.184.235.133:6892 udp
AM 31.184.235.134:6892 udp
AM 31.184.235.135:6892 udp
AM 31.184.235.136:6892 udp
AM 31.184.235.137:6892 udp
AM 31.184.235.138:6892 udp
AM 31.184.235.139:6892 udp
AM 31.184.235.140:6892 udp
AM 31.184.235.141:6892 udp
AM 31.184.235.142:6892 udp
AM 31.184.235.143:6892 udp
AM 31.184.235.144:6892 udp
AM 31.184.235.145:6892 udp
AM 31.184.235.146:6892 udp
AM 31.184.235.147:6892 udp
AM 31.184.235.148:6892 udp
AM 31.184.235.149:6892 udp
AM 31.184.235.150:6892 udp
AM 31.184.235.151:6892 udp
AM 31.184.235.152:6892 udp
AM 31.184.235.153:6892 udp
AM 31.184.235.154:6892 udp
AM 31.184.235.155:6892 udp
AM 31.184.235.156:6892 udp
AM 31.184.235.157:6892 udp
AM 31.184.235.158:6892 udp
AM 31.184.235.159:6892 udp
AM 31.184.235.160:6892 udp
AM 31.184.235.161:6892 udp
AM 31.184.235.162:6892 udp
AM 31.184.235.163:6892 udp
AM 31.184.235.164:6892 udp
AM 31.184.235.165:6892 udp
AM 31.184.235.166:6892 udp
AM 31.184.235.167:6892 udp
AM 31.184.235.168:6892 udp
AM 31.184.235.169:6892 udp
AM 31.184.235.170:6892 udp
AM 31.184.235.171:6892 udp
AM 31.184.235.172:6892 udp
AM 31.184.235.173:6892 udp
AM 31.184.235.174:6892 udp
AM 31.184.235.175:6892 udp
AM 31.184.235.176:6892 udp
AM 31.184.235.177:6892 udp
AM 31.184.235.178:6892 udp
AM 31.184.235.179:6892 udp
AM 31.184.235.180:6892 udp
AM 31.184.235.181:6892 udp
AM 31.184.235.182:6892 udp
AM 31.184.235.183:6892 udp
AM 31.184.235.184:6892 udp
AM 31.184.235.185:6892 udp
AM 31.184.235.186:6892 udp
AM 31.184.235.187:6892 udp
AM 31.184.235.188:6892 udp
AM 31.184.235.189:6892 udp
AM 31.184.235.190:6892 udp
AM 31.184.235.191:6892 udp
AM 31.184.235.192:6892 udp
AM 31.184.235.193:6892 udp
AM 31.184.235.194:6892 udp
AM 31.184.235.195:6892 udp
AM 31.184.235.196:6892 udp
AM 31.184.235.197:6892 udp
AM 31.184.235.198:6892 udp
AM 31.184.235.199:6892 udp
AM 31.184.235.200:6892 udp
AM 31.184.235.201:6892 udp
AM 31.184.235.202:6892 udp
AM 31.184.235.203:6892 udp
AM 31.184.235.204:6892 udp
AM 31.184.235.205:6892 udp
AM 31.184.235.206:6892 udp
AM 31.184.235.207:6892 udp
AM 31.184.235.208:6892 udp
AM 31.184.235.209:6892 udp
AM 31.184.235.210:6892 udp
AM 31.184.235.211:6892 udp
AM 31.184.235.212:6892 udp
AM 31.184.235.213:6892 udp
AM 31.184.235.214:6892 udp
AM 31.184.235.215:6892 udp
AM 31.184.235.216:6892 udp
AM 31.184.235.217:6892 udp
AM 31.184.235.218:6892 udp
AM 31.184.235.219:6892 udp
AM 31.184.235.220:6892 udp
AM 31.184.235.221:6892 udp
AM 31.184.235.222:6892 udp
AM 31.184.235.223:6892 udp
AM 31.184.235.224:6892 udp
AM 31.184.235.225:6892 udp
AM 31.184.235.226:6892 udp
AM 31.184.235.227:6892 udp
AM 31.184.235.228:6892 udp
AM 31.184.235.229:6892 udp
AM 31.184.235.230:6892 udp
AM 31.184.235.231:6892 udp
AM 31.184.235.232:6892 udp
AM 31.184.235.233:6892 udp
AM 31.184.235.234:6892 udp
AM 31.184.235.235:6892 udp
AM 31.184.235.236:6892 udp
AM 31.184.235.237:6892 udp
AM 31.184.235.238:6892 udp
AM 31.184.235.239:6892 udp
AM 31.184.235.240:6892 udp
AM 31.184.235.241:6892 udp
AM 31.184.235.242:6892 udp
AM 31.184.235.243:6892 udp
AM 31.184.235.244:6892 udp
AM 31.184.235.245:6892 udp
AM 31.184.235.246:6892 udp
AM 31.184.235.247:6892 udp
AM 31.184.235.248:6892 udp
AM 31.184.235.249:6892 udp
AM 31.184.235.250:6892 udp
AM 31.184.235.251:6892 udp
AM 31.184.235.252:6892 udp
AM 31.184.235.253:6892 udp
AM 31.184.235.254:6892 udp
AM 31.184.235.255:6892 udp
AM 31.184.234.0:6892 udp
AM 31.184.234.1:6892 udp
AM 31.184.234.2:6892 udp
AM 31.184.234.3:6892 udp
AM 31.184.234.4:6892 udp
AM 31.184.234.5:6892 udp
AM 31.184.234.6:6892 udp
AM 31.184.234.7:6892 udp
AM 31.184.234.8:6892 udp
AM 31.184.234.9:6892 udp
AM 31.184.234.10:6892 udp
AM 31.184.234.11:6892 udp
AM 31.184.234.12:6892 udp
AM 31.184.234.13:6892 udp
AM 31.184.234.14:6892 udp
AM 31.184.234.15:6892 udp
AM 31.184.234.16:6892 udp
AM 31.184.234.17:6892 udp
AM 31.184.234.18:6892 udp
AM 31.184.234.19:6892 udp
AM 31.184.234.20:6892 udp
AM 31.184.234.21:6892 udp
AM 31.184.234.22:6892 udp
AM 31.184.234.23:6892 udp
AM 31.184.234.24:6892 udp
AM 31.184.234.25:6892 udp
AM 31.184.234.26:6892 udp
AM 31.184.234.27:6892 udp
AM 31.184.234.28:6892 udp
AM 31.184.234.29:6892 udp
AM 31.184.234.30:6892 udp
AM 31.184.234.31:6892 udp
AM 31.184.234.32:6892 udp
AM 31.184.234.33:6892 udp
AM 31.184.234.34:6892 udp
AM 31.184.234.35:6892 udp
AM 31.184.234.36:6892 udp
AM 31.184.234.37:6892 udp
AM 31.184.234.38:6892 udp
AM 31.184.234.39:6892 udp
AM 31.184.234.40:6892 udp
AM 31.184.234.41:6892 udp
AM 31.184.234.42:6892 udp
AM 31.184.234.43:6892 udp
AM 31.184.234.44:6892 udp
AM 31.184.234.45:6892 udp
AM 31.184.234.46:6892 udp
AM 31.184.234.47:6892 udp
AM 31.184.234.48:6892 udp
AM 31.184.234.49:6892 udp
AM 31.184.234.50:6892 udp
AM 31.184.234.51:6892 udp
AM 31.184.234.52:6892 udp
AM 31.184.234.53:6892 udp
AM 31.184.234.54:6892 udp
AM 31.184.234.55:6892 udp
AM 31.184.234.56:6892 udp
AM 31.184.234.57:6892 udp
AM 31.184.234.58:6892 udp
AM 31.184.234.59:6892 udp
AM 31.184.234.60:6892 udp
AM 31.184.234.61:6892 udp
AM 31.184.234.62:6892 udp
AM 31.184.234.63:6892 udp
AM 31.184.234.64:6892 udp
AM 31.184.234.65:6892 udp
AM 31.184.234.66:6892 udp
AM 31.184.234.67:6892 udp
AM 31.184.234.68:6892 udp
AM 31.184.234.69:6892 udp
AM 31.184.234.70:6892 udp
AM 31.184.234.71:6892 udp
AM 31.184.234.72:6892 udp
AM 31.184.234.73:6892 udp
AM 31.184.234.74:6892 udp
AM 31.184.234.75:6892 udp
AM 31.184.234.76:6892 udp
AM 31.184.234.77:6892 udp
AM 31.184.234.78:6892 udp
AM 31.184.234.79:6892 udp
AM 31.184.234.80:6892 udp
AM 31.184.234.81:6892 udp
AM 31.184.234.82:6892 udp
AM 31.184.234.83:6892 udp
AM 31.184.234.84:6892 udp
AM 31.184.234.85:6892 udp
AM 31.184.234.86:6892 udp
AM 31.184.234.87:6892 udp
AM 31.184.234.88:6892 udp
AM 31.184.234.89:6892 udp
AM 31.184.234.90:6892 udp
AM 31.184.234.91:6892 udp
AM 31.184.234.92:6892 udp
AM 31.184.234.93:6892 udp
AM 31.184.234.94:6892 udp
AM 31.184.234.95:6892 udp
AM 31.184.234.96:6892 udp
AM 31.184.234.97:6892 udp
AM 31.184.234.98:6892 udp
AM 31.184.234.99:6892 udp
AM 31.184.234.100:6892 udp
AM 31.184.234.101:6892 udp
AM 31.184.234.102:6892 udp
AM 31.184.234.103:6892 udp
AM 31.184.234.104:6892 udp
AM 31.184.234.105:6892 udp
AM 31.184.234.106:6892 udp
AM 31.184.234.107:6892 udp
AM 31.184.234.108:6892 udp
AM 31.184.234.109:6892 udp
AM 31.184.234.110:6892 udp
AM 31.184.234.111:6892 udp
AM 31.184.234.112:6892 udp
AM 31.184.234.113:6892 udp
AM 31.184.234.114:6892 udp
AM 31.184.234.115:6892 udp
AM 31.184.234.116:6892 udp
AM 31.184.234.117:6892 udp
AM 31.184.234.118:6892 udp
AM 31.184.234.119:6892 udp
AM 31.184.234.120:6892 udp
AM 31.184.234.121:6892 udp
AM 31.184.234.122:6892 udp
AM 31.184.234.123:6892 udp
AM 31.184.234.124:6892 udp
AM 31.184.234.125:6892 udp
AM 31.184.234.126:6892 udp
AM 31.184.234.127:6892 udp
AM 31.184.234.128:6892 udp
AM 31.184.234.129:6892 udp
AM 31.184.234.130:6892 udp
AM 31.184.234.131:6892 udp
AM 31.184.234.132:6892 udp
AM 31.184.234.133:6892 udp
AM 31.184.234.134:6892 udp
AM 31.184.234.135:6892 udp
AM 31.184.234.136:6892 udp
AM 31.184.234.137:6892 udp
AM 31.184.234.138:6892 udp
AM 31.184.234.139:6892 udp
AM 31.184.234.140:6892 udp
AM 31.184.234.141:6892 udp
AM 31.184.234.142:6892 udp
AM 31.184.234.143:6892 udp
AM 31.184.234.144:6892 udp
AM 31.184.234.145:6892 udp
AM 31.184.234.146:6892 udp
AM 31.184.234.147:6892 udp
AM 31.184.234.148:6892 udp
AM 31.184.234.149:6892 udp
AM 31.184.234.150:6892 udp
AM 31.184.234.151:6892 udp
AM 31.184.234.152:6892 udp
AM 31.184.234.153:6892 udp
AM 31.184.234.154:6892 udp
AM 31.184.234.155:6892 udp
AM 31.184.234.156:6892 udp
AM 31.184.234.157:6892 udp
AM 31.184.234.158:6892 udp
AM 31.184.234.159:6892 udp
AM 31.184.234.160:6892 udp
AM 31.184.234.161:6892 udp
AM 31.184.234.162:6892 udp
AM 31.184.234.163:6892 udp
AM 31.184.234.164:6892 udp
AM 31.184.234.165:6892 udp
AM 31.184.234.166:6892 udp
AM 31.184.234.167:6892 udp
AM 31.184.234.168:6892 udp
AM 31.184.234.169:6892 udp
AM 31.184.234.170:6892 udp
AM 31.184.234.171:6892 udp
AM 31.184.234.172:6892 udp
AM 31.184.234.173:6892 udp
AM 31.184.234.174:6892 udp
AM 31.184.234.175:6892 udp
AM 31.184.234.176:6892 udp
AM 31.184.234.177:6892 udp
AM 31.184.234.178:6892 udp
AM 31.184.234.179:6892 udp
AM 31.184.234.180:6892 udp
AM 31.184.234.181:6892 udp
AM 31.184.234.182:6892 udp
AM 31.184.234.183:6892 udp
AM 31.184.234.184:6892 udp
AM 31.184.234.185:6892 udp
AM 31.184.234.186:6892 udp
AM 31.184.234.187:6892 udp
AM 31.184.234.188:6892 udp
AM 31.184.234.189:6892 udp
AM 31.184.234.190:6892 udp
AM 31.184.234.191:6892 udp
AM 31.184.234.192:6892 udp
AM 31.184.234.193:6892 udp
AM 31.184.234.194:6892 udp
AM 31.184.234.195:6892 udp
AM 31.184.234.196:6892 udp
AM 31.184.234.197:6892 udp
AM 31.184.234.198:6892 udp
AM 31.184.234.199:6892 udp
AM 31.184.234.200:6892 udp
AM 31.184.234.201:6892 udp
AM 31.184.234.202:6892 udp
AM 31.184.234.203:6892 udp
AM 31.184.234.204:6892 udp
AM 31.184.234.205:6892 udp
AM 31.184.234.206:6892 udp
AM 31.184.234.207:6892 udp
AM 31.184.234.208:6892 udp
AM 31.184.234.209:6892 udp
AM 31.184.234.210:6892 udp
AM 31.184.234.211:6892 udp
AM 31.184.234.212:6892 udp
AM 31.184.234.213:6892 udp
AM 31.184.234.214:6892 udp
AM 31.184.234.215:6892 udp
AM 31.184.234.216:6892 udp
AM 31.184.234.217:6892 udp
AM 31.184.234.218:6892 udp
AM 31.184.234.219:6892 udp
AM 31.184.234.220:6892 udp
AM 31.184.234.221:6892 udp
AM 31.184.234.222:6892 udp
AM 31.184.234.223:6892 udp
AM 31.184.234.224:6892 udp
AM 31.184.234.225:6892 udp
AM 31.184.234.226:6892 udp
AM 31.184.234.227:6892 udp
AM 31.184.234.228:6892 udp
AM 31.184.234.229:6892 udp
AM 31.184.234.230:6892 udp
AM 31.184.234.231:6892 udp
AM 31.184.234.232:6892 udp
AM 31.184.234.233:6892 udp
AM 31.184.234.234:6892 udp
AM 31.184.234.235:6892 udp
AM 31.184.234.236:6892 udp
AM 31.184.234.237:6892 udp
AM 31.184.234.238:6892 udp
AM 31.184.234.239:6892 udp
AM 31.184.234.240:6892 udp
AM 31.184.234.241:6892 udp
AM 31.184.234.242:6892 udp
AM 31.184.234.243:6892 udp
AM 31.184.234.244:6892 udp
AM 31.184.234.245:6892 udp
AM 31.184.234.246:6892 udp
AM 31.184.234.247:6892 udp
AM 31.184.234.248:6892 udp
AM 31.184.234.249:6892 udp
AM 31.184.234.250:6892 udp
AM 31.184.234.251:6892 udp
AM 31.184.234.252:6892 udp
AM 31.184.234.253:6892 udp
AM 31.184.234.254:6892 udp
AM 31.184.234.255:6892 udp
AM 31.184.235.0:6892 udp
AM 31.184.235.1:6892 udp
AM 31.184.235.2:6892 udp
AM 31.184.235.3:6892 udp
AM 31.184.235.4:6892 udp
AM 31.184.235.5:6892 udp
AM 31.184.235.6:6892 udp
AM 31.184.235.7:6892 udp
AM 31.184.235.8:6892 udp
AM 31.184.235.9:6892 udp
AM 31.184.235.10:6892 udp
AM 31.184.235.11:6892 udp
AM 31.184.235.12:6892 udp
AM 31.184.235.13:6892 udp
AM 31.184.235.14:6892 udp
AM 31.184.235.15:6892 udp
AM 31.184.235.16:6892 udp
AM 31.184.235.17:6892 udp
AM 31.184.235.18:6892 udp
AM 31.184.235.19:6892 udp
AM 31.184.235.20:6892 udp
AM 31.184.235.21:6892 udp
AM 31.184.235.22:6892 udp
AM 31.184.235.23:6892 udp
AM 31.184.235.24:6892 udp
AM 31.184.235.25:6892 udp
AM 31.184.235.26:6892 udp
AM 31.184.235.27:6892 udp
AM 31.184.235.28:6892 udp
AM 31.184.235.29:6892 udp
AM 31.184.235.30:6892 udp
AM 31.184.235.31:6892 udp
AM 31.184.235.32:6892 udp
AM 31.184.235.33:6892 udp
AM 31.184.235.34:6892 udp
AM 31.184.235.35:6892 udp
AM 31.184.235.36:6892 udp
AM 31.184.235.37:6892 udp
AM 31.184.235.38:6892 udp
AM 31.184.235.39:6892 udp
AM 31.184.235.40:6892 udp
AM 31.184.235.41:6892 udp
AM 31.184.235.42:6892 udp
AM 31.184.235.43:6892 udp
AM 31.184.235.44:6892 udp
AM 31.184.235.45:6892 udp
AM 31.184.235.46:6892 udp
AM 31.184.235.47:6892 udp
AM 31.184.235.48:6892 udp
AM 31.184.235.49:6892 udp
AM 31.184.235.50:6892 udp
AM 31.184.235.51:6892 udp
AM 31.184.235.52:6892 udp
AM 31.184.235.53:6892 udp
AM 31.184.235.54:6892 udp
AM 31.184.235.55:6892 udp
AM 31.184.235.56:6892 udp
AM 31.184.235.57:6892 udp
AM 31.184.235.58:6892 udp
AM 31.184.235.59:6892 udp
AM 31.184.235.60:6892 udp
AM 31.184.235.61:6892 udp
AM 31.184.235.62:6892 udp
AM 31.184.235.63:6892 udp
AM 31.184.235.64:6892 udp
AM 31.184.235.65:6892 udp
AM 31.184.235.66:6892 udp
AM 31.184.235.67:6892 udp
AM 31.184.235.68:6892 udp
AM 31.184.235.69:6892 udp
AM 31.184.235.70:6892 udp
AM 31.184.235.71:6892 udp
AM 31.184.235.72:6892 udp
AM 31.184.235.73:6892 udp
AM 31.184.235.74:6892 udp
AM 31.184.235.75:6892 udp
AM 31.184.235.76:6892 udp
AM 31.184.235.77:6892 udp
AM 31.184.235.78:6892 udp
AM 31.184.235.79:6892 udp
AM 31.184.235.80:6892 udp
AM 31.184.235.81:6892 udp
AM 31.184.235.82:6892 udp
AM 31.184.235.83:6892 udp
AM 31.184.235.84:6892 udp
AM 31.184.235.85:6892 udp
AM 31.184.235.86:6892 udp
AM 31.184.235.87:6892 udp
AM 31.184.235.88:6892 udp
AM 31.184.235.89:6892 udp
AM 31.184.235.90:6892 udp
AM 31.184.235.91:6892 udp
AM 31.184.235.92:6892 udp
AM 31.184.235.93:6892 udp
AM 31.184.235.94:6892 udp
AM 31.184.235.95:6892 udp
AM 31.184.235.96:6892 udp
AM 31.184.235.97:6892 udp
AM 31.184.235.98:6892 udp
AM 31.184.235.99:6892 udp
AM 31.184.235.100:6892 udp
AM 31.184.235.101:6892 udp
AM 31.184.235.102:6892 udp
AM 31.184.235.103:6892 udp
AM 31.184.235.104:6892 udp
AM 31.184.235.105:6892 udp
AM 31.184.235.106:6892 udp
AM 31.184.235.107:6892 udp
AM 31.184.235.108:6892 udp
AM 31.184.235.109:6892 udp
AM 31.184.235.110:6892 udp
AM 31.184.235.111:6892 udp
AM 31.184.235.112:6892 udp
AM 31.184.235.113:6892 udp
AM 31.184.235.114:6892 udp
AM 31.184.235.115:6892 udp
AM 31.184.235.116:6892 udp
AM 31.184.235.117:6892 udp
AM 31.184.235.118:6892 udp
AM 31.184.235.119:6892 udp
AM 31.184.235.120:6892 udp
AM 31.184.235.121:6892 udp
AM 31.184.235.122:6892 udp
AM 31.184.235.123:6892 udp
AM 31.184.235.124:6892 udp
AM 31.184.235.125:6892 udp
AM 31.184.235.126:6892 udp
AM 31.184.235.127:6892 udp
AM 31.184.235.128:6892 udp
AM 31.184.235.129:6892 udp
AM 31.184.235.130:6892 udp
AM 31.184.235.131:6892 udp
AM 31.184.235.132:6892 udp
AM 31.184.235.133:6892 udp
AM 31.184.235.134:6892 udp
AM 31.184.235.135:6892 udp
AM 31.184.235.136:6892 udp
AM 31.184.235.137:6892 udp
AM 31.184.235.138:6892 udp
AM 31.184.235.139:6892 udp
AM 31.184.235.140:6892 udp
AM 31.184.235.141:6892 udp
AM 31.184.235.142:6892 udp
AM 31.184.235.143:6892 udp
AM 31.184.235.144:6892 udp
AM 31.184.235.145:6892 udp
AM 31.184.235.146:6892 udp
AM 31.184.235.147:6892 udp
AM 31.184.235.148:6892 udp
AM 31.184.235.149:6892 udp
AM 31.184.235.150:6892 udp
AM 31.184.235.151:6892 udp
AM 31.184.235.152:6892 udp
AM 31.184.235.153:6892 udp
AM 31.184.235.154:6892 udp
AM 31.184.235.155:6892 udp
AM 31.184.235.156:6892 udp
AM 31.184.235.157:6892 udp
AM 31.184.235.158:6892 udp
AM 31.184.235.159:6892 udp
AM 31.184.235.160:6892 udp
AM 31.184.235.161:6892 udp
AM 31.184.235.162:6892 udp
AM 31.184.235.163:6892 udp
AM 31.184.235.164:6892 udp
AM 31.184.235.165:6892 udp
AM 31.184.235.166:6892 udp
AM 31.184.235.167:6892 udp
AM 31.184.235.168:6892 udp
AM 31.184.235.169:6892 udp
AM 31.184.235.170:6892 udp
AM 31.184.235.171:6892 udp
AM 31.184.235.172:6892 udp
AM 31.184.235.173:6892 udp
AM 31.184.235.174:6892 udp
AM 31.184.235.175:6892 udp
AM 31.184.235.176:6892 udp
AM 31.184.235.177:6892 udp
AM 31.184.235.178:6892 udp
AM 31.184.235.179:6892 udp
AM 31.184.235.180:6892 udp
AM 31.184.235.181:6892 udp
AM 31.184.235.182:6892 udp
AM 31.184.235.183:6892 udp
AM 31.184.235.184:6892 udp
AM 31.184.235.185:6892 udp
AM 31.184.235.186:6892 udp
AM 31.184.235.187:6892 udp
AM 31.184.235.188:6892 udp
AM 31.184.235.189:6892 udp
AM 31.184.235.190:6892 udp
AM 31.184.235.191:6892 udp
AM 31.184.235.192:6892 udp
AM 31.184.235.193:6892 udp
AM 31.184.235.194:6892 udp
AM 31.184.235.195:6892 udp
AM 31.184.235.196:6892 udp
AM 31.184.235.197:6892 udp
AM 31.184.235.198:6892 udp
AM 31.184.235.199:6892 udp
AM 31.184.235.200:6892 udp
AM 31.184.235.201:6892 udp
AM 31.184.235.202:6892 udp
AM 31.184.235.203:6892 udp
AM 31.184.235.204:6892 udp
AM 31.184.235.205:6892 udp
AM 31.184.235.206:6892 udp
AM 31.184.235.207:6892 udp
AM 31.184.235.208:6892 udp
AM 31.184.235.209:6892 udp
AM 31.184.235.210:6892 udp
AM 31.184.235.211:6892 udp
AM 31.184.235.212:6892 udp
AM 31.184.235.213:6892 udp
AM 31.184.235.214:6892 udp
AM 31.184.235.215:6892 udp
AM 31.184.235.216:6892 udp
AM 31.184.235.217:6892 udp
AM 31.184.235.218:6892 udp
AM 31.184.235.219:6892 udp
AM 31.184.235.220:6892 udp
AM 31.184.235.221:6892 udp
AM 31.184.235.222:6892 udp
AM 31.184.235.223:6892 udp
AM 31.184.235.224:6892 udp
AM 31.184.235.225:6892 udp
AM 31.184.235.226:6892 udp
AM 31.184.235.227:6892 udp
AM 31.184.235.228:6892 udp
AM 31.184.235.229:6892 udp
AM 31.184.235.230:6892 udp
AM 31.184.235.231:6892 udp
AM 31.184.235.232:6892 udp
AM 31.184.235.233:6892 udp
AM 31.184.235.234:6892 udp
AM 31.184.235.235:6892 udp
AM 31.184.235.236:6892 udp
AM 31.184.235.237:6892 udp
AM 31.184.235.238:6892 udp
AM 31.184.235.239:6892 udp
AM 31.184.235.240:6892 udp
AM 31.184.235.241:6892 udp
AM 31.184.235.242:6892 udp
AM 31.184.235.243:6892 udp
AM 31.184.235.244:6892 udp
AM 31.184.235.245:6892 udp
AM 31.184.235.246:6892 udp
AM 31.184.235.247:6892 udp
AM 31.184.235.248:6892 udp
AM 31.184.235.249:6892 udp
AM 31.184.235.250:6892 udp
AM 31.184.235.251:6892 udp
AM 31.184.235.252:6892 udp
AM 31.184.235.253:6892 udp
AM 31.184.235.254:6892 udp
AM 31.184.235.255:6892 udp
AM 31.184.234.0:6892 udp
AM 31.184.234.1:6892 udp
AM 31.184.234.2:6892 udp
AM 31.184.234.3:6892 udp
AM 31.184.234.4:6892 udp
AM 31.184.234.5:6892 udp
AM 31.184.234.6:6892 udp
AM 31.184.234.7:6892 udp
AM 31.184.234.8:6892 udp
AM 31.184.234.9:6892 udp
AM 31.184.234.10:6892 udp
AM 31.184.234.11:6892 udp
AM 31.184.234.12:6892 udp
AM 31.184.234.13:6892 udp
AM 31.184.234.14:6892 udp
AM 31.184.234.15:6892 udp
AM 31.184.234.16:6892 udp
AM 31.184.234.17:6892 udp
AM 31.184.234.18:6892 udp
AM 31.184.234.19:6892 udp
AM 31.184.234.20:6892 udp
AM 31.184.234.21:6892 udp
AM 31.184.234.22:6892 udp
AM 31.184.234.23:6892 udp
AM 31.184.234.24:6892 udp
AM 31.184.234.25:6892 udp
AM 31.184.234.26:6892 udp
AM 31.184.234.27:6892 udp
AM 31.184.234.28:6892 udp
AM 31.184.234.29:6892 udp
AM 31.184.234.30:6892 udp
AM 31.184.234.31:6892 udp
AM 31.184.234.32:6892 udp
AM 31.184.234.33:6892 udp
AM 31.184.234.34:6892 udp
AM 31.184.234.35:6892 udp
AM 31.184.234.36:6892 udp
AM 31.184.234.37:6892 udp
AM 31.184.234.38:6892 udp
AM 31.184.234.39:6892 udp
AM 31.184.234.40:6892 udp
AM 31.184.234.41:6892 udp
AM 31.184.234.42:6892 udp
AM 31.184.234.43:6892 udp
AM 31.184.234.44:6892 udp
AM 31.184.234.45:6892 udp
AM 31.184.234.46:6892 udp
AM 31.184.234.47:6892 udp
AM 31.184.234.48:6892 udp
AM 31.184.234.49:6892 udp
AM 31.184.234.50:6892 udp
AM 31.184.234.51:6892 udp
AM 31.184.234.52:6892 udp
AM 31.184.234.53:6892 udp
AM 31.184.234.54:6892 udp
AM 31.184.234.55:6892 udp
AM 31.184.234.56:6892 udp
AM 31.184.234.57:6892 udp
AM 31.184.234.58:6892 udp
AM 31.184.234.59:6892 udp
AM 31.184.234.60:6892 udp
AM 31.184.234.61:6892 udp
AM 31.184.234.62:6892 udp
AM 31.184.234.63:6892 udp
AM 31.184.234.64:6892 udp
AM 31.184.234.65:6892 udp
AM 31.184.234.66:6892 udp
AM 31.184.234.67:6892 udp
AM 31.184.234.68:6892 udp
AM 31.184.234.69:6892 udp
AM 31.184.234.70:6892 udp
AM 31.184.234.71:6892 udp
AM 31.184.234.72:6892 udp
AM 31.184.234.73:6892 udp
AM 31.184.234.74:6892 udp
AM 31.184.234.75:6892 udp
AM 31.184.234.76:6892 udp
AM 31.184.234.77:6892 udp
AM 31.184.234.78:6892 udp
AM 31.184.234.79:6892 udp
AM 31.184.234.80:6892 udp
AM 31.184.234.81:6892 udp
AM 31.184.234.82:6892 udp
AM 31.184.234.83:6892 udp
AM 31.184.234.84:6892 udp
AM 31.184.234.85:6892 udp
AM 31.184.234.86:6892 udp
AM 31.184.234.87:6892 udp
AM 31.184.234.88:6892 udp
AM 31.184.234.89:6892 udp
AM 31.184.234.90:6892 udp
AM 31.184.234.91:6892 udp
AM 31.184.234.92:6892 udp
AM 31.184.234.93:6892 udp
AM 31.184.234.94:6892 udp
AM 31.184.234.95:6892 udp
AM 31.184.234.96:6892 udp
AM 31.184.234.97:6892 udp
AM 31.184.234.98:6892 udp
AM 31.184.234.99:6892 udp
AM 31.184.234.100:6892 udp
AM 31.184.234.101:6892 udp
AM 31.184.234.102:6892 udp
AM 31.184.234.103:6892 udp
AM 31.184.234.104:6892 udp
AM 31.184.234.105:6892 udp
AM 31.184.234.106:6892 udp
AM 31.184.234.107:6892 udp
AM 31.184.234.108:6892 udp
AM 31.184.234.109:6892 udp
AM 31.184.234.110:6892 udp
AM 31.184.234.111:6892 udp
AM 31.184.234.112:6892 udp
AM 31.184.234.113:6892 udp
AM 31.184.234.114:6892 udp
AM 31.184.234.115:6892 udp
AM 31.184.234.116:6892 udp
AM 31.184.234.117:6892 udp
AM 31.184.234.118:6892 udp
AM 31.184.234.119:6892 udp
AM 31.184.234.120:6892 udp
AM 31.184.234.121:6892 udp
AM 31.184.234.122:6892 udp
AM 31.184.234.123:6892 udp
AM 31.184.234.124:6892 udp
AM 31.184.234.125:6892 udp
AM 31.184.234.126:6892 udp
AM 31.184.234.127:6892 udp
AM 31.184.234.128:6892 udp
AM 31.184.234.129:6892 udp
AM 31.184.234.130:6892 udp
AM 31.184.234.131:6892 udp
AM 31.184.234.132:6892 udp
AM 31.184.234.133:6892 udp
AM 31.184.234.134:6892 udp
AM 31.184.234.135:6892 udp
AM 31.184.234.136:6892 udp
AM 31.184.234.137:6892 udp
AM 31.184.234.138:6892 udp
AM 31.184.234.139:6892 udp
AM 31.184.234.140:6892 udp
AM 31.184.234.141:6892 udp
AM 31.184.234.142:6892 udp
AM 31.184.234.143:6892 udp
AM 31.184.234.144:6892 udp
AM 31.184.234.145:6892 udp
AM 31.184.234.146:6892 udp
AM 31.184.234.147:6892 udp
AM 31.184.234.148:6892 udp
AM 31.184.234.149:6892 udp
AM 31.184.234.150:6892 udp
AM 31.184.234.151:6892 udp
AM 31.184.234.152:6892 udp
AM 31.184.234.153:6892 udp
AM 31.184.234.154:6892 udp
AM 31.184.234.155:6892 udp
AM 31.184.234.156:6892 udp
AM 31.184.234.157:6892 udp
AM 31.184.234.158:6892 udp
AM 31.184.234.159:6892 udp
AM 31.184.234.160:6892 udp
AM 31.184.234.161:6892 udp
AM 31.184.234.162:6892 udp
AM 31.184.234.163:6892 udp
AM 31.184.234.164:6892 udp
AM 31.184.234.165:6892 udp
AM 31.184.234.166:6892 udp
AM 31.184.234.167:6892 udp
AM 31.184.234.168:6892 udp
AM 31.184.234.169:6892 udp
AM 31.184.234.170:6892 udp
AM 31.184.234.171:6892 udp
AM 31.184.234.172:6892 udp
AM 31.184.234.173:6892 udp
AM 31.184.234.174:6892 udp
AM 31.184.234.175:6892 udp
AM 31.184.234.176:6892 udp
AM 31.184.234.177:6892 udp
AM 31.184.234.178:6892 udp
AM 31.184.234.179:6892 udp
AM 31.184.234.180:6892 udp
AM 31.184.234.181:6892 udp
AM 31.184.234.182:6892 udp
AM 31.184.234.183:6892 udp
AM 31.184.234.184:6892 udp
AM 31.184.234.185:6892 udp
AM 31.184.234.186:6892 udp
AM 31.184.234.187:6892 udp
AM 31.184.234.188:6892 udp
AM 31.184.234.189:6892 udp
AM 31.184.234.190:6892 udp
AM 31.184.234.191:6892 udp
AM 31.184.234.192:6892 udp
AM 31.184.234.193:6892 udp
AM 31.184.234.194:6892 udp
AM 31.184.234.195:6892 udp
AM 31.184.234.196:6892 udp
AM 31.184.234.197:6892 udp
AM 31.184.234.198:6892 udp
AM 31.184.234.199:6892 udp
AM 31.184.234.200:6892 udp
AM 31.184.234.201:6892 udp
AM 31.184.234.202:6892 udp
AM 31.184.234.203:6892 udp
AM 31.184.234.204:6892 udp
AM 31.184.234.205:6892 udp
AM 31.184.234.206:6892 udp
AM 31.184.234.207:6892 udp
AM 31.184.234.208:6892 udp
AM 31.184.234.209:6892 udp
AM 31.184.234.210:6892 udp
AM 31.184.234.211:6892 udp
AM 31.184.234.212:6892 udp
AM 31.184.234.213:6892 udp
AM 31.184.234.214:6892 udp
AM 31.184.234.215:6892 udp
AM 31.184.234.216:6892 udp
AM 31.184.234.217:6892 udp
AM 31.184.234.218:6892 udp
AM 31.184.234.219:6892 udp
AM 31.184.234.220:6892 udp
AM 31.184.234.221:6892 udp
AM 31.184.234.222:6892 udp
AM 31.184.234.223:6892 udp
AM 31.184.234.224:6892 udp
AM 31.184.234.225:6892 udp
AM 31.184.234.226:6892 udp
AM 31.184.234.227:6892 udp
AM 31.184.234.228:6892 udp
AM 31.184.234.229:6892 udp
AM 31.184.234.230:6892 udp
AM 31.184.234.231:6892 udp
AM 31.184.234.232:6892 udp
AM 31.184.234.233:6892 udp
AM 31.184.234.234:6892 udp
AM 31.184.234.235:6892 udp
AM 31.184.234.236:6892 udp
AM 31.184.234.237:6892 udp
AM 31.184.234.238:6892 udp
AM 31.184.234.239:6892 udp
AM 31.184.234.240:6892 udp
AM 31.184.234.241:6892 udp
AM 31.184.234.242:6892 udp
AM 31.184.234.243:6892 udp
AM 31.184.234.244:6892 udp
AM 31.184.234.245:6892 udp
AM 31.184.234.246:6892 udp
AM 31.184.234.247:6892 udp
AM 31.184.234.248:6892 udp
AM 31.184.234.249:6892 udp
AM 31.184.234.250:6892 udp
AM 31.184.234.251:6892 udp
AM 31.184.234.252:6892 udp
AM 31.184.234.253:6892 udp
AM 31.184.234.254:6892 udp
AM 31.184.234.255:6892 udp
AM 31.184.235.0:6892 udp
AM 31.184.235.1:6892 udp
AM 31.184.235.2:6892 udp
AM 31.184.235.3:6892 udp
AM 31.184.235.4:6892 udp
AM 31.184.235.5:6892 udp
AM 31.184.235.6:6892 udp
AM 31.184.235.7:6892 udp
AM 31.184.235.8:6892 udp
AM 31.184.235.9:6892 udp
AM 31.184.235.10:6892 udp
AM 31.184.235.11:6892 udp
AM 31.184.235.12:6892 udp
AM 31.184.235.13:6892 udp
AM 31.184.235.14:6892 udp
AM 31.184.235.15:6892 udp
AM 31.184.235.16:6892 udp
AM 31.184.235.17:6892 udp
AM 31.184.235.18:6892 udp
AM 31.184.235.19:6892 udp
AM 31.184.235.20:6892 udp
AM 31.184.235.21:6892 udp
AM 31.184.235.22:6892 udp
AM 31.184.235.23:6892 udp
AM 31.184.235.24:6892 udp
AM 31.184.235.25:6892 udp
AM 31.184.235.26:6892 udp
AM 31.184.235.27:6892 udp
AM 31.184.235.28:6892 udp
AM 31.184.235.29:6892 udp
AM 31.184.235.30:6892 udp
AM 31.184.235.31:6892 udp
AM 31.184.235.32:6892 udp
AM 31.184.235.33:6892 udp
AM 31.184.235.34:6892 udp
AM 31.184.235.35:6892 udp
AM 31.184.235.36:6892 udp
AM 31.184.235.37:6892 udp
AM 31.184.235.38:6892 udp
AM 31.184.235.39:6892 udp
AM 31.184.235.40:6892 udp
AM 31.184.235.41:6892 udp
AM 31.184.235.42:6892 udp
AM 31.184.235.43:6892 udp
AM 31.184.235.44:6892 udp
AM 31.184.235.45:6892 udp
AM 31.184.235.46:6892 udp
AM 31.184.235.47:6892 udp
AM 31.184.235.48:6892 udp
AM 31.184.235.49:6892 udp
AM 31.184.235.50:6892 udp
AM 31.184.235.51:6892 udp
AM 31.184.235.52:6892 udp
AM 31.184.235.53:6892 udp
AM 31.184.235.54:6892 udp
AM 31.184.235.55:6892 udp
AM 31.184.235.56:6892 udp
AM 31.184.235.57:6892 udp
AM 31.184.235.58:6892 udp
AM 31.184.235.59:6892 udp
AM 31.184.235.60:6892 udp
AM 31.184.235.61:6892 udp
AM 31.184.235.62:6892 udp
AM 31.184.235.63:6892 udp
AM 31.184.235.64:6892 udp
AM 31.184.235.65:6892 udp
AM 31.184.235.66:6892 udp
AM 31.184.235.67:6892 udp
AM 31.184.235.68:6892 udp
AM 31.184.235.69:6892 udp
AM 31.184.235.70:6892 udp
AM 31.184.235.71:6892 udp
AM 31.184.235.72:6892 udp
AM 31.184.235.73:6892 udp
AM 31.184.235.74:6892 udp
AM 31.184.235.75:6892 udp
AM 31.184.235.76:6892 udp
AM 31.184.235.77:6892 udp
AM 31.184.235.78:6892 udp
AM 31.184.235.79:6892 udp
AM 31.184.235.80:6892 udp
AM 31.184.235.81:6892 udp
AM 31.184.235.82:6892 udp
AM 31.184.235.83:6892 udp
AM 31.184.235.84:6892 udp
AM 31.184.235.85:6892 udp
AM 31.184.235.86:6892 udp
AM 31.184.235.87:6892 udp
AM 31.184.235.88:6892 udp
AM 31.184.235.89:6892 udp
AM 31.184.235.90:6892 udp
AM 31.184.235.91:6892 udp
AM 31.184.235.92:6892 udp
AM 31.184.235.93:6892 udp
AM 31.184.235.94:6892 udp
AM 31.184.235.95:6892 udp
AM 31.184.235.96:6892 udp
AM 31.184.235.97:6892 udp
AM 31.184.235.98:6892 udp
AM 31.184.235.99:6892 udp
AM 31.184.235.100:6892 udp
AM 31.184.235.101:6892 udp
AM 31.184.235.102:6892 udp
AM 31.184.235.103:6892 udp
AM 31.184.235.104:6892 udp
AM 31.184.235.105:6892 udp
AM 31.184.235.106:6892 udp
AM 31.184.235.107:6892 udp
AM 31.184.235.108:6892 udp
AM 31.184.235.109:6892 udp
AM 31.184.235.110:6892 udp
AM 31.184.235.111:6892 udp
AM 31.184.235.112:6892 udp
AM 31.184.235.113:6892 udp
AM 31.184.235.114:6892 udp
AM 31.184.235.115:6892 udp
AM 31.184.235.116:6892 udp
AM 31.184.235.117:6892 udp
AM 31.184.235.118:6892 udp
AM 31.184.235.119:6892 udp
AM 31.184.235.120:6892 udp
AM 31.184.235.121:6892 udp
AM 31.184.235.122:6892 udp
AM 31.184.235.123:6892 udp
AM 31.184.235.124:6892 udp
AM 31.184.235.125:6892 udp
AM 31.184.235.126:6892 udp
AM 31.184.235.127:6892 udp
AM 31.184.235.128:6892 udp
AM 31.184.235.129:6892 udp
AM 31.184.235.130:6892 udp
AM 31.184.235.131:6892 udp
AM 31.184.235.132:6892 udp
AM 31.184.235.133:6892 udp
AM 31.184.235.134:6892 udp
AM 31.184.235.135:6892 udp
AM 31.184.235.136:6892 udp
AM 31.184.235.137:6892 udp
AM 31.184.235.138:6892 udp
AM 31.184.235.139:6892 udp
AM 31.184.235.140:6892 udp
AM 31.184.235.141:6892 udp
AM 31.184.235.142:6892 udp
AM 31.184.235.143:6892 udp
AM 31.184.235.144:6892 udp
AM 31.184.235.145:6892 udp
AM 31.184.235.146:6892 udp
AM 31.184.235.147:6892 udp
AM 31.184.235.148:6892 udp
AM 31.184.235.149:6892 udp
AM 31.184.235.150:6892 udp
AM 31.184.235.151:6892 udp
AM 31.184.235.152:6892 udp
AM 31.184.235.153:6892 udp
AM 31.184.235.154:6892 udp
AM 31.184.235.155:6892 udp
AM 31.184.235.156:6892 udp
AM 31.184.235.157:6892 udp
AM 31.184.235.158:6892 udp
AM 31.184.235.159:6892 udp
AM 31.184.235.160:6892 udp
AM 31.184.235.161:6892 udp
AM 31.184.235.162:6892 udp
AM 31.184.235.163:6892 udp
AM 31.184.235.164:6892 udp
AM 31.184.235.165:6892 udp
AM 31.184.235.166:6892 udp
AM 31.184.235.167:6892 udp
AM 31.184.235.168:6892 udp
AM 31.184.235.169:6892 udp
AM 31.184.235.170:6892 udp
AM 31.184.235.171:6892 udp
AM 31.184.235.172:6892 udp
AM 31.184.235.173:6892 udp
AM 31.184.235.174:6892 udp
AM 31.184.235.175:6892 udp
AM 31.184.235.176:6892 udp
AM 31.184.235.177:6892 udp
AM 31.184.235.178:6892 udp
AM 31.184.235.179:6892 udp
AM 31.184.235.180:6892 udp
AM 31.184.235.181:6892 udp
AM 31.184.235.182:6892 udp
AM 31.184.235.183:6892 udp
AM 31.184.235.184:6892 udp
AM 31.184.235.185:6892 udp
AM 31.184.235.186:6892 udp
AM 31.184.235.187:6892 udp
AM 31.184.235.188:6892 udp
AM 31.184.235.189:6892 udp
AM 31.184.235.190:6892 udp
AM 31.184.235.191:6892 udp
AM 31.184.235.192:6892 udp
AM 31.184.235.193:6892 udp
AM 31.184.235.194:6892 udp
AM 31.184.235.195:6892 udp
AM 31.184.235.196:6892 udp
AM 31.184.235.197:6892 udp
AM 31.184.235.198:6892 udp
AM 31.184.235.199:6892 udp
AM 31.184.235.200:6892 udp
AM 31.184.235.201:6892 udp
AM 31.184.235.202:6892 udp
AM 31.184.235.203:6892 udp
AM 31.184.235.204:6892 udp
AM 31.184.235.205:6892 udp
AM 31.184.235.206:6892 udp
AM 31.184.235.207:6892 udp
AM 31.184.235.208:6892 udp
AM 31.184.235.209:6892 udp
AM 31.184.235.210:6892 udp
AM 31.184.235.211:6892 udp
AM 31.184.235.212:6892 udp
AM 31.184.235.213:6892 udp
AM 31.184.235.214:6892 udp
AM 31.184.235.215:6892 udp
AM 31.184.235.216:6892 udp
AM 31.184.235.217:6892 udp
AM 31.184.235.218:6892 udp
AM 31.184.235.219:6892 udp
AM 31.184.235.220:6892 udp
AM 31.184.235.221:6892 udp
AM 31.184.235.222:6892 udp
AM 31.184.235.223:6892 udp
AM 31.184.235.224:6892 udp
AM 31.184.235.225:6892 udp
AM 31.184.235.226:6892 udp
AM 31.184.235.227:6892 udp
AM 31.184.235.228:6892 udp
AM 31.184.235.229:6892 udp
AM 31.184.235.230:6892 udp
AM 31.184.235.231:6892 udp
AM 31.184.235.232:6892 udp
AM 31.184.235.233:6892 udp
AM 31.184.235.234:6892 udp
AM 31.184.235.235:6892 udp
AM 31.184.235.236:6892 udp
AM 31.184.235.237:6892 udp
AM 31.184.235.238:6892 udp
AM 31.184.235.239:6892 udp
AM 31.184.235.240:6892 udp
AM 31.184.235.241:6892 udp
AM 31.184.235.242:6892 udp
AM 31.184.235.243:6892 udp
AM 31.184.235.244:6892 udp
AM 31.184.235.245:6892 udp
AM 31.184.235.246:6892 udp
AM 31.184.235.247:6892 udp
AM 31.184.235.248:6892 udp
AM 31.184.235.249:6892 udp
AM 31.184.235.250:6892 udp
AM 31.184.235.251:6892 udp
AM 31.184.235.252:6892 udp
AM 31.184.235.253:6892 udp
AM 31.184.235.254:6892 udp
AM 31.184.235.255:6892 udp
US 8.8.8.8:53 xrhwryizf5mui7a5.j0n83w.bid udp
US 8.8.8.8:53 btc.blockr.io udp
US 8.8.8.8:53 api.blockcypher.com udp
US 172.67.17.223:80 api.blockcypher.com tcp
US 8.8.8.8:53 chain.so udp
US 104.22.65.108:443 chain.so tcp

Files

\Users\Admin\AppData\Local\Temp\nsd1151.tmp\System.dll

MD5 3e6bf00b3ac976122f982ae2aadb1c51
SHA1 caab188f7fdc84d3fdcb2922edeeb5ed576bd31d
SHA256 4ff9b2678d698677c5d9732678f9cf53f17290e09d053691aac4cc6e6f595cbe
SHA512 1286f05e6a7e6b691f6e479638e7179897598e171b52eb3a3dc0e830415251069d29416b6d1ffc6d7dce8da5625e1479be06db9b7179e7776659c5c1ad6aa706

memory/840-15-0x0000000001C30000-0x0000000001C33000-memory.dmp

memory/2708-17-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2708-21-0x0000000000400000-0x0000000000431000-memory.dmp

memory/840-20-0x0000000001C30000-0x0000000001C33000-memory.dmp

memory/2708-19-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2708-26-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2708-27-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2708-30-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2708-31-0x0000000000400000-0x0000000000431000-memory.dmp

C:\Users\Admin\Contacts\README.hta

MD5 8cd65351f145eac3630c3530992a056d
SHA1 d4431ba729815839ad1fe0b39310127e1cc151ae
SHA256 3da8483a814102fd2b538c8a98f597f26e6cdcaf3d125539c4da058951465277
SHA512 805e2f35def02344fa63714f54cb253ee32611ebbc148d9f222cdbd942f43a5e6f568e1ceaf065eb3b2bbf678c94bc7ed6c333d40cda44469936fcb484a84df5

memory/2708-302-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2708-305-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2708-308-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2708-311-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2708-314-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2708-317-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2708-320-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2708-323-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2708-326-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2708-329-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2708-332-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2708-335-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2708-338-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2708-341-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2708-344-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2708-347-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2708-349-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2708-355-0x0000000000400000-0x0000000000431000-memory.dmp

memory/2708-364-0x0000000000400000-0x0000000000431000-memory.dmp

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-04 20:48

Reported

2024-06-04 20:50

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

153s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2372 wrote to memory of 1184 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2372 wrote to memory of 1184 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2372 wrote to memory of 1184 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 1184 -ip 1184

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1184 -s 612

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 27.73.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-06-04 20:48

Reported

2024-06-04 20:50

Platform

win7-20240221-en

Max time kernel

133s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\home1259317828.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a63261f9139c8f4aa4dff500dbf78628000000000200000000001066000000010000200000005ce6b970ff6e2a48bb1c13112db94a846ca22ac2e7ffd3f9ccb15562115a048f000000000e8000000002000020000000b0e59c9ce1a99fa5513e2a3e03aa4ce95d755f0b0676a43a89764d18399e99c090000000b23f932f69af4546e6199438ff27702d1b1d65637ae4ba15246af66a65cfc381bd371a2e08b16bc7253c58cef2fa495098e0689347b96cde0776f8a9a809659e7c2ed1a353054bbd72daf2f6fe4ef4ffc68a5db53d3a4d963b8e6adea8db84903a09a1b00457ef9e34390b13c8ed4758610a5dba1702fbe67f76804b226badcfec14e87bfa140e1307f9bbb4a26fe7c040000000b9d7b351d536516d62f4367ab2a6431220f90229304f2b3f8643e35cd4340e7fbae25deeb40a971907d3786b656ea4bed8ee71c94c99b04ac5361dc397670f0a C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C0F9DE91-22B3-11EF-8356-E61A8C993A67} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423695958" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a63261f9139c8f4aa4dff500dbf7862800000000020000000000106600000001000020000000422dfed9e7c53a0336204c50e606470e437c82015dd6cb48d7ee52be9ebcb9ec000000000e8000000002000020000000fd56c3b2c8fe60447a14df3227da9db71f051bb2cd8e4cdd471a75c93df3b2de20000000e53e9de1a6a2f6bdbb2fdd8c2d0f315934e722e6e5af261a208e141a76782f9840000000e739139561f663692620101362db2078276927b7ebde43455fd883e1e8840f20959d0f6dce481b548815f4311c3b9bce9ddc6dbf76a7f2428dc74e67c45bc85d C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0b07c9ac0b6da01 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\home1259317828.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2964 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.twimg.com udp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 abs.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab11BC.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar11C1.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar12EE.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3d6a3c25fe77935677f22a2847c44d9c
SHA1 76ded077861912c73f78066da817ea4069c6666b
SHA256 47488144d67f7090cafa9ef1c648e1a8d376698c31e976fe3500c44729ce4a65
SHA512 6317599d2487ee0d2d64b6d7a5fb694eaf82dcb1763c1158d0d1de2dda25791730dd6e2a1825a19b32b0223306128ccb3e0afaa46bdf3ce4f5e7c521b958ac1b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 20ea60d49480ecd57dc3e0974c2f9d36
SHA1 d6eecfbb8cccc30679779206d841be6db5ba0d34
SHA256 cdd96bc327e97f581d235b4116706ab979bbff2b5170bba0b65660e3cb8da79b
SHA512 6cd152270756ecc6109fdeec5a11eb603a15b06bc6434061e9567619f81062ef7f5891028ffdaf6275d7da5b2fa61c27036276ce2fe69df48a1917c11e92b0a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1e39f76508f6bbaa9e57373ee259d5f
SHA1 8affa66ab2afdaa66bb4be7d704e9f282e318b37
SHA256 6dd9a199c6b038d59044f5fb9863085e5575c02ea025aaae629aac31c184f58b
SHA512 b1f14b70412e6607aa43ec82f32ab9ce5d3a83f6601dd6724f92d948a59ce9e7c9d9704feba8aacafc5c4e3a7a2b5e7a0edee0104cf8eb562cb654ad10ebae4a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8bac546f3efdd49e6a1686babdd8a827
SHA1 8492e6560c327e7c7ceeab54111497afaf6d23d5
SHA256 7dab5b56a59404af8d576734a8ab79826890cfbed7c91e5cd4b01714a3a6656d
SHA512 0eeb06baa8095a275277fcc9c4fc19416b0dbfdb4f102a9e279f68502ed908bc702f4d51c90bfef96b79c455c9f5392a8d313b69f06f1a262ab360576a474558

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e5919ae92bbfeec48d46719b8d28e7f9
SHA1 9d3d563855651b09f3514723171fdaa115c5d85f
SHA256 b4227f1228e0b490bce3fdc415bac729adfe2786f2ac1c2ed62f1ecffe4c8ae5
SHA512 014599c970c40828bb5bbb8c3dcd66f10d0557bacd602705eb974cc4a490c3d02d9faa3b348e0242ddf81ede4c64acb38a60321038a30463113cc2f8451224cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5accf7ebdd8759745b1f1e7650eaaeb6
SHA1 e224ae8ce0fc0b8bc89be5ebdb51635ea8cd3c71
SHA256 48cf761b7a18ce8ccaf1fdda3c8b1a7ee892b6036dd2475ab05e2bd1d1eae036
SHA512 ff4524db64baf9029e6c4490dad1b263cf4d1e9779c73da2a2dff40d9fda3d87869457166b8f293d624d2522ef38140dad89a4e32b09aaf56575d3e03f5a6a28

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 398b9fdb40ca39d781ab44c66c01bc06
SHA1 65aadf019af5fa91fe7fbc97e7026ab0b41760f1
SHA256 9a04f40364ecf29dbfd30477026d23b0cd010c565cdc098c92f14cac8d359a53
SHA512 2be7a9f1dec5c26bc38839eaef9e67e0e5e85d0dd1faf0c095c53a9019d6055a1ac0366be2e49ffacee2926e1a5941d18958eaeda6792bc1301b026bc59ac187

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3990fd904dfa5701940267e10cdda81e
SHA1 17488219acf9e0fb0e590a40e1940215639c630f
SHA256 3d46249926a3f15f831985a1765467d89343f608ee0665537b809db2db4fef8d
SHA512 4c8e0c6feccd44ce793c4e4ca764f490619e36a303aa5cb510b032c6cf14e86fffa400867b75a67a170a22dc176c4a5621056bebd1e482e7819fbd25546f8e3e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2b36d7d2218bc8c9a08a290684dedfed
SHA1 3d820cc8e899b66e1f05644145dd13cfb5239558
SHA256 2a356bff19086a379b51faeab9be82aa29ccfdd450b819fc6e6a17461ae17817
SHA512 11a51fedf5781c3eccfc4ce491ded2061d64e6c4e891c3ab83c735c9a3eecffa0b58f67dea34a73215c0d19c0a0c7bd062df5bc28a8a995d2a78e83b028aee90

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a38b4cc44b4e18f6ed3f8b37a499742
SHA1 4f768562c22e6bdfbd5ad6016d71f9f9524edcfe
SHA256 5566592bd9dc25f08e52e6b1a907430032c7d8e2c7b52d3961d2b8c522ffc9f2
SHA512 4b4e973d725b39ee8f818d7a16c01c8b2fa8f7667d62a19e1f2d38b18b9f2c5d86bc9b7992a4fbf8f7cb5b54b51224b14d8be0993aca7c9314737d6c14eabba9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b540b4fa56f96cb61295ae5a67163ebc
SHA1 42c9d567440eb6698a28e3cc2117c7a5f3187187
SHA256 84678d3fed33974d90f0c4bc269d4e5f6edaa76616cc5835a99d0b072e27f080
SHA512 b647f838df07969ce6bc3f5d30de5898f832fd81a5d462104088b3c517a29ce60a0279eba3de33fd45911965206a7fb456c7145844133f3d2a7b47da47b6b975

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eabcbfb7323e7afa83efc942fc1ab62b
SHA1 243bc5a30a280336ae966a275e5a7b5307fc1d16
SHA256 e5cddf2ae9a0e416c23696f91e8aafd5455ba539a0dc6de06b1cbf103800ef99
SHA512 3b319e7e1e7ab4636f8da749cbe16b69be66d077d61032fcc350b5d1127a022c8e238e43db9329623823517e3c05fa5eec145447bf5d258faf180acf148ac900

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b1fb45bf1efe99edebeac0df87bd087
SHA1 3465cae63594b35519cc22b7bf1e9fc0f52b298b
SHA256 309dad7f0d38d1015cb6a541d7a722e0219830e309a031181a487e90c13aa9c7
SHA512 462f620f57c52b6a59358b8ff87326e99e71785c6ed591c743f0887ea8db1e237dd2cd2c7ad26629220eba9f4a1307bc31351cac09199ae345880855d2b28f2e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a6dd3ce5b30ad7d319da6099410278f
SHA1 082e913b22142f91243894a64012bb3e09a05472
SHA256 e6481d11ba12f2616caf2612e84a2d25e69335d9220393cf9dc08668f37aec01
SHA512 d22dea78133a1ea65162af582d082f18eb2cb9ad6dde1a862accdd842e56e1abfd93e0deee68e7100b72d957436e80d419f01483ecff4ca0d6565a197ec268af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb71d5946e30886d5639bbd81a27a57d
SHA1 cd082bf231b4002e17b5f30ec336bab86d85b4ae
SHA256 89ab70e322be0dcbf1ec996b129a79e85eab1a28f474d0bf2465766335a3b3da
SHA512 debee22b5409c8d48605b916128d64aa7e95eeece3a7eee186ebb7495659fa5a4307b89634283edec501b9c1986cd50e488ccac7bf74e5c57c516c00a7e742ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b64a9c68ac6e07f757bd268d202a5e95
SHA1 816b5761cdf2162c35889ad6f97fabccba69ab7d
SHA256 3d49c0a01c1cf13f94637de0d8ffb95116860bc297b726051ff54abe276a60fa
SHA512 2ce450c8ea704760f883e9038d456eb638bc91a5b7180858e79c2b9ba85e9580b6d69c5aff731674f8e0a23d6a05fee773e0d5cf3ef0757a995d55781484fdf7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6008b398686d5f647a8ffbe9a6e94c96
SHA1 f7e01f087f430207f8664f465aea7319ddb76f1a
SHA256 a952c6b4820924a2f0b576dd6e5872ee9b1215eeed5d73c13242cdad02a33d91
SHA512 b98e3bf430d654d0980684ff21d0a675691e12e3d728a00c2d1ddf61c2e3a13fe9c75bb4a7dd4ff94a580eb2474266365e8a15bd0d1619e903043ab0caf87e05

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f273a72a956736354fda634f9aeb24b8
SHA1 36530e46fce0a1b9671716baf0cb02bcf0707c4f
SHA256 885792249d3631f5ee441c2b9fad743c01e5dc1aeab4f390b68f26b7aadbbee1
SHA512 e1d3401cf6823480d10b29e1ae0b9fa7ae504710fdfd0369df200d409fee07efb0e445d539a1853e05ecca567c35075a1439f25ac01ea5152aa9c04827b2e753

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 40c8650cb20b180d121e3a25b902e40c
SHA1 81df5cd261b66467db5654f06b22d0909ecb3ae8
SHA256 a8e54a8cfadbadd323dc21e5f2540e747118d694575b085cfe167b2774a07fda
SHA512 ec58f23f8091f771d38057c4313d16b524af1bee936e5e98faea7af4b0d3e18899b6ba983cf23e982f360f7e98c9ae78868b48f3a1603f32c385d27397be992c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 93ffc67b682db53ec315790404af15ce
SHA1 2eff1daba7107cf5fdf3a8440e3b882b6e3f9b4d
SHA256 9eb6a5a6f4cdcb5fa8db8bbf419cfeac2efa8cc6015b46435eda4df93431cd49
SHA512 1695114aadea6b8fdab62edb9f88596f83b58742e920d411323dd9097af40ae867601845ece8ff6a4887b3fdd2bf0f1c6686e363c8143413d19ce10897720b36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 58eccb4a42d73fea942c7930753614d5
SHA1 facbbffefe0b094dc51265704ce0abc19f221789
SHA256 c708b9c375bdb1ecde6ae92c5dbcb3deb9bcc0f9d21ae49170e100042bde53cb
SHA512 8295e06e682c0c6bc82399f1ea6017d7e81d03585a0e9fedca4e80ad3b3d8c24e5613e51946ddf375f43c407d56259166c86bb3157836a3bed5d3fd511ff9b04

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b83cff4667a72717c7795163419526f6
SHA1 211d1c5368cd286b312e57b30f0ba772135d29cc
SHA256 35c7b2a398d2532e9d70f39c1b0b344ab94d3b5cf655762ae506039db297d9f6
SHA512 221e2559a0771b7144c329cf448177072cd863caff2d54c9d9f4eb285fde02ef00ecf80bb034904861340202def19b232f0032503142490cfc7d95226edb71f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc1e341776ed7ed8beb1ba69004c377f
SHA1 e111dada6066dbeea9dd973a35a61ee94fddbd24
SHA256 67975b3c2c0fa12aefd182c4aa6aee335290406e2c82bd4a6abd3f3b74776056
SHA512 516dec3adc5db993a61b486e60b448219e25f55f4c39ba3b925fa7255ef3343f6f0b5cb2280cd8cb92a21f64557bfec0dab90e1cb69332e589420b1116fb21bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 58b0a50c8f81ccd223e5b5a49fb819a8
SHA1 1e5da25924bac75f9b0f7f7696d9251a75b6b140
SHA256 eff238385e2404d01fa977207a93d89e1549929e62e13fe057b72207af2ef6d1
SHA512 d9052b6f528eab2635c4cb6ab9acc284454215cf3374a6a3846002df06618435fcb03d8bfccdc306bfd551c930204c1f31ff30e186cfbf45fab2870be1aed0e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 785583d1dfc0235debab55d8cc25bcc1
SHA1 29344fc0e06ee25f4bf2625a2130b7a2dd2fbd99
SHA256 57a350057cff6588bdc2a17f5b42f091b22dd90f06808e5d70c0a78043fde65f
SHA512 ce75e0f5261aa234cb14fd183392d52975d443221209efa1779d0cbb5319bf0fc20fbce3f012b5fa9d3dc1790e9b9aebf3315d79a7301296c44615048e9ee3d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ad0937c4cd44e875fd58f8a3b2ca2cc0
SHA1 9342d7ae545bcd1dde4d63e5135007b378facfe0
SHA256 c804b60586274aa03652009aaf4c91ba8e5e974b137fe04c0bdbbeeb55388a36
SHA512 f75df0e6d1791816547f7f9c326314bf92a331d282f5e66d404af0450d84be605fd6f90d1981e967c4f51fc02c2a978d14fbc60d7993d09aae4d4012a1a748af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 718fd61d5cba637f2b6084597a143825
SHA1 967565eb68e25076cc6a10502b58abcbabe041db
SHA256 f64f895395879e1ef74a8b41540844b649134c7b002f123db691f38bdb81904e
SHA512 c7cc434167c001a52c9f3e28a8b12fcf67e8517c5d3b5c8cc5cd6bb8b1c1cd6b728baaf6bc522988cd3792a0247a29eb1026beb5a561917b3a7dbff4b80b7125

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f73dae544dcd7abb00647e6956de4b3
SHA1 69c7979e7381463bc51bbb29bf7f1b462ebb2686
SHA256 4a063c61f42f8af091ceb75c53d5a0294f7e40cc7c05a50ed5a3a3246e375859
SHA512 185c8a8380476879690103301a29694081343ad9ef494cd68ebf6a598f504f975cb974c2286aad8d750f5a427e567a502eea91e649a2a849289492879e6ad58e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 41082602e802443ab3d015193f66a536
SHA1 41fffbb01b412065a4f12214b9a8055e1e076084
SHA256 6af6605f180b6acdcfbb72c5ed4efa20a3dabb8111a015f237a0bbb27386b07c
SHA512 046d4ef612f52d46c17b0fb1030b1a48b48c1ecf779fc95a776630eff29e6a6d5d3eff12a0168fa3172ee09c8431bf290046df33029dd219dac090684f6ebaa6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d097535d56615ba3afafb754249efffa
SHA1 d5661d64b2d9cbf6406880962c4b99789ad04eb4
SHA256 81525e5a8406fa081d7ba7bf6f308524127acdf389c64e921945f93169abbcfb
SHA512 abae5ad36ea015c20ec60ba3dff28dcc049503c21da5e00af5758effa676c7b7e2457134346ad8687f763eb0d893c4d2e225fb841629fea97312c4fad0e4a6c0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bbc8b4fb6e58239bf08603f12acc487e
SHA1 da051ddc4e20cc5b9d3b79bdf34b653e8d6594be
SHA256 a8cd34e06cf3c34aa1a28a285470b0132bb9e4d94c8d78a6d5de42021d72b6a6
SHA512 9b87aba17857e65211ce0c3cb3f8b17206e93bf6601a124c5f9bdaa935adfe2dc736b1ede4ede463813f19c82d611cb6a4c11933797823bc1903fe5df0dbb094

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1109d6c72795dc0c0ed31dcff4e2afbe
SHA1 f16152de8e68bcaa51604ad0f7515be8524b4595
SHA256 28b3b0417a26fdbc8613a8e9f4dd8d5c060e31811721eecd5010dcab6ece0bb6
SHA512 0c2fa07ac1cd1b8d75a118a62931c246783667cb080e64963ad54aef6c77483e5219eef6fd674c44b360e48dabc5706aebc154490916b9f72a3d5453f96b05d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca4071abda4ff70a636554964b26395d
SHA1 2b2ebc2d79a91fdc3b8c8798ec617cd61573664e
SHA256 1b8d5861e11d87877db8888a557d0c8d11641b19556a9d1a73ab564f82e450e7
SHA512 858e04623fe2f0ec9a50f3d09e02d6cb065edd18d1ca424f49e4e62f3e9c7eb25aa3794c3c9321fb9b4577bf4b0a795ef4c217f3c246e57801ca5bf14be387a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b015b41337267589bfef09c8da9be09
SHA1 7febf90ebfc9e3c31ab86550d1b50a9b6a0613b6
SHA256 54f3a4dd122848ef83c28948a11ee6acdc337b25955a86b6431ceb08121a3b32
SHA512 97d1e68af80185f3152b5ffd1fe04eb5cdf928272efae23ee6cd595d342bbc4effecdd74d5a7780a9474dd4695830d5bb79ff9260e9acfa277b38089a90506f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1766b3d962081183f23a6181d8f21f7
SHA1 9188d040cf493c095106a4997e388d33e8ba7ea6
SHA256 3159127c69abd0f8f2a3e364bd4baa2254c37ac1e15663301ebab6b99d80be43
SHA512 c55e3cfc76eaf6e4ab205ef2a87fbddf897d0d5cc10cafab32bf0bf2c26cbdb62dbd47ee41ae809f5d69aad13e7adbad6d2082e0405af09a7cd3d7c4a1180090

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 05ef97bacf13b1cabce6eb76fba619c3
SHA1 50d2d9dd172d5765a5f68cfbe9bf9675c40fe99d
SHA256 693116e25bd0afdc00c8726645f1dc62164ddbab3f48b6905bc141640e332ccb
SHA512 82647980849d561f33f65d6ff1ac544c901cd42a447c891985b1acdadf13e26a48874fb1657abcb53926e0ae259a06f897d31ac1c22abd4c3e1ccca0550f1437

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d23b535642f38bf120fefab132850c38
SHA1 907b7195998f3bf4e4eacdb5fb1606932b8c3ad5
SHA256 47ca4555e70cb4856ae4982fb482be55166a14a3c32b7216efb6c912fb9806c4
SHA512 a80959cd9513398e2b206a2e5c9928dbee192955d9f351c836641abb5e7948b5a10590a5f2c16a743dbffa147731193afe3207c4999c34a877324673f8f56d67

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f68a4280833100768c547be25d6ad74c
SHA1 8b95f08eceb91320d1157fddd37a5f5150acb91e
SHA256 bbada1f498ca008c42a1f30ac933f83c160cb23092cf703c2e58f9cb07059e80
SHA512 7433c1de76293c9d6f2b77a997e553dbf89702f80264c17d2e200f5d9e121e9697b4387c58c85274bb11efd47a9e93b0c89edc67e08d37c99541379b811c5b9b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a1b49d511c0c21ed3097c8a34d37bd9a
SHA1 73e46601094245a3ade0b0a353f097e6fbf64bf8
SHA256 724c385c1101c4a6179edb413c0990fc697aa3b007501fdde4cd30a4ec5f69db
SHA512 5a2b196391b9768e1e7ed6b101b828c0e794f23a9fec030261321108687b1c4880f9f0378dc2a918170331b64c3bb938b899f3f2e0fb33a058cdaaab4d88c2aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 54c132d3ae64c45d9b848bb3273985f5
SHA1 c4e71dcc54b34a8f0eca095fa70f6d679f736b26
SHA256 3ec58254228c873b516377ae408b5854dbd16aafd77861d309647c85df48a95c
SHA512 6f46fef3724be9a31d94df9899382edc55109b06704fc1783d48e8e92f83a2627fa534acd39614b9a4d10c363df810fb8233b4d648fec6f49726bef07bf74a26

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a1081505e5c638d54b3852e8e11429e0
SHA1 94cb2ce4a2d401937b08ce2d7624fe6c5f85e439
SHA256 22d25967d03c349f635292a0213eb1930cd6eb6d96a5ead67fa69a95142a4662
SHA512 aeacfe0a435ab3e3bb143f16abbf990c0ed31e9c949e0388150e5185c669a38eeb378b406a20de848160d6b7bec493e1eb963cb3565c7ce5d221fb4cd369dc2d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa4ff481a7c33520c933f2c62f8a8d8f
SHA1 1aaa1fca46785784dc7b5c62d5c99c5f322f0753
SHA256 2a76f1f4a0294730b1c66f0ecf990b552915951123dd44e7c997c366b2bc523f
SHA512 364ae093285f5acc1dfcf68584d0560c278e393d82a547d61b6b9b82cd0db48e2920be6ff3a70699c31f8667168ce2ffe23cdcfa7f068c52c0d1edee1738a516

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dfc9155b76019703e1735eec6085202e
SHA1 53f20a8adbef6d1a58bd377571556dd0825ef00d
SHA256 a2ed1939c6ffa2814c6e6b21666054c9086152899496a6a6dfe0303b9c45f707
SHA512 e1a967dcbfeedc68344a6fa95a50158082c906fc68589104d7ef77f49c5ae562de0a841fa8e8d189d8e6ba0865681b8ee6d5887af30ffb8df9fbe7b021ab66bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee08194d838b50dcfa05bdad43e1fbb2
SHA1 0c0e275a49a4d2196bb053adeb9587dae181d238
SHA256 2f0fc6dd8944355cab470af4b0a499f5615f32e50956743c8ffcb0a8c2f55b18
SHA512 4ff69d9aab58aa54b9e976c306358cad7a40db5179b5bd011ba3616cafe57d70e87e6b8065f0153f0f5372e7f37a56817a177c5248f01bb1accb65f2bd0937a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7cd4b61045369c8b2105ccd35eb6deaa
SHA1 de96802fb8e1ad4c3f06a187e17cd62e98b5744b
SHA256 9f19e0d01dd93f844ecdf4d1d845e670f2f8616838cdadcc9e6ccc8fa71017b3
SHA512 ede4f385432730570f0c2211410850803c2d2cde85bcf2f0bbbc349c98a28183de89148510151f249d202ae5598103df0152771922af70dd517a57c2d479b932

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1696de2b57fea4532c7719ee8f81d270
SHA1 6ffca23b8c52546e199bdee91aadc8d308bccb01
SHA256 15e3cfb1527fb8d2b1335e480617bc67001b41fbfd85accba41ac742256efa05
SHA512 0098662825258d72940d3b912db5f99cf552a823c5690618ce831aa4f6d988dfd59c911d1880fb3b9027a99390e5ed232fd6d7467591a45d5df50c8e2cf9a68b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe7b53cbcbcb49bdcf36f10eb7675d30
SHA1 9710fa8c6f98bc3650da31308070199f3fb8ef8a
SHA256 defe3ff0ec1f86462e4e57824e47a8e15ab7d7aab848e4f570409210cb5f90e3
SHA512 4d55275e36c89bb92791d347fa41cd9520451f27ab13a209ca763411dcd225dfe6df4f1ae609744928dbabd05b5ba9ee5ae3cc0d8c6c517f362e5ca146149a22

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 80c685367d162135cba457aa7557c4f4
SHA1 8b57b3e91d86bdc9c4b61372045c8e3263b0e296
SHA256 84658147b9d932ba50fc80d76960e9ef383dca74264686366dd48fe6acca5b22
SHA512 a255d838468cd0e748d2c7920b86d63ac7ecb1489ef45ffa1884d8decbab563a4bde52fc38cf26d2395141d4403073aaab819867963d850c03f4184d75ab2c88

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2b8a64927b1b343fe4065969c99a4033
SHA1 89510aab1ae502461e3c8275e3dc7bc3fa8c174d
SHA256 6ffd4bff9fdd4c28ac32560a9d3de503e38589dd73c6744a5bd9b8c69edaa0d6
SHA512 30deda912a445813bc070d13ea7b74697b2ed276c5590b5a0c9b164c93a22d30875b2bd85f2d9a06b88a4d5400dc24bcb0dc52462ef556a7d539b6206cf05e5a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b227ea9e5174145da4f42bcb99810005
SHA1 d473b706d8c19025e96b114b6851a74686c92ab9
SHA256 1b2bec4167ad456b5b49b604284a52b06862f8caf4c0bc9f98314e023348d118
SHA512 6e1f42c37d4ffab94a76a515170a87bd5401b915b9cf6687ca74d7a2e2ea6ce0f2628b1736af6f86bab253d69d49d2d8829f7fc37784e688e71e2e7de4081dcd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 34b697101a0b9ac6069c8f79d533fc98
SHA1 9af40102ebd59d60b04eb1ffb3f0a258354b5b7e
SHA256 5ed2cab920e887f91bfe53fa678d0e49ac3742f6abba31d0a9da2bef52134b4b
SHA512 111c4a86000c0e2a7883fbe161298b74ea80c7853d095cddfb937840b8118ee5ef5f537fbc32861c4e2975123329099beee1b149be4ef25b978e5971189f7513

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e2d870fb25428aae0f0f2b23ea0e50f3
SHA1 e86851ff0d9402f9eed020aa9c1a3aa434fa19d8
SHA256 6862a166b7a95b2ad7f955c299eb238c51914dd3a560ee75794d326fa7754035
SHA512 1b64d25279204ef8147ab001f8cb2afe967469200e1439bb734e605fdd318d5156fee48f1e4ab6ffb9c85b7bf17f9c00805ed69e65e6e1ad6d886b1977abdb0a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4dfcf2691d0ed774c822880b56276131
SHA1 c5a40fd266e9b814258795bb3238747231a1142c
SHA256 96801c4454e050412175ad2b78e02a7e29bcf155f84fc8075889d691a58626dc
SHA512 1e342ba1596056b8c13de7504a48f5ee250b77cd2d60810cf3f57234741406cf083003432bbacb4474b9ef41d424e134891cdda890afb3e60fa7272ee4fa3c97

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 501f3854cf27783cc12174b62fc77f7a
SHA1 49703fc0e2f8e91e1f9d6447b9480d90b2940604
SHA256 375149ba4734538ba4d6a93f480d2561fdfab5e55c7fdfc34ea639be79e52ae8
SHA512 8c7cafe32c3bbf8b37a67401aae3629f48a94ea36a3a59d29ee2bbc177cb322d84861210230e30dd29e8d5796e02cd1dc652f22b53c6e1ce6c203215c9e06015

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6795b529e0c80dab0b42650a603d68f2
SHA1 da8582f0ab760287bdf9f5653eb4f978ecfede7b
SHA256 66312af5237b80d3857246a939336cf475e354d85e8c6d98a16342c4f4a90110
SHA512 8871cb034c36cb892530756544a346ac2fcd1863039896125a235235b559ee66f213ffcd99d1f31ca33868b92640ac859bd66ca30b7f53de4a3e9496eaf5070c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36195c2873c621add19cd720984698dc
SHA1 bd0a20abfcbb0f10887e0466840130b9d61490d0
SHA256 2ad02979973f68c68b99a75b4b0ff3139047a961f29a149e82b1c524f04a7831
SHA512 ff087f4b150ac2a771910f42f03f803ed60e0420e241c134840c0003d6408823a646e4a1b7be99a09594ddc943e32bda1a31ada07394992570e0124bb7896553

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 99c2da199da8b4f4aeda904702993e17
SHA1 6f74916832dc9e31c3d03d9f1e5df4d78dd89271
SHA256 2ac376bc794eecf927f0e1df62dc012dad48c733cd55a8510aa0ea88201387d8
SHA512 5fec4cca3d81d6378c844fd0788b4f0fcbbbb053bbaff8c3bc01dc197475cc13d21df818284eddaf85f883d44f3fc6293122b8313d75aad302cd6f4a32d5079d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a724097430dbf6318fe4122715c079ba
SHA1 9e1d852b27455c1657230933035e05843963c7d0
SHA256 23d43da635fcd2a9f55e6a6b4845eb1c8e9ef824f81f15882315077cedc4874d
SHA512 c6d86b4bcb667f3d87752459d4356822a2b21c13f3596c7165e8f2b1b2843a866b6033a9ea594e929ea51100107428a55f49cba760290dceaf9964b7f2454115

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 742bea363bee9188340592c0f2bfea8c
SHA1 62642151ac45ddd299f036fe2838136ccae0fec2
SHA256 55c56c0f8f037b5f6608867edf415459e23b310f58b090d971b5f9509dd36ace
SHA512 adb68acc7561b5d76f68bd0095cb1cdf484b09703d335fce6be9bebde7f74a21f751b5ad36c72045a66881215de1520877ff09fa5c27cb7f94f52e3f42936f67

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0989cd0d5ebf2dd9bdcdfcbd8fa17474
SHA1 042ac27109145562102991333b928682ba47eed9
SHA256 d3659419f5da9686ce7e79c1709a062c8853e4591491794663f9e7a42e27d68a
SHA512 a8f94fe0c3210d31c6eef45593bafd25b2682f1a403d21a5e49ac87efd6f7b076f22ee7d1be82a6672000e30bbbb6db62e20b4aca29f1325d43815befe5e0e04

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5bd36bdd233f89ff30ff89216e13f977
SHA1 6109d041bd0fb287cca9bab85cacaf4fa3d3b1fb
SHA256 7c65899b15cb47a098f3fbc5fe4b202fc86ddf0de046e14430bcbf0b6f5fc5bb
SHA512 afc8395db1577518adb2bde3fe76918d34c11abb4af3b0cbc13b1928b40296275fe719c6d74a8b99967758a0ab528681498f394bc78a1854d9a106ed8681d5fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 826a0bcb558c8f53acdea5d2bfc2a53f
SHA1 225e0d7674029119920203fb0d815b5f8156d6c4
SHA256 b0cfba291dd3a49db44912ad73092703ef6dbfd16860993a8bbf4c32bfedb735
SHA512 06d2b9b909c0dd4fc36de2aa094c93c09eb5e2a008a1ce6b2433e60f9b5114e6750ff931005d46342de9aaaec5672a0b3aa92d711b7652c4659fe1d0dac8a2df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1bdc80ef52bd5386b2a9001a131a032e
SHA1 a2d58fbfbdaf7ea1936856fe32eda6b2b48595bb
SHA256 6759a10498024b07fcb1c55f2d8011cfceed8c080ce978a91ea9dfc6ed05b5e6
SHA512 4acbe49138a63e16697428355d38a2a22d5454c839aac05e374af944721957f87b02c6cbf3f370756011e3cf96a4ab209d141f382f5a075c014664da5822c115

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a0e5db3bfcdb9e8cfcb409a49d6d5f65
SHA1 ff9e053a8a2057ec51f3872bdc4b204e141f8364
SHA256 48265a5ea001e0226a5d837b739f060f9f9b8f4f29ce598f1642ac82d1d7cecf
SHA512 828eac7dc4399d8237463ae084110e4ffdf11d7d7027c91da53d63982e4fadecb9ea4a56acd50c5155f1dbf76e1f6d133da14b2e04cb7fe6c31df3e03d2e3327

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5ff38cedc9fb19cb10e3a9108ed7cf6b
SHA1 3aefbd452b74af94040fe58d5ed2d6a7e5579e81
SHA256 38f0827366ea20b4f948401b502d1dc2174a884998cbb1e18b9e5c0f7791aef0
SHA512 bb60a951150811e9dfef8ef889f67866ce09565cd77964dbbaa213ae11134683352dadb2c850a2ab369bcdd958036a440c26bdd7f9c2b9bc2e760fbff57f86da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b68d897480c471e1b5896a34bca68997
SHA1 c2abbced8308d48ebfb85062599ffc7abd00d7d0
SHA256 aa8ce9610d176ac293fc85a85e80e8d42179f50f64ba920ff6974eb9d260467a
SHA512 f7c731397eced4bb591bf2b45cdc3baf81b67c46e562bd6e6d8327cb5061f1ca51c058e8ccd51774acb6acb7367647c834dc85c441dfd02eaf60b357b9d60512

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e20c1b772da06682d4738da0c4f519e
SHA1 bf98404d7e9994b47ea06b7c0c783f53a148a5c1
SHA256 7cd4c39a0b7b7cb26cb13f9b83cc72445be0529f4b07fdd43eeeb8394fd4870a
SHA512 d42876ca3d54bd2a9161bf2ea8dc0a16121aae727a54b28b5bba0b277128caa43c232b1bd7cec589c7c93eaea4619c85245f31ab84a5e54cea196b6fd105f05f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7014583b61bacabf8d290ba21fdcfa70
SHA1 361bb307c1fae214c40f68920cef2e3f786c8c01
SHA256 bfc29d6d1ded7c0057f45e9de31b83d124b52047cd539a4f90d802a7eebc9ee8
SHA512 4fe8a1756b34d9627a483a9e58f70cd8ab0eac086d8e3c54bc054e04d1f194b35d69ee571d9e9012566704c8304ad3f0fc0980104598724a08111913f457dac0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 221154900275b272ffc9572efb16ac57
SHA1 edd0f7569fdea1bd44d33a33a04137f76f92e282
SHA256 f690103c4aff9ac057eabf9e27adf676bd0b4e1079d99f7b7ef6e3d45e908b5b
SHA512 b65b30ffaeb640aa5fd753ed37227f5e06a88c9172f45fbb8d1be2110d95fd319a2dda174a49c3ff762eb6ba3a7db4b7c1985f182bd7c129d510f5861eb0dee4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 67f215df87b44f5942311ea140047296
SHA1 80a8983fbefbb1aeeeaa488799cc6cdc1444847b
SHA256 8678e7bcad8ea6f787952d3d87432905d7c33131ca8fb608778f4f6d38923924
SHA512 27e63cfcda4ae686fe40cdcb2cc36b97d9ddf8032f6ee4ae38892c6eea5b8ae25b0a965d94f6f9d533c610caabaf46e070132aa6cb5d365401f0d81277158755

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7948d0fdb97287ddceb25d82ae979237
SHA1 3081308993bea4c42de171ff1b71703446894541
SHA256 8d1597a23fbeda4d8481f0c6c97942d9c919a31c9baabf0bdd55496c4d131bed
SHA512 603744a7c2dad6012aeb4cd6a817424f6d81164ef409729eed19a7aef900b76abd4bec6f8d542cb8aaec35df59b9f1aa14d1e629f6b41eb2f95986bccb13b116

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 752ee567406998b430886611f49f5aa1
SHA1 c206104de51c57f18dac0114b839caa1faec8d32
SHA256 af32e69bfb9bb5c9201327d38ee728063e22566adbd139f60f0cb7b6af5943f6
SHA512 330f91ad54f342dc652bfe6adc687f25fa02b9d19dd45bf5bb6d339cfab31b9b8af3d080d1369f096a8c8377d1afa99c6f6b306448ee8ae1a9551bf57c1f67f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ccb30861747e8f0c7875590ce17e223b
SHA1 a90e393269da78d06b81f3a3aac07ae078951ed4
SHA256 40494e09accb80804b931562c97afa114471fe65e85c5164c5647bddc8e1b581
SHA512 897d09619873dcda9f17cf6c28ec8db89f1f7612341aaf6ac2b718e77eb15e5d5b22240d011ec6093cf968f433d5d2c437e3b95594f0a4102d333826dea094e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5180df75ab4d98cc4a84a2645bca1710
SHA1 cb39acee29d480f90993a88fe4f62d310fce7356
SHA256 0197cb1607694bd92cb1c3f8a811c8768663525be052fea85dff12a45793fc03
SHA512 cc642744196b2c0d30611187b13336253324e9b18f16cb4c32e5491d0cf5b631cec529df74f0343a4504553bbde3f7c0d91d7558eac0681a606408ff20ff7d6e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b06c87676a230442b299705a50c9ebf
SHA1 7f902c5357333cdeb4ce037f2f9c6b572e35d45b
SHA256 1a2851d6fa98741e15d9abb7f1f6ee247eda5a2452a400bac2144fc4fa595f2b
SHA512 cef5f57c940059595addf3b6c0cae682a76e691985c05f9fb062defa42f611d360bbe654ab8ded3fb64847f26f5ddddbf4f6132c9f36a0df990718c470cc5655

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 85bd8dd731f2579b77ea97e8e5275070
SHA1 75097949c08e461fd658d58a2f0814ab24711a96
SHA256 5bf3ff0ff95b525b18b605e3586b1de9aa556d968107179dc8276b96159eab93
SHA512 edadba78225278d3a548a7351a2715e76ac310a1230a330133b7eff914b20c237485ca61b92096aec85ac79f8e21413274302e2f18a0ec4185acb80d342a7f22

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 90cee936e395f9b5fd052bdaa0a8363f
SHA1 a34f8e7821ee04cc6d9b8933f63dd3cfdbc6ef3c
SHA256 36125d9239579282c10fd33ef2aef3866b8752f84ec3b3e5cb6971fc57a69655
SHA512 c9e9dad47464f794f155fe9af21037187a841fa2fd7cb9c98e16187c576142acdf25c91d17a18b951e86ba50e0029022a5120d79c45f902744cbd8232b4e947b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a575d1c023104604dc5790b1789d35cb
SHA1 6f096f93081bd76b1be7427e8521a810dbd52859
SHA256 1a0592d0c7b2d750cc9b1fd9f2d3865eab7079ff7c77aa87264dd9a8650edf66
SHA512 42c91327a4fa17211624695a5150d1de258ddaeaf63e9b6699e99cfe53f617da861788df8992c3c20aa22f325f9f37a45b7c601bb1846ece5ef51309869edb92

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4151477d73d1236b23bb5320b0f13d1c
SHA1 c3c0d3158bd224e85a49e2364263318528363c38
SHA256 8f874e47ee28f5ee63cbb87f07a9b6bababfec49a5277b7209dee4fd361c3a74
SHA512 e7f489d7e82411f6dda596606b87b0a0a7fabff526d7f65b112d2f667de4fe326e90efb8bcd5aa259456de7a2d45cda419b225e3bee95b645000331704aeb7c0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3fae7e5ef0682639ae0e62d735235a47
SHA1 e1ac7ab8dce2ce35a2adcc73ba8f5c2b1d8cd682
SHA256 c23293769950566b68100043947984d27eb3ee75afb4f34eae3bf8b907342681
SHA512 caf581bb0ed76ecc34af629297fa5f4e98f2b8f16e5242cd54505f3e93a9384a3cc55ad6259dec5048d7d439d3201d9f3dad548bfec2231b231da0533e9d7b85

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7bc11a8147f9d4f025304dc4f318ad8d
SHA1 90f7ecb65aacdf71efe1b2ef1ff06ea3d5687313
SHA256 ad64e4d4738f9b951c53ff10d396a81b44652240b980c834f6a5ec7447cbb66c
SHA512 a8b3bc91a5eb97d1f74189be1a0189c7c068164d969a4cbce86fb947eaf39df54a2370c617f93fc87e38ae4812801dfbea8f184b4e3ba03d7286680c12d26e8c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f4b9aa465f6c55143dbf11612238036
SHA1 3a04a7aa5e6a3033e421f9cebb68fef7942b4964
SHA256 6eb533a2a5bc59dc3bc947e0919a10340f18a5543d863bf0d3cb8efa1f8d72de
SHA512 2bfb89992f0c10387c31e9c5dccca9d19f301c8aea7320c94a5cbae6fbdc8ef9e42e29e323ddf69e59d244d411d9e1ba9e2ca15e06baab7d21e2b94c1908335c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a772f3f3955680ecde3bde6fb8e3c275
SHA1 56f7e65fa549a1855d836c65d52d5393b1539fc5
SHA256 d175758b23855f9de9816199bd4d17c14ebd8dda2cfecb85d7c184723b8386c2
SHA512 87ddb111f2ba823c20730e39bb2cf7eacc58712dec5f2d72a6c171f933cc6d94e5607c2f419f702bb623fe8b45b885329ae66aa7ed751f6674e87eee7746f00a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ce82ead988aef5ae2de6bf3df45fe2d
SHA1 0a5763209641e5188c9733fd8f655438697b9815
SHA256 c3afb9297d0da61425de43876801a215050dab1a7006e73ae3a049b8e6234201
SHA512 3f47502eb0dde14db9b2531c20228af9a837db32a3f12a5fdad8e2262cddac375d8cadd1e7facccbb356369415cb30f91cd6ed0d3627515d27e0ae18cab93d5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e7d9ee47d7be9d05f5cdc7066fd6e24
SHA1 92e2447aa9dd163dc1bfece8704dda594fc87d24
SHA256 51f49e7166b2df9720c7bdbbbb5f5313fb05c601a0ab9f6f548578beffc3c7fd
SHA512 37198aab5a50ae56d979816a867d64688cf0d1b5cd4d959cd02a42782333a2c8e2e94a708d9403568916ed7c2e3f5b87ec54423b05c1c3013c938abcb8c5fbc2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb623dbc1040af062b2980f0d2edba38
SHA1 bac885ad2b31259fca8ad8194871ebaa553c0e65
SHA256 1b6d6b7d49c22ae1fb2aab148bae192bb3777071dc0cf874c96a189038c7fe33
SHA512 13b4ccb9fb67d35ed78f4db3a9ffebd08197c9f2e1c93b07aacde2ffccd5da26e171826ed99b90f393b400537e954575a05eb0dcac9e4b04dbf0cb1ee3f08a24

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bd09e26e264c62b914f955fd85e48c4f
SHA1 9160b69380f56455707de4b0eeb651d586d87f4a
SHA256 1e4f8a8a7f6ac1b2f605f3c15536da2e1d581dc77dad4c0f8378726c9dc7897c
SHA512 70be3885242d3aaa309d5778232eebe415f97b363b7be48271cf40cc95310583c6ce054e5fd564de19535f8327eea125d37ed7e8ab4b3f00f74b6003566b9cf6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eee059343391638a40b6a4f8f1f0f357
SHA1 c101434dbe142ac41665f29d0c68a34bff38ff88
SHA256 ad3918a4658585a003577d44b347daac00b1688b8cce5a8fa89bd9b279f03fe2
SHA512 19a5317ff4ba6f8c892be05a671f4f8d3922ccc1108e98316875b2eff54addf3d519dab6f0140dd0f15d9f035d32886829160685afcb28b44685cd5528532fa3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d96a137e2540d262377f75ba0236c705
SHA1 4e6033687b8868b9f2fff321277ac5b078a2ce9f
SHA256 b75297dc1d76f6b044082461a6cedad914801b430e25cda09b9248c43c92fd7d
SHA512 4799e5c90252e652a0cae8ff1056d38310cf411df3250f131d5ad94a9ca76acc872a3ffd358cd7b2550ad461d0786954c2d532f69783b57bb8ec239821b3b1e3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 51d8711edf46f3683904e18f20683b27
SHA1 122a033cf94d264796ec88a5104d86804816442a
SHA256 cbb6a8aaa11cb482bfdc15647567412940ca4ec9258c9631db1b1bb4f1a11f35
SHA512 c1080bada1a4574ba6552f90f0b4473bb77bb9866d35507ad093a08729d96dbae3b0cc88e1ae8c4a4eb871602046b52b40850cb7a1396edf0bf1f4425444840c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1927062e9d05795fad536979d87a6b79
SHA1 6ee3f5a70ceccce0c38ddacd5ba81b838009947b
SHA256 1d9f6f32a24baf64ef79f054017b5e8761e7a6244644dc98073c06e804de1349
SHA512 d8492de513658f850849dc6a7c798bd5d02da5e5b1ba8c54771bea9449b75e1b35879dca45e8bd5da7a534b2a37a8a9d591a0d63c553e84cfa37f14945fb3031

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 170ce3bc10e911a383281699d21020b7
SHA1 035aa0dc081a64d2cfae7209024bfc5e74be266f
SHA256 4d76a5aab7b63eea7a175506e741c5aec968596e3cdfed588491db168f6220df
SHA512 9a19a6c1be7fe550c62f297094e73eb5608a6c86da044287684779ab777174f0b78c9e32f449f29acf6ab9e12dc94329ba3d8a2fb2d75e3084ae4154c12d6386

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c007201af57bc5e367f74df35bbe4487
SHA1 229fed72b9024a3b050a82ba48f4722e5c28f3b8
SHA256 a5190c63e9500cd9369e3e7c749dd0b110edb460f5254a83d81eb7b71ade0544
SHA512 17bca6e82832df3acca40460931b2cda5e4422baf9b40467e4e874c6d958ec0ccab45f2c4f329a202f8fc3bf9646758ba5bb2f4a56694348c92f9d60ba0350af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e26eefcdd7d58852a3181c8b5ec817c
SHA1 050c7290455cbfa59ac98055a104edf0fef0fe6b
SHA256 70f3468994002b08c9fa0dce5db1057cd304e7a963c62300cd781116c302c4d0
SHA512 469a1095416e685c027db3c2da24fcc959583ec34ef5fb925de503c7e3f05c8188bece122c8964b8a2a9f52da13cfddd59205aa3f34e9c18ebdbe4fd040d7e9b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 73a7ca1734792ddfc1540a23fcd1f7d8
SHA1 8bd031eb7505d8170698fb350206ef07d470468e
SHA256 f2ed9e21893bcbfe904fcead420e65cfafb889879551fc34a35f83ef9a16b526
SHA512 d96a9100edcc988f03847748fc5de58c3dc3c9dd1d13ea7d743a28e0f08144758d9d2e575e0584c440ffdb648de29aa5c2c532d0aed25fff77ae14d0555f86e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7297a78079da716debb10475765591ed
SHA1 675841d9188fcb4df7da277870d2c5b12c5fd999
SHA256 53c109115c57f64001eabcdc2c3e2266950b5015c8227e641af0f4a77272a905
SHA512 ea50eedc364510d4bba62be463c06deec813aac3d80cb766a82c405cf1c799781b0a1aa279699f9b7e9a30421427a25cc6ac2a4ac0f260245504fe8a53a860a2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3dd2cdf70502c7cb6e5df9faaaa08ec6
SHA1 880233e11e9bd8d858c25bef0cedd3765c62d8b3
SHA256 1ec8a231d50969f0603f20a44bbdd3d5662596f242510813d94ae15b030ac2e7
SHA512 97d810225ce1c2d645a5b2a386d23d95b3968c34f4400154c8919046e45201278fe6b1d93071cdb1b9f5f153408f9af7c5091cc7362fc14844e953b1aa954402

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-04 20:48

Reported

2024-06-04 20:50

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

154s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2611067143.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1200 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 4168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 2456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 3584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 3584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 4584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 4584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 4584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 4584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 4584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 4584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 4584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 4584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 4584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 4584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 4584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 4584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 4584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 4584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 4584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 4584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 4584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 4584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 4584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 4584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2611067143.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd329346f8,0x7ffd32934708,0x7ffd32934718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,7264852725245695081,17730510538513568837,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,7264852725245695081,17730510538513568837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,7264852725245695081,17730510538513568837,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7264852725245695081,17730510538513568837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7264852725245695081,17730510538513568837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,7264852725245695081,17730510538513568837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,7264852725245695081,17730510538513568837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7264852725245695081,17730510538513568837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7264852725245695081,17730510538513568837,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7264852725245695081,17730510538513568837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7264852725245695081,17730510538513568837,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,7264852725245695081,17730510538513568837,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5032 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 www.028jiaxiao.net udp
US 202.5.18.17:80 www.028jiaxiao.net tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 17.18.5.202.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8b167567021ccb1a9fdf073fa9112ef0
SHA1 3baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA256 26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512 726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

\??\pipe\LOCAL\crashpad_1200_YDPARBQFUSKTSJAK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 537815e7cc5c694912ac0308147852e4
SHA1 2ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256 b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA512 63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d68a928ed6520f29329dd50ab8ff1726
SHA1 676840d64745d97cac1cb7eba7eaf37985076907
SHA256 f22f79861ffce62be49fe10f10364c0c0ca0706b08a3fa25152d3ba6d8d9ddf7
SHA512 4549eb37c4c6632d088b11c4665e56cbc64119db970e0e3fa542d284c4a6805181bfb338ff1e120a4697dad3fcd352b2c3ee34a0948147ddb6ddf13252fb18f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b45f967d29d493b71996186034706a3d
SHA1 1740a28b30c14718ff405c87468e39cfc8107760
SHA256 0dcb0692fc74d1e7f3aff30b3108fe6df4b5a2b4a14c13fdba9132e92c7455af
SHA512 089f1900fedea61802f2dfda46376cfd364fd6e0c834ea6de1868b18e35d83e28a870905ceb2a3d129e06cd773d0bcc392ab3389c8b4d2fe7f1df5150451ebea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b1ab2a709b3a9a7ef3324f4070f12ffe
SHA1 b4f77fb855ad7e00fefb437784234f671b3ddcf2
SHA256 888813ec3fa91ada5d497c59a49301db5705ce13cf6beee98fa483959beffc5e
SHA512 ecc46e5c43bb80029e3cf6651e5043441e16df3c0fbd5d81234c9a23ac7cb40ca5674099f9f6525eea81a7ef417833cb8297361e9ccb4432dfb4af21fbd48b4e

Analysis: behavioral11

Detonation Overview

Submitted

2024-06-04 20:48

Reported

2024-06-04 20:50

Platform

win7-20240508-en

Max time kernel

139s

Max time network

144s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\contact-domains-org.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423695958" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C1935F71-22B3-11EF-BB1E-6A387CD8C53E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000006878806f7f8bf652cb0d0dd3a937b816b7039c6687e700919374033ca2681ae6000000000e80000000020000200000002437eb056600e97053d941ced0b6261df052246f17a7b3bf3f0e476eab4aa0f52000000094d246556a13e52915170e9a42c938c459f9757a8f075595023ac2e8b76968d7400000009c197b96f02966284e4cbd2bba7344a60d25809339771907619fce5f405a8b623b172a30c20415811d252ac7c411e12021766a70ae06bc7b8d58ab9b43df9eb9 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e003db97c0b6da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b0000000002000000000010660000000100002000000015153224804b686e351127e8ce146df35cdb306f054b222d89e7bef7236c3872000000000e800000000200002000000094bb06ddfa0452c81c166958635526acb797ac35e86080efd2d77441c893ba3b9000000060d5b9c35356b07e9185b1cfcf64e29f0e5d731a0b908c0e794cd4eeefc13a73d7c40e2b2e75fe72b53f979fadddfaf7a22cfa92fc7f7d24a83287eca9942838e85ffb9d2e4db2c7e1a03404b0853fe70988ddc09b08fe03d94ab4ce881ee6afd938d7775d3ba4a2150579155837cc896b624a393dfe2ece62abc6f0423a51a629f4bf84bea27120192895766c292939400000004088d27d48b3bbc19df22063b573ba45b35f5ac818f6116a8e23eb230255d0e62368be533ca234fb8a12ef4ffb6c1f16b70bf163adac5c504855af8e699343f2 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\contact-domains-org.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2280 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 www.domains.org udp
US 8.8.8.8:53 www.google.com udp
BE 104.68.81.91:80 s7.addthis.com tcp
BE 104.68.81.91:80 s7.addthis.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 50.28.32.168:80 www.domains.org tcp
US 50.28.32.168:80 www.domains.org tcp
US 50.28.32.168:80 www.domains.org tcp
US 50.28.32.168:80 www.domains.org tcp
US 50.28.32.168:80 www.domains.org tcp
US 50.28.32.168:80 www.domains.org tcp
US 8.8.8.8:53 domains.org udp
US 50.28.32.168:80 domains.org tcp
US 50.28.32.168:80 domains.org tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SVBQZB4R\recaptcha__en[1].js

MD5 82eb347ff9829de451400d8b672df1ef
SHA1 d7419d4ccb8696bb2a90519a4e2b916d64d7d537
SHA256 44ec88fca0b915a741f9efcf5ef13d40133cb7e6501aa18d56490532c83adc95
SHA512 6ffa79ec2f3b2941b72050c72307933c39c0c7a56a970ce9c90c2d5aac21609274b833a790b1235217995151700274732ea18cb87c0c7969235304052a4cf380

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 326e0404c2c7b4ea32f42a2548ce5f56
SHA1 ae3407dd1fa514f7b3643a3bcdbe682b1bb01740
SHA256 90de01fdd12b24b9af0c1516130dd755daf6024eab94b6f52ca13f85dfee04f0
SHA512 18bb8009bd8b66ba12579e756ba8389709dac30d2cc5cb98fe38528c1415b9e75d059ac442fa68f684f2ab025a4f5f054eb70deb22788ccb0d13d9425c8a451a

C:\Users\Admin\AppData\Local\Temp\Tar35C4.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\Local\Temp\Cab35C1.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar3666.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e13c747eedca3998387955ae1194e658
SHA1 12f9f0df0756a2c3fa5e9cfb5f03e85771d992a1
SHA256 c1c79bb846c65d40965e86f6b72e9363a392d66480c0161f2a2c767f22a02a72
SHA512 87d693e0e1062d43b7d1cbfcce716b50030b746681cbec951f4f63e8360124ee68f74369c670e3dec4444b089ac6482d5e05885436212d3a70479c22621040d6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c418de807c408d5e70b5a063ebb322f0
SHA1 140206325b386568879483ebab2fd0063eb883cc
SHA256 817d1bf0bd6e921896615c3ef90932fdf075a69e9a458be84ff4fd5b30dcf56c
SHA512 e128eb77fc58c00f72dde95acb3c99e7a7ada1e39aa28c1eea9a1b0cc3cd8fe0166b58e5d1bd4862529676313c2d3bb5edaae37d6553234f9bf159846dee179d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d6f29d906b3f1c0eeee84584a693215
SHA1 96c57e251e379f56bbf6a84093ebaa1bfaf6e7a0
SHA256 a57b3959590fdba9a41742e32b671b1bddd8cb74125c84667d19b76d993eaf6c
SHA512 e2c2823334865ec033c5abd91356488599163f0ba38da1ba0015005b31d31884c653992bd4c22cae4aaffe6c3ca8da6fdd20a1653a03f6c0ad22b7bbdcacec83

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4f2be1356001e4c7bece7fcec9aac7c8
SHA1 89a4c051bbd0063bc0c30e3a590fbabe71c87c3d
SHA256 713efa98dbdbc06fd6b172ba66bc6b3a629ee21802279a29233cb318fe7e361f
SHA512 2906c605d477104c1b1b193a93890df69d3fa34fe4aa7ffe89d294ae0ee92272f5aebce117234faf4e22cd7e2ef5d68a8cf8806714fa4c3d2472c904ef8e63fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4c05e8bc34578a4d32d0e9447b5f2a0f
SHA1 cab5d0edab56ff78c5f9cfab37a48bcbcfca72dc
SHA256 72bfc6161a291d8921eb5ee8dc10cd6e0eb3ed127963eecdff58da2865def3a9
SHA512 6dda18f07f5ae72110d2d96d2ccc4427aead35b38d905585478e9ec3a34c8d1775aed1043aa35bab32a96a3c8ce49ac26e552d69e2a3d8ea13397eca75a147c8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 80758e4d502f20c815c03c7082a87667
SHA1 851ce4e734fae4047c77e06b8e8f831f088f4eb6
SHA256 a069aac9457206e62f349d1d884fb3f271d07b4489c227baf2011a4b7ae3af43
SHA512 1133eb3cb336b9f662d63f0e46dad91d370bedf52569337d9c67723e49109193c42e057dab7c8e6260ec2e3f4ea04994bd098ddf06663fb8ffdebe3d7253148a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c928f998a9c8adfab41f6ad3bb28d4e2
SHA1 cf9f0da80a0e89b4cc9b4e0507dcbe7691910206
SHA256 b43b5a1e800c5e9cd5c6b2f0937bb1aaeb6165f79e9a557f9a21153266515d5b
SHA512 599363e52e6b9572e76b36db0b51ad57f3a374a9f217ed354926a1cbe74ddbb657bf8e1c78e1a54fed09095f1e7a3a5e9bd824108a852a0b5203b3d2ecbf9ef5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3cf2b0abb9c6f9c639105508299d9f58
SHA1 13737c7543e0699921031b77db7c701660464a13
SHA256 d730350eb7bbb3f312ccfa67ef1cd3cb11c2d1269eb723000381ed78cba67cff
SHA512 21e5850f0d10de71821fd72b3b64b53441e282bf48323445ba68f879d7402c9a23b8aa39a9806baa190b41b77b1318759c379b1e8584680beddb6a8459a3d577

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9632a6c873c99f3b5c80b9030615c77d
SHA1 efd54a9227b545123572f1aab9390560875fe4f1
SHA256 0da98f5552df69c4866095637316dc1851e4a3ca94a0f54113e7fa475d4a0fb2
SHA512 42e3af042d3e99577bd8ccd9593a72ee3c88fad432a5220f94c02b609e6ae042daff351fa65859b31dcd0bf5e12bf94268af839d6fd87a7b5202e09ea4602222

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e2f0c9aeeb4e8ef18b53baaac50b8f0
SHA1 7b27720fbe1b539be83768046b404cdb8ef7382c
SHA256 8e21b577bacb8e60a45c473c48d789b49625be736d469663e0c67e17391bfadb
SHA512 9b38c36fe4008d7579ccf85d8e5519fcad4b5d390e22534c448b17e190dbe1e059e811bd2287b6687369c9aa23d88e0417ec367ced784448561fe8280a641cd1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cd821289ff563f307fefcc1fb5de9f05
SHA1 27a3355bd86d6737576027cb0af8b9ec11bd2be1
SHA256 492f0f3cb8da29d73f57bacc233388fdd89a92831b92e59b1c0a4b598c741c50
SHA512 98ec0f681dff9c47fa9e50faaa4064a3db4f61dfaa56e8c57361567a4c49802a90d092bcb81f29def9bcf501788499ca63754d45e84ba0416f8a93490389a2a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0144e59c9ce888f9f03f2026f1f96b6b
SHA1 050d26a73228fce8a5b2d8bdffea37bc7254597b
SHA256 235155f41881c313aaf1313c568fec3289d598fdd72086127460c9f7a0a02b49
SHA512 f2f3271370048baeeae67b08056057e1e1835d35e40700123547bc0d68f40465a9a37b856ffc5cc02930b197bad41bd6e0a17d75a5896b9178f9e057ded8ad73

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de3821d8bf7fae3cbd269362b33756b9
SHA1 ee7ed4b8c8c56376358f6c2a85d6684c6f634cef
SHA256 cd91092c2fb458a3508cf7e03e67f67f62e23916660895c064fde4d69a2e0137
SHA512 179ee9f95eb8949970c2086e7d1a8c23fb20113f216c5c161cfbe9eca1234339bc40f7ceedbef4991a93d72493e2574afca945bae4747912431b3221893a8bb4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cba84a96bcac0f299dc2954eb7bc3df3
SHA1 185346b957ba91357a7aef00d48939f0be7637f4
SHA256 cc25944c2c20d94a0fdc49b6530bb4eaa747943d494e436a2387746a10681e4f
SHA512 9e51cea1158e65cafaea7e00c8cabf5f00d2f0ea8a949a3bb4071f4a49d9c558f8b70b0ffa455d230e908b085d8f1d5220ea0e8be107badd1d358b70e0ea6d52

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 50abc773e3c7e231dbc05098d81963d1
SHA1 c1f931f6b8addcd76751e2571b8370911e683875
SHA256 e0da8fdfe911f9abe38aae6e20f500f444ca1a63cd9799de63932188e471d751
SHA512 db54779374185cdf78346e15b878d2a96977e066bdb40155d8e9256aff77f2e656be19a84fa59d3d7bc1aedc3cd02dfd48b212196f7e09c50fabd037e93f37a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c647fb9cdcb9eef50fff202494cd6f06
SHA1 b5aab1fd57ddc3db55f6353acc50aff0b4cbe610
SHA256 653ae2f2c05d63878dc56c6ead4821e35625f6a9366f752063cea423e4e2177a
SHA512 b084ab20525324be0327ef8ebacf7009d8d430e4524f198ea68a3ebf377dd7538df69d7db45bc2e3619928b4a5d3660d8baba27d7bbe8765a31a2608781e4f46

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5f6b1bab6a9c73c6f2d5bf7c5231b1a7
SHA1 1a2c601e921f950888e77621a6a758877146a52a
SHA256 f745184a80184b4162d038b3b90f0078a3fc040c90b38f12561cf558bed85cd3
SHA512 06b77bd7c8418625606ffe10100c6100fd11fb6a9660e777097bbcbe0deaf82f86e788c7ad85d8a38c3fc89847843c22e4b3afc6ec9fad540101c095d6daaedb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ad2f984f59510fadf4169ce454ac954e
SHA1 6c11a186f967d960ef5c33089b9b3b531f27f6ff
SHA256 2afb85a5392c4d1d10a4d1af175a8f9bbd20c32ecae372f82d59b81361612b9a
SHA512 4a4dc7c5e3ee54be82f19342640c9336286198dbf1789dd3560b99475da8a24c5a52112586d337d84225e438b0d3bc8e348192f3790006e4ca2d6416774a6ad6

Analysis: behavioral15

Detonation Overview

Submitted

2024-06-04 20:48

Reported

2024-06-04 20:50

Platform

win7-20240508-en

Max time kernel

122s

Max time network

131s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\home1099482986.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e93610000000002000000000010660000000100002000000002d98cbf4414ccba871362e619807d038c470cd052a0d9474b90ca7ab182cfae000000000e800000000200002000000027f2fa98f8be87ef1bfb941e6edc12e6583b22dffdea525b1d91d5c7e6c2876f2000000000cf86cb36507b606fd24384b5bbbca48c1e7b5f877fa967519e36ff0203dd454000000068f2471d8443e1446a31100cb430d6b8eda3a5940437f744a739d1efe1236c7d90eb26fb86d04033c32deeef61da76d851ece2d79e4770a82610d630f6b1b192 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423695960" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C2C3E091-22B3-11EF-A57D-4637C9E50E53} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000a5c3ba585e2b7dee840b44b1f376a3e127e8dacf4cae4fd53666a5ec69eb4bd1000000000e800000000200002000000077d6d20f8ee312831ce8dbd727e2ec26b4185f376edda2ad78533e2703805c5990000000e94dbfbe357414c02b0fb62770a85e25494524b7e0bb5a776b1c54cdba35801ace84659e2b17c012d5c32c568bab964fd8d8b11853ff137354b2ea2e98bbf9c7350c60de8edc29cf4bc0b2f81c92007176cba5866be9d713b2736f79e4789bf5d309a856ca6c6ec4c5b83bf9992fc4507b5f96c5112233fa6c430717676f0cac5bc19f4030a5329fa0bd8cafb4c22f2940000000ea1bf6dc3284c042eae7b13b2c4c525948c1a18b18c487e3ff6f02acc438e26dd934289f1c7506534b37be3c59120646aeaca4a09102dff23b5b34d44e63a3dd C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9068e59bc0b6da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\home1099482986.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1788 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.twimg.com udp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 abs.twimg.com udp
PL 93.184.220.66:443 platform.twitter.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab20AB.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar20B1.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar216B.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 96faeda2055ea468fb8bb4f0d805e0c8
SHA1 6d4984734eca363f258906decfb43ad0f66244af
SHA256 11a34ff05cb3427bfe68357b98f61a7796d31ee7e9dafd88511aa81d1aba054d
SHA512 7214bcfd4e5a7ce52caff5defbb34afd0f6fa75f3c6f3e39d175ec21ad4293b46a2ea690880012905e5e07d0c7381ce1796cce99b18a93bdfa9a92928ebc6fc8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fc19b93d96de57449416145b5d0e6a32
SHA1 f260e40ce73c524eef93d887d44fbb7e89a354c2
SHA256 85705bc8120c9534049ed65986af535f385775c5c14b2ab2fb56fc00e4359399
SHA512 36af91fa19b8e7944a8cc5f7ca97e275eaaaf0263193e659d68a8bfda0bdf7638fe29daf4c13b67fb7d74cdf5cca884f56fd7f4666d1a55d46b66c859dd487ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0fc97ed4d144cf9fdb92c48ed07dca98
SHA1 f6175623303a096879d5fc711bf67a90dcd97800
SHA256 975f2a81e4f024ac8c2d3fb6cc533d7d74f8900f42c429f39d3ecc1023137b55
SHA512 fe0dc255bc3a6221d8374a32032451a6424ff9f71c9ab0582954047331bb8f790805c8be0d8b813e98cdf8d68cb01662b13522e6ea33110e79ef8b8a6a888d4c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f038082dc36404388e5fcd50c6efc158
SHA1 e16be743004871619dccb11f83c2daf14fa2e49a
SHA256 9cbf2168a5a065ef3dad33bc364b590cbc357962988f39ed50fd41c7ad1d7b2e
SHA512 d95ef8177fd8a779f04491d34d782ff9441aaacbee4f95f25a0d161be213b2881080130b7d240ba6d52ce149a7fcb341001f15698baeb5bb869650323368332f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec9176631a44c46bf40785045ce1da90
SHA1 dd9d3edde2ded89fc37064121a517c0a4aeed691
SHA256 6990ab7070cbd486c4f768ca16daaceae5316df65e7d960b58039985a1724cc2
SHA512 e8c5e8d3b908f3adcc719c14220c99d331806c8680e0799313acc28f0c03e66efe4c445330dbda49cc95fa0a88772e68c3f4b3bea8473a76442cf1d2f522085e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2ea56c1450f294f836010c4144d57585
SHA1 bf8b5da264dd88fdd6c817a77a97cc6ad2908d87
SHA256 933f76f0008f9c7d071708370012e35254e6294cd90f7b2be75f24205e9bd19c
SHA512 a83970b2ce36f1618de9140a6219fbd0d84d605f37089d0f2b12d3c14c0bf9b5ca02e4b42453c743d197641f6d336b584199ffdb74e97dad450c30dca3322b65

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 30b39f5eaf689e33273105efd687f356
SHA1 dbd33035f7a320b1da5223c5933b6ee2f6f3ac70
SHA256 27af2b8fd89ce7470a15d21a0832b0263892e16e810b8ba6dd0e790d2ec3298f
SHA512 d7ca03fa2b8064d5fead941fe9d01d3f9a06e5bbb46e067f3d43e6e669f682d9b3df2ba881b97662f6fff8c9959e22914eef2cdb15150902a10ddcecff6a0c48

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 10a8114bd475c6145aadd20072322f2d
SHA1 98a3b2cc988b88975397bad3affcbcb11c1f27ed
SHA256 225c1f7eae3d5a5829498b49cac9ed1274b8b9c6310192ebd67203992f4635b1
SHA512 5c46563c68c7da951bafb695ed4568d5424d1ed97111bd477427b9ab47f58b79251556ca9d4596c8a58a3a9e015d1d741e34722ad572b03ab870838986d82a59

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0dd1bbf078d9f67a5b6f784fdee3c49f
SHA1 400982300196fdb1ef7184ae4eed90aa7baa1b6e
SHA256 a4151af18ac2827c400b732d424ec878791873c579a9502f418e3c1b29ca89f3
SHA512 80a56a181413bf57635d941023e5b38aee6d977ec676516ca050f29efb247281e4e20fd5ab275fc416d2992c4b1a900a892033e7b167a89cb297378dbcf9a2a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 34767f69c64aa33ff7e7890ebf33873c
SHA1 b22a9d6c64a21329ef4fd2247f2b2ceabe7b8515
SHA256 c3297c13baa611ee62a80cf1e6fa917156f974241fe2bb7336bcc3b43af95e79
SHA512 17743f714d566ba94bec2ea5e429b65db69a83a14bfb60eeb7e5fee257250540824ef6396466c972be76d4c5e9eee7b216efe0578d3cd52a560aa623d4fcf6e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d7268edaadf5bf901c373bbcabc6bfb
SHA1 ef72b454ae59cd3333e887371c8edad968cc3526
SHA256 c99ce4f4bc0e2b27cf7f56f929072eb9e7e95392569247f20a23fd4686470d03
SHA512 f3befd9d4fa84cdd0f8ae21797299228fc9c92413cb5d19561556d6845c003372a9442c7964f569dcc8c72d72a95fb7409c64182496625028f6a626d0a9c5a87

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f4bc2a228fc5fc997e10728cebb02c68
SHA1 b2d92173347f8d58712cadbe67bb048271e180ee
SHA256 8c496e82aeb72489c79aada77d5f4c2b8efc8bb1e225b130a9510248b1031eec
SHA512 f36cb9b223209afd704137a76ad778d6361ce9cb8e7e9c109daa9420936b3039a644d6d72a890dc5d92e62bd65b3c9c804c2bc4e85ecd7a421724fe33844e962

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f10fb06cf4ad505331d5dda01529e6bd
SHA1 b3cbb4d599f2ac03bda8d51e5573f1b79b19a36f
SHA256 53812a9d51772bcb905f14eaa72da6d1eea69efd78d6dbd33ead1909c890a4aa
SHA512 9d710cb83a84bba18daaaa01f96a3fcceba3a42c437015634c01e8e6414a8561a5df5b149a42d44753c2ff637ebe22bb1755a2136785a3381110b4c1c59f0ea7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ac7950ada6067ca558f814749855b19
SHA1 8448dbc6b3da88a5831b5097c02775a8bbe252bf
SHA256 3aef27e2fb4acced9a86426ff6f04465c7b1d39585facb8bead101677892f1b7
SHA512 47f926bb059bb3313015abcd3e31804b6fa1d983a81f1fb305ef47cf1e873dafc264d14eb63d9e0319790e860c38c5c54f20256bca102c6f2c36f80169d8877d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ad34b525eaf04b7b2bac9a0c88686f4
SHA1 6fd1bfe091ba8510cc3be1eb43918a2499d730de
SHA256 96d657865dcf5e1b93965092b34970fa57eb9608dec779bde5469fc913e49a90
SHA512 65ee5155b2d06b4633b8f244457b1fd90972ea33a21ed52864a76b9f5ab8d122a1948d9abdb7f2a0dedbb98bc6be270df48bf54eca7603bd27bd6c104cbbc305

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a9d7dca45c717b428bb091d98fe5b26d
SHA1 67b7fb46a2fe65b0048d4702766f3aab52615858
SHA256 57aa180116d0f1c6ab72b5adcec7b9f22b9cc3538e0b5f642e406d3066fbb38c
SHA512 de2ae5a90fce9f5fb8ddc49cd73d2d70c4eafef567c3d2475fd7d594219a842c996e0a9d36b1a09f6eb95bc8757882cb63e7e47c3fa48ccc8d3fbe6458b903c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ed256f42d8a2e400bbadceb8db055ed2
SHA1 01d055fcd05115bf47da5560b38e3826545ac945
SHA256 7be6e70b72be8f8d2d7f04cb6067da3eee0aa190b7cea891b483b0f930df0a81
SHA512 05df379430f1d3e052032e64636cd3e2d49801b5fe5e0f0b3dcb1e5a7ab9552a61f86d5c11f5e5637689dac12cef882c5286073fe63753931f2caaf44e518fe8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee2fd19485da293f5d01d3bb66dce029
SHA1 1d7093d9ab52b3bef7bf722a3af87f6ac131316d
SHA256 404b07dedfc361989a9a47753e75583577e6ba49f4a50678fa1855e03140fc4f
SHA512 ee2b2d020a37b91fdb7e6564d623f8888397e836298cc3d623061eb4f9c83da612fcf6c62711d5f8fef023b8709750c227a98b42ce55261eafa699f3cc89995a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d62a51670748994de005a96104060b15
SHA1 bf12eb637538dc856aa4952774644a2c0b2e286f
SHA256 99e2070a297ee933350ee0218e7a27b8563ef660646f8da45f159c105bad8607
SHA512 301360cbae3c46b2920c9bc16e8b62ef91a09fb54ff0062aa1f7d7b93320e80c68cead26d0aee095818cb921f0b3061ba1e43084a392aae1f037bf9a8c2e9919

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 51f91d0df0da9661495a7c9af9212991
SHA1 d90b15fdfe0159b736eef5142c6f55ddd0503460
SHA256 f40826c8e4de8ca45d865a24d9b2df5926831460562cd97ee074299d128e8675
SHA512 f6928b1ae8c19d7bbd8aa78c6ea6198aa2989246cb8949b8ce08e39a8a807ac147092fd7c3c92be564773a8e7417d12f13cad54dc571de49e642771f71428003

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7fbf9967f79317e360b15e9ae922120e
SHA1 bba8b54878378846b123c073191208c937374a40
SHA256 cb98f90ee9b098154c8b73e99e05e63ebc2e591d269f734076ee35aa1cdae9ac
SHA512 dbbb6eb7a44ce22f51954252e563f5aa73f88e6fc923f6105758cea7fd1ddf8400e304ffa9eb36b678ea7a5e56f567b4092a2465912e4d333958a949a03e86c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 914748e6d4e37bb2ff8388b4d8b95949
SHA1 553f900554695f3828f435edb694c9fc8f141b60
SHA256 29472443e339a8c2d6846cca7818a31196ed095bedc5ae8b0a49cf807d69ecd9
SHA512 0054447af131dcb8a6bd887a577783227d744fb3c12c98f046d027110ef56ba4154679d284cbd010d33f67fdebde3217a9a93682278902c2d2866090bafed28f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4ffff974b20ab0ca4072ba75a48b84d6
SHA1 eab402aeacd82f25e20d487544ff847ad120f778
SHA256 7e49a3ca64831f2437beb8f84e998a5798c940f79681e1f6cc8586651cc70884
SHA512 7db8176eb622fbfafedfd64b0c526a1cf055d3ef1cc01c2b70dbdb02954fa718a5613afd106705920ba4a474a1d24cd3b92e67caf29151db122d2beeb804f721

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dae3500fd1a03392e3410cb32f43d785
SHA1 f9731ef7712b3d06123734603bda87adad60cb3e
SHA256 adbfecee308f4931cb510d0faba2c9160e0f27c0a215284d7267381b8c0006dc
SHA512 f97c7af249e9b758ef8b8ba2070da1fb0c444658e0351cc685fe4ae0561cd78eeb9931fc056372f4c160bbdd1693ada985e4548f4ba20709eb75702aa2dabf13

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d30a886c0fee7d3271514ac6ab443461
SHA1 b17c5147c86247b8cdafa78276bbdb4ac18183a0
SHA256 03d2b1337e12fc52857d89a4715db7cbc0478249e314eab66d8ee187e8131696
SHA512 e2f6ccaa20263f9d0dca56a2fcba1b338b8b99c6c771b48c9fe1072ee5409eff2ba707365d42352643ff15b0135b9587e7647e923c7e383369b5cfa473493351

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f9fa0d982ca851e44c7b81b03c30a556
SHA1 fd9ba43a8d2ac454ca0b0de9a42f9b21f349db4d
SHA256 bdaab2ab4320d2e6003e0bea4e38f2f777237aca3f2f3c4ab55a66871307f73e
SHA512 8db522c8bc62b564cab8487ecb715909394ee9959a1667edfc4e862d9c66646f104a46df47646368677098a8813ca6965c9e49c4e7e02a3c8ebac75087b4052f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 405b44e6ebb38ca286aad201c8ff61d7
SHA1 f0b56dad9faf4837ce4c2eb21267f36b59c9534e
SHA256 81d41cfbb6f8d5496e3ad9e6d70fb07a7352f2dc1e4c5cbd51edbf28884f3ec3
SHA512 206ca79174864bbfe8f3ef3d6a19ea04def35d179433b77656652d9a902183b808296f08c0d66457cda34ff25d02e16199e002da3f9aebbf3d6d2771f285e69a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de043e98fcee5b359537f837c05e90b2
SHA1 eacf91be8af17e47ddd00c533498d2ce702d4274
SHA256 a0564053c870658c40bef00ca8ad48285e49b050dcef03eeb009c7cbd01c93ef
SHA512 2f7fe1c33d7b6a354831a8bf169fd28c8c8d13d32365ccbd6b68d290cc43cdf8b812d722d9943de34246cabf793e61d6b9047210c631c21b8ebffc7b1131f97b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5ef0ebb623df5896d85f9fbcb51044de
SHA1 824115bc9ea7636cbbc8147f89362423d1c35eca
SHA256 e1d3850dc8861c6be2ff6562e11d3c361c8cc3693ef5e5b8fbd5d0856dcdbc83
SHA512 6a4f1c0860b6562260b51d7d4e0cad447813365e763dba7228e544fe6e80f916e980f028052b321a588611189841b3884c52a22263903c67c0116815939418c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d94b0f98f5411d9b8580766ca7f78a1
SHA1 1f7672e7fe0e4fcbcfcf4671d6dcb1ff78d4c543
SHA256 4f45ac5cdc9ab104db3371643c939023688ad498fa7903b3a36a8170ab1a4d57
SHA512 0c3cae3dea6c75892e67fceb107b59a5e4d570288f6c5033e30f05a3acee081baa72d56a5ac2a53ba7aac6d76a80f9445a156ebc59ea0740d32fd2b33008b2d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 298778f6a0b61e6ae84e71cba024816e
SHA1 21ab8ae01731b81a3847a9a81260419f57cd1e27
SHA256 271c8ebe21689747e4516f7d127d3ddefe989d2c71441df7e479744507c21847
SHA512 32c66aaf3323889762924bf92d0deca021a327caad1096c11dc324fab3fbe2fe8b6f3498b96167146495d8b172935a731ad287d570d4c34a2e479cf051f2f81f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 23dfcedd3009c4695b55bb85054a0df2
SHA1 9661cd6b7df27f09f8bf3fd7e66cae8a461d7d81
SHA256 59f1b4982070a11f95bad3678b117dbdf00b9727657848687d135193e7203e58
SHA512 b8d22638bea8ac72f6e15fddcd7a25255dc6c932523ab40cd2e5231061bbb5a903410d79eea343080082146b5f3243bae7c0da40bc42536655b573ceba3d5288

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cbf8bb5bec45b40353b4c7359eaeeac0
SHA1 3161d4fb89e482afed07e7eaedc38e84dd3af9a8
SHA256 16d6455f556080053d09ea3fbec53d1cfece8aebf62916faf803077cb4f97b1c
SHA512 bb1abc6f01e2412755ff7b136792cb27faf0095200d05897ec9e4404bfa0d1dcdf77525d6f697ca2286be4ea7e954f44269d514a9435a5fae127fcdccfe100b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 18e67652b2ac24259dadae73a04d09d0
SHA1 0d303a0656880c28e4fbb1fc011ae8282c8841b0
SHA256 67e2fa1113e76d57e41ab5de9efa090dbf144deafa4bc5535a05cbdb5b5eb3da
SHA512 9bf958fd3b6f0a195ee37647b80952d3b59e6bf86c035ffe7c896ff55aef20113cf16f6baa8c520c267471c5675c69a91a38f81e7db944544026b99571d1e783

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aa1ee835106f33305e8ea47df76bed5a
SHA1 eed2022a8334a8bd921e43e4450c8455b56b2c3d
SHA256 ae41cf452e4d2156ee0a2f4c44463bcab83e08e5a652bdaa26b64fceea6a6b80
SHA512 b2016bde3bd408593b2cf48698005572f29bcb1d3900b9ccb097eede2891e1b72d285a446fe5556b27143f774d23b5221ce1aae982db865b4686a5d0635e5b60

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1884f412c7c87d1a2903f3721b7251b
SHA1 863bacc9a89550ebf1365de51ec3672c52c610af
SHA256 fea0c2338c458d6cbce5d7b83528fca52ac6fcbf40df7140a9b4f2af0fb87376
SHA512 38c2a1fdf892088b993f3165d084aa201db6a9b72632e47338818eb395cac050239ca81bad0eb3430a5c7e7353d60a992bcde548bfb08bede80722b50922ae6f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a5abdd56b131abd6b257e2e0c8949177
SHA1 7a018fa73c59e5af292934abee92625e13748fbf
SHA256 03b26108f74a7d368ad933133f5edded188516815095059bd24b51faf16af6a3
SHA512 5cdcc583a0942d4bbab624b3d6ece3e80fec6e760b0729e5eabe7828450b89c47bc5e2c660d2f79c07b9e1bd90a9d3475f61317077a69a8b2479f317573f3e41

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 973657d38119b0f911a5220a800bea73
SHA1 cca789a5eda2c78c8accea4ee176196158b38565
SHA256 1850df3f81a963a19df3f71483848d96844bcb0ad321b5f77fa43ad77fcd8b66
SHA512 9f3df2418472f84a93fafcbdeafe96a064702cb9c5e10ceb3c1d15953a8db3140bd1bc441aad65bac62e8ed9d4fad93841b3670ad88ed70730e2006033535c77

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cd504a0ed5f1d092fdff8e9e41a17d3c
SHA1 ef8aa878b5c63adad730fb4756e7feeac58e659a
SHA256 b71e877ca747b6ccfe338f88ea05d6136402e38f3ca12686eaba03e9f5e4a839
SHA512 766f346e33ab39260e8980c003f1560dd857e363f07556054a88ddb0026ffa2e17de2d6f0f72c91c1963ee3abfebe2fb5675ed1e0301a22d768017a5b065214f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cf6fbc0d650dac7cb69aa9f80862fc5f
SHA1 e1ce69c10dcc4df7ff4fdea873a414bb11915c2e
SHA256 5c1e757db322b90e8cd3bc108e04c6169723d7b0905002e400d1fbbcf890fbce
SHA512 274cb69ab7eb7320ab744b67c25983628daa4e31d9db0115c2993ddfe77c12c04c2cad5db935e6d802273df16c12926ddc9056b527aa8b88560bfb3f0ad61611

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b7166c40380a499947b060f28ebb5c49
SHA1 b79a09c01487127a0c9ae3151cb5a29f17c4bea4
SHA256 927a36ce35d2f9419679b89af789154ba3add3294f75e9579319e9c5e533e2f6
SHA512 06f898b67745f1c819e64e1511b120c986f820d57dbf7d199473d1b9f705a94ee61bda9552fa2e0c7b93ecf17a60875a1c1a52c67cdfda4375355b03c02b8c6f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 75943cd0417f82416e618d09f32fe966
SHA1 2d090b52a9b3b7e3c92c8ff20969387e1c9eb40a
SHA256 649639a00f606ebf3f74a1ae08e0b0bb1103eb2e6e5c884acc83dcbcae7de8e2
SHA512 0473f16648edf248440d10cf73b3e83546af00406c172bcfe7892a060651443f8d4b3b44a478450e8689f072186bce8657f4970250be0198d526cc618e8dbf3a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b53c831e5d45f0e5ecdf9d6c0a4752b3
SHA1 4be137261e916497c7c8de06881bb1c3ad3cf708
SHA256 a6e4c4a69613e57024856239055bda919196eaf1566b52b4682b7987397e4b36
SHA512 b8807c18ca6d16e3956e6168016000f4b12a41624e95cca99849040d53759a6c986e8b765cf26369a801d9630efa7f5686ce8764a2371c88279d6decac138337

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f5967b0cfa24572b64bfb12588a02d1d
SHA1 51990e2f1c5e279e23295c687014acb1b31b15ee
SHA256 84678209c5206b41624d07ea439f16881ea479a401f763a59f2273aeb203b714
SHA512 22fa1a1597e7da18b78a12dafda961e321706e54ecc0baa8b0490d8ed6e61d599ff262fae76366f7abf83310928b6561d185958bf085f2ad5c3fd05739587081

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 369bfb129ecc2260199192107c17c2a3
SHA1 66f3594889748ec3e5f8a3ad99ecc99365a30c4f
SHA256 72bdda24f33a0ca42cb8864e7a0b9758de4b479bcc7dd0c0511d1efe3783db25
SHA512 45136634e33ccfbc7284a85384073d4ae294e6007e95c421fb9b1b06e5e42f9a2432985970b8ca58534796109a2445fe5dae8c0a520d91ed1d496886a0b505bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09941bc64b7d4566e3e7c1a2cd71db01
SHA1 a239c5b1d363db43120d3378d180be1ed4496788
SHA256 509e3089a4399263012a77260200a9b176326d34e56f25b20b392bafa81aac49
SHA512 42702cf1f7b43f6d96bdb4756d009716ec975b4b2ad62560c64c8ee090823e6a0e872d7a747327e902f0eef1bad98462d398ea1ef1e0feb6741eb786954eb97d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 71600d78d29b8c76011702baad67cebf
SHA1 67e10332854e556c5036a71e889d135478351120
SHA256 4fb9d6a4f54686e9a0af043f47905459c221b0e6384443ab076cfc1236508853
SHA512 46b2418b8f6013ff5300238df7a5c3196b959e54097fcc3fab1a9b6ff2a9e332aa3a1496a8cb84369c283b27dccfe7ab7eca6a4f3f578b0fb4bba0f0fbadc33d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d7360284d32576e2ea73cd1149898109
SHA1 14445b353e48ed62b91965067b59710b04e9e54f
SHA256 6ecfd3fbc720e0f066d381dc10db5a6d68cbf0f765e99e9c0fd3c5ce562df01d
SHA512 12976db03df08d7b5dd361cd31a28da4e303b0cffd95f14596adfa90389179564d4c182307caa5ebf9af4b383ea015b0e6f8a4abb3db2f0d612bdaa1c438a349

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb06695facde6da6884664feb1b2725d
SHA1 9f20bbed39a89ba95555e535e35630c3181f7039
SHA256 1e83e6509b0227e05515363768354ce144c74e44394e84fe286b2ac18c9c1a28
SHA512 d0541099c6148fed15841bb6ea5f5d4c2c310673d43864ac8ab141b6e135b1746d82013f843bff01fb24c92efa51848a5e70a041a2eaca8020e9deb0c3f14e13

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 447eb2baf429f09c3c173a4d2e246dfd
SHA1 35f6d8d9978dbe959d8e072b0ff5e260cf9bbecf
SHA256 8e4e28dd30d3c99340189cb3222a7dc61e807ac646086cf18b79b3f4de6e024e
SHA512 562aff0ffc3874ea5a1ea96a0c62980d5e3cda36938db3c136b5a8b75fdecb491387528d1cfb50044a1a379c02b8eb58150532aad168dfb5fa8145460877f2ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 51b3faa84b701483d2345668e3f75347
SHA1 78578221144852a2a7f1c733283ae011cc3b84de
SHA256 5b6f9d50d07799229a4db390b54051401492314efbc44d15615f4b1fdd668de1
SHA512 1ce96fa17baa4c96694b98b778769857bf3b8f6c43c90c6ad6c33b5131a449a57ec473b9c66950ca1ea4f259ba5c6b45bf1a5ec0663ccbc179b7e7fdbc6990a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d4fd75cffe6f7c8bb0c9657d72e82b2
SHA1 02868ff93b42708b7f740c3777d689b815d75162
SHA256 3ae0af1b825e361dbcf3bdc0a0aa661e67be532b3c3ccf53d835ee351e7266e2
SHA512 6750ea120d3f35a37dc627b3dd55968ae3667f9b9eb8a8c64b9463bed71d09529fde87ec4f9108ff88f985725c76f116e995de7f3351395cd397c02e182aaab7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1eee503b6f5a222454f6a2879a5eb650
SHA1 eb2e3ffa4f7fea7260c21269295c1061eafc8e73
SHA256 b93858f6645cc0eb026c619c180bb4c04281e1fd29db340c3b0b0d657017d259
SHA512 f57a82f5fff348277ea290631690ab9c393ae4ce01b3e235f37ec729fa443d3f7a95115caf938d72247382761b80886c505dd1116b05d14eb63a4728629f9e46

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e68b17da9933a5222fe39ab64b372c7
SHA1 ce43b05f5639324208b736a752e6dd462de2e35b
SHA256 fe56c99acf1dab3d3b149d22a65bb19f89a66b4fe43fb3835f191b12be388f6c
SHA512 420574fb49702bb8fe61f1eee4785892cdd291fc54597b8bf78dc12f22c55378decfac89ab1369e9f9b1558711f004384781c5e6e80c35376dc6d4e1fb0324f1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a5ee5c1a25dd6eac569061a068c52e6a
SHA1 6f20c16eafacf8428d310dffec15b6bc0dacc5f8
SHA256 1263d2920c5201aa4db984feb7b0b1903aa63076174b2e5933bd4c0c21f74205
SHA512 e6f3a79cebd466bf70ea5c9639887b0c932e8496999aee60defd958d80cea1a9068249e609cd07db6788c3b83f3b94dd2b30ac444afe68e55340aaaed295fb47

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 48ce1f10dc4b2f8ea867fdec03104a2d
SHA1 2e1e7281470631f6269da508764887933471ef9f
SHA256 ae00a029e107035fa4b70250ee664f1e63a56304424e655f86006907e876d46d
SHA512 8607ac9aa8326a6e47f9f4f77de82e3f5d4a0a0809996cdee4689543177878597178b14fe89d683b544229ccc63368829e94702d9644fef16b5db3e8f07dc6f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b5c406f16f1f037b4da23783d5e0cf45
SHA1 7d799fbfbc340b35c516073d32d75b563b3b6867
SHA256 5326c5f0c4b980532df6bedf46afc060e99cd5757ada59f796eae664616de1fd
SHA512 648d37041cc131d2f85c2c70727ec98390fb4477ff40bf311a7c071ecdc257a424dc5eaa70f7d9a8d2590902fcfa787f5406ba9f56687c511e6db99e01248e32

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 192976e1a56ad9257e6cbcae9e3e80ac
SHA1 3ecbe618d828e9f4ecaa6f0bb0881f0303cfa492
SHA256 6e045ee28978c0a9a96fd3806b6d6fe64c24115399147476fcb2aec78fa86876
SHA512 17eb64200ab88b3a0dae1638024523dfb9fc3ac3a89f80077d46093829f7257b2f48ef9d6da203ae0ee89553c38ed72d1e7389615f13c9fbd0cf5e06c9294206

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4abd9880b3184debfded3b40ce30d503
SHA1 ccae01899fa4b0aa78a262ee409548e4f7d29566
SHA256 ef4314b4a4fcb07274074f8fc281d6118de8e541959c6499f62c5e03d7014207
SHA512 bacfbe72bea8145297b39777219e2f09b0b0b6408444f86c0d832e2b56f223f50b78b60784f292d24af82de12b6219d3e64d65154034e99471e92cf526c6b744

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 02af9d4d3ee6ba5d3d27de2aac81866e
SHA1 974675da3395e4f00ad495b14cfd04abb0004c83
SHA256 3aeac368cd0b165e9c45bdc2ea20155ad8de4aafafba71a197cbe77c23b1c2e6
SHA512 2effae356b3a127e0212dfbd5519232b3c0a377f03c2664680f89079f7b4023413cf31b97be8a77bffecfd561b484247d8792b5ac61f863fb818c4492747092a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 81a24108edc2dc06a8f6c83bab13b92c
SHA1 84af7764cefab9597384e6fdf85fa3948605b9e9
SHA256 b0f2fbd87dbd178113ce17747f812e5bc706a61603e669e3203422fa3c68a024
SHA512 400ecf71d1cedbc3276cfbafa32d6c363bb8d0d7fa698f0380011a20d024ec960750ec34f11cef82fd1200b14aa69267b10b22e7f596277a35f608dd272efc6c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bcb8ffd922edd00266f7c67e1b5c04d2
SHA1 2ab766b463a25ff98d8083cbccfa87d08655e6ed
SHA256 d6d4b11cd4580818530cd4b09214d53531b2c0ef0531c33e6849b167dc2c2f42
SHA512 891c36fb56d92226a3cb99c2086ab1491d736a6d760a08e99deb7173ecbc490606c2ee724a7634fef98b1d14c9ac87aaffab96d4eb6d859779c8080d2d7834c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 56cf9aa4106c4fc54bfbe5c0f5368fc2
SHA1 d546440cf012b5ba091eff8a343fca146b4ca226
SHA256 0e0483195a86a0bf6fbb796344b075f64ac4a17c64694904a548555fa1bf9dec
SHA512 b852da9330be1faf8a03994fe2e1b3467740d1d502b81f3bc7afc4c51ae25f8102a17ffc8825c700527165be2d7e8503c2e38f9d1d7cde5b51f2f77b373e3554

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eee81ef26d15b3bf360ac92b144a0a7b
SHA1 ccbccf56994a46180d14d44cb7d9b8473c56c807
SHA256 0700238d306acd81199f2965c11655d8810aa955a6da36727dfee8feb6090ea9
SHA512 67bbac1ccc2968ce2e09a97ac8c3823172589dc2b4c1d23dc984b0a1dc7c6b592bf21eaab74cf835a5c657e3894d403f538a8f29e504f6e0f8b39637094e1726

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 697b5591e850ab540280b23972db1710
SHA1 47491d3603ac5e860b0a37d63109d86ae9180bce
SHA256 334d7495007fda4d8570973775f55ab564e8bbee9516e51a0056c58fb8f9233c
SHA512 a24450109f5378ce5d7fd202bb9cf45cc692ccbcc53071cd2baf6c70e8d2d8ce23a09a2f47b97ab8f9a04d2f0ed6f4dc00e009b075e8295c6c73264322573222

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 296ed927293465ad25c3a6780b022593
SHA1 9fa02f887a8310e264efce952e5db203c866ea6c
SHA256 b6fbe50a8be99aab0742c71b9d2f4f7c6d1c50851304fbc5484c85ca33f4171d
SHA512 5c61a6ea5955f738518b87c23fc68548953427ef161e5f5552b73bec3f9255b0f0307abe4ea7ab0cda5d3c66eb661bff26c3fa866984a4aae0ed94ef7f47ae3e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 63712b0c9ea7db7607ca7df93302d735
SHA1 c3439c2c6a368ac58a332002c7c5624383bf9e4e
SHA256 25ac6468e6c015b87d9b9c0c0fffc82bf8cc4743d5ec160eed11b230449a83c2
SHA512 1e3e720c13459327c956b16c869d05024aa6375d05ef383aea5cff82b46203343e243633a5925c87ae6fa3b117d1a9d50c9add78c9d5c6ee45857408d4b2f33b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7828c35f7bec9a1971f382f04812268f
SHA1 9446a499ec4b3aa074903440f9b9b27ae3cb986a
SHA256 35d6446036c8470262b6f29b3b7adeeff61d18b4ceba7c4ec3df43c5c245c61d
SHA512 c3899eb3991f8d752fbc75ba59df36107503f78309f8aaaca591a392a42bf409582fc759c02a21e6b22499746de6c865717f11f9728ba92de40dee4f5a0fdba9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f6c47b454961fd47a2cd2ba38369aac5
SHA1 32107d03f38a25b153b1e6cc2cd4fbd7582581d9
SHA256 ed52ac8e431e6c8f54fee76df2aeb545b09d7649adca9edb7383504943eb2afe
SHA512 ed1e9cbda0eeac0346e8b401ba941af15f06dfc279324214fd134e18262c55145df0b4bf299901734f1ef89ed0cc50802f7ebe43775925730825b436c1a60bbc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4066c6f49723f7e850f866cc8c9d97cc
SHA1 8b2fb57656cf3fdc9e874247214cfd752f1b92b4
SHA256 feba47cfe680a59b2d26d9aa36da8e134f04be4f7fca424ab519e6ce5738b96a
SHA512 166abaf0d9351931755b54bb7e453b75e9b5dc31d8cf64410275e31975395144535a89e98ba9210bd2dd927c7df0d6c27cd0f5fa9c22b4bbe9eb4775bd5e4c8e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bd88f1fbb6e0ccb1f8979e5c5af2d4aa
SHA1 164b39feaf22ddf3e36c30eb41f0e1a6345c7e5d
SHA256 19dc47781da4ae5ab88d4c2cc67124f24a472da5009b7b292e4baf6c82486d7b
SHA512 1042b691bbac05763b186a54ddc9a5910bc5c5c9095e848e980b3bb271acf956ddd4e1893e0a40a04312a1ac547c2620a57a909269702d540f6fbf9be0b4cf4d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6852d6a9a62604229658669fdb266aff
SHA1 336fcc43e9e86397b5cd57068cb9806cc5d30087
SHA256 4498a1c839760a5377521b05ba06f1ba8fb2655063d02491c58cd0b6d75b6c27
SHA512 8d391afdc0e17883edd681b4bca45c3b14d6e3469436438a76d7f01d39e8f23e7394e0d405b2ea7239aac9c74515275db463e53fe4673a277e5e52cbcc7c8d8e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0cbc735faa7b2775b7f90f42d3d3a1ea
SHA1 afb5e0c5ca20ab4221eb2a5ee8ce6f01682d3497
SHA256 6255a6ac101adf3a18d3be84e9f265086644b6f5118d0bb304b25d4878363a74
SHA512 db8aab6e344b06c8ca67cf468c96f4c07299ba3ac39216d3f6ad366aa719c018e61e88cbc5e56a8acc0c1be206ced53e9c94bde30ae1693c56f968042fe19ef1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 219b9c69e6647d272476151db92c8df0
SHA1 42693182a82e7df3657ad839849208344d499603
SHA256 6e73925f0624bb30306f0bdf83d36e6d1cf729221bd8a5fb36b2bf32f3ee1d18
SHA512 2201b294bd6a0df64b0fb46280d489e890ffc51dbd7ac4c1e8c6dc7d0f6d218064d05a1ed0ac0635e5fbaabd7b504cbee3e6c7e8ff40ca150e68c0dbef31efc3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 55eaafd3c43fa0670a9a04e4e0a97f5f
SHA1 11cea8f0413e4057e9b793814752c184c198e4a0
SHA256 bc6445a636bd01d29ef837b936527d54b28176254e227750bec3031653b05375
SHA512 d4c06e57315633fb35013364200e3941c46c5b30b24b0f79746dcc9e10fb9f350540b778729ea084ac00bd6ae0bd9e2c21d7a0fc815c768debf54b6a38918221

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7508f43a33aec73a42fe006e0f439111
SHA1 77d2fb3dbc2059fe075797c54a8c05227f46929f
SHA256 2f41fe1b49d7f229ba83e78cbcac4c676d1698f7dd840754debedc6a1e4722db
SHA512 a91d655c5136234c057b91be9fc99f460e1cc8f09dad0255af9338a88528031e67ee4ad65cf089acd07229616e2e9a6514b81ce0d7743a4adaaba6abe9fcf813

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9220becceed68f37b89731c46e42cd27
SHA1 8dfe5fa2e9215e9ea8f595b90de7e745ab89491d
SHA256 5ef0d27dc307b7c27c1aeb2376c629c7559bf0f97e95e6430340cfc69fa7aa44
SHA512 b10f2c33e2a0cacd67851b68511c465e10c6925c85bccff6c0a04bd7e7d4e8e0b9f576834e6d5f2ce934ceb0cc47b9730109efc83be7392605ec03d5d29c313a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b2f6d516ce948302800ae7e4413b2830
SHA1 906dc0909e817187287901570a8db5537b81e770
SHA256 795b36be81eef914de27e2505503ede58a56a5e8027e4b3ab243681daac1e986
SHA512 76cc47226496cf6fc158fbd2dc06fae3b4e944eb6e126de38456e648a9560584fb612306c5521784de5ee6743543eaeb2ceb30df10b74c7d37e70d3c8b0988e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f91e6d24d2fce3f4397753fd717c6077
SHA1 ddf15a1d35afc695604603b0aee9e5b321cb1d4b
SHA256 9ad54414cff953078ae7d329132ccb1aff423e7512ce17e9b344e946b274239f
SHA512 75a27a431d579456c4ceed11b9e2794d1a91bf3c6b75f6df9bc99dc76038dd428f53aa4e696040391677bbcc5b71724ba08039393d2ec4f5a5e9b5e572daaa96

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c6a04dc28e91bea17e13b660c91ecab
SHA1 8bc4bf0e95ef09dbf41fc12efc04be444a28f5db
SHA256 2e186ddbe3e2d08a4d2e0fe9e0da9a6238434cabe7d97c2d5ee5ec3508472bfa
SHA512 e4582fd127bf957920a8df8386e138dd9359f76100473ed039ef9e290ecdcbb4ebe25a36ecd04357f360d00bb8fcb819bd2c08e4a739c9c08faf5b8a180e7394

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ed32a0d339a7e866bd22a2560a909b55
SHA1 b56a24ec2a08e29fbe169f345fb5357c71a162c8
SHA256 23eb4f6a0501a0d5f138067d6cfcdab96b48227770237f0bede04e607e9a385c
SHA512 4db7371dc6f2beb2426286e4f8b5c2f8256eb1784c144cd3e55f7e36040454e2fc86a07cccd40901357ea1ab967027993458716e0bc5e0e6f095314ee8712ac6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b5ea6673ed2a5ac954d6421190e43047
SHA1 90733e28157a71683ba43fdef8a32674e870ccd0
SHA256 c0d5922c50ab91bde87b46abc9d03a96ea128daf9bb1ce74ebe7861601b74998
SHA512 5147a26c60c4f8b1d03c6f182bbfdfa768b4cdecb89cd2fdf5a7973466cfe29fb4fa59ef9f40f97ce4702862359e8409a4ebdf1a309f29376b7488b72bf84deb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 75a117f21f5cb6f62d0c6f75ac147e52
SHA1 9fdc817a11bdef4f43477bc5831ea187d3848971
SHA256 08d967e94c11774c10c9b68b357150f0b6c959cdb99cfb0bf76b790e7adc2042
SHA512 d4f9550779f860f4c12a8175cfbc9ac4095afb70268a00aad5938fdf36d4648ff992f0674eafa16676242c69bce48f4b13774349d9e4f00256977371c269a4e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ab82dd11dc6f8e977eda418548a46ceb
SHA1 972f362890ff842a594fde9a40a5d174f708faaa
SHA256 0ffad2be0a7f07438eda797e0e6b698d9344bded7a8b673b37704fc8d13c478e
SHA512 ddd0dd9ed51d26dc9af9f1231a6f76dfbe0401e9fedea30125d2e0e1573fcd428378954cbe3326f8007ffec7e2229b949cb769ac966a47f5b3ac91a1b371fe54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bb920f0bad5601eb91c62f882bb1385d
SHA1 9dfed0095c8a1751918ba787b15013d74536afb9
SHA256 fe0a0796ac57212ce513b0107f591ba730c161167a9aae103af882eca5aefed8
SHA512 bf3fcf9ffe3f0bdf400be332fe86e92c6c789ee5b7a3be186b247d0ed6171a3a3bf96659577eba3c6fbd39c635bd18e92f8862798f39a875c1882603dd757a81

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6b29c96374c6a6cfbbb6857504ce8341
SHA1 47802446d84d0e6b1fe0b94ba0a65a9b601b15d8
SHA256 8e4bfa17585273ad4e30aed88942189ab90a92ca04658e26697cffcec7f5e75a
SHA512 b27471a3b3d7fe9bdcc7d9a827d5fe6fecf59a6930b0c87d1b537602c3c5323127716c492482ca976a31735523666690b298d2db4ec6ad370cf402f3749d8de4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e60e93850203c8103fb534ee49905615
SHA1 a3ea6c35d1925beec6d84ae5b245eabb58fbaa24
SHA256 749918ef0c8748944b012bc712a8d62446365c7abfaa27877e7ed4290536a7f7
SHA512 61e17d5dd73393da82d23ae3c687f34e3323c607d89d773f59b4e838ebbf51685acdd7ae040dfdc57435d3d69eb494ababc1f0d3189678ca74f12b9f9a6f6713

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a35b74a438a67e1c022602e07b72bc1d
SHA1 d35ea195e8b167cb9da980f3cacfbd1e3c646adb
SHA256 83e933972d1b406a002bda4ca476ee7f9339cf350c2386d6ae1737ba1880b81d
SHA512 d0e4ccb43682aaa894fd717ef5c0cc7d295eec30f47cd69d1732c346efc84d7195d66692e1b4459364b13f8f4df3845a732806ec52f214b91f67127420abd3d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ff5e46bb531a40c747c8e5ec1a12731
SHA1 59a2ca7a19d48ab896259f5f649b31ff482ed171
SHA256 ad35c4cc95aee0a1077ec2a9bbd180050a636347929cf3228042e31e146e9d18
SHA512 2dcaf6eb2339463d1c21aa5b02e1ad93ef5f46da40fd98a9f648af4addcbe9ff063f07a069e309c85a090d153501539f769c89c710ed648d0a37029c097478a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 63e5b19dbb73fd037091abed62d7ce39
SHA1 5bbe33cdf799f0a9bf2bc173cb4aec457d77572f
SHA256 63492cb92568a6a6975b07c674177c13445b5eb331180578402bf7dc6603cd27
SHA512 901a2270969e76215aa0d529ced52ba40a46d06dd776b71773b71419d688ec132a376f55d01eb443d0c3683b34bad476562b629526fe482b443c4741a94406dd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2cff58189438323839cd912c559356b8
SHA1 77f5de26a36d87ffeb43697eeb0e607863f0d8e5
SHA256 ff4219c612ab62c4f82407ff8d1a54d6a63a05b68ffa2c0293816c3a76edacff
SHA512 f2b50586ad75a35bc4f0549c371151f65fabbea8cbea17cebf4ee333acfee7e2329f9b07f06badcabaf715ad27416844fa08b952f9bbabe7d6d1dd7cd86e8c78

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 abf6c528a18cfbd5297b1d5f6e9f6503
SHA1 66881a30a0f1af5cc00aab5b430de65e2f0b4b7d
SHA256 cef5a54d613f68f0c0f50f0339c49d6ebf5c3e0414db4e526790cfd104d7ba93
SHA512 c633565e065e5d8aac342c40adad9b2dd4bb6eeba2a89582206bc1d8f0aaffcbdd21a46264937496c691f1dc14de858cac069c9b34829ec63a2c48f83fff1a8f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4807dded068340d37833c0eccb59af64
SHA1 3b0d8e1457597880d09d271f3221f93824f781c0
SHA256 5a58eb5f92e24573097df83f6f127fa06c84d5aeea254aeb1a40988502baf2fc
SHA512 336ac45295fb24cb29a8d9a00bc3721482904376e8ee630651cf20de41e80df061ad606318b8f64c919bfe4b46c39948c4e2b7ce12e8d297274a0bbb7cc8b2a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a11f5a00cb99b16783661c40664fb52c
SHA1 70307a1ff0db111c1d26496149b7424ad1d0dfc5
SHA256 efcab3e6ae80690a517567d386ae852f587da82f03f559cf0f2110b31f821d6e
SHA512 7660b8f4d5e2581683d3cef4b59b2b445fea4ec0bd9dcdf9897c2a1630093b5c69e062df015bf86710ea84feaa6563504c723434e497273fd30eb0a678569b92

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 03be72de7d6061c797a42b1843c058d5
SHA1 f2df375731e74e96853141fb1e2db164ef3af68d
SHA256 734079c7ce0099dd0b3e58f1b3a799def9b11f4d5e2165821b5dc6cc6b70b439
SHA512 52560cf0b8eed5cf74db983504ac10b387595499020230d925acf4f3385b24e69ff67913a62c01d9565cf1874bdf53c2e463f6474d5fa1c35d97cacdd56b6a79

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2556ab60ed6c283a907699cf3cd9381f
SHA1 5cd99b01bcdff691f441a949716e978cc7249576
SHA256 503afd9e2e396ddbab21b4f573336c6b2e7fb53570de9f68124c030ffa66da3c
SHA512 d9476dbfd4379cde95f117d74ae66bc69779da989b22992764754ded45f6a245e0894af80b52024822e8b4f7b5b4b924419d5d7a515569304d6a664a3dab86c3

Analysis: behavioral16

Detonation Overview

Submitted

2024-06-04 20:48

Reported

2024-06-04 20:50

Platform

win10v2004-20240426-en

Max time kernel

145s

Max time network

143s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\home1099482986.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1440 wrote to memory of 1444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 1444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 5076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1440 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\home1099482986.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd6fe746f8,0x7ffd6fe74708,0x7ffd6fe74718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2272,8624637803665034134,7851622517125009479,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2280 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2272,8624637803665034134,7851622517125009479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2272,8624637803665034134,7851622517125009479,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2576 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,8624637803665034134,7851622517125009479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,8624637803665034134,7851622517125009479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,8624637803665034134,7851622517125009479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2272,8624637803665034134,7851622517125009479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2272,8624637803665034134,7851622517125009479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,8624637803665034134,7851622517125009479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,8624637803665034134,7851622517125009479,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,8624637803665034134,7851622517125009479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,8624637803665034134,7851622517125009479,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2272,8624637803665034134,7851622517125009479,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.twimg.com udp
US 8.8.8.8:53 abs.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 platform.twitter.com udp
PL 93.184.220.66:443 platform.twitter.com tcp
US 8.8.8.8:53 static.ads-twitter.com udp
GB 199.232.56.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 66.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 157.56.232.199.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 syndication.twitter.com udp
US 104.244.42.200:443 syndication.twitter.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
US 8.8.8.8:53 200.42.244.104.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 36.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ecdc2754d7d2ae862272153aa9b9ca6e
SHA1 c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256 a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512 cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

\??\pipe\LOCAL\crashpad_1440_EQFURDZMULSWNKNW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 2daa93382bba07cbc40af372d30ec576
SHA1 c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA256 1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA512 65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 787d561a254bfbdde13db35aa9bfd802
SHA1 610be6f465d8a678bfb270c75aad41f4bb2fbc0d
SHA256 aea846258f75bb69eb93dea402da927fbd5069da052e4bf5373047aed8649bc6
SHA512 c5cd2cdd282f52f329a35ce07749e304eff3d7516c8a7f685171650305c12d73d96b58b1d425d1b9b9bb2da80ab54a8612077d3e2ad421dd634b6625aca6c451

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 16ac27bea1ffb00ccdd79a711a4e7b78
SHA1 759e4cb01c6e71dcee759a62302e5a4fcf150e87
SHA256 d0e74e4c5ad1d8a38a9d9282931cb50fdcb012deadb3db4be2812cb86375e2c4
SHA512 f8cfa6df47a8cebfe5eb16a099bd8d6f3ffffdaeadaa84a4ac9a6048e6c56679c32c52964ca9157aa1a47db4825a2be2caaff9c49193fd7e7eb94dc61bb18dc0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7faec5affa2df4066ace41948da4f626
SHA1 5967f1a98d3f418d7adfa57b7c1981e74ffdad33
SHA256 c5c2f7c45c44fb15fd68b8ef6cd5bf33f12ad0b9d2fccba4584be63e765fac90
SHA512 69be2caf5c8dd527ccb1ae34bd545a820191db9e0b1f378078d62792caf6a0a8deae1014ddaa76d913922306a2489eaadb190d06b40bd8be0057c9cc03bc12c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ea5e500bcb69f0ef87cbe14aa6960809
SHA1 0527013e91ebb58e1e30c7ad8227f49d37f7cd17
SHA256 defc048a0724b9e5ef76e746b13160149c9511aae1af665c4f5f7888a9fbf0d8
SHA512 f9ad3f049cb3e009459a8126b981629257e736a7ac86c77e6aa5867d7554cd514100eed84701df4503d3b95cd09e4419154464f3a2a94479f5be22dc1a9ac26e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 bcbc96dfb9da7db39528afa21c1c35eb
SHA1 2e0821ad6883e8fb13afd441315c582f4e6a6522
SHA256 f912bdde3d2f5f02513730a690a774dcb89c45215c72f73f393022d6588a7735
SHA512 6457f7e23cfed821eda8eb3aee29083a7fffce2375bb3fc162f110be543f8545e3d5108f00b69fa253f1eb1359d3efc4deb71f512822769ea75c9f88c7062239

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-04 20:48

Reported

2024-06-04 20:50

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\tc_sftp_uninstaller.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\tc_sftp_uninstaller.exe

"C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\tc_sftp_uninstaller.exe"

C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe

"C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
BE 88.221.83.202:443 www.bing.com tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 202.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 52.111.229.48:443 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 25.73.42.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe

MD5 e04b1bbeaff6221daf4d4ae0ed7fd00c
SHA1 cbe6a9e349a6711dc9e040e15ec32345c1bb7aee
SHA256 36b1104781e2c77a1e76593e697ac99621f27db3bfd5c282f7ae3579bf510a5b
SHA512 2f8523b1fd5bed682dc841292a5523eabbd49fea71b1e088a5080c375ed8e67b22e95e60129516d96bd720845a1c27fd37fd993d1cadfd81296176f683066334

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-04 20:48

Reported

2024-06-04 20:50

Platform

win7-20231129-en

Max time kernel

134s

Max time network

129s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2611067143.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423695958" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 306fcc95c0b6da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C0F25CB1-22B3-11EF-B459-56A82BE80DF6} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d95bd1ac89f88a45a7930a71cc4fdc79000000000200000000001066000000010000200000008934a76df39a8915dbad036d12a51b113b950cf6fcaa9cbaf8a445fd46b79ef3000000000e80000000020000200000006e1db0ba8cb467bc492885e47f634d4e872e30c2a43ccf3336ae1f588325c19a90000000ec9ddbf1aabf0a71e72b280af4abac35183768d28b4a7fc584788edbdca882cf70e31523b30cfeda609348b91af2ff47891b180e55c4a195142c4b7b82c01f2d492e14be271f2887060b565e3f9b894bda8d5ef46917b7b9b0127180e6fef2bdb3b978fc64d2e5f0d3a5d730df0a176570f7e851a5b5a133e0c21473b4db389221427a10d013d5e760c18f147972531840000000cb6145f982cac0ed67c59702d73b91f6907b5ba8112acaefd1349e25c667ac06c6292fd36c5f71b4519b35a380c26745cf242084af325b3f8151bf9c468b7b87 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d95bd1ac89f88a45a7930a71cc4fdc7900000000020000000000106600000001000020000000dca5fad2597e21fdff692bd1c2aa40527e6e467b9434584b2b525561f9c7fb4e000000000e80000000020000200000003b2407d61402898c1cea281a925486f05e8cdcff3719a7e5e9c916017bfbfbe02000000027f7b059a65de426c344b27d37aae06fbc8e13660402f4e01d24787ce725972c4000000006cdafbed719cb2b9b7c3ab7278c5a3be06b7adb79cabd51ba2bdf479684ba0538bb87cf5a44ee7596c67f2e5766506c243dd8574e152525d7b6ee7ac3bbbe7d C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2611067143.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2868 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.028jiaxiao.net udp
US 202.5.18.17:80 www.028jiaxiao.net tcp
US 202.5.18.17:80 www.028jiaxiao.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 88.221.83.209:80 www.bing.com tcp
BE 88.221.83.209:80 www.bing.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar2FAE.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 49194f816a08ea113f30e50b731493ca
SHA1 86c76c81c42ecb3e327808434baf5e54c8d1367d
SHA256 735f31bd0e5ae8c89750bd444b838ff7b6e601b77c15d345e0d7a08f87a68381
SHA512 c4af092e8882de6fce6dafec2bfdbb4ae7f3eb58b99f0727a3013855aa85c0bb80cc97f506bec20af23a087ffa312ec27949deac40766c9c4a9d334deda16d61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7d34e55adc38fe2c93c5339c108bed88
SHA1 9ab9928f82fec202e3fd42f60600269cf1e4af41
SHA256 a553209de769fff1fb4d35554831e64215dfb85cb874790759fed927ad2e630f
SHA512 147ccc06191b21f66a7f8f1c598ee443e3b640531b273d305841ccd4b7c56e11e3040ea10acc56c0664f2f89e4e2e96bb58a3ecdd44211fd61efbc00b7e26d64

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 0d32aa6eb1c19c9d648fb3ca54ae0218
SHA1 89f048afc68be25cb3707eb0e3949d6708a1c649
SHA256 b1a7ab3b880bd2b5427a15559bd34292d597fcdd6e9938e0f677c727df5069f4
SHA512 ba461e0bdaa65b95c2d576fbf643d1b0d8d0edf0757a1f570ad54a8ca061f33c35ee85027ecca04559c47eb075dab1d847740237fee2c16638b97aa2d0a94c30

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c986512897c1fa052d60dbdd5217c2b
SHA1 42fcd3af0369b0c0b391ef4b4e1a72c65b33eca1
SHA256 ef99db40aae4b2858c51648b1802c3aae54b308b5a50e26470c371fa3f19150e
SHA512 2515f70a5b987ed1733615f50812c9ad7230a3e657373f2cbbec8e5ff1c8a68714822091e56270c27109580208734af5a68a6b9661678fa3b72435507116af9a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 187e21157a0ac57ef5e9a9e38dfdbae0
SHA1 6bdeaeaeb1da60e591047b064224202a7e9bbb82
SHA256 b786ff0d2db15950f148011260d78d159c793d7dcb71efe4a663865cccc28074
SHA512 0fd8ae6a4ec145930c251dbdb5d7992cb0d2225f3e77b86e6c1336d6a08d981314fa8e67fb0b7fc72dffb46407bbe6a1f3d1a1aad72da6ed014852c4b7bc1fc8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1779f5d31144dcf7ae495b479c530c00
SHA1 a905d70f7bc51abba395dda39c2ec392d8f62b50
SHA256 9e72d3a227267c3ad6756d4033c1c8f9cdc5e0d2d291d55312d2997fff4c8e18
SHA512 25a15587f5ec879245969945fbe9307c27bc13097f78d58b0376b79abb36cd6526a72a049a68f075942f5b4cd8f1e682bebdd8e6c1679bb188b00b5f003b6484

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 a0c6244a7d6e451b9be8c10d3f354082
SHA1 fa3c4daa8da1c00b932c92f1f469404f392eea2a
SHA256 5bcbcc1d8325f9faf228fc90780f96a1b43eb5a1eee8a85e91a87357ca1b4822
SHA512 186807ca554abf54ef27e02e7bb0b62a9b68f027381a128a68c99b6f18493ebe640424aaee38d047a3134d3d41a8870fd05616a5e76af01ff0ebe2519b35fb3a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e47083962ef2baed01411362ec186e7
SHA1 bd592c58c8e08e8c4d7d3b2c1d00b08d6d2ce112
SHA256 243302c010a49d258231c80787c650a936988407f306fb5da75e40eb60d4e744
SHA512 0414d44b21299e5e36ae552a8511dcc02a222f64c42c38af1061e6b8e9b6b2df96f199ff58fb1bcca5d100020ca51889606370814d9c24a9421a543a83acec74

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa761e240e09caee654b41d823e6fe46
SHA1 e9ec90dafc835414afd3574859779b0cedaf5c04
SHA256 5cba25c66d594c092bb4be79a875de6b452e047f74879d4105bab197291a0340
SHA512 7e3564cf9a9e0fd456758da0fba3033eb4ce6f9352d21331cc1b1abe056721e29c86f71cb71a955826035f5a2c8324470937e3939fc8d442ed0b353d7f393ac1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3967952e1435c4723c27106923e892d9
SHA1 cb06556305bf29fbc75e89f160a2b557ddac55e6
SHA256 ab693d650d87388c3ea8b8ba1b9638511ebb42b1bf76d98b903bd9f159b8a785
SHA512 f0497b763d02357ab4ea6cbfcc82c96ebcb72fc536df7e78061dc99fbc7aa6eea4d7255ed7b5f6d2c7a890492d62c99b0ec6b858c89e7c4dc0929e71dc719098

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f59a9379d3b0623036eb9b720742a26c
SHA1 e0557c705cbd994776b9699b1cf13a7128cee864
SHA256 34c100725bf674fb34d5c610b9b3b203da60f2542fa1221dd9881931e0e5dce5
SHA512 d921a07cdc85caba4f7eb0c67501feaba2df8e76e1aa58fe2bc9d88190559dd908dd26cbe6b06fd3f744caac926bbd3b4b2350eef50ce841a305d75cbefa71fe

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 28acfda044450e005e3a8df7c55dc9e1
SHA1 2747122a834a7575067939b2a9ceef181706a6e9
SHA256 a7517ed9d4b55f1d0b76566a3e01d61606041e10a0c8fa1807ce126a66196d8a
SHA512 5bda22012f929071b796bf9fd88e13eeb424baae286087e78353fc1754126339e674076574549f492547c72aa1f5c640cd5dc61d4e1d3451618abd177871a17b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5cdce0b7c24226559915ffe379e7878b
SHA1 315d46c97403aa3c043717fa2a4215b74a5537cb
SHA256 54d43b3f373f3a9dc8302f5a8647b26f5fe200ab2906544495707145c5e928e0
SHA512 8336bcb34a6ac240e39c0071507d3395de3ce6a15115f8d716d8daf872eb161cc35f8fcb1229a52a550e28f38e08fada316f540f13787625ce26a0551babd7c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 533748ab8f095a41dc3a27d1b2dac35f
SHA1 c622d6410ca989da9864b9dfe8640ce8f3a57a28
SHA256 af804d1f1be588bca1efc202c590869e3510b97e5386d3e1a6bde193129b0a7e
SHA512 169e14686271757e79544bb4ad6d68649676fcc9494f16848136e443f8ff95dc08746a3300f494ba0bf9909f4abc2a5bb65564b0dce92270608c2eb89bab1a48

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 637a6f9da87ed2ff5c4e4c3e110f0470
SHA1 b83bb007c12c2d216195db9edf408493be012027
SHA256 3a980c11012e970dce1f16656cea4cafb4c06e291915ac346dc1470b8a6ae5d1
SHA512 c1b21f59c5a1e72de98fa0622378d4409b035f58919eb77ba901a2bbe1988272e30037f349b96625b3abb6dabfa02aeeec637e2214277be3ba9a8ecd86bde16d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0d14fc10d5302877ca49a5250e068176
SHA1 03043fed920634d05b684025f46a078688dfdfec
SHA256 768a158ab01479566f786f92bf2aecb645bb5873a2e3d6d62b47384c23bce3de
SHA512 41dc42007686f420129d9c139b4aa678fdea9a25fc346e61faf59afa3e726bb198d50802d05c091f2894f46daed2bc47a8389fecb1e4ccc627b6cd6a9fe5d21d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b10c4a6f2d650c0f97cf1c95317816c4
SHA1 745056f73be1e5b2a5e772e75735cb49b4d96465
SHA256 b7d963e6efa15072b8c31970f294f52a09a16e9612c1c096756672a7784de34a
SHA512 d5893428c620792d8d37cae7ed2e3416d6da21880ce5da5872d450f5d150a74dd99ca10019a208688621730f6e31c851af66ec326563af7940f592a8e58574d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4da2fc4f7c7af7d0fcd6f2371b128a52
SHA1 d829768ace4b09020577aba06a12ec30e54640a3
SHA256 a2b3ff428fa2c42a84b8caa94d1bad45a606fed8a5a89e90f56b1632145c2d47
SHA512 e1d60304a21ed7e61c5b2c155342dbe466c57c039a8755d0242c52f668e5c33982b00fce0e513d68b49e3e5b392f8bc6ca4b59034423b11f4253e6592ee745ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aa13e3cb2fc5afc797f9c3ac77631269
SHA1 d4087dfe921f20b392dce68717db8267d0f725a5
SHA256 c7597b8c80877d8886935e4003b430a9c97d32f9309db9e12b33b75a54c26377
SHA512 47cb94325d8f8b577004201ec9c546cf20b264dfeb1a3de1cf4d5e30b59c8d85876f50c89ffbf0e0aa5ceea7fbc1cb5b068f9801823b3c5aa2d442944c3c446e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cf80f6176faa7c03793f7a8b9992544a
SHA1 9c4e9152882a8c1600b389b467586af042e8b6b1
SHA256 d2e600b26d79efaf309c178221254c1826499d7139995541780e2b6e46e9afc9
SHA512 01d4450196dded6b7bff5c15ab04996af43ac2adfecb12ea0d0f6de02fc22b08951c78c7c3f0c44dc9d597cbd52848f0f4c5f0013a3932bafb5f7e29e53fb20b

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-04 20:48

Reported

2024-06-04 20:50

Platform

win7-20240221-en

Max time kernel

117s

Max time network

119s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 224

Network

N/A

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-06-04 20:48

Reported

2024-06-04 20:50

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

147s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\contact-domains-org.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2720 wrote to memory of 5068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 5068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 1224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 1224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2720 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\contact-domains-org.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8517946f8,0x7ff851794708,0x7ff851794718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,15539264216658482789,10948392925263465387,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,15539264216658482789,10948392925263465387,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,15539264216658482789,10948392925263465387,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15539264216658482789,10948392925263465387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15539264216658482789,10948392925263465387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15539264216658482789,10948392925263465387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15539264216658482789,10948392925263465387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15539264216658482789,10948392925263465387,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,15539264216658482789,10948392925263465387,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,15539264216658482789,10948392925263465387,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15539264216658482789,10948392925263465387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15539264216658482789,10948392925263465387,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,15539264216658482789,10948392925263465387,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3232 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 www.domains.org udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 50.28.32.168:80 www.domains.org tcp
US 50.28.32.168:80 www.domains.org tcp
US 50.28.32.168:80 www.domains.org tcp
US 50.28.32.168:80 www.domains.org tcp
US 50.28.32.168:80 www.domains.org tcp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 s7.addthis.com udp
BE 104.68.81.91:80 s7.addthis.com tcp
BE 104.68.81.91:443 s7.addthis.com tcp
US 50.28.32.168:80 www.domains.org tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 168.32.28.50.in-addr.arpa udp
US 8.8.8.8:53 91.81.68.104.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 domains.org udp
US 50.28.32.168:80 domains.org tcp
US 50.28.32.168:80 domains.org tcp
US 50.28.32.168:80 domains.org tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
BE 88.221.83.217:443 www.bing.com tcp
US 8.8.8.8:53 217.83.221.88.in-addr.arpa udp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 21.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4158365912175436289496136e7912c2
SHA1 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA512 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

\??\pipe\LOCAL\crashpad_2720_KROOLSVZWDWXNAVH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce4c898f8fc7601e2fbc252fdadb5115
SHA1 01bf06badc5da353e539c7c07527d30dccc55a91
SHA256 bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA512 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 88b6c45cdc0c627bf7e7e732a0840471
SHA1 67e0f875c9424e89889d3959a2be8b076082f4d4
SHA256 7d1ec4a2c4031ce4ac7778f9ee73c15d422dc0c97fb493d1cce035c1467a1398
SHA512 fb73f68186fa76425f24c4cf21b33d5802d0a79a8acb404ea3cea5f61ff67a3d996207f53d9126dd0b462f1666815e6bad335a9f14482a399940687db0211621

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 58f7f005bbc602a4ad57b2ffd7026758
SHA1 487c76abd946a34a4927fa0a640f469675b84f36
SHA256 7352bdc335145fe57bff09ac88e93fbb52c88e932fb810674154eee925728ad1
SHA512 20391738b3dc0e87d362bb57f16289fa832b51ebd4d18e96dfde37d0ce49b1f8a80bc0de7faba3a1e7656675ca957c806baf4ba2169c9c5dc597c75b8d58cda2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9ba0f630beda05528b60eb967886be90
SHA1 af6b355e427ccf80ee65c9361bdf2222ce34b72e
SHA256 ace3c81ab6427ccba86a15d60d78501694a49ab0ca93587df8d1de752931e934
SHA512 e62b31bbcf9a6ef20247ac9763c769ce1e1dc2278902a74ff62057766a52692006f8b4ef9c5d7afe69c182eb680873428f0c5a2f3d52499d835a9b7e9e0988bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8374c13b00f0ae0fc1914ea6d4000fed
SHA1 4e83cef6d9876ec789a782d34306a9be7d5297dc
SHA256 ed58fc132d1a194f066aa1c7118a338755ff7daec4dce458cddba3fe5641f331
SHA512 be6756c4e6d4281655dd8fe741295cecd13660aca8078f84f455c0a73237df2491dee4cabbf0aa4411cb223a83e48cdddadb5065d68e9ecd2572ac011d618ce0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6e3cd090a2457c0055f008d563051976
SHA1 a9a2f9bf50982339e16597635dd4c5c4f847a753
SHA256 957b269d746332fa9afc5fcd3732129052c3db3145949b56ede32dc6fd577fad
SHA512 0e383d9694f0321db3e9fed0c4fe3b947804729adb07e990b627aafc662e3e30a5164e0f83181592238d02af7299bd723465944302029ee8034c4e19d85e3af6

Analysis: behavioral13

Detonation Overview

Submitted

2024-06-04 20:48

Reported

2024-06-04 20:50

Platform

win7-20240220-en

Max time kernel

120s

Max time network

122s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\home.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\home.js

Network

N/A

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-06-04 20:48

Reported

2024-06-04 20:50

Platform

win7-20240508-en

Max time kernel

133s

Max time network

131s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\index1449123078.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0df8e97c0b6da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000dc586f1fcd43b5dec659e4ab60f8e8f5ea58d245acfa49b6e482daeb7ce26d1c000000000e8000000002000020000000f4b26b2e6be7f03e2c215b31b1b1b446e798f12dfc3090814085a6c4782a284220000000c9e997ecf80c387012337e89c1a56582de3bb419c0b1f14d43ca646a15b96a1040000000463444b35c5d3d3b8a8b5ad951897a4d99e34d7b138acd99fa8638e512c514844c7d238b778ab6cbe29698eb16f4e2a02bc0fa65d75abf949d82eed61d88d5b1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C2D8A8E1-22B3-11EF-B44D-5A451966104F} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423695961" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000df3976a2e7ce1d631326aceeb1adf74ad665851c2006a307518f1405df5055ac000000000e8000000002000020000000a06207a490d6f1031e000adcc11840a12164e1b05ebdf19e71096fc734b39bea90000000dbc93cc3b3bdc0b9ef24aa19481fce318d91996cf8f07c7f15e409822fa9c324e7c8028e63163b9d700ddce736e6d15420c80f100ab3485aea39f1b1514bc6ee1617cec4f15b46098c96c4da9d96baf9e47baad1a97cd8f5da6ca11239a47fa2421b9fb43491a3c6b980aa02751c5f2ac5f6ea277f865f3bc570abb10e9cae1cde733574bafbb17c81b0272711ce6fce4000000017ec972240b2fefeffd8b7fa449de5e8d9e3a495033a45de8b58e9cc8d2b8d7da321836e8dcb31327581d69a3e3c064194b984973af3cec1d513acf5a967789e C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\index1449123078.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2604 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab3A55.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar3B17.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 45199d76173efd49319999e6921999fc
SHA1 ef039556ae09ee94966911b325c7e96ca1b1747b
SHA256 3ee5f2c7a52887e1d1c8db076806e322dcf4acc57db25581682afa69bf86cfd8
SHA512 8eb961431b65a521599c3c32d610dc102d9e48e5d59d38895ae3dcfdf6ea7f9750be54859b97acbc56beb510cc305067020f09ff81456a9c7cc55cf9cf65dfde

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b0fabb0131858d04fe1202aba08a3c87
SHA1 d8ddc6150898ff7575837907bdb442f20bd4c391
SHA256 7fb9300112dd5ba6e237acae9835616114a540514190728c191293eb33309605
SHA512 29910a4743f8354ddc4bd2ac650951b9892092ce5e283cad9367d4f61d34dcf7fcfdc6f458229de95890d9a36332862e8779cff17b47440b4b811fe96ae2b6af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 388c1d14005fabbc361ee5f137fd0128
SHA1 35087915eefb1c2d06dc379f83c4d398559a6bb7
SHA256 96dd559cd9ca17eca1c4c38d396be395bb92797f8aa69a50590daee22e58b5c1
SHA512 b6601792287a74acdfb79283007fa5ba86c831ab40a05d9683456ecd9b8777a4495095c814afbc9ef0a9774e3797d08ab1ed70b6aa2a19acbc1d32f1ce145460

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2cd2776bce12e094f281a8995098bf2d
SHA1 8bfbd11d00c533b5c9ede440d8d4c860dc19ebea
SHA256 1cc9248c64be3d9ca6e130864d014f8bca6b57cf4aaf3acbc62744368ef983e1
SHA512 a6152943f99536b48772ee804f1c3b543b3f835154da08b0fdbf3cd832cee5bc1739f6d76df19cb5141ada8020a3bb1277707d297031565941b802e7c8c5d6ff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ba406fd91c41815c851a4f779f66d04d
SHA1 fa5eaa9a6bcb71a62677f83e536e4f296440df50
SHA256 a3ffdc718a91b42e85caf1d6c12edff81b38420c4a1d0bb47b235014776c5ce1
SHA512 c24e327778c5c777c91a5082cac425248b2a9d1fd4dde3bc35adffdb365e39e2cffa23ebdf0e95864df8886112bcd5a013f57d147e39fd1f68c719c8ecda59b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d57bf41621830fa8b46a0401b0867b1a
SHA1 eb0a375f4822487366c29c182bf59d7750911c2d
SHA256 412419bc4ad1ba92771d8f8c0d6ca08eab0bb79263d25d90fabae47c0f8b50fc
SHA512 4deb5ae6cdda3e55e6e29afe83dcaac07427a034157971da4274b7a5d67ac25f4260af2759790c8d07fb1dbe799a855200428f6699b937464671f86f81d9380d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 91bb647735b4f50e913469804d1380f8
SHA1 487f50b8f96cce15f87a2b3eaba87c6b7cbe2f11
SHA256 600f01f470f0e4beb1afec683a0f7bc8da0b926ad26023fe429edfa7b8c9ca23
SHA512 4cfc99933292766bced97cc769765e995830f02a6e330cc5e77f32a4c8f314eae9d3b76bf547561d35dd8696155163695427b0b048e6cd47d92874e3d277cce5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 630d7c58b61291ec09eb660cdcdde218
SHA1 861e07e72ee3cc771e31eafc5a8be26bf2fe1e50
SHA256 137e19205ed28290ec55c260370a6e48f922217bf8784f988cf87d336d20360a
SHA512 9e51cc21db9e05ced28e68c7a0494b246a2a7c16fdfa924a9cdbdb1f5f42f0136a041279698c1133d1b775ccf04e3280b00013668b14190334785fba3ddc8aa4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dfec9eaeda60547ba41a868571088b65
SHA1 6c56b6894bca9ae17a4e90550bb6f78b1d5095c8
SHA256 df534eccb46017f8c72f808cbb986eb889de4446355cbcc17d8408c672f930ee
SHA512 9165984175f3833499d4bd18cc849b8f706dda65688443c7a4b0d9f996adb5468a83b98ee417069885b3a0656f242a03905d23e6ac572dfb54e48a5d4e7a9310

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 54f074fe2acd6a8cb741cf6b3743de98
SHA1 9b4c30f0722741d4f735267f89d9055fbc810b33
SHA256 df31f85fe997c51a779a675b1bc0375ad54f4eea1d2efb62a0e52877cdf443cc
SHA512 afb273f01a293f831ff90aa5a366943f2ed2d6c8f9acd5db3cdf0e658a9f3a9163bf7aa9efcefee37a88c01093e102964f6400151d1d1e24715f0a00c4052b71

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 49521af7f9ed3d74120f12a788c15797
SHA1 fd5d995051f1c50e3f1679023a47445704b9984c
SHA256 7e7996c98851b6e96e7be42985146d5a24dffccbea2d1a143145c33973253796
SHA512 875e7a4a89a2be75c33f8266a206ec2e1123321160f3291e2a6383e1d5c4aa5b98baed13e6a1223b480f263f1f94e72475023dae9da608e56fe22044d94055a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9f2b6f9000b221fd0a7ea9a59cff43c2
SHA1 3c60b66e74f7162dbb1aed22b27efa94187485b0
SHA256 65042c0dac25a79653e80423505ae686d7633dbf4a2de9883d639a6b67b312d1
SHA512 6c3c36918d922746127e6b627728c3842c8168db800e1ddc6f0dc928c3e1b2a634ea71771a6ce0582db248ec88908fd11161b56ac31f70a4545ac1f1fe461be4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 22879a401eda173186e17c64870fa060
SHA1 65c5870f1c71fa5ec9101e205e1e015d4641b5ea
SHA256 d33ce2ffbd156f6a0b26350a0d94bda16b6e321b93cf47baabfa19afb2c4fb0e
SHA512 58bfafd18aa7da7e5f71e4c85c8a3f8998345d596cda443482f0c9953ec3bf4c519533faec74ac7f032b32121e2f42ca99c7a2807ceba7a3a6453cc0e867eb64

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ffd9d114e86f9abab36f2ace80328717
SHA1 5e9e6d4ab093d12ec322eb8993dee9c03791d157
SHA256 1836abde9cb515a1634a56ee5713dcb2ac881aa04846a247769286959be9b941
SHA512 1c53bfe2b42414bdbb8c2fa37060c3b6c85bf0fdd7b085c430e88a0fbcac7ca5617c8e0b40243a5b321c852073fbb991333883d674b244d43091e30add3c766b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 af1c856472f96f17c0c2f83814d6cbb6
SHA1 80b0ef704aa0db05c01f5e1880437c4c829792d2
SHA256 a942a6545fd41b9e5a9c4622075059c54e37357c43060c62b25b99b2697d9e29
SHA512 3643f5f2d11b8ff80ddf28ad60b05fe4eff9470f316ed8b81680c7172fa48a2c3ea01fb718a3191e6cb1086c6569e94b4b07ffcf3c7eff75171ddc0fdf91bc1f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a5e99382ee352b2fa4b6255d0845266b
SHA1 c6afed7ad98f83a28eea8d6457b0f93ba4909daa
SHA256 1e82015f982ac387b10a2d04db56557524cd5adbd3c0be34717d0a6d5cc54186
SHA512 a6e694075d7ab5c51047dfe34d1fa036b9c42f1c653e8826c3e48f1750233b067d6b0e038e525f67ea556022931ed833567ee32304d4c12ece32968e87710028

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 02841b6ddad53aee47508f921a9d6166
SHA1 f676120d5a1be6a62637e5c29c543ddab13c533d
SHA256 32731f59ab985d776497369098184491c10639d7905402568965df500f57e26f
SHA512 8f2602ea9f5596e9d80c77c5435c9a4492294e7b4fb00bf71533cd5639771cfaa68dc2a9741a542de7933e4ab77a3aa3e339cf9c5479b4820a4824d2ff9b0624

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-04 20:48

Reported

2024-06-04 20:50

Platform

win10v2004-20240508-en

Max time kernel

92s

Max time network

96s

Command Line

"C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\963469fc2a770ab2128bf73b4b8e3a5d_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\nsp7801.tmp\System.dll

MD5 3e6bf00b3ac976122f982ae2aadb1c51
SHA1 caab188f7fdc84d3fdcb2922edeeb5ed576bd31d
SHA256 4ff9b2678d698677c5d9732678f9cf53f17290e09d053691aac4cc6e6f595cbe
SHA512 1286f05e6a7e6b691f6e479638e7179897598e171b52eb3a3dc0e830415251069d29416b6d1ffc6d7dce8da5625e1479be06db9b7179e7776659c5c1ad6aa706

C:\Users\Admin\AppData\Local\Temp\nsp7801.tmp\InstallOptions.dll

MD5 f8d9d9418e6e1827ed2b53dd930e48fb
SHA1 c78b0e5b274dbbfd032a0f3ed795d82d5ea617c8
SHA256 2a2878b54550178144665d4c5f67309f71f1089679ae0f84fa419b8a309a88e4
SHA512 510ac31f9e330ec2e6133c1cbe775a955b79b94dc5a84d94b2c59d9b513c35f3786ff8a7f706d04ec2503a4ffc16535624a34e0dcc53e91eedd2321691b617fc

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-04 20:48

Reported

2024-06-04 20:50

Platform

win7-20240508-en

Max time kernel

122s

Max time network

127s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\InstallOptions.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\InstallOptions.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\InstallOptions.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 244

Network

N/A

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-04 20:48

Reported

2024-06-04 20:50

Platform

win10v2004-20240508-en

Max time kernel

148s

Max time network

152s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\InstallOptions.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2456 wrote to memory of 3812 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2456 wrote to memory of 3812 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2456 wrote to memory of 3812 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\InstallOptions.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\InstallOptions.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 3812 -ip 3812

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 636

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
BE 88.221.83.202:443 www.bing.com tcp
US 8.8.8.8:53 202.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 36.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 252.15.104.51.in-addr.arpa udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-04 20:48

Reported

2024-06-04 20:50

Platform

win7-20240220-en

Max time kernel

118s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\tc_sftp_uninstaller.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\tc_sftp_uninstaller.exe

"C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\tc_sftp_uninstaller.exe"

C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe

"C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\

Network

N/A

Files

\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe

MD5 e04b1bbeaff6221daf4d4ae0ed7fd00c
SHA1 cbe6a9e349a6711dc9e040e15ec32345c1bb7aee
SHA256 36b1104781e2c77a1e76593e697ac99621f27db3bfd5c282f7ae3579bf510a5b
SHA512 2f8523b1fd5bed682dc841292a5523eabbd49fea71b1e088a5080c375ed8e67b22e95e60129516d96bd720845a1c27fd37fd993d1cadfd81296176f683066334

Analysis: behavioral14

Detonation Overview

Submitted

2024-06-04 20:48

Reported

2024-06-04 20:50

Platform

win10v2004-20240508-en

Max time kernel

133s

Max time network

102s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\home.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\home.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
BE 88.221.83.184:443 www.bing.com tcp
US 8.8.8.8:53 184.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-06-04 20:48

Reported

2024-06-04 20:50

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

143s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\home1259317828.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4312 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 3788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 3788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4312 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\home1259317828.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffefd5946f8,0x7ffefd594708,0x7ffefd594718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,13713476781994838494,5924798979534812219,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,13713476781994838494,5924798979534812219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2520 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,13713476781994838494,5924798979534812219,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13713476781994838494,5924798979534812219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13713476781994838494,5924798979534812219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13713476781994838494,5924798979534812219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,13713476781994838494,5924798979534812219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,13713476781994838494,5924798979534812219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13713476781994838494,5924798979534812219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13713476781994838494,5924798979534812219,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13713476781994838494,5924798979534812219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13713476781994838494,5924798979534812219,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,13713476781994838494,5924798979534812219,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4800 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.twimg.com udp
US 8.8.8.8:53 abs.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 platform.twitter.com udp
PL 93.184.220.66:443 platform.twitter.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
US 8.8.8.8:53 static.ads-twitter.com udp
GB 199.232.56.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 66.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 157.56.232.199.in-addr.arpa udp
US 8.8.8.8:53 syndication.twitter.com udp
US 104.244.42.200:443 syndication.twitter.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
US 8.8.8.8:53 200.42.244.104.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 eaa3db555ab5bc0cb364826204aad3f0
SHA1 a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256 ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512 e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

\??\pipe\LOCAL\crashpad_4312_DHHMIQMBBMSUCWCL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4b4f91fa1b362ba5341ecb2836438dea
SHA1 9561f5aabed742404d455da735259a2c6781fa07
SHA256 d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512 fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f49c0270738ff90fa8da9ba4fdb6c40d
SHA1 a0d7f12a54a4ff75773a729dd093fd71cfa26eb8
SHA256 c772bac17902310037127039a099fd8fcaabbb2af31ffb9cbc5cb75209516e28
SHA512 117a503b152138f97a30e3c5a1b4533d19ffe5f94bd4a00ee71a4608eba46083a6319b208783c51a352698b7c34819df7abd30940f3da07b99ea2eace0f83ab5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5f4a7dd8604dc048d7d393224550f674
SHA1 9a49515daf51e0b1442682e243159b81eb0fe458
SHA256 67154d2417e01daa1d9ed1a640a38770e5dbc22fb8085705dd71f6a75c492994
SHA512 cf2195c08e5b20085ae705d8c6aa9ace986ad8d2426ebe75c8500c14ecdd340c80287041516ca2457e09cdc63250669929a2f001cacebb489a7ad0dae2b97a4f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 483f92c5d3b25160881983901c0a783e
SHA1 a5d73b8433a0524192049e1a7cfb096807f680f5
SHA256 163e7064724d61323b46a00791a32abc95a1f81e3bfdbef58463d2311c4feb56
SHA512 a703ae954dd1d40571c0b95b3de8e0e803e6bc2ba800d0d7f6984e2d0cb64d02186013b1de1ec2cf6a3091234661de03a5a4c1d69662a6fd28e70ea3216d2dc5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4a59824c5686d91feb1c09b5d2ea37d6
SHA1 30550f90cc60f53317185d445595dc8c234bc36d
SHA256 4386888238857836105629a5cee7ad7eed27f774cafa17572a9deecd31da3f8a
SHA512 647af92319407f68d6fae51486c72e56d2700148f07a506cac7f2ad72f325321e7dfed83c02a7099b77e2c4a5d416e4812a37cedf95b8fa210a4da2688a70666

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f68e94ec-c6d7-44d7-b887-613f1355ff97.tmp

MD5 bcbc96dfb9da7db39528afa21c1c35eb
SHA1 2e0821ad6883e8fb13afd441315c582f4e6a6522
SHA256 f912bdde3d2f5f02513730a690a774dcb89c45215c72f73f393022d6588a7735
SHA512 6457f7e23cfed821eda8eb3aee29083a7fffce2375bb3fc162f110be543f8545e3d5108f00b69fa253f1eb1359d3efc4deb71f512822769ea75c9f88c7062239