Analysis Overview
SHA256
cbcec4971e9751fa8ceee0e73b440d0a01fbbaa50371dd7134ac003b6dabfd6e
Threat Level: No (potentially) malicious behavior was detected
The file a2fd131733c992322ed074ba2be4edd9_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 23:44
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 23:44
Reported
2024-06-12 23:47
Platform
win7-20240221-en
Max time kernel
117s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b397db72cb1fdd4db9b8b730dd67a838000000000200000000001066000000010000200000006c2d42ddce4dd27163515066ae56906826f0af60e89486da1b2802ee9f7427a4000000000e800000000200002000000070d7adb15cbd2c4a8aa586dcc14d43487ae52c7142bd06914092e228e620492a9000000050acd70c4270bb6d936740cfeb861f5717d716b82425d6eebf9b2b0cf6934ee417962a2492238b240d6b9afc26c5e174d15d83d8d7606f8dae8aeb14609d1f3cd8862b2f5030b207d8362bf69a654ba00b34d0bb50e299381798e929fab95e8ba85af9695c928e91b955dc5e5934506f0f27ada0f89d7106ae9d9813a13df04f0dd3302abe24767c204d041bc56c2709400000008f4188191d426a911734f26b599037734524dfc5dd3f65a39c2a81477bbc741000ca65e1adc1d78d015119c8b6ab4ef3d5e8d2c239f2e753e5740b2e93e763fe | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C257F8E1-2915-11EF-873B-52ADCDCA366E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 0038a19c22bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b397db72cb1fdd4db9b8b730dd67a8380000000002000000000010660000000100002000000073c0ad52f9b14c0bc5b17895d313b5608d211dd0cbf83cf836a72291f9cf8708000000000e800000000200002000000029d8dc504985388dc5dba9dec3a52b64aa8a4910fcfbe12f340c0256b43d732a20000000c86727894cabda7d954ad11ba2428f77455684254a66ad73d12bf622b4a13aaf40000000d2a71b29b63d1cf09c0bced5fc7a9f54ac8b3aa523481ace6675ef572bcf6746b801a7d911b2b1c915868896cb3ca358ed71dff7fc3a27afb343cc38ee0ccc01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424397758" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2512 wrote to memory of 2332 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2512 wrote to memory of 2332 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2512 wrote to memory of 2332 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2512 wrote to memory of 2332 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2fd131733c992322ed074ba2be4edd9_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2512 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.pixi.eu | udp |
| US | 8.8.8.8:53 | dlsueilsetm4b.cloudfront.net | udp |
| US | 8.8.8.8:53 | dfea9w9r80bnd.cloudfront.net | udp |
| US | 8.8.8.8:53 | www.tonerpartner.ch | udp |
| DE | 18.66.121.212:443 | dfea9w9r80bnd.cloudfront.net | tcp |
| DE | 18.66.121.212:443 | dfea9w9r80bnd.cloudfront.net | tcp |
| DE | 18.66.121.212:443 | dfea9w9r80bnd.cloudfront.net | tcp |
| DE | 18.66.121.212:443 | dfea9w9r80bnd.cloudfront.net | tcp |
| DE | 18.66.121.212:443 | dfea9w9r80bnd.cloudfront.net | tcp |
| DE | 13.32.118.164:443 | dlsueilsetm4b.cloudfront.net | tcp |
| DE | 18.66.121.212:443 | dfea9w9r80bnd.cloudfront.net | tcp |
| US | 141.193.213.21:443 | www.pixi.eu | tcp |
| DE | 13.32.118.164:443 | dlsueilsetm4b.cloudfront.net | tcp |
| US | 141.193.213.21:443 | www.pixi.eu | tcp |
| IE | 52.17.192.220:443 | www.tonerpartner.ch | tcp |
| IE | 52.17.192.220:443 | www.tonerpartner.ch | tcp |
| IE | 52.17.192.220:443 | www.tonerpartner.ch | tcp |
| IE | 52.17.192.220:443 | www.tonerpartner.ch | tcp |
| IE | 52.17.192.220:443 | www.tonerpartner.ch | tcp |
| IE | 52.17.192.220:443 | www.tonerpartner.ch | tcp |
| DE | 18.66.121.212:443 | dfea9w9r80bnd.cloudfront.net | tcp |
| IE | 52.17.192.220:443 | www.tonerpartner.ch | tcp |
| IE | 52.17.192.220:443 | www.tonerpartner.ch | tcp |
| DE | 18.66.121.212:443 | dfea9w9r80bnd.cloudfront.net | tcp |
| IE | 52.17.192.220:443 | www.tonerpartner.ch | tcp |
| IE | 52.17.192.220:443 | www.tonerpartner.ch | tcp |
| DE | 18.66.121.212:443 | dfea9w9r80bnd.cloudfront.net | tcp |
| DE | 18.66.121.212:443 | dfea9w9r80bnd.cloudfront.net | tcp |
| DE | 18.66.121.212:443 | dfea9w9r80bnd.cloudfront.net | tcp |
| DE | 18.66.121.212:443 | dfea9w9r80bnd.cloudfront.net | tcp |
| IE | 52.17.192.220:443 | www.tonerpartner.ch | tcp |
| IE | 52.17.192.220:443 | www.tonerpartner.ch | tcp |
| US | 141.193.213.21:443 | www.pixi.eu | tcp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| DE | 18.245.65.219:80 | ocsp.r2m03.amazontrust.com | tcp |
| DE | 18.245.65.219:80 | ocsp.r2m03.amazontrust.com | tcp |
| DE | 18.245.65.219:80 | ocsp.r2m03.amazontrust.com | tcp |
| DE | 18.245.65.219:80 | ocsp.r2m03.amazontrust.com | tcp |
| DE | 18.245.65.219:80 | ocsp.r2m03.amazontrust.com | tcp |
| DE | 18.245.65.219:80 | ocsp.r2m03.amazontrust.com | tcp |
| DE | 18.245.65.219:80 | ocsp.r2m03.amazontrust.com | tcp |
| DE | 18.245.65.219:80 | ocsp.r2m03.amazontrust.com | tcp |
| DE | 18.245.65.219:80 | ocsp.r2m03.amazontrust.com | tcp |
| DE | 18.245.65.219:80 | ocsp.r2m03.amazontrust.com | tcp |
| DE | 18.245.65.219:80 | ocsp.r2m03.amazontrust.com | tcp |
| DE | 18.245.65.219:80 | ocsp.r2m03.amazontrust.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 216.58.213.10:443 | ajax.googleapis.com | tcp |
| GB | 216.58.213.10:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 104.18.10.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 104.18.10.207:443 | maxcdn.bootstrapcdn.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| DE | 13.32.118.164:443 | dlsueilsetm4b.cloudfront.net | tcp |
| DE | 13.32.118.164:443 | dlsueilsetm4b.cloudfront.net | tcp |
| DE | 13.32.118.164:443 | dlsueilsetm4b.cloudfront.net | tcp |
| DE | 13.32.118.164:443 | dlsueilsetm4b.cloudfront.net | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1F94.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar2033.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 1e1bc2249ac9d700dce7b0295ce52983 |
| SHA1 | ae8d1338ca9a2cb7bd61871aececbf485f1e7fee |
| SHA256 | 6a7fec1d29a915bbd1a2c018536295dc6846af30335668c43ef726e76475a79d |
| SHA512 | 10c1b251760948ed8c8e13798600074d324ea5a7b1f13398bf3b7e0487c29864657d9b7cc90371442d560f6246054f81fddf25b763037d0386bc7d3c595a5727 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\Local\Temp\Cab20AB.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a41b6505012a92879383060f4b90ea2 |
| SHA1 | f21e89cb1cf6dad6098753997152f275c22eb1a7 |
| SHA256 | 4a6c7efbaf0f84d0e22a2c96622520f73f6f3722c75190ffed69a629d29cd6e8 |
| SHA512 | a1bfdb3f3f9ee62b0ccb18566b9b0ef6405a91390e6fa30c419d56936f0141fca681a04d79db2b5f472156c0d9c50a143a09fc40248568aa531b62fd9eea35ed |
C:\Users\Admin\AppData\Local\Temp\Tar20FE.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9fffda745e2831f2654f86fbe827f36b |
| SHA1 | f5ab4e41df3504e096f47ad5e6f398d3d457cb62 |
| SHA256 | 523a7f44b4612849830d6ac681b481c3ece9e3f780e942b4191b82d71c404d41 |
| SHA512 | 52aae6544b33f248602367c812c5a8658cb2e3ee5d0701285dfb2c2f27d68c4dbe487a7a842d10136f986ebd3a0bb323f340e114c4a2ff9a15b90820041253a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0c61d7e11d2e4a09c44562652b5192ba |
| SHA1 | 098c25c4680d05068cbaac1342bdb1a4a43f1319 |
| SHA256 | 3bcf561836bea29416ce248b103a3a38e73a083fb7e4219db9cd7e5fcc71e917 |
| SHA512 | 429a68c2498707b384a012543aca715d24614718113b018108d89b0b1cefa30525528244c6575a55de1d8864dea962aa16fc8c785ba91c9ba31b24f971db01c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 83d9506d600dc4349b02d097e938b7d9 |
| SHA1 | b53bfcce97de621c35f4188f3ac5691adea1e945 |
| SHA256 | 94e78dcd2d9ab69737381f259de69938f316089f446f94850af76a19f3ef7c1c |
| SHA512 | 1603bd8b6214ec24d3a2e8d6e537744ec5ffdf0638a79dccf39bc595dd09ad7e86688ea286564fde48b4eeced6f1914e1b169d25308328a284710382cd308142 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7d6a2250132eaf99dbde3c0480835a4 |
| SHA1 | faebe4d3e2ef4caaec4907f64245dc26fdecae8a |
| SHA256 | 8026195f6b2712a6eb0b1ec2c3303a30987b682c291ee8576013989b502612f4 |
| SHA512 | c6eb19b07dce2779b1d38dc3e854a3123f8495b1d441dd863e6b14fffd364c115ab900599ee9bf220e56b8124f148b90f16bd33060a109b873d62f9fb6424379 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4fae297beeec6bcb98c7ae877148eae5 |
| SHA1 | b597decedfd5a2d17570bbce20cfd702a1c77316 |
| SHA256 | 498a833cc8e31282f08f02968d8b8844bf185eb4a25e7cb31e7767448818277f |
| SHA512 | 00fb09c24e9c24fbba29d491bc9c512525fbf222b28abdb37387cabd087bc28b36ef4da5e128c77ab6d3cebe01f99f6332b5292540767a66c413d8a9ed4acfe1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 87899b6a2aa9216f041ac91e3f550510 |
| SHA1 | b2af1783e80522a1796c48db7addae2e7d285969 |
| SHA256 | e5eaa5bca18c87e44620f6031a7744d723b30da37d0d2771473543f1464ff28a |
| SHA512 | 8667b0e3710ada5cd4e7614afc9015769a6ca55e0f00ebcc765ac3e0527496fbf0c1602d7bb3455261e05d6ac656af45df3bce10893cbe8977d0077173d37f66 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d7492504510ab753e64eb435e17f5d64 |
| SHA1 | b62be547d3679eca20d56660972dfe54c686d8b1 |
| SHA256 | 3bed78afcf46002f26dbc3e3b76926c442cafe5b70fa2f4353fcf6f01499681b |
| SHA512 | 69a5c3aa713c22039d86bd52ba1653467cfb01f0f1bffab0272b8c56f507973191a1e61d8fa1b7728d33c0900d24f3b010a66246306156759ebea75c24eb8b8b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e108dd7365d90111cbf115c414648f9 |
| SHA1 | f1bd90ddce681e721c1e70b75e576ab89f985c5a |
| SHA256 | 509c23013813353b0f91bb8e21a6710f47a5d777f88c9053489938ab1f91a1f3 |
| SHA512 | 162a9bcbdaf1eef540dfa64a9c4cdf7b0403bc3cc97c38a1e60f2b79c99fde9992acff3e9f69019c8239a16bbd191032d656838f21a4fba0a533761a2c59c2be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91d775c245b99f3a333125e4cd537499 |
| SHA1 | 0c78e057001c4142a624816d04785de8af291bb6 |
| SHA256 | a8d6ceb5b07163ce8770ee22a8f53f665556a8aa8e2ee79f2ed5eb9ba9b25851 |
| SHA512 | bbdf0eaa965c397ba3f4bba3246e73343376df06980746d11fb14f44a0898806a54cec463253c481c257552f202acf891129d3d33b5f64a8e15f35d3399741cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b83b35ddca7ce5366f796cc6bad6afa1 |
| SHA1 | 2702f2e472036011fb06e0d484325dddac142bef |
| SHA256 | 12dcbd8fe2dcc6146ec6697da6f6cd7e2034f6de515428a6ea9b6171f4d68c80 |
| SHA512 | e632c039bfb266c82d248999e3a95dd8923c4881afac1f9ed96d242322e69f667e2f7ca398cad2af009ccde79f723a8a75b0a3506d27a9207f7f417a6955e69e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 87a39d9f67904b3fb346cbc6413365e2 |
| SHA1 | 93957ef4dd17e148fc999df502931a98f54ed461 |
| SHA256 | 22141e53d77b4b19463281414e0915c88d28c9a5aad65e622cc4ff7a532b7e92 |
| SHA512 | 602f725a7b4032dd7b7e2990c78bd072864f473bad4605df1fffe479695413753ca9b5604a638c51f1cb22843119f855d6c9cb73141eeeddd724c9ef4eefc3d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09cda6a370bc28f9038556fbbd633425 |
| SHA1 | 1fbd395d8cdbe3f3a43a82e40d0fe9e601c6f671 |
| SHA256 | 4fa51c57440735c589e04ebfe4038ecdd7daed40251acc7b9278466c0069326e |
| SHA512 | 6e1956469073191077cd3c912e2f295d2ed4f90f399e022dc446505676e14ce1e73fc6aefb55e1dad1007a9f541d97c7cd3002dd66a78f9ae7a411e0bcae5081 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49cfb1f3623314f93c7399f2e6dba3cb |
| SHA1 | 9a8706ced2c3f6ab684db114d6e7ce6027b1e9c3 |
| SHA256 | 38ec3ebeb3b024779f8975a9c5ded5b924955aefa580ed3dfb9a3c085d0f396d |
| SHA512 | f7289c18746f39a51dc03e591c45c825695519d7e48012e5c62425831ec30bd6b69a43163f2aae227c4318d3c9ee0165e8b93b222adc720aaf4e337c1dd08b70 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fea05d258b8bbc3753ebc82754e18d1c |
| SHA1 | 8564867a1c9f460f4b4f6cdfbfce886333b97e56 |
| SHA256 | d441379e627c8a38e36f00c785337e6e47cc18b8d5ba5474c02b7bc4a55321b3 |
| SHA512 | d280841eab1ff0f5b9966669ec85715154c1bb379f5660f37a652e45ee83eeb8a7aaff8e32aef7e3d31d62f76b4c815a856a39564e3fc7605a4d7f67a04dc813 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b7572a5cbac0de8e3fac5640baa87e7 |
| SHA1 | dda7f08903a85b91eb6b9fb662b0b0502a751dc4 |
| SHA256 | 94a7a3c302bcaf54b8ff5daa2e14592c07dff6654879e7beeca733ac823fe29a |
| SHA512 | b89583da95e0df0dacd6a319c64c982bdf17186cba582f9e3b45a4d591be6d276596bb685586beb26288cfb53ed2cafff12325e6269b792542d70792b1fd91aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f0da95e7879dfbae3b905d0d32d09d72 |
| SHA1 | e5a6f95e03c23e289dd21d9a4adc2150ab7848fe |
| SHA256 | 0e833a9929fd1c5da00bcb032ac18ce3fc0e2c53ffdf89567c5a1e5a32c764cd |
| SHA512 | 57ee05e864f9c354f70edd2b7f23e21c9182aa2bf47ee8aee877a4bd563ab89924ac0c4496e53b0385f33edf4f98f5057f33eeb239d05adbd406379d40a5dcc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16e4a174095e9a5c0a81e3e68d54081d |
| SHA1 | e74e1eb313a6d720d5edccd28eef416b8e633004 |
| SHA256 | b0174c9be5ef7377971902fd22bea807c2665c9a9eb5d2395caf4073131de63e |
| SHA512 | 16e2016d442bb7c728d0ed2a23c10f85a0d25a2f18414553af132b1dd810c7f808b64a208eb55e8428214741aa53cd5df5e9e75b11d9bd609c544615cf00e2f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2fc65fd292e3c73fd37dd6bebb441f3f |
| SHA1 | 6e11beb26df6d6cf2baf28c5aea53c2e3b44d6bb |
| SHA256 | 38210f8e22e1fcfd32d79b9d367bf36b7d704d50b205c9e1774eff27889ea4bb |
| SHA512 | 6e5a31a1e46b53c1d10b172b9daf3f0d4fcc2faed281f33cdfbc3ccc093ce12f252a5699c5b2cf47436b184a0b5552e46d1a9bfe1e35e50ccb743a8f7f6df317 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f891e9852a377bbc71dc9dc41afa0d3 |
| SHA1 | d45646731c26e30889efa1e6f087887549caec99 |
| SHA256 | 9131d324988179822275147d861d0ee39563b2ac0c1b2f9e78d2ff27051fcf35 |
| SHA512 | e56ebe582c622d65481b0768f23c94e9c43a3cf369d68982cdd3c8e478e40be6e85f693503e643266316232d78eaa3fb726b26b9c1a7e987b094b39638eb90d8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | c6fbd024e1ab53e7c0ad2c1abb5c689e |
| SHA1 | 2f61af0f067559e2481f54771839fcd004614d8b |
| SHA256 | 56c777c251f78b69aa9e86157288e6573bad63eb8db3d12d938010ee2f95a6e1 |
| SHA512 | 79e53225529564ac9e6b8180665d5b3500fa7cfb9ff19c9b6d258223060b60a272d066736b1970b72fdf7f85094f9fcae15e185ee6bb54616489827616ddfbe5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | d83d6487dcad0b0879703505cc5b57f1 |
| SHA1 | 6fb675be1ea7a9300d6c5f02b0153aa50448c310 |
| SHA256 | ab88dbd445477b770e6f12485bdfd1afea682157a83ae7b8204d9dbb6f571dfd |
| SHA512 | f61e57927f5024efb5d529f8fe8897596f408e3bb65e70222acee717b7bbaca7e8367e5842407f8b158bd7dff8483e66da5b76b5a47690307edc6bb91abaf52b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | 77a15e0fb19b26d8b1da64cbb16713b2 |
| SHA1 | fe22c1f2cb30199767e8fe309072f40da6c9164e |
| SHA256 | 27d707b69359a7fcaadb5b4338142ddc721c1b2814e1e531d3cf4ec17c64a5c5 |
| SHA512 | 5fee32fcd65b91871da5aa39c05b78b5cb74909df7b9945f29a090358fd75bcc9fb2f55f122d145848c98b78c5472248a1d58e47af45cc38dbcf1c919c3259f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 542bf42148964f170504894918a5b856 |
| SHA1 | 1438cca75165bfa28802341001d999c7af01950e |
| SHA256 | c9f5ebcdb3c804801a46645a4fdfec6acbbcfc1bc9042ee82bc78d559d82f007 |
| SHA512 | 7376a5b8fa772d7d015a1c3a556417d7eb9a58036afcbc9df223a8bf2d11919ef4e07ab7f0ec53c1f00a3f0f3ccab62d290d2298caef4fe73215afe21bdbb664 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 0cc1b764100f672068feb7fb54930727 |
| SHA1 | 06b8a816ed993aa63dd82c34018ba5b094e4bb3f |
| SHA256 | 4ad90f35be6227c15de0bf699de871d86d00713c0e3c7ee9cf6beedd8b583501 |
| SHA512 | 2a7d4157e502c39282b46a0633a8286b4786fd3466ed28bc01633083da755f66e8cfd5bc7de36b8d57c6da600dc4364083c6a9cd70c98025aab4d148dbdc8fcc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 8afe37836b71477eccd3292c1b96f28d |
| SHA1 | 7a740e0db91f2f734879f78180e3b61343344c0b |
| SHA256 | 42f4e5ecbbe5a4e83c1e4cf3de80aaf1f98f66063fa0be0ce4505d1a924249d2 |
| SHA512 | 382d3619761176247c7a6e90c69c93742eadd2b18003eabaacaecbded58f465081c8004f733e50cafd8c3464257378317d12133fd6f414bc7cc67c6bb3bfe5d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 7988da679b6177db2af10a5f96411b84 |
| SHA1 | d80a38a2317d0a7f846d9bced12041cdc0c0f523 |
| SHA256 | 900bd06fd53d903e9feee4c49084853a780a396a5e50428401a41809043be27c |
| SHA512 | 8c6412334ca6dc13a18c19340173135675a2fd16a4b16c4149fae7e28860d2c33c15e4508a0acd3d6d4ed96a301d01d6b738d543e0ecd3202a26698e8f873c45 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 1439846851548415777d1cc3892874a4 |
| SHA1 | e29e980221c97b685b1b4b7d58a18272dbe79990 |
| SHA256 | e6415863f0ddce78e4f334280812b958e00c5edbfde33f5a9ddf645dacaf84a6 |
| SHA512 | f74239f308e1868cc5f68a52e016377d1cca63079ea316ce5fdfdd28dcd9f35b9d39b549e456ff01a9028509c812799353ec7b99a1b84d3298e3407739d71121 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 82174c0fb43d02379853fcbaf45f8178 |
| SHA1 | 57384e61b9c44fbd49bb4c2621ee9fbb0f119651 |
| SHA256 | 1d5509233e69be68e057a945922c02fa6f515da85737bde38ab229abb4c06367 |
| SHA512 | 8ffa6588a1d9edde06caadd579dc2e74e47fb46cfd149acfa1655e79f55e314af8c828653c99ee6e61260e3b0486824b55509dd1f3d0a27bba14a988e73a52d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517
| MD5 | f2ae1d6d9bfcf69eec11362471eaf694 |
| SHA1 | 12d669bc6164ea31a44df4690f2f98d1851aaeba |
| SHA256 | b42e4db576ead9a81dcf1b958dcd38a8156da625bf3d3db356543212871125fc |
| SHA512 | 36c6b6b2c7e57b1ecc227e99446c10f3227d89cbba5697655d1ecf4041a614ee1779bb07e8d167401e9847fbde42322a983d4902873e4759caa888e2f0c9f58a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8
| MD5 | 34edde7b6eddae5f775fb6c7334903a3 |
| SHA1 | ac1bb9add1b95be91cc4c0d27280f64af295aa7a |
| SHA256 | 83879248df9858af517fe265c72345248989f3fb044e3ca4ef27b8c0e8736ef8 |
| SHA512 | de2f59773134f590dd4041f29e18d79a42df8b2d8a25acc569564ddfdf4ef4b9048b29e3b820f4b5e98a6e5881fbb08e1184a4a38d99a08166db04599e37864e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8
| MD5 | 393aa2d91e18a67a318e1b2fd24d85d4 |
| SHA1 | c13379459200f30bbdf4092ea48cf6805ba454e6 |
| SHA256 | 34fff2bfdfa5d6d7297582decac5f45642997ef2d41a4b7ee53a5e05deed4c6b |
| SHA512 | 20d1be0eb077f0cccc3aac52196e9ef50a946b0bfb300382cd430a81c4c15c9cdd45e39da5f31537207469e561b27364f7f5b8ae4f67b058916ea21997606a6d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517
| MD5 | 1271eb3fd975b67a284f78e71de0c1e2 |
| SHA1 | de791615cfad0094cd23489457cbf2828e2f1ec8 |
| SHA256 | e530f9fec634c89ac5e84d310e633e552a4ea3a572a10113885fc67cc6823ce1 |
| SHA512 | e249ddde692cf556b861ba60f12708468a2f588ad3c8f595ddfd5a4cd52674363ea2be1389a7a88a4fda75d836ca6b5b6989936d0b4ea4b02b5d8a23535ce3fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517
| MD5 | 9a97c63eaa0c1be4ed4032c7126b9628 |
| SHA1 | 9f0dd16664ef684e37108818aeaa024f55a1677b |
| SHA256 | 5a0138152338dee438fb05927967597ebebc5a0b4a3842db3d399c9f283bb23a |
| SHA512 | 78c4f856c1775d47efb46c773c077b799b94bbb8cdee817142716027223697576df74bbda1ae533909114710bbf4fa3c0cd384cef779edcd6b48de342de9f159 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8
| MD5 | 267f545ecf65b6058fd5a55e9cd74cb0 |
| SHA1 | e095efeb3c8b694305eee5abf05991582ced5eea |
| SHA256 | 6fda20c91ef424fe6f8aeb8f3b23ba2dc4c619d48f2e58cd0c8143f34763e26a |
| SHA512 | 3d42e55cc1867d6d781ad155a032fc1534c885a055a54d1a41781edf5e8c1bb272c0a4577e1adc93dba233fef86f7d2839161340c94f4ed4c02870682040bfba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c9c72f2899ece29f7bc1ecb9ce7e1d6 |
| SHA1 | 2b13b05a2b0f5257351bd4501135fcaec21b834a |
| SHA256 | 7ed34194f881660a4588dae973987aec540c2368328b5da1449424d460765756 |
| SHA512 | 6ee4b52694b2e9292df695716f250f47554ecfcc9ac0afd88899c0d838e7af45ed10b9833a488d94be5eecff5f65d466d058449e7ec7ca80db8e656db3b5ab4e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517
| MD5 | 77a711163f7edd3e4860e97ecb99554c |
| SHA1 | 4a7a547ba37d850cc325861d570c06becd98192f |
| SHA256 | 4b929ca2690186be725b2a1ded6b4d3dd8281c00babd9af485ff1a16de828416 |
| SHA512 | 0f4d94a28ac845b6f14a37f635a7ee897fa72ef0c41315456dfc37d440678ffc44213c1d64981599afb8a44157bda12fad90c454f440f2639fde4e94789f7c52 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\83D863F495E7D991917B3ABB3E1EB382_79A1D414D9B3A1B91E1DAC8A51FAD622
| MD5 | 1bb5e0e3292abfbd75e7cc75dff4f013 |
| SHA1 | dd84e8c351daa3a03658ca8dde1d9a1931912bdf |
| SHA256 | c7decbd09ac7b2dc94bbb47f3e415177245c24dde8ab12eb57458ae0873a0c2b |
| SHA512 | dd0c0f635969e0087dda85b86375e9e896426d400449beb69e8426867448145cd9b47edabfa1df31d7eebe92c45b6c0e87d3a2aae8aedfaeb6d4ffcbdf3ef762 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f2939b9dcee8fe11801f8ab64afbcc6f |
| SHA1 | 8554830a4bc7125cf6d80231f371dc64418ab214 |
| SHA256 | c75c4b75836cd468b72dace734a0db09f1f290804654857d80acce78df1ba285 |
| SHA512 | 172b0da7aa00150cef09032b5550331df05c4978df7cc35eaba781cab8514a0e227b092ee9a32c01ec40c986a9644e460ae85bba2ac4cdec6f6249ff0b917543 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3465f4c09cf25e3c7ebd36f4880895a2 |
| SHA1 | 6c0bce5de4e101cf7a614576d8d5db4030355cc5 |
| SHA256 | 8b0c7b5a3cace2b9c9178d54a1bddf761e37a2f11cffaa8125a8af55e8b21489 |
| SHA512 | c8ef9902cf937a1648769689cbfd9ef9a34fdb151593015bb8f54c1d2d6b37d9c133d5bb0715b56004e9515824594e5504ec8f77208070c6a925b9f7a41db109 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c94f8cef3fd6e65ebd53997452943ab2 |
| SHA1 | 5ef3b7ca773f6d02af0501e1a52a8fa8f612fe79 |
| SHA256 | 5586909955358aa576d6b9e641b623e3b11b5f2419ad17c512d58354e399d0f3 |
| SHA512 | 91ffd0a491603a93b2cc9dbe68046b8e76d5b872a406b96f61b9289176ce3bcf91afdea6c1b71e8201f9029072b39f8c654e6f0c096465c3c54997be3f67a175 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a0675c6dfaf7ea8dcde88c496bd01575 |
| SHA1 | dc7a90a9aec4b35c7e8640f55ea559554c6eb957 |
| SHA256 | af73bc550f2c90ee9ee3e79d06aacc739a7e895add326232bd4da70714f5c659 |
| SHA512 | 8ea0e60ddb09575d6a2d3668801ddbe5aafb06fa337f84cab281eab446fa276b36395971f2b6f407fdab134349000c9da3119f230dca10f88f496b30755b980a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 36c13568e43c830ca9bb030b54bbc5ac |
| SHA1 | d2b0dc92c1f296237144a61908ecd783704c94fc |
| SHA256 | b9303adc4ea231fd18cde44af174002586a16e8da2a4a1dca44ea7ad9a97838e |
| SHA512 | 2ef61be1629fa5235a2fb320ebddb99cbeeffafee25d5096831c154943b8b1db707f0d577aad37ed6e2090356466b558a3f8dda4bb32de463e15360a5faa655b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b6e149bd94524549053893eab825dbb2 |
| SHA1 | 659caa6ba3e27ba0047d1a1fbddf48f50dbdfd17 |
| SHA256 | 081e05bb6994535c8df61a7895faddca8d7485f943fe21a51e269ba6252b13a3 |
| SHA512 | 7072981d05ef87f960e8844ab584403a4b6efc7a627d21da67cbb2c2f03b73628e0da8e9023f803ba9bce3724b1a02f4ab6640cb1a2d671ec2714a00f819da13 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b80be0b389aa9e4d60cfde2dacdc951c |
| SHA1 | 6762ab486731261c1595b8df6cdccc4309b5170e |
| SHA256 | c757647bac8e006e5af682e03849042aeb28a89a6d6b2c1c1c9c7b9de526c68f |
| SHA512 | 1a7cca2965115f44bf9871ef6898edf8e59b8d47ef888cd62eb8596459535fb94484ac1017438245ba48c351992061d22d864110252cba8a3352eeb7005f1625 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c9a3213c7dee3423359556ff4baf9b22 |
| SHA1 | f6830b9229eb743055529641cc7c54491d484d55 |
| SHA256 | 4cc64fbd886273498434d76db44fabb0db825c1229c1c33e3218abf48732b8bf |
| SHA512 | 93e0b50fd9461ee45521096ac47de128f19afb3404bb40c1cd767396c0dad903c88419c21ac1cc11541406ef317a37a879ee3fcf7d171113b8272ddf92d3f529 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e25d0c1643d20fb3ae2b2ef30b4c0321 |
| SHA1 | 46e159f16eb5e29c5dbea627b23bb9d93f83f758 |
| SHA256 | 65758e70d8777630f0c7454d88dc2f72a1fa1ec7c038528d84dc70a6f748c6c7 |
| SHA512 | fb53b38b7c055f756cc931d1f3f4f99bcefee8b0d8741bd4fcb835eb0890228836ff2edfa65a27258186d747624808ca469992224fc13b3bc83306dcb1287bfa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14d34c1cd6dd21fe62ee5e8b86ccc9b7 |
| SHA1 | 046ed7e59dbb5863c28869a9b51d1f54fa6488a3 |
| SHA256 | d63e1c404cc85e59680e6b384778b63c41603aa8939baa8975797e25a9f745de |
| SHA512 | 9add14ce7c76e01f5db0e72472f953b04a26681a77902f2c47babbc1517c12539aedaa1420ffdc7d3afbd7cea416ab301864c2e1b2e1d6633fc884907df16abe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 059d6bd962c9a80902dff4e4b9537eb7 |
| SHA1 | 05a2a8bbe62da4aa7101d455286afd246a945674 |
| SHA256 | 029a8b0b15e75d0acda3005465fe3e95a30e4767b97a47b44daa8c20e22e26b9 |
| SHA512 | ec2f6eed8648b177dbc60898e5bea81115dc21bba46786f51eb8108cfa5eed8edd8c100d7c46115955a9063305b0849101d95dd2bbf64771dbc88819f08560ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f79b9ab2268f4b832e6bdd5c64de89d |
| SHA1 | f2c9292821874e43227c17da43a57d01abed9b51 |
| SHA256 | bfbef9739c9efb8498a18323875b9ad439b7bcf7c4a6068332f9f323fc1ef2c6 |
| SHA512 | ce0342893ab0af9e87dd29d29dc3d0c6105bad3c43b7c0dbebbac32426d6e517e41d3c82a5435bb7d46fea0803ad234b0ff9a6e380441f45ae3928b6dcec6b17 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0fefb28ee93ebdb6d037e6748e4d7fa3 |
| SHA1 | cfb183e78d4a50ed6496ed9014c0807ea378508a |
| SHA256 | a04a5971f8cc58fe5a50039cb4864ea2b0d249ac5062e26fe514e6dbe9bc4cb2 |
| SHA512 | f5facb1f608ee696ec9d605a96c4db6c2507f89e617b73ae377aee8bb4c599ff064d96ee6a82b60b13d1768a6f3886f088099d41efeca73195a30b24ed045970 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1648d4b4b50d93720c5d75d072b4b656 |
| SHA1 | dd3fd3244f593ca11d4ff3d57d50319607270901 |
| SHA256 | bb8badc58f45d14affac2d5c1d5a6a5cb8fcf4c6380f74c73512de358885dff6 |
| SHA512 | e59515f267f5a1e2281b75edec42e15cca0ee3d7f9dab1b8f4387b89a57aabfa36b3fe12ce1ed3f32ed23063551e7790339d46bd7517996fab51f64129e0a6c5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | f878a337104f5b979fbb4fefd449357d |
| SHA1 | 60fc08b417f8e36e32342616b7ae3564e116b6b0 |
| SHA256 | 159d8563359e72b960c77b64486dd0a06749f996d40a82cf50a80efca4aa791b |
| SHA512 | 15285b2b3dc37a201961b9edbda8db418a61d109ce0650644aa65d7ce18ed2eab6df077a79fe7487774c20b915983b03f54ac8d7ddb3a39d0e02014cadfe776f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27cb7bc4e41e8d4f7bc7e60ad4b29fb0 |
| SHA1 | 700fdcf407bf66f25a2b84e0379414ab17425d1f |
| SHA256 | e30aebbb82c946fbadb7739576f121ba8e7861bc082be7cf3fd5d0a1e36662c4 |
| SHA512 | 0c237d7629fe8d05352e9389f3ac3b6426211d5f54c086634b0d36e1ea44b5b1c562f12f2681a58f098fae0198f4d0ca48cff1efd024d3d3b42e254215ce7239 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1746c8e52d52109f39738061b5a24f7b |
| SHA1 | 64be64fcbafd7e57cd95fe8235c425b109477a23 |
| SHA256 | cbf0649f29177e7aa851e08c8f12849dea467606f82b20b5a5bd8a499594e581 |
| SHA512 | 76cdd4f7bda3cdf1d8c8872b8df966e544bca2cc5ecc88a0327df0c82ec5ba90490c97b5a5a5870d1402f9028db315df366e606eafb0eb438075649f0b24a1da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1526ddfe7bb1fae4b68f1d9b67f836d2 |
| SHA1 | 49927d0b64b7ee8572dc7f2026c98ed4ee96b01e |
| SHA256 | 7c63faf0a7001e0efd6edb57e90ce1e45eae37e95ae2f0fa326517101d89ba41 |
| SHA512 | d0f918eabd1fd3801624b41c1090755a511c3440fc265bead4e03576e90043a4230fbd681ed673dc1633ed7bd8dd5b3c4d96e915b3dcc2e8ce1c609c9e878076 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38d044e3363d295a541bd9c7069b04fd |
| SHA1 | 8196dceab90cf682ebb370021a478007e492ea62 |
| SHA256 | 903865f8fc36c600ebd4fb8504f8c3fe3aa29c5415f45582c25fa558fbf59e9a |
| SHA512 | 441d1f2c857f2662d9ee088e217b8dad7e3a5d24925f82d1ac37b416448ef4eaa2d169c2861e5cf25b90f09ceb316ebbb92257a3a7bc9bc2b3774bbb95eae3de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | d4a47485ca93a6215f773c27f9e705c0 |
| SHA1 | 010a815e7c6cb6b1bcf99ae9925e13f8341ae577 |
| SHA256 | 19e3ddf44d5a27acd913ff9f3f72c5ec775db3e06a2022922b2eebb0e648d65c |
| SHA512 | f8b54ec964cbcadd95743a985a9c5f71379407dc87e1e8fb2961fd3f2dabfbff5cb699817831afb1e5516dbc6df38ee87c5fe4af6f8713e0c253aee11307d7c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee7a23016aea6bf285568c1f9b8a9adc |
| SHA1 | 11b10a4bb3b2a7f5de99995a98e6ac09ad78abaf |
| SHA256 | 239b7c5fb047831216e96b3240ca9311810c3d92100e7cac613f7c761e0874be |
| SHA512 | 2dab6dd9ed08edf77fcec7ea5a249b655a4037732ff450926a4f2b082f961bedbaf57312d89b2365f8736447c7ef7346d75324a6b24d4c6edad43c9801fbf2ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8144256d9c750ccb6f36756f36157f69 |
| SHA1 | 0ed86f2784cd6782d101d4c579da4d915f984fdb |
| SHA256 | a4b7c2786211a7edf24068a111d2dd9bbb7b68839a46be7f067e7501d3811021 |
| SHA512 | 5c23e7c1f575c6fa59e8875fcf9cb04fa09dd3361ef33d44506b3efa63cc17cf769f04652ce0de8c85188ded17636f111e3df4a5b63ce6615a4ee7aabf1d3d26 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dae460497f813f0e077df1e5dcc79f5c |
| SHA1 | 777b162e11568a44d18ea9dd65ddde4c4906d8be |
| SHA256 | ea455a04a50c63392d0f8abda47b1fe45243b1cdfe0a9983140733043b71d7f2 |
| SHA512 | 2daa2bed35d9096e261a897a42e0aa2ef9792ba7dfe691a255393510cf129e86b0487cc820851160e254c2b05e0d25c67e7527bac4740d68f859a21771c6dbbf |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 23:44
Reported
2024-06-12 23:47
Platform
win10v2004-20240611-en
Max time kernel
148s
Max time network
149s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2fd131733c992322ed074ba2be4edd9_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff86a1346f8,0x7ff86a134708,0x7ff86a134718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,5769380039544245079,6507895351563392115,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,5769380039544245079,6507895351563392115,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,5769380039544245079,6507895351563392115,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5769380039544245079,6507895351563392115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5769380039544245079,6507895351563392115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,5769380039544245079,6507895351563392115,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,5769380039544245079,6507895351563392115,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5769380039544245079,6507895351563392115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5769380039544245079,6507895351563392115,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5769380039544245079,6507895351563392115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5769380039544245079,6507895351563392115,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,5769380039544245079,6507895351563392115,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1952 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.tonerpartner.ch | udp |
| IE | 52.17.192.220:443 | www.tonerpartner.ch | tcp |
| IE | 52.17.192.220:443 | www.tonerpartner.ch | tcp |
| IE | 52.17.192.220:443 | www.tonerpartner.ch | tcp |
| GB | 216.58.213.14:445 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.192.17.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.82.161.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.pixi.eu | udp |
| US | 141.193.213.21:443 | www.pixi.eu | tcp |
| US | 8.8.8.8:53 | dfea9w9r80bnd.cloudfront.net | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | dlsueilsetm4b.cloudfront.net | udp |
| GB | 142.250.180.10:443 | ajax.googleapis.com | tcp |
| DE | 18.66.121.3:443 | dfea9w9r80bnd.cloudfront.net | tcp |
| DE | 18.66.121.3:443 | dfea9w9r80bnd.cloudfront.net | tcp |
| DE | 18.66.121.3:443 | dfea9w9r80bnd.cloudfront.net | tcp |
| DE | 18.66.121.3:443 | dfea9w9r80bnd.cloudfront.net | tcp |
| DE | 18.66.121.3:443 | dfea9w9r80bnd.cloudfront.net | tcp |
| DE | 18.66.121.3:443 | dfea9w9r80bnd.cloudfront.net | tcp |
| DE | 13.32.118.164:443 | dlsueilsetm4b.cloudfront.net | tcp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 104.18.10.207:443 | maxcdn.bootstrapcdn.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 104.18.10.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | 21.213.193.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.121.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.118.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.10.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| GB | 216.58.213.14:139 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.201.104:445 | www.googletagmanager.com | tcp |
| GB | 216.58.201.104:139 | www.googletagmanager.com | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t13.intelliad.de | udp |
| DE | 3.124.229.171:445 | t13.intelliad.de | tcp |
| DE | 18.192.135.61:445 | t13.intelliad.de | tcp |
| US | 8.8.8.8:53 | t13.intelliad.de | udp |
| US | 8.8.8.8:53 | www.tonerpartner.ch | udp |
| IE | 52.212.19.221:443 | www.tonerpartner.ch | tcp |
| US | 8.8.8.8:53 | 221.19.212.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.64.52.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b4a74bc775caf3de7fc9cde3c30ce482 |
| SHA1 | c6ed3161390e5493f71182a6cb98d51c9063775d |
| SHA256 | dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280 |
| SHA512 | 55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f |
\??\pipe\LOCAL\crashpad_1404_LRGQRLNXLSTKFMCE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c5abc082d9d9307e797b7e89a2f755f4 |
| SHA1 | 54c442690a8727f1d3453b6452198d3ec4ec13df |
| SHA256 | a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716 |
| SHA512 | ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d5336c27be48eccb09095331b5afa0b0 |
| SHA1 | d841d2950af707a8e6d00c4c39707417a63c83a2 |
| SHA256 | 5a23d6f6be4a2f10ee18f6c8626edb20e2de339379d2cb474195eb312f4c6982 |
| SHA512 | ee0da0900aedebff1d99e84b7779de018ac6eaba7c61cb3642ffe15d7111e131f10bf74fd10895738e0e5ace2feb4672a46e36a9dc678348eb6c1b852b2975a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\9212edc1-9877-4528-a400-0fcc193a61c9.tmp
| MD5 | 567195ba35cdb1bf39ed922abf13e7a3 |
| SHA1 | 509e8b2e167ecb6e95e13d1bf1962994a8874410 |
| SHA256 | 07cb15b714009e3602ca68c50df925797ecb50566c53636c13f981caf1925908 |
| SHA512 | b3b669f6400499665c3f1fc1a08bc2d2966c3f8deca7aef6d1a2f3c3735cd84f3afc0b47c59c6145afda78d488a567a3aade7fabba40559ea7af4954ae552c46 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 54a19393ed8245c1100eb0431bf2231f |
| SHA1 | 0ba4a90b425c814d4dee41067003b428d0481d2d |
| SHA256 | 7e4487ba54e3f440afbf166867f6990abed3726da87166cb576d183d7cde9649 |
| SHA512 | f6c81c9ad30d8b6fa9d2f6a6a1d2baedaf3d30dacaaf23ef60a5148eee47cd68cbda47aea3c905a595f4723357807abfa91a47cd180032d46d9771555396df30 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | eeb4bbecd0d48c19b6096e61cecaa6f9 |
| SHA1 | 1693c739575eef600061b9d9de885499ff9a5551 |
| SHA256 | 2b627fc2b9f80d78a14ff780deae1e920c1ac8b13e494da93ffc1ef3f05e02e1 |
| SHA512 | 7f83d436db9431678abac93671c35c5c7be487708084188f6f0508d3c71fdb7b8d8bd3c2eaf368fad7a10dfac6deec292236c372fb21b895c0cf11a9065d9d26 |