Analysis Overview
SHA256
a121c96dba8568d7dd1f6882e0400d51ecf411c1631450e5bffd224b34949f3d
Threat Level: No (potentially) malicious behavior was detected
The file a1d4adc176d38efd1394afc3a478acf7_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Modifies registry class
Suspicious behavior: LoadsDriver
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 18:50
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 18:50
Reported
2024-06-12 18:52
Platform
win7-20240611-en
Max time kernel
125s
Max time network
146s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{996AE881-28EC-11EF-90EB-D671A15513D2} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\chatroll.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\chatroll.com\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\chatroll.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb810000000002000000000010660000000100002000000089cd2012da57e9dedbfc09ed96c11caeee2df97a7a0dbc568729fe111ebefc2b000000000e8000000002000020000000e35ab372879512d4d15bb52b31de6c1e07086b9a1891cda0dceab45e19542e40900000008f48a566f6efb1c857eb6735e2918e8e6c037dbc7dbec2d3a783adf81d53e385ca995616b97a5edfbf87204846890fb9a78d923e6e54c832b00ecd1762efdf435106b6ead8345305b3d9e5ed49202789fea7dd506642c82a75e56dd5c7d8af4f87b62333683958d51a2363e7219d5e3d355c45d7ea36bb37e560c95b81e18c7972ddf440c5a4f477bff9ff0aba8aa11840000000832629202f8e02ad0aea7bcd129afd2d9cfd22cb88e220a89041fb97e727b55945b157ccbef029fabfeab1565e99c695922c860ba0229ec32b14484b4d5e5f6d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424380080" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\chatroll.com\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000cd2acc750bfe78f43fd323d5786529baee6a5278085fea1489d386104105d9c5000000000e800000000200002000000051d5e33340f4f1a4be73a02f400d8010de782540841f16f5b47d8fa82b545503200000004b41cf4e24c7958068de2892c2fe258ea241e2b5d1a933026a9c01ab67bfacbe400000007ba2f310db102d8e297f25e6115bb48bf563d3aa36c1b1c56349cbb96cc25ab22f23c305896cab911960d403f3097da37cc499c2c14496f5eda8dbabb5d30ddc | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "21" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\chatroll.com\Total = "21" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a026db70f9bcda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\chatroll.com\ = "21" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2344 wrote to memory of 2272 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2344 wrote to memory of 2272 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2344 wrote to memory of 2272 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2344 wrote to memory of 2272 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1d4adc176d38efd1394afc3a478acf7_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2344 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | i.creativecommons.org | udp |
| US | 8.8.8.8:53 | images.dmca.com | udp |
| US | 8.8.8.8:53 | pingil.com | udp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| BE | 104.68.81.91:80 | s7.addthis.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| GB | 216.58.201.106:80 | ajax.googleapis.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 216.58.201.106:80 | ajax.googleapis.com | tcp |
| BE | 104.68.81.91:80 | s7.addthis.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 143.244.38.136:80 | images.dmca.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 143.244.38.136:80 | images.dmca.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 172.67.1.191:443 | i.creativecommons.org | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| US | 172.67.1.191:443 | i.creativecommons.org | tcp |
| US | 54.209.32.212:80 | pingil.com | tcp |
| US | 54.209.32.212:80 | pingil.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| IE | 2.18.24.9:80 | apps.identrust.com | tcp |
| IE | 2.18.24.9:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | www.hugedomains.com | udp |
| US | 172.67.70.191:443 | www.hugedomains.com | tcp |
| US | 172.67.70.191:443 | www.hugedomains.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | licensebuttons.net | udp |
| US | 172.67.7.63:443 | licensebuttons.net | tcp |
| US | 172.67.7.63:443 | licensebuttons.net | tcp |
| US | 8.8.8.8:53 | vk.com | udp |
| US | 8.8.8.8:53 | chatroll.com | udp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| US | 169.47.242.252:80 | chatroll.com | tcp |
| US | 169.47.242.252:80 | chatroll.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| US | 104.22.74.171:80 | widgets.amung.us | tcp |
| US | 104.22.74.171:80 | widgets.amung.us | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| RU | 87.240.132.72:443 | vk.com | tcp |
| US | 169.47.242.252:443 | chatroll.com | tcp |
| US | 169.47.242.252:443 | chatroll.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | r10.o.lencr.org | udp |
| US | 8.8.8.8:53 | r10.o.lencr.org | udp |
| IE | 2.18.24.24:80 | r10.o.lencr.org | tcp |
| IE | 2.18.24.9:80 | r10.o.lencr.org | tcp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | themes.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | themes.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | dw3mgzt87vzb4.cloudfront.net | udp |
| US | 3.165.112.159:443 | dw3mgzt87vzb4.cloudfront.net | tcp |
| US | 3.165.112.159:443 | dw3mgzt87vzb4.cloudfront.net | tcp |
| US | 3.165.112.159:443 | dw3mgzt87vzb4.cloudfront.net | tcp |
| RU | 87.240.132.72:443 | vk.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | d167qii8h0pw75.cloudfront.net | udp |
| FR | 52.222.196.155:443 | d167qii8h0pw75.cloudfront.net | tcp |
| FR | 52.222.196.155:443 | d167qii8h0pw75.cloudfront.net | tcp |
| US | 8.8.8.8:53 | d33tru5sm6wy0x.cloudfront.net | udp |
| FR | 18.155.128.195:443 | d33tru5sm6wy0x.cloudfront.net | tcp |
| FR | 18.155.128.195:443 | d33tru5sm6wy0x.cloudfront.net | tcp |
| US | 169.47.242.252:443 | chatroll.com | tcp |
| US | 169.47.242.252:443 | chatroll.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 660b6e28b38ebe7e521064e60113fffc |
| SHA1 | f2c25e9f931876bf6834191ec5b409f47f869129 |
| SHA256 | 3e203426c4aa1403e940966905320c612ce4006cc87e03eb64058eaf6d402433 |
| SHA512 | 96868e652d5e0c25b4d0f0ada20d345115f0c6fda26d3cab724c0c1867386d2dcedc408c51f776b7e019ce2e22755017d99bf663cdd9fd0d88b26182c6434bcc |
C:\Users\Admin\AppData\Local\Temp\Cab1373.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 8d2139bfa884c305995e78891d55d189 |
| SHA1 | af46666d3538e5b0f049a0d966403f15b4218962 |
| SHA256 | b8b83e3bcb533633f21c9a4d9875b59f297eaaada991305201d19acffd6d1027 |
| SHA512 | ca54f9014a396183a7410bd81ba4ff9e782c18976bb8ab1427b8c5b07a924068d369f719ca9da5985afef273fe0bb206f42054157f59d3316947ab433ca0f85f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295
| MD5 | fca048f31a222a82c9092c6ce3eb7b65 |
| SHA1 | 5d928aeae4fab09223ef9f2b492191286c0247fb |
| SHA256 | 9ce5f2fd134eacddfb26c768ca7db51630898955335dea8201a43b0aee06af7b |
| SHA512 | a064f904ec9fbdb020b63aa217e744eed8a8b1467301f5fb1d46a411870ec1962815cbb15cad471a85cb9be45719424800e9ad23478d3b7e864c0dc422fa575f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295
| MD5 | a4c3e4b3f212ccf9719236eaa8f728be |
| SHA1 | e017a18974a9969ca60ca2499ac54b464d91a2ef |
| SHA256 | 0641546fbe6a6bf201d918796cf5efa992632208053037f369a6173cc2afd39a |
| SHA512 | c4c229eec604f4022ab0d439eb8b95bbdbb554d809d4571745957f0da5dc740e4ecb13757273b9dcf9f431a5b1ca40d53a539e2ccfaadbf7c161dba6b8b2734f |
C:\Users\Admin\AppData\Local\Temp\Tar1426.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bad3ca88db0ab321ad9902c599c06112 |
| SHA1 | 633d0dd90f6a3da86407ef8fa405f374acfa0c02 |
| SHA256 | 673aa435102af23c27098ffc632441ede4797232f0f96395b46678ce6b43865e |
| SHA512 | ad3116a9286755aaaca10ff1a9f1c8683596f49db600004aa32b26b2110e84a6476f8d53e55025dfd58142d8dc849e45efbe25d356ade613970351d28efcf770 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6F0O117Z\jquery.easing[1].htm
| MD5 | e89f75f918dbdcee28604d4e09dd71d7 |
| SHA1 | f9d9055e9878723a12063b47d4a1a5f58c3eb1e9 |
| SHA256 | 6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023 |
| SHA512 | 8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2be7158dea582bf20256888199e59209 |
| SHA1 | 865e585efb6706a141bc34968bfe7c40d7467070 |
| SHA256 | 0fff7458af3712f5bf219ad1ca18c2a205dc4089812381b7914e09adf37e7762 |
| SHA512 | 7b2420890150fd8fe22a4c963adc61f1f44092e8e7238f2b533e893881b9aae36092eb9793ce026f35074e0d0b879dffd10018d388dafcc1d66494e422a2eb93 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa89ce3c25f63dfbadf27f46af07da43 |
| SHA1 | f8ba0305f3df3f14fb7e502b78a391b8f86c934b |
| SHA256 | 4ad97abd4cc9b5649f27e9cc1800ddbe35a3b8ad1f3670291f01e1a803319cd2 |
| SHA512 | 5222e9bd31b70a6c48202577451d7a5c23d0e5ce936b24b8e39be9ae435bcc6b871db5bf4dba8b071cc5af7164a28b39a26fc7d9633e553a3619529b2352143b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d1c8139333ba28ac656314d5aa929852 |
| SHA1 | a32934fc052a1a9ec3bb6e15a26fea2c721d1408 |
| SHA256 | dd4f9356797d8f9f21136e572eda3862e2927519d8368ec8943b5e2ccf0542d1 |
| SHA512 | 994c7b419512e898ef4643df2b21737ff939c69d95c7b5dfb4d7f84064dc3982dc654ea6bb39f14ae95d575c5262763eb3976ee604c000b6fb29316792543acd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f96fe7699d6ea0d35af9244d498987b |
| SHA1 | ee3b0046da711c7260a61fc9d8a0a2ee99acd8be |
| SHA256 | 81f3eef4bb442a75d2b6642ae949813d094ebb2755ee751eb2dc36db32746a7c |
| SHA512 | 52350bc29dbe9826c0363dfeb2c255c8abee2ce8cf9b6feb1b6b2b22e578907125b34b193b840caa784b71fcf7fb37752af407d7d0cf7be691e525a63e632217 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d4e8e12f1282cff41683ce9650e1dbd |
| SHA1 | ac449f7c14bde8f442534c56bbd48af1f5c2928f |
| SHA256 | 3ff3bd1f7858bcbf47c7f0a2b6e0a34c062dc0f91ba9f70d6a3c5320e3403a85 |
| SHA512 | b19d5c087f2bc43eda96229a4c557b4995263cc4baf8130dde3c0d911a76c4b32a3ef1a398b6f7cb9d603877dccdd47ddea7d75429baaba638f38900c949fdd8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 36a0c41f88a83879a88257ab57ed8485 |
| SHA1 | 07de801eefcfe878a7cb4239dddd3d782ab64822 |
| SHA256 | 924983ade509239a9854c91dd4ca241c84c3dd74c43a44fbb1c8b82ebb8ae394 |
| SHA512 | 77dce76519f4ef50b4b37f6ed85f0b7f77921095df837dddc9ed95b5b7bfdc82a5b0d858970a816b64fa1ce744bbfef678a85adc3721374b30fe3bf8964f0cc4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da4239856e0162291918d298564f47c0 |
| SHA1 | 48d94052ac0cd6370ca36a8c95a2bc9feb8fbcd0 |
| SHA256 | dd0b86e929906a703cbc73f722f9d9edfa3b332a7b102090dde781836572eef2 |
| SHA512 | c97321084082b5e840b85cb9cc34cb269e3c46dd172d86a4c0b96918ab3e107e3b9640214808200d40c1fd3b093db11e793299bafdd0171d2b1fb9a159d418a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 8a1fbfa5cc245b2b1263105db98882ca |
| SHA1 | 70fa520f4253d8b1d44d069591dcfa348830ebaa |
| SHA256 | 621da78cd52c15402b8e18ceb4d4ba449f292400a635a21d3541672fa7272e84 |
| SHA512 | 0263eb6758db0ff71c63b30830c41b484cb5775f220fa9c8abac21b82567fe7b0ec526eb5ff624150846dfb2fcf52eccdd26a1b47efed62f6d025e510abb4935 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88fe0bc2c5a844a3dddc6444110a0c4c |
| SHA1 | ac20a6ed3d1432ae4ccad2b02a953d570d68c913 |
| SHA256 | a8acabe886e9835f9791fc97433063c49000dbc21e413e21d34c167a629ba1b9 |
| SHA512 | 775a5f06c8ad95c7bfceb1eca94676cf9c2fbf25512188833f60e3edfb6e22eac97d917ffdc4266b4c121fd0fc83004076d39ba1453c145921432a4977d8f9ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b2b0368be04f0fe88b4e6450910fae1 |
| SHA1 | 24f9ef9fd7524c0576825c6f8c162dff301d96de |
| SHA256 | fb9c4858b3e645979b9addafe3e0596d93ce86e0a179eab00e19787d4286f830 |
| SHA512 | 14c7a8078bd47ea6b06c8d7ea1a951ed6a7b148068d518785b7d16b4344a5f72e72e94343100c1e26ded744f027b57ba7d72cba39faed878c195992a9904c6d5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R54TGSS0\css[2].css
| MD5 | d03a9c36c526819e6eae8555b36aa174 |
| SHA1 | 9c3b9c5cd06116339b82ef6bb75c8063f1b57cea |
| SHA256 | 3583464f85f91a544f0a8a89ceef5b16c55d88b8c6c20ed2241cc657df42fd07 |
| SHA512 | 1bd3b545d4b8138c91c3e830e57a4e275178052ee30e90ca79cc6bb632c882972058b8278d450274a7ba010be6fb82dae756847cf4f24cf4d7cf56194935bbb9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2a01b83a1a2dece8e0aa37c5df5e626 |
| SHA1 | 5f675f079b16f6f6c4f0207a35a28ca00821f499 |
| SHA256 | 8010e9443f2b72872203fbe1dc2bc009fc2e6f917b52ff3c194f4b259752884f |
| SHA512 | b75d932c56c86e353160e2f27186a3dcf4c603f986fc6e165bd7a20af7bd141485601e2c9495b6c38559976d9bd65caa1e453989b21728703d7be3589001d021 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04b049f12d0214b20e76b1f08f80494c |
| SHA1 | cb31ca914c0fb1eaa9032576d5874edb065f86be |
| SHA256 | 1473e0a7bca8b1e194dc4de2b98f7e0f56b1e08f2e2ecae0b7db40bef5971593 |
| SHA512 | 278a0444a183722f1e63101e25825c837b0726668f98686aae1afecc259df431b91b44f66f5ca7f107dc7d9dd35c93ceeaba0ed140f3b9c75907f7d1a1564a3c |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\WXS5XHAP\chatroll[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e300f8b957ca76217351f263a27b1a5e |
| SHA1 | 9a16667f0ec00bb6ab20f6e6eb797bfe1f35d0ea |
| SHA256 | 7e33d494bf950f1b00ac58dc6a9452d038dc6800cfd738322c775b2a37c2e6b7 |
| SHA512 | 25ebdea13d21bbf51a21814c59f1f24e8e54564459356e42aca716553ed3dcd3de39dac0992efa9a029571ee07c92f83fefeb3d3de9c27a91905f79ba96299dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc2ccdc19ce48038e73d0c3f18e4533b |
| SHA1 | 4c3dbd683f19dfb00a721036c75bc801f7dd6ebd |
| SHA256 | a1688a231d3234d400696bcc8e4c3cdaab8a9a8b74c0d2646f6df607e49dfba3 |
| SHA512 | 4417fe59320f8205bd982f6bb4e482a678f78c517b73d6251aec8d6b016df9e929afb272589225f391d3e00a791880049806499b09cc5b219f8e27f978c382be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 95e97680874cc618aae0aff5baa11bee |
| SHA1 | 7545d02c1dedacc58e28464b7c5df9c286dd3d57 |
| SHA256 | 69e413f17ae672b0a2d20c5b70b8aebd1b1dde640d51e6aaec90662229f4f524 |
| SHA512 | b468311bfe547d01fbf3f4f4a5becd5775fc222ba8fac71a42a84d7195ea160a9d97918d977496cc4d9183dd43ad67810a168e99f33e624de1bbe5c0f27b833c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4bf390796b9435f12529884846189282 |
| SHA1 | 41d6ba899bd270bc8e17919d0e879c19a186fe3d |
| SHA256 | 78f5a6cc6fcd20b475d4848ecf8605649c9906c14ee96f26ce4564675875c21c |
| SHA512 | cb763b929e23d448bf26bd4ed0067166d9215df6af6ae1bf2746334f1f487452d57cf516457132428c5aea78ea734cd32ea517665defa8fcf380e86bf458adcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00d54a830d1af367ae2f8624c41f912e |
| SHA1 | 8bfc3772ea616c1d1f92fdeb639d1e50a6b5dec9 |
| SHA256 | 0e77fa5960e910de75d453be53040c81edd15f395649825d28cf29fa11d488db |
| SHA512 | 4f5ae6d33d7b9e0d8ccaa9c1a0591aefec6358387785eb278be87385ec147d941423758d93f861b7b418efb7c49239bd54ff53b8d8cfe8fdd4d374b6bcfdb9a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b784c2b5e018e5704d04ad73b7e2f43 |
| SHA1 | 6a56e4275ea7fc070836061b005d02a5d5015971 |
| SHA256 | b71a7599283f936ac8c0c1ad4eaaeafb9849c336b01db9c00648f6fa0e40a18e |
| SHA512 | 8200f2ff4b0e4c25d5256287264682f3df762ea6475cb6803140b3a9e916b537537c2227822dc56a8a54e5b9c291dcba7146fdc6abae4003215e3abaa0e0a0d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0cc73a5f00990f8c30471adf0710e4db |
| SHA1 | 1e913db6dc6b4d4c199b7e057358076bc6f101c3 |
| SHA256 | 03b3a3020144b5f4da2ca1e4b9b4a3a5fd7918038752246a892dd7880be61f1f |
| SHA512 | 67f84065aa4ff964e866f15d45891a574cc0c860d271b85965636b4fe9b057bfbe957ef16c5e323394db8ee472f58a97adfc91a03410227b38dd62941ffed19a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d80ea408c34081f92cc41373dcc36c9 |
| SHA1 | e20c131511fbfe5a34fd47db5cb66e82c3f7ce2e |
| SHA256 | d787a0a8c28baf792eea216b48d5f322624f8a32ec576e5b6213e443b16baf90 |
| SHA512 | 0a446480dff8e0c65e5e7a3c1203d6f5b4c3249f170efdfeee7df585011012b25996600b2a16e888ccb21cfd835d42faaef7b37b78768be2a5b014191d6059ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc05406c19dd0d710bc490699617dee5 |
| SHA1 | d32ee2c59eabdcd82a7df73806b46c971ff04326 |
| SHA256 | 3f5b19c00bd4338ab2f65fda1d33c1e0d183cc03dad284aadbde0bab75f6afcb |
| SHA512 | 01daccaa416306fecd4418a2049d7f3c8b380466e0b5b56a8b9e56ab21608367030d7f3ede7e3f4d60b9ba5fddc00ab6d0ce3e2a0284be2f7db9a9c7692ef41b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c8c154a9acb5eed2e08f0b554850632e |
| SHA1 | d50bc081408530fff8ec7adeb0475a63e6951946 |
| SHA256 | 5ead89362bb75cfbb4ec4c2f8504c82a74397dfbd7684249d7c6fdd625db1050 |
| SHA512 | 86fb5bd18d3b91b4d852ef30d0fe2316988b69f3226a5380bf77a0892edd16a58f3e21ac6a1a5aeb9e1202b2d543c1351239dac56aa6cf96ee5b6201ce431ef5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e22092f76a8d0c80ed3680b044e6387 |
| SHA1 | 18259bad22f85790121dd5a38536b31a951e9e0b |
| SHA256 | f71bbf62d99f43eac7f931b32f5f4dc2275ee5c0c98fa708cfda3f601de92dba |
| SHA512 | ab65899dcbc7f9afbe0a6b1c5c680c40213778f90c659a3641f47d44530a9baeec6fc92a89c92174a123baefd398de0c04da8bb26882ac7271e7e26f63b0c238 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5bd7276fe5b447cb2c6eaa6cd5694978 |
| SHA1 | bb3481cccbc30db5b140c7cd82c94695634cf327 |
| SHA256 | eea99d4a272f394178659317f4ce4ecbe1ba5c5e3f4c0dd74f4d5b9384ec0cf5 |
| SHA512 | 2542de8c31ee05e56721b3a957a5d0b6f67c9cd5a1a9c008e24e954d0a9197462bd18d5ac12ddd2ca4b5ffcc3b94c0517e3bb10965ae1bbae52f6ba9307951af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f98ed5cf5033f187cf2a428ca6800a1 |
| SHA1 | 806a3d483967d1a8db131908d1bd26a3018a0933 |
| SHA256 | 0a2ff04748c6bc31251d06408f8aa06aca6d6baaf757ca65b4d2c4c33808dd27 |
| SHA512 | 7d3ac669f426ee164d47cb8d62886057af17e60fb0001a6cb6217ced9d6dba7f274e303403ee0502a600cb09832f0f0f5e661f35b2de8fdb00e38433041d346b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d93a57109898d951f1cc3b0eaed023a8 |
| SHA1 | 655f8ce923034273837cbe025c4c14b40c7480ea |
| SHA256 | 1cd07a21309ef4362da1621a1e81f12026e7fc635e2da261a2cac1f54fd8284a |
| SHA512 | c9e347fe382d91be03461bd75877d5e22add014c21ee8b96c7982dc669321dc5d20ebae11c12cb5c090d19b6cafe7071d88f86bf8dc4702c91710fce6eb731c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b028641243507f8199e8d4a814f39554 |
| SHA1 | 3c2636f38e7051b64fb93fc8aeb0eac8a317a09f |
| SHA256 | b5653887bbec218e130053484e50fbd0463b148ef690527c9052d64c94c8bbc1 |
| SHA512 | a4dccff77ecb98a09c9afc96ab1bb96c87fb1fd72ae82e73b7a198a71c8b27a7101d189671b5e7f2af5a64750a30b0dfdb3549a2b2b97f0c7e0436f4594e3b8a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eac03b77b34fc6c069ab888856b7fed9 |
| SHA1 | e8b773cc73e5727d0fb32235d5299c1b143be519 |
| SHA256 | 2db0ef5a33ee421c984b24e8abfd733449d870d64a9ca252b72d470156d30c70 |
| SHA512 | d2d948e75aec62a476f9d4b6e4d7381eb256f175d57eb0aea1b20a4cf69844054ea4f1e5ecab6cb19052d05127ec42554ad62892a13ff9a4505de4a74a9357e7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea5fe3ce042bd79dce73acabd90ad1f9 |
| SHA1 | 3f376c2fe297dc10103d24ff3f6d79e2c601efd0 |
| SHA256 | b83b83b4f6eb6f64b573e5fd30b55857c2d88e6731a9f7a57b35e5841944d653 |
| SHA512 | 5198e259908cd895de0755cfebc290037748d159105fccbd05b7a4ba7487f92e6ad2261b1398489d893826fc5710eee4fe0bb5dba0f752d4e4b0542072484f8c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e719d162b42a3a751ab53450defaee97 |
| SHA1 | c158938b2ebc2f8525eef089744c40cafd9d9900 |
| SHA256 | 7308d8fa6a2501f0ec566741bb6e0fc8825bc6e6ee3f01cef26b4d4b9a484315 |
| SHA512 | 63f82e4f5a6fdd65abd507c0738df30844236e97eae38fabb1c12abee404daa2789fd26e2a32d9b63d473261b709ce83c8f0eb12c38f4aa4ffce3784039db4d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05a16cf6312d8e94aadbc5f727f3ffc4 |
| SHA1 | c627b5dda4d2ef0d3bc723a9ddb4dcc32bc17eed |
| SHA256 | 8cee5c3cb1ae72430f5defdc0063dea2092a4c62339155528f5ffe4673468c0b |
| SHA512 | 09d8a5c7fc14b943855acaf272d89be4996b5a580f97226c9d0bc95303d43ea8646e3e9b77cbf265ea179937a83c94fe3ce2442355690e936199eeba8c17040d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | baeaefbf0b9703d905747b20f8136f8b |
| SHA1 | 7684eca0ab94def3bca7ec80a3cbe7e2973be92d |
| SHA256 | 89a9110b4c5a0f3126ab022b7001511a8c6cc695cd5df087f8cf4425a529fa1e |
| SHA512 | a5aad22bda03eb376285993278da011463f60e36984a2c074f0945b14415b11045bd21622c350ebbb7c476235a7cbf97a8d9a11f97bdfff270f805f47bd0c9bb |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 18:50
Reported
2024-06-12 18:52
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2447855248-390457009-3660902674-1000\{E0F93327-5E9B-479D-8356-DBF33A63DAB4} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1d4adc176d38efd1394afc3a478acf7_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcdd4c46f8,0x7ffcdd4c4708,0x7ffcdd4c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4225560164881251901,9111628631085292745,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,4225560164881251901,9111628631085292745,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,4225560164881251901,9111628631085292745,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4225560164881251901,9111628631085292745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4225560164881251901,9111628631085292745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4225560164881251901,9111628631085292745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4225560164881251901,9111628631085292745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4225560164881251901,9111628631085292745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4225560164881251901,9111628631085292745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4225560164881251901,9111628631085292745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2080,4225560164881251901,9111628631085292745,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5156 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2080,4225560164881251901,9111628631085292745,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5868 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x150 0x2c8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,4225560164881251901,9111628631085292745,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6876 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,4225560164881251901,9111628631085292745,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6876 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4225560164881251901,9111628631085292745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4225560164881251901,9111628631085292745,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4225560164881251901,9111628631085292745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4225560164881251901,9111628631085292745,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4225560164881251901,9111628631085292745,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1880 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 142.250.200.10:80 | ajax.googleapis.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | vk.com | udp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 8.8.8.8:53 | pingil.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 54.209.32.212:80 | pingil.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| BE | 104.68.81.91:80 | s7.addthis.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| RU | 87.240.132.72:443 | vk.com | tcp |
| US | 8.8.8.8:53 | i.creativecommons.org | udp |
| US | 8.8.8.8:53 | images.dmca.com | udp |
| BE | 104.68.81.91:443 | s7.addthis.com | tcp |
| US | 172.67.1.191:443 | i.creativecommons.org | tcp |
| GB | 143.244.38.136:80 | images.dmca.com | tcp |
| US | 8.8.8.8:53 | www.hugedomains.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 104.26.7.37:443 | www.hugedomains.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.169.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.132.240.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.81.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.32.209.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.1.67.172.in-addr.arpa | udp |
| IE | 2.18.24.9:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | chatroll.com | udp |
| US | 8.8.8.8:53 | st6-22.vk.com | udp |
| US | 169.47.242.252:80 | chatroll.com | tcp |
| NL | 95.142.206.2:443 | st6-22.vk.com | tcp |
| NL | 95.142.206.2:443 | st6-22.vk.com | tcp |
| NL | 95.142.206.2:443 | st6-22.vk.com | tcp |
| NL | 95.142.206.2:443 | st6-22.vk.com | tcp |
| US | 8.8.8.8:53 | licensebuttons.net | udp |
| US | 172.67.7.63:443 | licensebuttons.net | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 104.22.74.171:80 | widgets.amung.us | tcp |
| US | 169.47.242.252:443 | chatroll.com | tcp |
| US | 8.8.8.8:53 | t.dtscout.com | udp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 104.22.75.171:445 | whos.amung.us | tcp |
| DE | 141.101.120.11:443 | t.dtscout.com | tcp |
| US | 8.8.8.8:53 | top-fwz1.mail.ru | udp |
| RU | 95.163.52.67:443 | top-fwz1.mail.ru | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 37.7.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.206.142.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.7.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.242.47.169.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.74.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.36.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.52.163.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.120.101.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | privacy-cs.mail.ru | udp |
| RU | 95.163.52.89:443 | privacy-cs.mail.ru | tcp |
| US | 8.8.8.8:53 | dw3mgzt87vzb4.cloudfront.net | udp |
| US | 3.165.112.159:443 | dw3mgzt87vzb4.cloudfront.net | tcp |
| US | 3.165.112.159:443 | dw3mgzt87vzb4.cloudfront.net | tcp |
| US | 3.165.112.159:443 | dw3mgzt87vzb4.cloudfront.net | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 169.47.242.252:443 | chatroll.com | tcp |
| US | 169.47.242.252:443 | chatroll.com | tcp |
| US | 104.22.74.171:445 | whos.amung.us | tcp |
| US | 172.67.8.141:445 | whos.amung.us | tcp |
| US | 8.8.8.8:53 | 89.52.163.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.112.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | stun3.l.google.com | udp |
| US | 8.8.8.8:53 | stun4.l.google.com | udp |
| US | 8.8.8.8:53 | d167qii8h0pw75.cloudfront.net | udp |
| FR | 52.222.196.99:443 | d167qii8h0pw75.cloudfront.net | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | d33tru5sm6wy0x.cloudfront.net | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| FR | 18.155.128.195:443 | d33tru5sm6wy0x.cloudfront.net | tcp |
| US | 74.125.250.129:19302 | stun4.l.google.com | udp |
| US | 74.125.250.129:19302 | stun4.l.google.com | udp |
| US | 74.125.250.129:19302 | stun4.l.google.com | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.196.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.128.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.250.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.17.2.in-addr.arpa | udp |
| US | 169.47.242.252:443 | chatroll.com | tcp |
| US | 169.47.242.252:443 | chatroll.com | tcp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | top-fwz1.mail.ru | udp |
| RU | 95.163.52.67:443 | top-fwz1.mail.ru | tcp |
| US | 8.8.8.8:53 | 66.112.168.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3a09f853479af373691d131247040276 |
| SHA1 | 1b6f098e04da87e9cf2d3284943ec2144f36ac04 |
| SHA256 | a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f |
| SHA512 | 341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016 |
\??\pipe\LOCAL\crashpad_3036_JXLROGJIPCZYPOPU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | db9081c34e133c32d02f593df88f047a |
| SHA1 | a0da007c14fd0591091924edc44bee90456700c6 |
| SHA256 | c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e |
| SHA512 | 12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a01e7bce-13be-4872-a782-dbecb98e6a85.tmp
| MD5 | 03bf8121d763f8f8b31363857fcc4683 |
| SHA1 | 6c9791d2713126bd15bef0bf893c6f9b42d4ecbc |
| SHA256 | 88099086e462bec50e0fc8392bba0d9551886609aa5cfc737b21429d59bfaecb |
| SHA512 | 474418ae9f7b9384cf994f2bb1b63b35d3f715dc4299a556cbd2aeb58f19948cfaf0a1768e0c04f59aaa3ce0a9f851453f89abc2ef598a05089ba9b92f77faa1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 68d8475f9ff60e878f4c5135c28df22e |
| SHA1 | b7962779ac09b229359a99f48d22d215669d1c28 |
| SHA256 | e334fc2b911f1b41dec65c208de847dbed95434c999a45284e5a17731946fb60 |
| SHA512 | b23266be7b842f9e7f5bd7eff93174e83a1c6c765819fe97536a1cb8be43d5d5b208e4e8efcd7ac22b0102de3320cb746fb7cbe14590f510b468c755d23ff182 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ade0417b4907b5318cc03f2cd93aef2c |
| SHA1 | 1786dfb41970d8eee034f03bb724954083785e12 |
| SHA256 | 7e59b0b00ca3d991795b7eb35ba491ec3b4b417f3dae3d1288fef3e848033394 |
| SHA512 | ff0ee67d9dd388f7b0362d21ae463a541bdb714604db8b61c6e9e7aea1d35ab13dcbd4653065e41ca3e0df1612f0fc775cabae77fb555e1569ebc7cbbbfa57b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c33f8a914c5351ad8967dfe92adc8b1d |
| SHA1 | 36ca05dd565a8dcca5191213e2b6b4ff07d4ac9d |
| SHA256 | 0e209c126954c7c374383616988a13931426d60e2ad23806f199ec4f2b3c7570 |
| SHA512 | ed86e110dd1ed7e4a5e8bbd50894a9b94f38466abf3f2e1a2b77281c4c2c2c24470e3c9f35543deb7d11f26c5cd059d433fa28afad65eb97b14683d3536f805e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bb57677917be7c57759d0de087932d99 |
| SHA1 | 6ede830f519ce5f3ff056e32f33cb92d8491eb0c |
| SHA256 | 870890645f18f4660a78fc8e7a00f047a25a526eec528f7a5a3c75c623d967a1 |
| SHA512 | fa52e6208000e7ef768ca759144829bca215dda6ce70011fc3a9683690c3305287f0a841d430b1a276a9954c07c1afe05490ebf72c315daf8d0bf6ad34e4f88e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5aad62dd7ce3f1edcea7935148ad9a28 |
| SHA1 | 796a51381098dca1adb027c82595adf3a43715b3 |
| SHA256 | d073d587160ba8a6c05b3914694ac09fd20076ecc01a63163612812e47f46f25 |
| SHA512 | 84e5b91e7d0c686b7136ee947ce93dd1f8ae972c615517e82a4d2d54550ecb39e23f1bba576f6fcfb44af4a92cb35392d207c620529be0b4466de7dbfbd053b3 |