Analysis Overview
SHA256
700365e51f0949a6f943da95eb903aeff292f140f23ea1cbfdd13799e31a9604
Threat Level: No (potentially) malicious behavior was detected
The file a43269c71b874b102bde1b093274dfe6_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 06:27
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 06:27
Reported
2024-06-13 06:29
Platform
win7-20240611-en
Max time kernel
136s
Max time network
140s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421898" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000f519f9826bbf56906fef3839b13ad3dd6ddb366486f236b9769bb147922c0f06000000000e8000000002000020000000969d8cd555e4d013c1e4bec0134d3068f3de7fad2850e324a0ede0ee96c8371520000000b22bed7a5c5b6a6d0a0dcc557cc1d5d210053a48bf33a8d6a689a61db6f6dd4c400000008f2c4380556d1977e316d96f0f7bdc1848b44c6c06c2cdee23612d61a5c0a4c8d755e3a0b822a2585da3e822807772d16eb05f51d1c02a51e47233c074c1135c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000c22217e80b15036e6c246e8bc9ae62bc17379cf5a86521f919093ac36a663055000000000e8000000002000020000000706b5832008b722a709f4a5838f3aac189f12da25ce98a2d8f41c98dfcac6e2690000000c569a8f29262c41fe34363c2185a8d785a801b3e354c952aecbebd5417b4f65406cb5dcb02e1825e8954bce8e104595d11a4cdff8acf8e60a7c0bc90e3bf3f4292345f3b1390379c4d4138de180562f1953ab793bb4be1cadeaf662a069035d1e5a5147cc95abc868eba4bf5d2cdf05fe0cc03864382ea4ae1db50f81b303d05681b118286eb695fb75f7cb0ab12e820400000009bd8e364b0f33e67f0eecb3d330bd9d83c34456d760dbe46045863d0e3a01213ff9b7e5524619787ecb2c505f3414252017ff6e7f75a4f813dc8e1b5a733c7ab | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F6E39001-294D-11EF-A0E1-D2ACEE0A983D} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 603977cd5abdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2484 wrote to memory of 2428 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2484 wrote to memory of 2428 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2484 wrote to memory of 2428 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2484 wrote to memory of 2428 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a43269c71b874b102bde1b093274dfe6_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2484 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | fpbagrag-seg3-1.kk.sopqa.arg.r.de.a2ip.ru | udp |
| US | 8.8.8.8:53 | fgngvp.kk.sopqa.arg.r.de.a2ip.ru | udp |
| US | 8.8.8.8:53 | de.a2ip.ru | udp |
| US | 8.8.8.8:53 | fpbagrag-sek5-1.kk.sopqa.arg.r.de.a2ip.ru | udp |
| US | 8.8.8.8:53 | fpbagrag-seg3-2.kk.sopqa.arg.r.de.a2ip.ru | udp |
| US | 8.8.8.8:53 | rkgreany-seg3-2.kk.sopqa.arg.r.de.a2ip.ru | udp |
| US | 8.8.8.8:53 | snprobbx.pbz.r.de.a2ip.ru | udp |
| US | 104.21.5.12:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:80 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 104.21.5.12:443 | snprobbx.pbz.r.de.a2ip.ru | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TNPG4FQ8\28616404_10160148454140578_1901066303915416974_o[1].htm
| MD5 | 0104c301c5e02bd6148b8703d19b3a73 |
| SHA1 | 7436e0b4b1f8c222c38069890b75fa2baf9ca620 |
| SHA256 | 446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f |
| SHA512 | 84427b656a6234a651a6d8285c103645b861a18a6c5af4abb5cb4f3beb5a4f0df4a74603a0896c7608790fbb886dc40508e92d5709f44dca05dd46c8316d15bf |
C:\Users\Admin\AppData\Local\Temp\Tar3048.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\Cab3045.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5597bedf7d205e9a45c8e2b8e16e1f9b |
| SHA1 | 382525b6fc8544508889db0c2251a1e08a35ef9a |
| SHA256 | 60cba8b958afabc541b49342506ff32858902f8e50bcadeec406270d6b7862b9 |
| SHA512 | 7b6971c994f4a3b168a74f0db925ba8bb05393006d6591e9b32e026098179eecabbfbca06511a42378aaac797e4e8709971358263f82548b6f7d10ef9e737341 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 56eece8e635c28333beabcbc93d3af1f |
| SHA1 | 047411556b2d260d24547124231491fd4ca2bd0a |
| SHA256 | 33d263d174c5edd6154c7b52b3d9e837dc1474faf040c52abc5f8f4fc7427660 |
| SHA512 | 9cc826a32cc48a197b2346ee3448842ae0bedb00f10145176e6c77e9f8bb23bf9792dffdb29b2951b256bfc78493f40753fb24a12e7518cd75b1d6cab6c7396d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 495c6fed56150037d49584ecc4a9eba6 |
| SHA1 | 9552296f6e739b5d6eb88194309869329401763e |
| SHA256 | 05aa4d3e0343a7b7a19c96ed92ced9783422d4fe29d3d5a975a9627fbd1e20e2 |
| SHA512 | 9b839a477994b84a4f79b2f2e2aa99c3188dd1953e36c4ea64a12d1f63fc46d7b95a3af8f61633b233382b62bcf82e42f42f62bb8d6d6e39b753420dafb0042d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5ccf3ae6ae63a705d7fe4e567d53fc86 |
| SHA1 | 13a12b8fac60af0b5afde2c5cc33ca932dc12a73 |
| SHA256 | bc176bb7a4751c7659e67b325edeeaae7754ccd15a39011a24fe6e3ae835b3e2 |
| SHA512 | fd33d23fbb8934dc54fcf28f0ba245e6fea67905a3e9b87da751dfbb4d53fde15b705774d785c1018eb6ab79f860d5fe03d89f39596f3bfb1d239ccb250046ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df7feee0b798d38eb6f1dddcf8dca00e |
| SHA1 | 62f086314d69f3b45dc2c281f6b77b6f7bed2eec |
| SHA256 | 6b780eb88f0cc2dc74d2b77cce3c6390a58e48019297aa16ea5988e32e435b9e |
| SHA512 | 1108ba8c68a844fbd427ce8377847c91f8a604542d5a9507dc28dd4121518e2d9c255b4d632a9042176c905428db05aed815791e3184c66cd8df4f35504ccbdd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce31940a7a778527d8cc5270be0945db |
| SHA1 | f73f275a33c89b8510da1a78e87b3edf4c070b28 |
| SHA256 | efb851ad9fc0e9e54fe53bf91f16cf8e7e696582d8e74280c5b44a0f0b167fe1 |
| SHA512 | d9e95fce112b9a614786742f39032462d834379d4ee5bb7bf2b303d2172d5d663595d3dfca2836ff788915e36419e8cb35df246a3765fbc83e9a8512b0c33da6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d594d94d36509510b45b5eb1b5921f3b |
| SHA1 | e91a78a31da0da8c73ef91e327d9c4f7c242d8e6 |
| SHA256 | 3e7bd2660a698139923b11f3db6ac92f687db17cf0000ae754f4b5852a098ff1 |
| SHA512 | 95de69d7c6bdedaa9ff8834737186b84630e05a3e59fea65b194cb1f4b398085643d6401324fa18e18c4543b0dd11db3a5be10f3ce177b993d92c903169fbc5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aebc9118573621f6506f760511b83ccd |
| SHA1 | 6b12d31b9f080080b1c107a1f4e816dd1a370c36 |
| SHA256 | 263e44f7f0521f2d074738a997262b2a834b039bce2b645468235124b5703dd5 |
| SHA512 | 54e3e24a1129e878fe5bf55e35cdb03e9bfe4a8cb71c4da7c094f7ff94bbcdebab360a7bc84b4eaf99fe056a976d99f7f770d1bd6f35e4df2fe4edc4a3eb3a72 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 113c4213e9b6a154c4facb009d25a148 |
| SHA1 | 840c93fd60977183cc062a048285a1478dc88e0d |
| SHA256 | 5b9ff703ebfae39de07d9a3d3989b74f43e54f5638b9156dc4ea264751536e0d |
| SHA512 | 20aef775094ab36731a1602e29fe83f4112e25543eac2c4ab7d2ed892d456654112284648134a08c58572750e86846b32ce04687c4f49491400ad987372aedf4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2dafe8e252b565e49aecef2ec939cfd |
| SHA1 | aedc8f05e37a3efb517d3e1b3b41dd223c4eecf6 |
| SHA256 | 86af9eca0c8fcfbe5c0e0e1768b5f70bc337125368f60a38fb170dff2195f181 |
| SHA512 | af0d005da0957e5071dfcec66177496e5e484b66ee48d5064147c45b5c04666a2756121caa36ebb19c08b92e6ee578b45da4888cb7df89374cdb84306120aa32 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 01f928775896b17e9d43f78328337206 |
| SHA1 | 80b43d4e49eac242e845245c0e25593fd6078635 |
| SHA256 | ebde16b9ae92095850dc7b55227dce7600c1da6dc576b928c169147298f1ebdb |
| SHA512 | 90741a5a5a8b022100a5ad4d24beade3df588ab3ceda140f22dc13073ed57910bbc5a0edfd27875fa8e01f4ed603d2cf0818b54945504c0474d5eb26c6677eef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d63a0d28137aa5abcda627038b07d52 |
| SHA1 | 28420ad2b8993c65be8f6a4d074d804d39e75a13 |
| SHA256 | 8765a1418ffe9cce5ab7475b98989ad97ec75fbeb888a8c7c3a9512a746bc384 |
| SHA512 | 32ea1ff558fee5c507bf4611f7e9118542e414113fd832fe30c697b6b8ccf9615ecddba517125d4b446420fb773285297b0c4630bf38143644a7b0b4c232a4ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e42d53838456725e3904b248cdd42ca9 |
| SHA1 | 4c9961d39c892f2359e028a4c81338c69bf0da7d |
| SHA256 | 5391c194c4bf6a003a9931b7fd146500d32979a2d3ae1d9a799a6d7f1f4d6358 |
| SHA512 | 83735a661767c4e64c07f87452081a7cbd1b5f7be2740f9c999a6c6bbe34a0c042b04ee593da7fccb1b250cd53a91bb393daa636bf9b0711f73091767d6c900c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b95feedefa811dce2cf2b5b79b2d21f |
| SHA1 | c622f283607e89b124cd44bf4cc2586da7091dc2 |
| SHA256 | 82434ab0f24e6add03f7c023a79f887fb0ffc87481739eb683b3558b252b0d91 |
| SHA512 | 489d3b981f54dd2334f37ee3ddf51ea1b4c3542c9687856c0020641314c0db3f06f5940b9f4db9690e54ceb6406f0d225e5e34d742723809c982a6d82a6f0487 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b63a4cafaf0f70b4a5fda8872b5898a6 |
| SHA1 | c63060f76cc0d41a69ea6273e3860514ebe6fc2d |
| SHA256 | b0e5ac381b79cd5d450f7f6ed62943a2bc629c308853829a168b4bca62b02509 |
| SHA512 | 8c59def613600b630be3a666370f39326c59285b442898f643165419f2f256211c5544c986cc2e484492a51d9aaab48037d181cc0c0223b8c80f69e88d50b01c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ebe5155d11c423426be49ec5242f1cda |
| SHA1 | fb66ee9462d99c46ffa58ea81c8ab11664b3d0f3 |
| SHA256 | 96075dfe808f7d00eb2ecea631df351a86b0a4859420537af7ffa43b4c442dbb |
| SHA512 | 2aeacf3e9626610b33ef2b96ab63428fbdd800a0806789b5ce7582b9a9cefe4ecf6d1fe6f2f4893d4b7c8b737c498a816ea402d0cd1abd7023c7a4e2be131ef6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0361bcae52919158e6fb54ed54a072d0 |
| SHA1 | 0dea7465fc0a3d2c428710328b7d215c9132853a |
| SHA256 | 613390c9bb4dd704540251d35ea5e8ffee42bf5c3b84e627edbf8fe45e6ab3cc |
| SHA512 | d1897f2567ba15323d5f5d7c457be3284b302fafdbc8f8e550948c35b2ff007e14a4a6e257059dc828d1fdb29735606f3a9c408e73e802dada4bd7691cee0ccd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39c8ea976a150b59a2f06f9fc629685a |
| SHA1 | 7a03d249b1282f358eabf9da431cd12e705561d0 |
| SHA256 | 8aec6a4ef0809d17e40f26ccd84373eff2c3be284fd7e1b9b82dee069e69345c |
| SHA512 | 6178a746062a33dae780e76311d72d0fa0c0d4c66778e73abd7c60e1941c80ec10567e568230c344fa024b8b86027cee57e4fc92782170d8a790e9f2addbf451 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0725e44a0349bb8b9358da678c9481a3 |
| SHA1 | 7fe8055f8af145295fb59184c166825e7b59a95e |
| SHA256 | 5d45ef1382190768c98986af0ba8689d0f45a6657c06e642cbbd23c9589b3f6f |
| SHA512 | 598e04e43704f0f494cc3364f76a12ce6d6e278a4992cc26be4b32ab72ba9de09b1d37f7079a24d022a1b07cb683b2363ae7c79e081d3b9d9201ad78caf9e390 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 62ed6ea5dcbb6cf5ff0c6b825dc1624f |
| SHA1 | 5b697516a494ef92ac8151eda1caa9f4bbf7b9af |
| SHA256 | 9f1cd4679e5faf5aa9a3a97127810a374a8b3deb667e063f624b6aa5ad9e613d |
| SHA512 | cb5db4fad70440e525c981af6105c9fb2a5a64288f1cf0ac8bc930c1de187a0339e4448513c0ccc97955997f0b058ceecdf3e7ab7e3f32b6a7a372a03098bf57 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f18c713e97a668ef4b58fa0feb9c096 |
| SHA1 | d070f8173b6e7e18620a45d6ed790722e04c0801 |
| SHA256 | a921cef1eb5feed7efba5c3e142299667abe0055090e70254ecfafc9eb01b0b0 |
| SHA512 | 2c34ae1ce1b602db75f0b4c7a7cc7f7e41303e037178850af2090b7458a4dd90e78fa0207f015d3d2c91c2cdc25fa53671900d95beed2dd5766c9ec11d50424d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce4c384e18226e78876004e6500b25cb |
| SHA1 | 180b49f7352aacfbb0e8a6be2c55730c435969c7 |
| SHA256 | f6aa82d8093569169f91e6b15f0a36fce87ce7dde6dbf54e4d0e5ea1ffe8e6a3 |
| SHA512 | 32c24e8045097af49d183a4cd9e19b0ff56b3330144b17c8eab1ecb74caa1510fdfa53f0948f31444a65e4f13e64009aaff87284a943df09c066ceea09504849 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 06:27
Reported
2024-06-13 06:29
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
125s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a43269c71b874b102bde1b093274dfe6_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbaf3846f8,0x7ffbaf384708,0x7ffbaf384718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,1904895561891403092,14540050592660118640,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,1904895561891403092,14540050592660118640,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,1904895561891403092,14540050592660118640,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1904895561891403092,14540050592660118640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1904895561891403092,14540050592660118640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2092 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,1904895561891403092,14540050592660118640,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,1904895561891403092,14540050592660118640,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1904895561891403092,14540050592660118640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1904895561891403092,14540050592660118640,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1904895561891403092,14540050592660118640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1904895561891403092,14540050592660118640,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,1904895561891403092,14540050592660118640,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4396 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | fgngvp.kk.sopqa.arg.r.de.a2ip.ru | udp |
| US | 8.8.8.8:53 | de.a2ip.ru | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | fgngvp.kk.sopqa.arg.r.de.a2ip.ru | udp |
| US | 8.8.8.8:53 | fgngvp.kk.sopqa.arg.r.de.a2ip.ru | udp |
| IE | 52.111.236.23:443 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_4880_NYRGYYYTIPPWDYGX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6bbc1d015a9121bbd64573a75550d2a7 |
| SHA1 | e5c06566fce6aa8fc480ce246926dda82d06579b |
| SHA256 | b0d3924a26a4bca1571d32a6e3d0d2decc10199db1d7afe29d80fb31d7e7ed32 |
| SHA512 | d5da6cd5d9b76a39d1f43c88f8f36aa52f9ff82f204ae0c211f09e5be7d33aa1a7e826500a6d850918eec868cc671b55c97e5efa650310a490a26f9a2e38bd2a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4cbb4a79faa0062cd222fe9d5c7a8a5e |
| SHA1 | 047614e8130ff06f28c8d4f15ffdc6e0ffa30589 |
| SHA256 | 2e81deb14eea6d0502519838948ef788c8701a4b40e0587e746f3f2a61a0f8fb |
| SHA512 | 6f2deb40153c52bf3dbfba3d929065bbe18867b59594ab2a325738e88dfa096a4dc34ee26daf6ddf4af0e4363cb815bde7b6271ee89a7872d9af9fd9360626a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3a7c4c34be0f8da73a6e2cc345f89126 |
| SHA1 | 3499d0958826f779cf905da863fdc0ba506eb4e5 |
| SHA256 | 8611e0d8f0ad5402c78c00cf0b1edc2cf8da8b832c57d97a352e304acb596f86 |
| SHA512 | 6ee2ce1a40d0a2ba0e0b29c0bc8c6e4c6080478da4646f7ba802ed5dce0bc9fbf4fa6ea206ba3bf74b556f0a11386c40725c58838bc28dac8869946a118fa58c |