Analysis Overview
SHA256
f69f594b2a948447297e8c5702debaa1af164c5f9ec928b721f15f4406ea8259
Threat Level: No (potentially) malicious behavior was detected
The file a50997bd7ad07099e469d187eb8b50b0_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 10:16
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 10:16
Reported
2024-06-13 10:19
Platform
win7-20231129-en
Max time kernel
134s
Max time network
129s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435670" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000040fa1c4b10b4d24d8ec6b20cc52c5677000000000200000000001066000000010000200000002d222f3796c70b97acb00563d15da12bfbfdf0e0f86cd3589ebe9a58fe913293000000000e8000000002000020000000c899ee0fb0cbd9fcfd4d118d6288a7a92985e843fb6f3a4c170da6be0958f5302000000000142159f637c6ef11d446f84b9b334509c40e128724f0d16878a1b2a0769fd240000000cb239948707e2479132f169340d4706860edcf633dbbbd89f735ee67bcc091d6a1bb276541595107162961a96f66672d3918aa0a31fdba971513528dea7ef4b3 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00f943ef7abdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{07A620E1-296E-11EF-B69B-6AA5205CD920} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000040fa1c4b10b4d24d8ec6b20cc52c567700000000020000000000106600000001000020000000452823470243901a25f9790df56a2f6b15934baa65f06d3144176cd46b635102000000000e8000000002000020000000b8c8aa143468824bebe7115ac29f8a81c36f7ccd2c3c2d65395685b55bdc310d90000000e8f24d0f69d4ffc011c87152833226ce60dafff3501a4461507974dd38bec2da94e972d4f5c294f7630eea762d101fee56afaf2c957af3eadd2ee39eb4e7fc341d42a379c641962d9b676d7ed2369372fe000c46aef7810e19e20e9639fcb96065a77bb29f1d88ecf57d9d0613ee386e21e74bc204fe35704cc0f84a94b858085cab08966b6b289a2f965a615fb65f5140000000752824ab6aa6dccf00613203b5b33b2092e7da85e9e896a75ba8d780d5e5fd958b6397067b21bfbc0ad24f9b5f0af9058ac7630096f669199b69361c34e413dd | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1988 wrote to memory of 1624 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1988 wrote to memory of 1624 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1988 wrote to memory of 1624 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1988 wrote to memory of 1624 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a50997bd7ad07099e469d187eb8b50b0_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1988 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.vocesdeoccidente.com | udp |
| US | 8.8.8.8:53 | secure.gravatar.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 192.0.73.2:443 | secure.gravatar.com | tcp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| US | 192.0.77.32:443 | s0.wp.com | tcp |
| US | 192.0.77.32:443 | s0.wp.com | tcp |
| US | 192.0.73.2:443 | secure.gravatar.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| US | 199.79.63.176:443 | www.vocesdeoccidente.com | tcp |
| NL | 23.62.61.171:80 | www.bing.com | tcp |
| NL | 23.62.61.171:80 | www.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar11B2.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | c9f5a75653de1a49684c49141a6dad86 |
| SHA1 | 374a2332ad35b11ed14d915083a2199a9ad00e40 |
| SHA256 | 99605f0efaf3d732322827174b6780299ebcc35fa34d6f78c0c5f50122b6af2f |
| SHA512 | cabf2881d7b7a95c3f6c629cd9dd9042da8343c8d02eef2deecb50e9a7b72f962aa3c085c6c69c7e5211580e01c9595ae7148055e5cd350f3a496a76c06fa408 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d92d442bebd230b30d8f716edee49239 |
| SHA1 | b150421f8f814c0f16b4ea64158db284ae3e993c |
| SHA256 | 7ecd83b39b6027d5d6845ae37a46b05d44bf07bd82f09d5978ef33c548248575 |
| SHA512 | 0164dfae130e7d56b3b4eeece5c16f6f9d55b70a12497c91976bfbc58060f367d06d99c404f0bf83b1560cd3e651d301ead3920580b349d349eda4914a86005e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 1c10a402081010252c879708d70784c0 |
| SHA1 | bec11432a511e4a16b6b1db08711327a82fa7d5a |
| SHA256 | 8962b5b5acad2b58adaf1d3a9ab7e031d0c661060bc2490191b45528817ebc34 |
| SHA512 | d258e99de5b8caf0141faf318d38abb149c135425a32fe212c26116fd64faa19d99c3d7dd039f95e9ce2a7eb5ee706bc33c9e37469de88bc8a20020089b9354f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16b3956846e67c853f107b8a75cac40e |
| SHA1 | 03e27134888a2fa824dd0bc72d78956e0b7d81c7 |
| SHA256 | 43a1b479a87c113766cfd0d7ccd1dbfce8831ce4bbf69475ed295c9aaae703ef |
| SHA512 | 195e323ec9ad0b8ab1cbe035af024ca1fdaa0e76dea78557b8965fcdc98ea26f6f981ce04f18f67eeb65f3fcdd09810088202cf559ec5aed264ac9644d927ae6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4835acc4fd38c782bbda3f9baacf928 |
| SHA1 | e080b0a2bdb6948af81ee402c9713dff8a843fbf |
| SHA256 | e3c9e93b89628768bfa0b48158fa1256c10b5cf485e859b81dad90b9c6b1b883 |
| SHA512 | 5151a3602dd27f6d2fa1c4582ed6cca01638126f74cafbaae7ea009767f31366140d159d2ec8285f465980d8232343f613a3f740dafb685e45105e30d71115f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | a7dd9ae1d6452e44ec08a4cf25fe4bd0 |
| SHA1 | 06d86a8b2c407f74b373a137db2dc0bb9bbbba5b |
| SHA256 | 9adfae764f503ba0fab708b1093a41f815a417d05600a0a8b30068bd3de22b83 |
| SHA512 | f6ddc6c2f4442ab0b24030af2d42bc2710226a69667cf4c908ad8bb9bfca9dbed8146553f1230afab9c1b19dddba687ee6b6998649d98611d0dae11b3a270db2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
| MD5 | d793fc1fbe7f08884a28343478c2fe62 |
| SHA1 | 2344a86d6ce347db167be2e7a52059384c3f0f69 |
| SHA256 | 516a937b0718307949f5d59c6b98c05c2dc67163034ffff5ccc40dcf1041955f |
| SHA512 | d72233f98aa26df42bc94d7ced88de53a44b65fe8b74d7743a2f012023b0002e296d02477ee536bdbcd6ae0a1cf95ee6a7f1957e01208bf9ee3cbaffcdb59cfe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
| MD5 | 2c7ecdbbb063ea5981f2aabe7fcf9ac2 |
| SHA1 | 5c92e25fa96ac7eb2d432563ce62be6a11dbd232 |
| SHA256 | a6420b0e8db153c246988af7382bb94364fe491631d88ca68f800e83750489c4 |
| SHA512 | 8d7258ae557ce5f5fb98fa4da2f55036df3ebe308392f656a1bc21cf09f0d335ada0b44503fb523b16e8067bc7803f7e20e5e05bdfcc9b4ef970e763975b8c93 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | a9014d5d1edb84bd8f70bd2e2a74e274 |
| SHA1 | 719578467cc032e50db78520b2f7ff0135007428 |
| SHA256 | 1d89115aca90ffd6cf2caf6d867c98eac485c8bec15b7f70c00a10d20e135c15 |
| SHA512 | 714bae8a05d9d63d9b782b96a6426f0b99a8b4c42ca52fdaebaff0f2a4001d55c5d2cf5720233ebd35f980a379ca9edbd0e81d11a96e91517ba8242fa3bbfebd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | 5fbbd11da1447361d95430e07018c9c3 |
| SHA1 | 23934454aa9c6076fe25696a8223c63ff258f496 |
| SHA256 | 9018fa7df4d8c5ac5f77c69f1a33e696bbc91e2d44a64d3b81274c510242b2ff |
| SHA512 | c3d1b0ed8493b07dbb496c8369c34011c9cd46c8020f9a693aa807baa5e375a09c0d633f14f05212d2e6ac7c4802e69bc13c186eb95086e0220a26a5523f4b7f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 542b3faf925e9f59f76ef5b2808d16ae |
| SHA1 | 0393c2b43850be4b419909a0f092a542ed96edd6 |
| SHA256 | dcc1757d09dc6bee78d34a2774da85080d0cc8df2035874426266bbdf16b3adf |
| SHA512 | 727cb27ef4b8d3b9741ec5c1dbf9381ae150e508a82679f3812aaf57eefb2349ea5ec9e7f41406faad82f45e6d5d44150e637f57f4b40f21c028d0d9ab8e6b8e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7fed6511c5083dd2caaf7fe850baeb6c |
| SHA1 | ff34b568d8e98698649d9ab8c39665e6bdf5b2b5 |
| SHA256 | 95a487b6fb2db4b15e13c638a66e7396c9213b9cfe0cef1ebe51dd166fea8449 |
| SHA512 | 84e6f89959dcf8c60fdfa5462c603afdd86fab2b5fa2ffb93c3f3c8c395daa82e0c9af493f67b6803bca6da8e366f36b9d13b39a520d729d6ac48aa841efec9b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 15f30cdd1ff2e0daaff5248d8882fa14 |
| SHA1 | 320b9f3dcdb7857658434782c5bd9cd76348cf81 |
| SHA256 | a238a0a5d7a8b1cc6b80152e017922da689e609338d1d0970093d1459e64b0d2 |
| SHA512 | 89f599767dba869fda0bd26e006dc63593b16c9b3fa8eb2f4ef36503a631d8ecc9b7a01f99b40221cdf85e64059f247432f01e6c5ab804ca00f5ae5e74791a2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 48367cd17e67217418d2bcd20d4af343 |
| SHA1 | 5ba1d7aeae729b7e2348b6cc827448fd14fc65ca |
| SHA256 | ec22ef7c3dd5d1e9caec060717a8a05402f496f24640c8c2a327a0a0417a865b |
| SHA512 | 1c6898e5f788c4fea904210f3bd6615549da0b87345ac249c96167f6c8bca9427da5cc0cb8f64abd8a69f995da050c701bf46dc36360fc2631da46c586b9005b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5ea21f74c3071c19c288c1e038f607ea |
| SHA1 | 49c9f9dd8af3c7f93e37d536e51cfc3ce4f65da7 |
| SHA256 | 516728b2ae0268a8afb66bc23e2dced57b9fbe3211e8340c4e405e594fac5d08 |
| SHA512 | b20eef4d1aee041d70774547b1de552a0fc9e770e9df4d92b90b2e221cdb53f7c01c14a6343e4fe27f8453eb6ffc65f1f07eacb268f64d19566604aa740847c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 21882c7c33a912cb6b4a9ce7d4dbcb94 |
| SHA1 | 3090a1a6da7a2a6e696493b5212dd805dbf63c29 |
| SHA256 | 01639467c6b7e549b2020e14e246826cbe9f02de229b5b749cb735561c6a7251 |
| SHA512 | acc565be7feb4153c93de4197b97044dae8fa74bad681c6c256d20e66a48e862fdeda4a49d2f40000390b60cad0587c12981143aa9e963e0e3576ea4d569e069 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f0dcf659b77e788c5469338006a31d6 |
| SHA1 | 04c910534393c38c26694c30be215b6174a4c38c |
| SHA256 | 5a6590fdd8f5b3956d4e9b7b6993c5d91c5327132eea0180d8c02df5ba87a28f |
| SHA512 | ddaff5f3d92d9da2b4f84804cc02e1b424d8b1b35d9696129da2eaf2a8340889c794628bf6750917432b36f2a10a61f5e3ba9edb54beece1965674a50fdd57b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 1b7aef5baf1b1ad6e16140ecab85208f |
| SHA1 | 7824c9e2a39e8547df567be356d8a17bc20a5583 |
| SHA256 | 547fbf57a57f545dd78141b70dbca22d131395da2985435ad9b84df173f0c249 |
| SHA512 | 0f7e1c1363c430ec5aac898b084ff55ebf4c57cc3de02407ce12dddc09d700ba0358578a31597e8e1326def2d4a6dd7bb973f98959f6bdfe5266748e8827c168 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c5adf4d933058f3057bdb46fc1f1dec1 |
| SHA1 | c0b9d427d92aecc8bb0a424bd4647fd6b12bbc24 |
| SHA256 | 7207a9f7bf93c7e684b908049847e8aa9e2e034e2967877444dbd13fddc2ef7f |
| SHA512 | c404ae622aab25844e2893a9e066773253dc4ac24a46aea03cd151292cec2d2c48535a0d56677463f64f9ec6081a48da15f31238e61df5c96d2ff17faa1a04ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9cdc1cfc7cb9a7bd3a9007bf56132fad |
| SHA1 | 7b5b5f6ab053f3d0fac3c405f54883d9e3276225 |
| SHA256 | 4086c423499a8981289e6d8e8e789a323327085e77c46560d2117d3275b7d07f |
| SHA512 | f538d5e1b86cba8472bb3f569fee360a124d744aadf0d9414d276c57949b8ff54c618507c89e4acc114cb87e4974c5f8879ca586a47571d3ed56c0300244d7c5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d63bda2195ad80613417d12a553dc892 |
| SHA1 | b09ab8a6a099f898ae70fab423ba163cddf086ad |
| SHA256 | 49aca075b70fb5932927fb4fa5cb253b4431078e91f429b114e9738e51deafd2 |
| SHA512 | f046f1bd0ed58301302e9f75a1cc5f3b0dd8528b0f12a4a10363b8ca0fc337c3649aabf91ad493940b36c6b9b8172a52f1c1b32d510deb6252bac0c7e6f09bfe |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f08a6acbf39c6d142486b76556a8111 |
| SHA1 | b92fa5979ebf0239397f1156954e9dfeecc03ef4 |
| SHA256 | 3f9dce181a9b9c2e95d28efd0ecc0431cfa16786e1fde44eb7603c28252bee74 |
| SHA512 | ee5a655c81686076334ba27ab12de0cf389fe56c8fbe6ffc74b16c5be780cd55bed6c95e66240cee9ccf3d3e8af7ef294f47c555101b2b6c13d735fc01f33484 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0382944dde6f8a11255755f7d420ff62 |
| SHA1 | ede3b0a306fdfd866c82ca80fd41de2282c2a7ac |
| SHA256 | 02d1bce3df91889b103d53beb10d556faa244223bb4cb9de5f8118a7f26ef8d5 |
| SHA512 | a524dde3c1cbf851215f9aa3c64337e9ca6051401137d6c371ee6c7113a09837fed1a3a11818694dd3cdf7cfb56f352debce00f0997fa28ec7e920916264a568 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8119bc57c62c8f31b5a24ad743d7f559 |
| SHA1 | b1f8be752c1d8e4e90fc9cb80231389955375e09 |
| SHA256 | 6328df887d6935a76d1ea15665dc58c0eaa1a2f41069477d7835130e61036191 |
| SHA512 | 23b4e7ad202b004398ce196720e950eb2cd112427f4a158bb466502796e180abcc174531da72fb2faf3c30735382022a91fd0d453cfe054debbca0528776ce19 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06d206eb9cfdc4e82194878f70767527 |
| SHA1 | e1cf9f8a3d5eee13973c3f6eab1dc6515be34aae |
| SHA256 | 66f852903b054ce12da8c71a07e15cfcf84e9320da27fff306ef6c9b3b56753f |
| SHA512 | 808392038af49452cc66641679fb5c0516791c67f1c5fc905d50f7b5139ae5795c3fe4966a25dfac3c2b4f9b8279ad7596fc2efcf736a9e761cd3cd5da13bf4b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce272a44c559d3bc014ad97d12292396 |
| SHA1 | 227b131023d3a434b3e15574587b3e9bdab74999 |
| SHA256 | 1c0ad70cdc62234d5ebc37c38094eed77615287a48599c76f964ed27a2d54619 |
| SHA512 | 1cbbb79b9d7312a719e279a7dddd70779ba54b60c0be32e09778455bc25c403d304de2c0f21b4eceabf33e894f9d3a48a2d5466b8bb8f38ffe5c0e0ff6a72e11 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5cf2412b93cbede41361ae014ee9a9f4 |
| SHA1 | 5419a094c856375bec55cc31c583fcede516bd4f |
| SHA256 | 8a88728f265dfe0f3c1c41e9fffe0867aee209d2841c72d7868b066165b8ce96 |
| SHA512 | 9bb2a63e0bd59e97b970bcbec81aa46b31e1354176c99d49495935ee2534eae593cf245dcbf07196e11aad14af9453ac5078f164808ed3c277d039691cd98127 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 238704337792585df31b5d7109cb753d |
| SHA1 | dd9c7e45fb2a8e637aebb1768dd2277d8c0dc95b |
| SHA256 | a24c87a749d09c5469418e97581d99ff32c88f929d985040b11a45b2a1928752 |
| SHA512 | 1b7d20f9e6b5f8c8fd5e11db63ddfd0dee373cff7dadc1cad9a58b7af3e84d4291f7de4497d30ed67a0315876e6d3095bd8ccd12186b9564443d3f0e7b3ffb43 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 080bb5c0d6917c2c3f5e24a8db9f9de5 |
| SHA1 | 4dd3242f77525232bf0e7fd272a83e2a36c481a6 |
| SHA256 | 999b80791c652e25860ac14b5b2224397c1142acb5dd2759ad09b3effb29ed91 |
| SHA512 | 7e65993150f89e5e737c3a5194737ac9052208981b5aaa65125c65cb325e63d88794168c6931316f00f96d7017c050362434e3025fc16b63f20e903cffd6f1a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ec491c8a16ad473e89f73536108dab2 |
| SHA1 | a209ab1b6706746b7f6e9618054ce2966e8affe0 |
| SHA256 | 6f13b62325d699c88ddce2c30ebaf54f04dfc992bd410e988dbd187166d5f19b |
| SHA512 | 454bd3353507924bf82f0cb36f2da27ccbf9c5995483cb6d6a27398e8dd9d6aa7c26eab6287e34255c12bd40166c8fede978f602a6c8c96a3b9a30fcbe86064e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a746a2525fc58d57e13ea5fda788e0e2 |
| SHA1 | 8aba521278269cad82b0f8b9a3347a451210d7f2 |
| SHA256 | fbbf4c504e08629115f2a982ded0e847ddc903b792503c6a1ef4930c6286592b |
| SHA512 | f4954807e7f02b70dd677193aaf837707d823e5a7404399dcb581933c62b2f5cb547163c4ed8bce90e1cfe94991b09e7e5f7660e3753b7d9661a7c4b837dfbe5 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 10:16
Reported
2024-06-13 10:19
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a50997bd7ad07099e469d187eb8b50b0_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xa4,0x108,0x7ffdf58f46f8,0x7ffdf58f4708,0x7ffdf58f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,4876679123925094125,6302683389326293684,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,4876679123925094125,6302683389326293684,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2460 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1972,4876679123925094125,6302683389326293684,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,4876679123925094125,6302683389326293684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,4876679123925094125,6302683389326293684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,4876679123925094125,6302683389326293684,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4180 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,4876679123925094125,6302683389326293684,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4180 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,4876679123925094125,6302683389326293684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,4876679123925094125,6302683389326293684,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,4876679123925094125,6302683389326293684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,4876679123925094125,6302683389326293684,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,4876679123925094125,6302683389326293684,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3116 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.vocesdeoccidente.com | udp |
| US | 8.8.8.8:53 | secure.gravatar.com | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.vocesdeoccidente.com | udp |
| US | 8.8.8.8:53 | www.vocesdeoccidente.com | udp |
| US | 52.111.229.48:443 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_1300_EYDPZJFBJVJZSXOS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | aa463f089da59efed34876c02ea29c9d |
| SHA1 | b6a4e5110d27d32ed1c58029d6464e277890700b |
| SHA256 | e6d20f7c4be420e7cf72166b93c0d506b8ffdf364dead05a7ddb2050730c5f06 |
| SHA512 | e9b4b160fe6288ce9f87670c4d4a3d6e085227ff9abd870cfc35a80ea7e1718149b2cf93bcb4ab2c3020b14c0ddf56e6785d0135f4657ba6041cc8b4171358be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8fba014375b4354b5653821b363264cf |
| SHA1 | 6c8c097901ba508db0b5dd15222d116627d4687d |
| SHA256 | e1405198486b7829edc0a8c364e1b270c69ccd92f129ea19b4f403b4d47893f9 |
| SHA512 | 8876c7375adc2d2ce3974a9a4f4cbad0fdf56ce4372bd05bb16b8104df72f27708a10b3dda0d2cbec191b0b7562d018d8f537b179d2413c5f31ea72caf8815ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |