Analysis Overview
SHA256
10bd57c19f1bc3fd39568321e7b243b09372e1640318366802193edbbda4f023
Threat Level: Shows suspicious behavior
The file beea7915ef72be52e12f2631811b70df_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Mark of the Web detected: This indicates that the page was originally saved or cloned.
Browser Information Discovery
System Location Discovery: System Language Discovery
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-24 15:43
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-24 15:43
Reported
2024-08-24 15:45
Platform
win7-20240705-en
Max time kernel
145s
Max time network
146s
Command Line
Signatures
Mark of the Web detected: This indicates that the page was originally saved or cloned.
| Description | Indicator | Process | Target |
| N/A | http://hawahome.com/ | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf71000000000200000000001066000000010000200000005b3b6a10e7e2d7c516b37b66d9e239dbd16299e1e7bfa4590e1ad4bc974943b8000000000e80000000020000200000003988bd15599ca89a6095fbdddc2f9770b1aa086b1bb7eaa5b69e914bc44971b3200000003bc0a3571fe27e2e9ce730500b1a5087b7614ffee30eeeb7990e053567a78a5f400000000d37df80551ac08194c6f80cb031d73ffb470e0e00b34cd06bc35c02343dc2660d878aae17ac111a31e92b6c7ba52354e5e08586fcc077675fdf331e2f7395c8 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf7100000000020000000000106600000001000020000000b8bd5123bfb64c4cb3241d5a102ce2aeadcb70b8bd5dbf8d6ba5fda744976c8e000000000e80000000020000200000008f50fcecce2424cccc9af5a386dbae3af699249150f95d7ae121db5a38f19f639000000090e5553afe4bade23b4257aa2e481d9eac92838027557877530c2c185f141454289591245784fda1d4fcad00a9d7681b1c09960c18929abdcc77467bbabc9ea044926481d20a07360136055ef80cf0e4c4a22394b5f8e5468362186ab7464fe5a162b3c788ec068262c6621d29ccf90e69e9eac4664ba058cedecf3969650b3fede7ac0d09ae0e7a07b887a6ae18b98f400000006eb696a3eb54184cea28d96c4ea66eb6ab690fee8d2ad40e67ac8e4c2449359be0151ca8fde02ef5e2f4eaabd43433ad62eba08ecbc7afb77d2938e18b445eaf | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430676054" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8BFCBC61-622F-11EF-BDB6-FE3EAF6E2A14} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60e439633cf6da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3012 wrote to memory of 2564 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3012 wrote to memory of 2564 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3012 wrote to memory of 2564 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3012 wrote to memory of 2564 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\beea7915ef72be52e12f2631811b70df_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3012 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | forums.graaam.com | udp |
| US | 8.8.8.8:53 | tags.expo9.exponential.com | udp |
| US | 8.8.8.8:53 | shab2002.jeeran.com | udp |
| US | 8.8.8.8:53 | www.hawahome.com | udp |
| US | 8.8.8.8:53 | up.graaam.com | udp |
| US | 8.8.8.8:53 | members.lycos.co.uk | udp |
| US | 8.8.8.8:53 | www.21za.com | udp |
| US | 172.64.155.244:443 | tags.expo9.exponential.com | tcp |
| US | 172.64.155.244:443 | tags.expo9.exponential.com | tcp |
| US | 198.49.23.144:443 | up.graaam.com | tcp |
| US | 198.49.23.144:443 | up.graaam.com | tcp |
| US | 172.66.42.250:80 | shab2002.jeeran.com | tcp |
| US | 172.66.42.250:80 | shab2002.jeeran.com | tcp |
| FI | 37.27.123.96:80 | www.hawahome.com | tcp |
| FI | 37.27.123.96:80 | www.hawahome.com | tcp |
| US | 198.185.159.144:443 | up.graaam.com | tcp |
| US | 198.185.159.144:443 | up.graaam.com | tcp |
| US | 198.185.159.144:443 | up.graaam.com | tcp |
| US | 198.185.159.144:443 | up.graaam.com | tcp |
| US | 198.185.159.144:443 | up.graaam.com | tcp |
| US | 198.185.159.144:443 | up.graaam.com | tcp |
| GB | 109.203.100.49:80 | www.21za.com | tcp |
| GB | 109.203.100.49:80 | www.21za.com | tcp |
| US | 172.66.42.250:443 | shab2002.jeeran.com | tcp |
| US | 8.8.8.8:53 | hawahome.com | udp |
| FI | 37.27.123.96:80 | hawahome.com | tcp |
| FI | 37.27.123.96:80 | hawahome.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 173.222.211.8:80 | apps.identrust.com | tcp |
| US | 198.185.159.144:443 | up.graaam.com | tcp |
| US | 198.185.159.144:443 | up.graaam.com | tcp |
| US | 8.8.8.8:53 | www.graaam.com | udp |
| FR | 142.250.201.179:443 | www.graaam.com | tcp |
| FR | 142.250.201.179:443 | www.graaam.com | tcp |
| FR | 142.250.201.179:443 | www.graaam.com | tcp |
| FR | 142.250.201.179:443 | www.graaam.com | tcp |
| FR | 142.250.201.179:443 | www.graaam.com | tcp |
| FR | 142.250.201.179:443 | www.graaam.com | tcp |
| US | 8.8.8.8:53 | jeeran.com | udp |
| US | 172.66.41.6:443 | jeeran.com | tcp |
| US | 172.66.41.6:443 | jeeran.com | tcp |
| N/A | 127.0.0.1:80 | tcp | |
| N/A | 127.0.0.1:80 | tcp | |
| N/A | 127.0.0.1:80 | tcp | |
| N/A | 127.0.0.1:80 | tcp | |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 142.250.201.179:443 | www.graaam.com | tcp |
| FR | 142.250.201.179:443 | www.graaam.com | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 172.217.20.174:80 | www.google-analytics.com | tcp |
| FR | 172.217.20.174:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | s.tribalfusion.com | udp |
| US | 172.64.150.63:443 | s.tribalfusion.com | tcp |
| US | 172.64.150.63:443 | s.tribalfusion.com | tcp |
| US | 172.64.150.63:443 | s.tribalfusion.com | tcp |
| US | 172.64.150.63:443 | s.tribalfusion.com | tcp |
| US | 172.64.150.63:443 | s.tribalfusion.com | tcp |
| US | 172.64.150.63:443 | s.tribalfusion.com | tcp |
| US | 8.8.8.8:53 | a.tribalfusion.com | udp |
| US | 172.64.150.63:443 | a.tribalfusion.com | tcp |
| US | 172.64.150.63:443 | a.tribalfusion.com | tcp |
| US | 8.8.8.8:53 | dpm.demdex.net | udp |
| US | 8.8.8.8:53 | aa.agkn.com | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 172.64.150.63:443 | a.tribalfusion.com | tcp |
| IE | 54.246.157.114:443 | dpm.demdex.net | tcp |
| IE | 54.246.157.114:443 | dpm.demdex.net | tcp |
| IE | 52.212.55.82:443 | aa.agkn.com | tcp |
| IE | 52.212.55.82:443 | aa.agkn.com | tcp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| US | 8.8.8.8:53 | sync.search.spotxchange.com | udp |
| US | 8.8.8.8:53 | us-u.openx.net | udp |
| US | 8.8.8.8:53 | dsum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | public-prod-dspcookiematching.dmxleo.com | udp |
| US | 35.244.159.8:443 | us-u.openx.net | tcp |
| US | 35.244.159.8:443 | us-u.openx.net | tcp |
| US | 104.18.36.155:443 | dsum-sec.casalemedia.com | tcp |
| US | 104.18.36.155:443 | dsum-sec.casalemedia.com | tcp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| GB | 18.244.114.4:443 | public-prod-dspcookiematching.dmxleo.com | tcp |
| GB | 18.244.114.4:443 | public-prod-dspcookiematching.dmxleo.com | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | beacon.krxd.net | udp |
| US | 35.244.159.8:443 | us-u.openx.net | tcp |
| IE | 54.246.157.114:443 | dpm.demdex.net | tcp |
| US | 8.8.8.8:53 | ocsp.rootca3.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.rootca3.amazontrust.com | udp |
| GB | 108.138.216.113:80 | ocsp.rootca3.amazontrust.com | tcp |
| GB | 18.165.159.43:80 | ocsp.rootca3.amazontrust.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 92.123.142.59:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2146.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2216.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | cd2577b6e992aa662993749b0b94d35c |
| SHA1 | f5528df5e1756f3e29b6bc07d95d66605f948f1b |
| SHA256 | 7076d50978976deb48c34e90518f30ce7195709f19105c6eae609b6b182ff170 |
| SHA512 | 359c48395e4d0418e85a75099bd2e9ba3fa775ab62de1bac6ad2977e786ea52f64eace4e89423b71f9e5a20fa497e2a14e681507c648eb2787824daf97ba682d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
| MD5 | 822467b728b7a66b081c91795373789a |
| SHA1 | d8f2f02e1eef62485a9feffd59ce837511749865 |
| SHA256 | af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9 |
| SHA512 | bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16bf989e311d113864250839a90ccc04 |
| SHA1 | c1c0ec5d33d391e2aa41bd3a8edf0142c0fd04fe |
| SHA256 | f7a31d07215695a4b8a9d2a2434b5a39121d1d531bb7dd6630785843472b29c3 |
| SHA512 | bffdf6c859f0d26ba4680578fd9c7dcb3662f7b7b205207802376d9b958d572f404a577fd84b075ee33216d54813f96d32b125bfd8a1dc4ab4a2a4864b3af435 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3372f043d9ec2d6b46f45d5605b4a440 |
| SHA1 | ea11d3ad7bab58773b59592313e8d0e5f1123506 |
| SHA256 | d8b0557a2dbf20c5f27e3c903f98f37b53d59ddea7eed251e677ef78ab561cde |
| SHA512 | 8beb8bb21899905899d048f882f01fe15efceec219b7762d0b731c08bed81128a453d42022c91fea93864fb60d793b61b5197b074f4066e2f82a9ff15615c068 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 33942843dbab8a79b57b544b11247fb4 |
| SHA1 | 9aee1cd0f56af91556af4deffea87312099fe323 |
| SHA256 | ef54996f18fe5b43e151fe21d2667c99d57dbeb414a247c68ecc04beacdd9dbe |
| SHA512 | af394a2d8faa1ce32c3f0dd29926973e4cbb09721282e06363b86563b6e11934e19881f58a23c0e4f5a29f2f4f3c5387e19d73f2c408bd89a9e2c0078b01cfd7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | aebe9c41e6a02aca76e0740b68bf6686 |
| SHA1 | d4feb03771f04a31555c42e77ab1d11a6ad936e2 |
| SHA256 | ab20e73c08181dffa716c08279a7f2bd72d48e923d06473fc77baff93f98277a |
| SHA512 | 0e8ede021f35f54d121be6ea60f2c387573e8e9de48b92231d67b9d017b010fc36f4c9d4eeafeacaa7c858ad3b769f9afcc1be3a7f8aa1e57b35b4ac98b0443b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | f1e0ec4bdb468b67ea63ce6a7dae603f |
| SHA1 | ce929c4586a901c8d00593b066dfe9facfb4419d |
| SHA256 | 355b935d04116093abc8e683888bd406355f18ba0ca628f87da0e731a15c6ea2 |
| SHA512 | 5b8859c195c05e6612e6e46be52ff35c44ede194221205cde982e5fc31f3b7e26a195d0ca53e4ea3312892b067e6eeb7f2387f356218427ce66e6363468fa81a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7e616b89d55086c783bbed97be0013b |
| SHA1 | 743063d68c19b472399bc5412961799df69b37dd |
| SHA256 | 6782576f73e7fcdd29378080ddd042920d31564df9fcc1105b46ee34b650efe2 |
| SHA512 | a71e3ed111b02a4b0f48bcde06344df7b3368fc1dc6d1d3c80ebdd912efca639fdc23876d68b4944cadf68d8cceb68f01f17439dd159735e96c63a95629f2f91 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8I3CVQY\IKQUWKT8.htm
| MD5 | 7876c9a23d6aaf825e263a7a177a7d71 |
| SHA1 | 36d9b96d77ca180eb2807e848501de022d288c38 |
| SHA256 | 1412045eb121df2ceb84d6a841577bf905a8715962e03e746c2b65aa467ffef7 |
| SHA512 | fa58659c8877ef0ef2f6ee1588c7fa395c43c397744cdb8bdcdf9862a28e5d9e1a435402c40e433481792ad6dadf8be30ae27bd6e98ec4e88f43d56408eec1a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 320e75cebc35cd71b5efbf1ba213663a |
| SHA1 | f9ee05520a40a9e56e55c33a65784088c9c65a87 |
| SHA256 | 13a3fd1517164875d65d39eb13f9b4fad9bb7ed67b8438cdb75e305f9a943c61 |
| SHA512 | 606aa87e84aac0eca93be3b946411be99e0e4b947a5f7435cb7c34a85b01bd27a078ad8c4a5a9bbbba06235e93e602c01900b9cd93fe5f79d8800f1c833c365a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b086da3bae87944df087c7bfa579d400 |
| SHA1 | aa88eb5aee83de6d1c5cfed9e196b48b44b67bf4 |
| SHA256 | 7f06df4613283f636b4b2e404dc39c2dff89dc6b25be131b3cc8015d1114ad4d |
| SHA512 | 22fd556951d996f14b5225540a22c7ff6f5cdd28b92c5fbb2638adfd163b82bb70f35af98c2e11412face3abf2435d8b750a4d3dbee0d7aba583404980c521ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c14ba11c82c7d0975ead2fca47be3a6 |
| SHA1 | 8232d4593694909ce528f68f215324415555a907 |
| SHA256 | dfdc64fedb36f90d9c839db8e2bfe0852b12c53c572d9927244faf0c841eebe2 |
| SHA512 | 059da1d89402981c8a5236e3a005c0db079d1e0f1b0a0d26b71306d97acebe2f8dba2327054df513b5b6949b5a6aa5dcc84ceedeca92264ac6fccc78c55fdb26 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 461610119881d7a84fdd6c7e30c6034c |
| SHA1 | 0ad17f7a93f62a04889bce2983bbd6d78e6dae7d |
| SHA256 | 54ab6463af2b932cee12e8bdad75b0822c32b7db980ac69afc25c1ceef38093c |
| SHA512 | 8cb0b828d10279c04f61c2903be50f0d53f9e357a05e3be392646190fffb782055d8c462c1dd9434ea4d2b40b5c28aa238865abf800e23a332f7e3d263ed3f2f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22083666c2eab369af468825f12da6b6 |
| SHA1 | 127532af71cdb3a9ab767359a5b3f5faebd98b77 |
| SHA256 | 996e97dc250aec6ac2a25af3ff9c79896fa4d144c07de53849b5aedb58961fbc |
| SHA512 | 84bd0a2c013755750e520a43d64043e2d8e5b8a4eff136fd48c055b8b03b3f355ec60ee840acea5e06871379d454fce41d693dfabc7bea54786ac55b8694e138 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 99df50a2b7f7555fcfd4266e7e1a572c |
| SHA1 | 6ae24fee25eb5fdad7e45be51eb658f4af32d8a3 |
| SHA256 | 8b8f18a0f4a8e17b62513ce26e4f53bb1b6dfec270d695ab3faa25f60b0de04a |
| SHA512 | e31c08a742cbb97112961d5b6949cb9118e4b88f8be666f348b923325088db727321d8d18692098994d271ad10d1868def3b01f735de80c51df2287a6451acfb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a59b8e0e3488cb0b99944c1eef796327 |
| SHA1 | ed0ca74e85fbf182e5d4e45782af0621bc34cbeb |
| SHA256 | 169bab64d1619c498b024b58fca24f4257011a95bbe9eaf74a7ac4b57accec1e |
| SHA512 | 84197a17b4a0e8da70238dea7ef1108affbc1e09c0f90ea4eac7a191a91ea75143945945952c6f497fd54e971450586266b421dfb6bc500f21e453179777a0b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cfc02436510bbc0ffe7b528712ea442b |
| SHA1 | 4daec54e0c8da8614cc6db55763e03137bc71cc4 |
| SHA256 | 447730ea2c3cc6c35a8bda8f749446493ccac035b2d273a27632d14e0c4585da |
| SHA512 | 1cd675e5d54af6a30635afb0c613f8e2e69ca30b1800e171bb04a106fcd3c0626a61f6d10103bfbd0fe26dff27da0e4cde8b201f93e600e9778fde1bd6e28b37 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 210e4a242e9e25eef213b9a99023f65c |
| SHA1 | 1f448e981f4b6e713817840b51609c94fb8bb7c7 |
| SHA256 | 75effb6dad83d776dd0f55dd500c234080b5f55a333c1913fd6932bf0cba1f1e |
| SHA512 | 80d4e91d2a5a228092401a89367928d68c4adab026c411af2d3b27bc5f3ad1d46f34f20cf66c792d0df9443c5e4738a3d0f1ca63cb4061d8fd0fcda9cf2f6a6e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 025191c24f760bd54e3b26d8f069b656 |
| SHA1 | 709ad73865ad6fff293bef90321a1a1763414ade |
| SHA256 | 477ce519783b4ac83b569aa8e9651b9e3a404676e0013b611b807c553d1fbf69 |
| SHA512 | a08f48dd503ffa51365bdf6376a558b0dd88512819c6274fe6f985539dc665f4b713b4d2543d0ca2d7534d3c79414c9e9c22c271287724b2c87b5a6be96ab910 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc0f3d42f0300166b96c915cb4467435 |
| SHA1 | 839922a6d950f907b7e32a93bfd171f3ad7a9970 |
| SHA256 | 9bb9d04af5b7d2a749dcb75cf75891e122d5914f27dcc01287238b81ef5e63da |
| SHA512 | 7bbcbca06295281083ca1bf16fde4eb42a5816c4636cab8514887a9cdf48baf083571199b01e607e330a9580b42cdb70f4c30ba838d100e0761d05d4e1b7a08c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 938e92d9dbad289756e4e29d51dfbf2f |
| SHA1 | 2b4661abb9784d58a4800b938cbd5322b9b1fb0c |
| SHA256 | 8698e9805a46368ee2d3518e853a906a7eef544aac17693da1da0ae831a92bd0 |
| SHA512 | a03ac8799ee41033637a1e6ce6b8582e1885261cfd5e416d38288a05c47d487fae02a9c2788c481a5f4d07c747a62abac24205ed853508ff3d7271c763b35d3c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 131600e3d84d174abb1ef2cff38425a0 |
| SHA1 | b4a8e5e90160922471c7285567190da10411ba2b |
| SHA256 | 12aa6ad46e6624544079428f48279235e3509b80fa3018c64f444bdec4d6ea2b |
| SHA512 | b91c6b293b2171a58b4919338793b69f418b226e5b98179ec0f6ba4ce0dda17864661750ba8d1e529438bedb6033354c41cf4e8699aceaaafd39fc57ff21ec13 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b64d7a553ad6d90a7b6ad1ffb8c65368 |
| SHA1 | 78f8f422de5df16d7b5de5a9c63e30ce131a683d |
| SHA256 | 1664eb3960fce6e1a93380d8962d2fff1a4f960b2776de0a9fa29b0ed2b6d1b0 |
| SHA512 | dd9a87cc28ac5d27a54726d1ec4b38bfe58da4506647a817eda144701f3ee6ff0f48b710757c9bda7e4999ead0aa241119d81ae576d5da82feaa07d2c4b9bb5e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 66c61b187f4a528c0454f308eb967efa |
| SHA1 | d1e578a7a84a9d0f9fd90f76559fd0352ad1df58 |
| SHA256 | 98708eca7960d3741ebe1461d067ce4f9107523dc7b87c934949558568d9e91f |
| SHA512 | b06cf988ff10f019b2ca6238f144eb18d6e87548b90629b428147b518f831bd8d748e250c0666fba35112ae2d93c9be352152e3f9822f9bcbe3964ac19478484 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 508d2ed8d324fe30fb197dd3137fc361 |
| SHA1 | 17c769218981fb0d8f87d9ec089e92c8e23f7f5f |
| SHA256 | dbc5253c1fa318e4e3b00ee0c40a505c0c4fcfe3dee430c749d36dc946718bb1 |
| SHA512 | ea1e5a26c64476f4a121d355800e5f9af93f3dc4fe8628d3bfff925d08a7330b5cfad654479db7b846d3e85ebed6a1729850eddcf3a5eb10bc7b5d88d8a72fa4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b690517904d94f4b228f340ab0493e6d |
| SHA1 | 6f439b7712ff654e1410d960f47cecf48bda2b35 |
| SHA256 | 5cca6cc50cfebb0832bb7348a8935a1343a303026ad4bd7703b238b83b62d25e |
| SHA512 | 6aab01a26d598e5a90a17a1d248ead71104a2ffdba0c954cce2d349e41115b06cfb72127f8d2ca4bb090dc5bbfb91c5588b2dbb24ad85e5dd9ef8982e7c1c7f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ddc58698281a99b5d031fa60c60abc16 |
| SHA1 | fbff7e22852a8fec17ef3c19b27a43576c2a951d |
| SHA256 | 573dbc8ac2d5d0deba2bf3408b665380777d5b5744ded223ce23bafa6718f199 |
| SHA512 | a9bc53fdee5b71793139f910005b0c00754044cc5b3fbc1bdefd13f240ce2cfe2f1a7c1c1d9637eea4cb62e3466678c1cef69eb78cceddfc0e7b2d1a6b811acb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d40fc5a8dd3986cb01f3aebc821d04b0 |
| SHA1 | e997ce069f41c9525327ba0b4a794dd559890430 |
| SHA256 | 95a39e943b13263a00cc77befb4071ebb2e2adcd935ac1d66f903153e97d2593 |
| SHA512 | 078af5556634b4ddd3ffd8d5e0e816fde4f9b5db1449952f69f8f21a0996fd5e67ee18a7c5e28b1bb58a0f5968c0c0181c25caa7fa4a5a4afa7f8687f76ca7b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f101d611d8e70e209218eb01ea7433e1 |
| SHA1 | 1811c0825406fb56a5b88094b1e91e2e876b316d |
| SHA256 | 9a15250edd15b5f69925283ba2cb92439dab1b4fbe82c441ba25a6b48922740a |
| SHA512 | ce1b12a40c6b190da6b4a1e0a59084b93ac3677f734f4185f0fec436caedebb222192447931059c107bf2818d3f1058c4902869400e7d4e7b51e1f6a4a413125 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5664be0e87094cad116a4a16690f89c3 |
| SHA1 | ede8c53ff36f9a40446c6df7653886d8522f55cf |
| SHA256 | f0a393970855227b9695d8cb35a18403e14824a5e6aaa551180e315f3ce3a9a2 |
| SHA512 | c02e3bcd9696713c5c5b4b70dbfc1972884f0c387e1676bdf4aedf9e43a288a915c13612527620abbb9a84dc6eed2fe15a1c3aabf6807b070252de121d06b9c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 17da508a4a285052533f44ba16bfc7b2 |
| SHA1 | ec8cfbd7d22f345e7e81451d9f67f3b83f940ee0 |
| SHA256 | eab5f6b946f4102a3beb997d8fafcda7e2c2034232a379756dc250b43eb6955b |
| SHA512 | 74ff2ff7a3deb00c2bb37e6e1949e67bba9317b140ae1f014cb0f911d06c84ad1d18e8f95a179c98555627f155511c5bda2717f9a87d51130d64843d878b8391 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 21b6ee58efb911d599be453b82d81cb7 |
| SHA1 | d4e3004582e27b8b36e4c338ca87e1a1beddc095 |
| SHA256 | c21da1c0e1d7c1e492e555a9847541103fa555f3d4a0d2e1fbc74479fc8fe6de |
| SHA512 | 5c4b41a91b660bfa4be32d50d59bd869b7cd0b8e3d1ba04b99e3d0b625a372cd905ab9e774ad01110aadda49c487d5e38e8b0af6a3d601efd3183b5e809e67ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a12eec8338578a8d0a05028cd9a85796 |
| SHA1 | 98fcc33b4c73ffd7820b6d21cfdeef2935613192 |
| SHA256 | 35550bdbe4852924492943c57605821d2e2e89344cc6796a96eef69fb3d553b6 |
| SHA512 | d6e852e80956cf9b719340f282983c9b89344f0e80d96039722a70aef5e4519e4ec28a946df67a4f517d4a74aa9e1cab230487e8c02ed17477fa0dff71fad44d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 435084c3258d7f1b311b107aeebd7a23 |
| SHA1 | b2ccda099b8c8ff008ffe07d548b75be04a0e830 |
| SHA256 | 9c5f311acc16ea0d24dff57c1993be5d5b7e1b07c9d3114c76e401677a5ea4b5 |
| SHA512 | ab1240f634b571a05625a1131b4e9e391d510f7eed3bb53519b60958b5ca0365e486a1232ab7348f10eb56cec1d7a8ff7a69d5e51796181700bf68972543c795 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 93cf83dbc3ee812691fbdae8204b46ee |
| SHA1 | c06efdc4918a85f10ab745b9f0efd227e0294f98 |
| SHA256 | b64d74971ee31e04dea4eea941b66698ffa1d70ecfa96e63e041a6416a1dc9e6 |
| SHA512 | 4bcf4ebd3c6ac5a782e0a7f7d3938f77ceb3d918f64f848d44ddb5cb813ab609d8219727e2648ff922d39ad433fc9fc59e147b493e31b9f6be6dd436f749673e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16fa3f3f330fb603190c4f8913ba9ee0 |
| SHA1 | 52053d6ea228afb6a7ebd5e4640747fdfe991858 |
| SHA256 | 75f5ff102dc44b1fd2f90032529fae2d12c220c3112af42514989074a029f997 |
| SHA512 | 61da2e88da8d5b5d89aa1855fbe6a3632091146876849e46570bce16c3084db56d96be23c69f0cbc5cecaa61addad90621355631e72998ab16c26ad6a2e25955 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 03271bb213c47dcdc86cc92f0080ef1e |
| SHA1 | 47052bea4b1e1a5cfeb34d514c100afc665b3052 |
| SHA256 | c49a6759e7e94835ea36505e62b33c36fe273568e5a6f07bbe26cdb6b1c78adf |
| SHA512 | 709154be26f3062c66b5c21de61ca2e347765932c0f63e293e18e398ab795917fa6fc6a2af14c73d1247e93b9c42bc88bafe970d94e424e9be3c4ad68b54df99 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e8843b546f261e232eef22299857a2bd |
| SHA1 | 8cbd92bf28d7b2ce1c17763fe97f5d7d7729f698 |
| SHA256 | 4ffab5be1e4b60b6af7868a0da359ddb9c28140a0658acc507d5904cda0aa08e |
| SHA512 | 3c57053adc3a6fa68ee7b1985d6051a86911b570cbbb27ddd8cf67289ea796d80ba55ea68afe54e0b5b1811d14cb7a0194fd9188dab27033d0f13d5ea222deb4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e1f0f5081850bb5b2a17b33efec861b4 |
| SHA1 | fce3709af3fbe8c02629607c85663fd127ea4c4f |
| SHA256 | 2dacfe2c336be2657138471fd8b5cbeb8fcde89d8cbecea823c85bd4a18f1f52 |
| SHA512 | fe04ba9043456c4407048f4ce732d7aea74236f75cd27703a7f13094c46b81a73f1c30b68f1d90333f320ea0701b4a781ec938a1b394e955416092e9f92bb9c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39678cc7f39671afa884622415ce4212 |
| SHA1 | 9c1a4e978a04ef761da9a8bc796ec62d5856c435 |
| SHA256 | 827e893192759688135fc64389e1634db633575c9b36a55ef904089f1fa7301b |
| SHA512 | b6887e07e71a45e9fa28e7b91f0dbb68baa2d08966d9a38233a1c8dc33761e72df906decab3242283cd0976292da33fcad3a800cb48be87b2ab154bceb7c820b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b434e086fdc2886b8e30905d58672be5 |
| SHA1 | b6bc7f6e1bf98622d97d65f6ca8396206a852912 |
| SHA256 | 76cbd245161c616d4072b63d623a2dd36077da8d4b293976bf27784aec89e017 |
| SHA512 | 04fa3b5daa7d1dd38458815b093efd9d32167113d6ce1db0b5f885fbafd7d5eb99e0f294995000a2ca849def353dd3d0ca4cd0734d213800527d3295c41e59ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 84bd85438c190fe8708178fcdb073141 |
| SHA1 | 2c0d2ab02d8e09660ee594a5d8b22485930de8be |
| SHA256 | ff1a2011d465ebbcd4091ffb59d41fb5d4cc3a89f46df842be464d03ac91efa7 |
| SHA512 | dba2459f42fa63fd29a2618ca798a387820a2bc2635bd3754bff033dff8d680a9e4306b5a42187e7ae12269f5b95dc34da0f1330820b34e1efa7714595169ff4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e15b1767c964e4e557c00ca37597a4ee |
| SHA1 | b29a1764a06d8dba81eafaef12cc3cd68b13bf5f |
| SHA256 | 2d9c7b689cd581b68d3c12c7c40a38b0bde0b82ad5797c8bf54e1c9c58b11b0f |
| SHA512 | c76171a7a6df8ce3ff13a6b24f51f3a5717dcadcb613b7ea39a143cdc43ef778fc44289a745626105587617c15607c857d8ff96eaee4415d3fa8635d1479912b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 408b73c64fbdc26b16bfd2e566ff70d2 |
| SHA1 | 0a7a5a7f4fe07f89b37aaa8effbebd75ed5f371b |
| SHA256 | 955c80ccb7070068ef306454cf2898374f62a256c89ce89ce53ba87d8a67f95c |
| SHA512 | 72a1638fe175c4348f8c8d7b48a74fe607ea6162b77f060799c2db030865b7641da27718a9a3f1bc6575592e4021783516e1659b5178f4bae9b008caa88ef374 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-24 15:43
Reported
2024-08-24 15:45
Platform
win10v2004-20240802-en
Max time kernel
145s
Max time network
151s
Command Line
Signatures
Mark of the Web detected: This indicates that the page was originally saved or cloned.
| Description | Indicator | Process | Target |
| N/A | http://hawahome.com/ | N/A | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\beea7915ef72be52e12f2631811b70df_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe955646f8,0x7ffe95564708,0x7ffe95564718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,9698584048185783773,16274405372648166258,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2264 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,9698584048185783773,16274405372648166258,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,9698584048185783773,16274405372648166258,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,9698584048185783773,16274405372648166258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,9698584048185783773,16274405372648166258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,9698584048185783773,16274405372648166258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,9698584048185783773,16274405372648166258,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,9698584048185783773,16274405372648166258,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,9698584048185783773,16274405372648166258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,9698584048185783773,16274405372648166258,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,9698584048185783773,16274405372648166258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,9698584048185783773,16274405372648166258,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,9698584048185783773,16274405372648166258,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | forums.graaam.com | udp |
| US | 8.8.8.8:53 | tags.expo9.exponential.com | udp |
| US | 198.49.23.144:443 | forums.graaam.com | tcp |
| US | 198.49.23.144:443 | forums.graaam.com | tcp |
| US | 198.49.23.144:443 | forums.graaam.com | tcp |
| US | 198.49.23.144:443 | forums.graaam.com | tcp |
| US | 172.64.155.244:445 | tags.expo9.exponential.com | tcp |
| US | 8.8.8.8:53 | www.graaam.com | udp |
| FR | 142.250.201.179:443 | www.graaam.com | tcp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.23.49.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tags.expo9.exponential.com | udp |
| US | 104.18.32.12:443 | tags.expo9.exponential.com | tcp |
| US | 104.18.32.12:445 | tags.expo9.exponential.com | tcp |
| US | 104.18.32.12:139 | tags.expo9.exponential.com | tcp |
| US | 8.8.8.8:53 | shab2002.jeeran.com | udp |
| US | 8.8.8.8:53 | www.hawahome.com | udp |
| US | 8.8.8.8:53 | up.graaam.com | udp |
| US | 8.8.8.8:53 | members.lycos.co.uk | udp |
| US | 8.8.8.8:53 | www.21za.com | udp |
| FI | 37.27.123.96:80 | www.hawahome.com | tcp |
| US | 198.185.159.144:443 | up.graaam.com | tcp |
| US | 8.8.8.8:53 | members.lycos.co.uk | udp |
| GB | 109.203.100.49:80 | www.21za.com | tcp |
| FR | 172.217.20.174:80 | www.google-analytics.com | tcp |
| US | 172.66.42.250:80 | shab2002.jeeran.com | tcp |
| US | 8.8.8.8:53 | 179.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.32.18.104.in-addr.arpa | udp |
| US | 172.66.42.250:443 | shab2002.jeeran.com | tcp |
| US | 8.8.8.8:53 | hawahome.com | udp |
| FI | 37.27.123.96:80 | hawahome.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 173.222.211.58:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | jeeran.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 49.100.203.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.42.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.123.27.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.159.185.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| N/A | 127.0.0.1:80 | tcp | |
| N/A | 127.0.0.1:80 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.tribalfusion.com | udp |
| US | 172.64.150.63:443 | s.tribalfusion.com | tcp |
| US | 8.8.8.8:53 | dpm.demdex.net | udp |
| US | 8.8.8.8:53 | aa.agkn.com | udp |
| US | 8.8.8.8:53 | a.tribalfusion.com | udp |
| US | 8.8.8.8:53 | sync.search.spotxchange.com | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | dsum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | us-u.openx.net | udp |
| IE | 34.253.116.68:443 | dpm.demdex.net | tcp |
| DE | 35.159.3.140:443 | aa.agkn.com | tcp |
| US | 34.98.64.218:443 | us-u.openx.net | tcp |
| DE | 3.71.149.231:443 | ups.analytics.yahoo.com | tcp |
| US | 172.64.151.101:443 | dsum-sec.casalemedia.com | tcp |
| US | 8.8.8.8:53 | 63.150.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.3.159.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.116.253.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.151.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.149.71.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.118.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4dd2754d1bea40445984d65abee82b21 |
| SHA1 | 4b6a5658bae9a784a370a115fbb4a12e92bd3390 |
| SHA256 | 183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d |
| SHA512 | 92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1 |
\??\pipe\LOCAL\crashpad_2280_QVUOMKYHOFQEVFRP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ecf7ca53c80b5245e35839009d12f866 |
| SHA1 | a7af77cf31d410708ebd35a232a80bddfb0615bb |
| SHA256 | 882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687 |
| SHA512 | 706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1cd63a2dcddbac89af770ef99fe4108d |
| SHA1 | 90d3a1670b085d432e031452f6750450049a3bc1 |
| SHA256 | b6a7e9a399c41e578ef9877c601d2a88c21c343f997a1d068499d249f98ea598 |
| SHA512 | 20b4ef304b6eefb70b57848746430bd537df5ee7f60dead68a4183e234bb8225b314981d70d7407fca9b15a5d81c350bd8f18fd69f5e86a8ef2418062558eb57 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d971d23009ce38ffa228e6c91bebddc8 |
| SHA1 | 5e6ae5fb43fc8929fdeb84192c76164c41555b8d |
| SHA256 | 09d778192c311b62e059b1ccdabe077484bd6a267e0a17d6fe4421767261cd8a |
| SHA512 | fe80f43c59cd78e80b9e026639cdd4a388ec868abeebe83c1e53c3b49113b8282b7fe6b2fb78445d57321b886677b449c8c80e6db01233508b38b014c97571d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 86f10466069e531fb929cc018b231c32 |
| SHA1 | dd4db738362e62730570c7416c5cbbad25f29d89 |
| SHA256 | 215d8225681a824541828fffa44d7fb6365b23322090b1ca3967a315bf9d5fbc |
| SHA512 | c5945ad12284c99549cf2b63d4619c903f667dc3cccd985cf0047c3e73f5387f7782108ece0267cb5655ba46b567cbed3f40cbb3b442b5af4d3dcfd160b376f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 29e0dee37619aa48f6491220009f419c |
| SHA1 | be7b394b8cd6fdef1e7b42357e60086031f9d5a3 |
| SHA256 | 67e0c344b508af043e84c6bd4dac3e6dffb80256b77ec625aa92f232efd62b9b |
| SHA512 | ffe719d89bc9e7185f810d66c49cdc3b33d1a149133bb252679a8390dc51be4ccf898a4bd237b2d2b23e870eb38e3839e4d0b0039e5e86e5067088142da3610d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d57aa00a94bd2624991bcac46cd8a8d4 |
| SHA1 | 8c64586fd501d61a484355d59d9d2082c301f0ea |
| SHA256 | 19fad4b699299f7358682c43a9952e94c83e75979beb57a07457054069a357e2 |
| SHA512 | 5947ce67b5aba086d63c2bd725b1742ce528cd33987c251ed4952d7acb0a7b251e12547d03fb936215a413dfb0b6592a29dc666d66cce46ac56d6a57c697cc8a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580d78.TMP
| MD5 | 1f160ebc2b95b9bc0ac43a8bd2dc26a8 |
| SHA1 | c3f0e087af8d390f7713e5c2e95f68ea46cc72c7 |
| SHA256 | 44ffbed666a0658b8d3fe0a4d614a0f6264b308f0116799a5b1b0aa3f15818ed |
| SHA512 | 8f9a1406e1b746afe0f208e71f343976a3068664982942d9a8322ebb6a207a41f45f1009d42c6f2b0f809cc3224f2fab6386dd3a52771721170fcd8563fc51d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f1ccf20c408e40290909788fcff84932 |
| SHA1 | 00b0626b6fa09f12b51c4758449f72e9c91846d7 |
| SHA256 | b14397ad448acb806230590fffce9aefc2f19ff9c28ece2f5897d97f2a5a82f3 |
| SHA512 | f0715037c4f540982b30ad3a334bb42a1dcb6cf66e90a72e4adf3c4b6f13ee2a3ea62e52ccffee2049157f434fe9ca495ac25080869bc5034456fa16b05e4c82 |