Analysis Overview
SHA256
ae9595cc083559175ee18c76fc4e9fdf1609ee1f2e66d2e45b64f38e1eec0505
Threat Level: Known bad
The file e88e3c089fbc7f8cfd85e26ae293ab73_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Socgholish family
SocGholish
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-12 22:25
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-12 22:25
Reported
2024-12-12 22:28
Platform
win7-20240903-en
Max time kernel
150s
Max time network
145s
Command Line
Signatures
SocGholish
Socgholish family
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 701b74dde44cdb01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0418E5D1-B8D8-11EF-AA6E-5A85C185DB3E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005266294ce070c74a8f67efaff02f408e00000000020000000000106600000001000020000000ce9d0e7bd48011d9feb32e41e5a0dd4e2a1c2883d36d295a39abc223adc5b785000000000e8000000002000020000000147057bdbaa04e4afb1920d9ff8bf3fb1afc6c8ec5d7c759f3c0e28f65036f96200000001c76eb13fc2746fed7c974f84ab88becb99b3e9c1264cf771e79de6977f95cfc400000008faf951c2fa8b943f46ef6eec8831827c21b99fc9d3370a1580514146b7588cc54afd33aefa8b20d0b6e46c6881dbd271fe86c21cbcd743821278005114c5f0c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005266294ce070c74a8f67efaff02f408e00000000020000000000106600000001000020000000545a4aee6c456286e1c2613259936c18775161de4084bbcf34136797d95ce711000000000e8000000002000020000000abc704ab3a0069eb69971030808618f34a0053172dc126aaa804272499cdacf590000000ea050b443d106fc145de5aeb31f698f6efbe00b76fe3b68043b213fdcd7e5aaff38fbfe9a227a658f30b500d684cbd8bc2f1c85ddbeb5d50d4245c1a310215268d88dd3f8e72b69905962809b384f46680b76f68d274c50893a171cfbdd1a93b99db1c6ca4314cd99f9de669a4fd05ce54b360af95110da3bc87fe36aa3609adbfbed990114e4887af75f2c20852ba1b400000003de36affcbe4970014c6c4b3b7b40463e25a618e63dec1288da73c7d00caf5d1e2f0b21d752eab40a6b31a1da33bf15fc87128e55ba57f7903b893ab4e017a3a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440204207" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3044 wrote to memory of 3012 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3044 wrote to memory of 3012 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3044 wrote to memory of 3012 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3044 wrote to memory of 3012 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e88e3c089fbc7f8cfd85e26ae293ab73_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3044 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | i1128.photobucket.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | adsensecamp.com | udp |
| US | 8.8.8.8:53 | static.inilah.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | xslt.alexa.com | udp |
| US | 8.8.8.8:53 | g2.gumgum.com | udp |
| US | 8.8.8.8:53 | twitter-badges.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | widgets.twimg.com | udp |
| US | 8.8.8.8:53 | bloggerpeer.googlecode.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| FR | 216.58.214.169:443 | www.blogger.com | tcp |
| ID | 103.30.145.12:80 | adsensecamp.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| ID | 103.30.145.12:80 | adsensecamp.com | tcp |
| FR | 216.58.214.169:443 | www.blogger.com | tcp |
| FR | 216.58.215.33:80 | 2.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 2.bp.blogspot.com | tcp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| US | 16.182.74.129:80 | twitter-badges.s3.amazonaws.com | tcp |
| US | 16.182.74.129:80 | twitter-badges.s3.amazonaws.com | tcp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| IE | 54.195.177.127:80 | g2.gumgum.com | tcp |
| IE | 54.195.177.127:80 | g2.gumgum.com | tcp |
| FR | 216.58.214.169:443 | www.blogger.com | tcp |
| FR | 216.58.214.169:443 | www.blogger.com | tcp |
| FR | 216.58.214.169:443 | www.blogger.com | tcp |
| FR | 216.58.214.170:443 | ajax.googleapis.com | tcp |
| FR | 216.58.214.170:443 | ajax.googleapis.com | tcp |
| NL | 18.239.18.8:80 | i1128.photobucket.com | tcp |
| NL | 18.239.18.8:80 | i1128.photobucket.com | tcp |
| BE | 108.177.15.82:80 | bloggerpeer.googlecode.com | tcp |
| BE | 108.177.15.82:80 | bloggerpeer.googlecode.com | tcp |
| NL | 18.239.18.8:443 | i1128.photobucket.com | tcp |
| NL | 18.239.18.8:443 | i1128.photobucket.com | tcp |
| US | 8.8.8.8:53 | js.gumgum.com | udp |
| NL | 65.9.86.120:443 | js.gumgum.com | tcp |
| NL | 65.9.86.120:443 | js.gumgum.com | tcp |
| NL | 65.9.86.120:443 | js.gumgum.com | tcp |
| NL | 65.9.86.120:443 | js.gumgum.com | tcp |
| NL | 65.9.86.120:443 | js.gumgum.com | tcp |
| NL | 65.9.86.120:443 | js.gumgum.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| ID | 103.30.145.12:443 | adsensecamp.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| NL | 65.9.86.120:443 | js.gumgum.com | tcp |
| NL | 65.9.86.120:443 | js.gumgum.com | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| ID | 103.30.145.12:443 | adsensecamp.com | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | i825.photobucket.com | udp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| NL | 18.239.18.50:80 | i825.photobucket.com | tcp |
| NL | 18.239.18.50:80 | i825.photobucket.com | tcp |
| US | 8.8.8.8:53 | r10.o.lencr.org | udp |
| FR | 216.58.214.169:80 | www.blogblog.com | tcp |
| FR | 216.58.214.169:80 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | r10.o.lencr.org | udp |
| GB | 88.221.135.113:80 | r10.o.lencr.org | tcp |
| NL | 18.239.18.50:443 | i825.photobucket.com | tcp |
| GB | 88.221.87.128:80 | r10.o.lencr.org | tcp |
| US | 8.8.8.8:53 | www.linksalpha.com | udp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 172.67.8.141:80 | widgets.amung.us | tcp |
| US | 172.67.8.141:80 | widgets.amung.us | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| GB | 157.240.214.11:443 | static.xx.fbcdn.net | tcp |
| GB | 157.240.214.11:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | crl.rootg2.amazontrust.com | udp |
| NL | 65.9.86.15:80 | crl.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 88.221.134.146:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 23.200.189.225:80 | www.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 84525ac2c52cedf67aa38131b3f41efb |
| SHA1 | 080afd23b33aabd0285594d580d21acde7229173 |
| SHA256 | ae524d9d757bed48d552b059f951ffd25a7d963ae44a554cb1f3a9641e524080 |
| SHA512 | d898b0913b4005bbbf22a5457ad1e86345860868bc2e53187ad8267c07824d592160a27d850978ebfe78392db784fffb80b73e27418d3a71708383d738ea1d57 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 3aaef53d56bbfa7b103cc21593b939cd |
| SHA1 | 525831f6d599e7c4d0e01677a5091f0a22eade8f |
| SHA256 | 5b69929632b1bb2b90b7bb4eac1c989ed2b45964f4c0d22ed8ca284038c5ffa3 |
| SHA512 | 273f2fd44b63435b982970b30b54672f221fc0fac08a09108d0099987e130adadc2e4fc5a0c14bfcd84dc9090ee76c820f0dbd9258d0279340ca3be71b851de8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | d997cc7c8abfdd15a2ce562cdbb4dcd1 |
| SHA1 | 1eb37517807f072ed207841a01e4bf547a0416e8 |
| SHA256 | a09e8a3151acad5969a7fa795b40986aada96259118c659c2fc951fcf1f81707 |
| SHA512 | 47bf0156e764ce4c1a5c0785e9791bd971e2f5625983744523d4222d6b82dbec980043bb8d2344f96428e49319d036e54912e600285f0a6ddb332f432cf0a206 |
C:\Users\Admin\AppData\Local\Temp\CabD683.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | 3d9948ed493ca797f1677fa458406b38 |
| SHA1 | 46f5f557c216d529bd925c96d285fa19dc77d2b9 |
| SHA256 | a521b587d7b931d09458fb096861afc8f5c4d9f56b6b84251cc0a05e374e8aa7 |
| SHA512 | 1d28294f34f95e50ac52d79aa3bd4c17f5fd6495225215e45d4a6fde9d130f61a9b3acc7b177685bd1b82b9268f31923f060e3aa0efb56b98774f0e165597147 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | 8bc896f332a06c8b0cedec8fdfe62bc8 |
| SHA1 | bbb51ecdae2cb5c94922dd9377b3bc6b10fe5334 |
| SHA256 | f8fb04e3fd080bb1e3010e34d65f455cdde875c816d40828207b4191b3e8432a |
| SHA512 | 78a0f151ae5206c323bc2f0b72640b3fc17bf31e7194f9bc52de5eafd94ad99a8368db957ea7c9fbd4fcda47c66d8a004ba6b4a224bb8a580f161581456cd7a7 |
C:\Users\Admin\AppData\Local\Temp\TarD732.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f5844118d279adfb75949273e4214ff8 |
| SHA1 | 66df674172a11cf6a82c039018053715875a9d41 |
| SHA256 | 9f24d000c83f2eb6ddfce3b00300b58c83bc4e98a965dfdfb2b3973ee61e65ec |
| SHA512 | 21d32680010309a044f913ececb06bf48871747dcca40b2a82b09218f5cbb0c9adc6306dad5280d74da402024f806df4668f0d38a5ff20a697d410558d18bfb8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c02f9631894d3dd7b868751dbd8f3db2 |
| SHA1 | 6b8e1c0a31465d5821584bbb8afaa4ab68dfcafc |
| SHA256 | 8f3ed050ead52cf97a05ed6412d5c25d1a7807a4350f75784f554f870989fde8 |
| SHA512 | 3b31fd5dcdfeee4a3beed114d62a937b2612da87cebbfbd68be1ec1e50fa0fb8fc881aa28472628d010a84cd11bbb739d70d4829dfb3f9746b9f07609d845033 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8
| MD5 | 2ba59909b24c92de41e489a9016f655b |
| SHA1 | 469f8e2bcea989f3565966c9d13a7afe130f46ac |
| SHA256 | 93605b8d001d7c0047a3eba27ca063a62c7929d7cc008abfbb6f31395cd968e2 |
| SHA512 | 7fe3bde2ce84b0016dca49461926e1279650fcec9cb6c92599e74fdcbb11fbcc3e94e8b4cdf0ef6402f024f3e72916617072e5e38f56490c2333f8689a54473e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8
| MD5 | a16e149a93948efbdded015c1327ab8d |
| SHA1 | a9a3d6e9bc7d9e7a3c59a7265d935e0c3faf8fe1 |
| SHA256 | b896ccda2b412c79e881512b6de535e42e3d1b0b2d1ef6a14184822e81e8fedf |
| SHA512 | 432d64e75cb59ff55bb32ef56a1f3c7a7c5633183b106d33baf3fe810dc1b959b2b3b178bfd61aeb71aafeadf227e67c36ac072878e74d98b0152efeafc94a0c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d76f8cd5bd15e806a48a2bb1c1f4046 |
| SHA1 | 9f8605ce62f29e4547a02ceb57ce1e31af8abb0d |
| SHA256 | 2659a53c2d6e2735dc4eeb1787d1ae3b206f66e797f315e2c9adc56feacb7947 |
| SHA512 | fab6b86495210c07852b75f3f5ba4b80d0a6c0cc18d58e8fa73514a0729decbd110dfef2fe55041775996d2f6ee9e01c7f0f92a0e58022546eb4f88b982f531e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 5a914ad4dd22cd9d4ebd598d49ac9d1d |
| SHA1 | c05c872bb0667f3cdfd3df27f98319f3018be440 |
| SHA256 | 6c31ea936d626e31fe59f17c2d3d1acd71b11dbf254f5954d8a4bfa16fea65d0 |
| SHA512 | 777fcb4164d8d5da7906be47cb3fbf2e56d995ef4fa8ac27ec48f65901670cb8fc9ec06b66f2ae851e136ca86c20c1950f5d9f28998dc7e49f26f4437cac90d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42e70e9a9a2560900c34b418549100a2 |
| SHA1 | 731004dc209fe1e7be4a20657509a94c5112ba1f |
| SHA256 | ce3daeeeec23f09a8d4056690ce05a06fe8950d94b08c6462a5c63d7c7566a6e |
| SHA512 | 6db73c0c33c9dfe2a242cf296df899f1d7d6a8d41fe30ffe37cbfef32b70bd1b55e6d8ff485283ac5262290c12ac0d5bad80d56108650100221a0d9db55d2fb3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 828c9208b9cc9a65a50d16497b915c0c |
| SHA1 | a436fb736831b120e8e2958943f8675d4ecda093 |
| SHA256 | a92a9e7c6d537f355b8a88a4b18199648a0a00527a37be702390fb8b947b37d6 |
| SHA512 | 170180cc060e1276e141a461bd2720d64a709bf3c38a1ace13ee43c86bda849bbe02a8b910585471be13d4dd9b929100cbecaaa47ba9703e982a1b72822f57b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b40440bfe8d4a95f3a04c55d9d77ee70 |
| SHA1 | 45ac40112f3d0f33e019d4ab4368371b42227267 |
| SHA256 | 60df7bfc5cc9811f700711a78a582d05da06f8720805bc5a2eaf8cb2bf05fd6b |
| SHA512 | 5fe6b8d2f170ae8d08a5c4d834edfb48eb58c7ee2f1e12336903120decd7cbcbc40d6993d7b5b276700bb0a2e090e4a61b3a8219eb35ca49abe277358653aa1b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 918a43af75aa76c18782eb260ad5bd9d |
| SHA1 | 2c4e9e1bfe55c6704bc44e3aab9caccf2ccfc8b9 |
| SHA256 | 039715bfb090ad85355e1c3534a01489c799e2ae36b3165b171d9a4d171e7490 |
| SHA512 | 2a796a2998cf7463fd95491982d3344237041bd10c3878d94925e6aa51c312125ba480a2140f497b2a3e6300bee907b5a37a3dd66f4d48e34cbad2cbcdff4bab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 375ae855141f3e4d5967c5bb310b81f6 |
| SHA1 | efac296bebb28bb7d66bfc4e255dc66b877fa6b1 |
| SHA256 | 4f7ca0575fc9b41d9bc3603e39e711830fffee4965e269fbe5bc4864decffaac |
| SHA512 | 91624b197d9ba0fa452ffcaa0f3ce92c97976de3257abd3f6d9822a159a563fb6532408e64828833d57db30032f92e6dfcbadcb90572c83f342bf09b6d26de76 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 206b1236dbcd29e8785be7f7daa62851 |
| SHA1 | 87c75a8e196cd5c11b58e78e678bf4de7e5d5976 |
| SHA256 | 784d12bb34156e449c1b286ed621291697685353cdd077f3315d81f737163b1b |
| SHA512 | 8ab23de0458980463c5071ab3391ebfab84be8c1339998f641789806a92afb82778566c7fa812a1c613ade5c9c3d2ff55119423f8d0be41a1a02ef8fe1507a54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
| MD5 | 1d2011418bfd869f7d540c9dbcf12441 |
| SHA1 | 476f9a865df96b7ebf2392ea097913c07e09d7fa |
| SHA256 | 2828c7e29e497294b2500f0382a8d2f96be414be90f894aefad2e282822f9127 |
| SHA512 | 3fb1652cce56a2715985beff7f621ca2ee6c738d3ab67fe776c415528b0134b0db8ab4006822260419a86d53d3abacfa5e316dfe79acb8ca36efb12d6cc6fe4a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_D1CACE8B8F535953C3F7CB165CDAC369
| MD5 | 77a790df0eadf1cd5dcf3be812e6b972 |
| SHA1 | cfb5f0964b6d06f9012a52d318e354fbaf236160 |
| SHA256 | 6dee9eeab017639d8b79557b088574a948d12b2d5fe6f92f15f0f16f85a42339 |
| SHA512 | 7160f6b38d9ff1c3ca9840a11affb7871c8291802ef8c432483e9606efd8055ed763ec12bea3dbfc1adb124853d4eb33ccf8cf5a6236d93f2a35771428603e60 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d9cff94bea9e4b443f97012c41f07105 |
| SHA1 | e204d16820275352dfefa56275e60bf41acae5d1 |
| SHA256 | 2539965322e9f806377cccdc080661290201d27b1ae6534ee5498e7c3fa984ab |
| SHA512 | 36b54b63495307e5055858a18ec46be190574c980d592113eca9b89b20ef206065d1c317ee004923df2782cadcc4318f625a14a3e948864911c7a0f7b45f7a67 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f866776a3df533515b8e0d2068275eb |
| SHA1 | 8507d039d7432cbdfc9082e55a33b02889021098 |
| SHA256 | afcf0f5be97c3d204a68cf57ca40217e12dc43c9fa59e6461b3cba86df0839b8 |
| SHA512 | 8373545670069d171f765e935e291c0aca662dde1f4a3747bf7d793929992789a53d66f95b0143ccad278ff75c81f5cd363d3c445846c3600270974a7122dc79 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed220fdf96435fc8a608988891696574 |
| SHA1 | e7b7ed41bbf7e3cea11feac8a1da9c6c8bf69c1b |
| SHA256 | 7392ae7064104c3162e423c9cad34bc6bdb5b3cb75736b3e0f0c673b0aabc52d |
| SHA512 | c8aaf8775be598925fa2d7d1b462df29f357d29cc8b803137e5b82617cb1029ba43c7679676128418e75677edeb5da0bc9b920c64361755ef8b90870525666de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad5d21c2f7c354388bf1f40bc626e3e5 |
| SHA1 | e4beff94c1bb55d7f9bda784f547c8e493aeab96 |
| SHA256 | 5553a545c56c57cdaa03bbfdaa6d75f364260700799a5a101b0bd5f1c46000ae |
| SHA512 | d330cf6ac00e72275704e2dd8fc15c855a62e4b449bc85496f09029fcc95ccdebacce22d90c4f37b3964cf9ecf7685c837fd2c649e9780b7920a3c9bcec83942 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4875d8803735400aba5e497e4f0c4f2b |
| SHA1 | fa1d7179bc53fe2b6a2f909bbdba94a5a397b0b7 |
| SHA256 | c6f547963b8d344d000ba56225c531eab508755a55a536eb20596650a691af09 |
| SHA512 | b8203ba48cc0efca50f040c1bb786ce001bab0fa1a44b730afaaf9d7cbb08af358d2fd9c9942fc2f6755c255bee8a735625232eecc63fcfc640b8a93f0b1632f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f6041d62ffc97473d9cf5468ff4468ef |
| SHA1 | be41e4e2b17ea445ab5b7c414cc7eca387814f8e |
| SHA256 | feb6e46e3a5bba40ccce85d72c2e9503e0c5bad2f134b53f47225f5aa349d97a |
| SHA512 | 8bc65b79d7fc47e22340b6271cd573e642e1d101715e6f6d41e978f44f169e744b1c2eca3631d8920b1782a72194d654cd33ec3d3887042a995ae9267ab99b7a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e09f4f7b9d3627936af96d32637271c |
| SHA1 | 7e6a326ea99308eb68b3d6f7766f4930310af174 |
| SHA256 | e8541ca3fcdf625ebff6f09c95036647d1dd9c376ab5709196774bdee8d261d8 |
| SHA512 | 707410ca87d0df19e23692460fb3bbed8a31ffc7e4445f6986e02eae3d6078b5f85f00acceedff4528fa9f69cfda6fed9a6dd5185a7c7212a1447b715e20106c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 555bdc5a9ad4d575c26162fecbdfdd85 |
| SHA1 | 2bbd2625726e12d5efb76802d9d932ea2a90c3d9 |
| SHA256 | 14833860c2a0ed4baf00069c319d27954a602e946a9af8da6937c2e68c053f95 |
| SHA512 | b1a1843f1dcc5a16a2ff63a762e49a90872e0bd47411a11e1681aa3489a95d53468a88d59545ab625a606f6c024e1bb1d07888e5aabfe09c1fc86c68b70b3e38 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 51b674f980617fe646c5e054631178aa |
| SHA1 | ee1ec6d0bb6885b452c0133e77d344ee62160c0e |
| SHA256 | 6d7e63af453626d46cf2cd7ced4b7bdb9a7bd0923c9bf97feaf2fd261c9c6ca6 |
| SHA512 | 526b37a1c3849df24d4235da9eb2576113b39ac999f4bb937446e724a0268be14bf51a0cbd3b0a968f82f02ece126d21dd9ea030e3a25367c414f0d7d647543b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 351b2a65c3b4a12238f9ac379317c7e7 |
| SHA1 | f7b715a169c30fe663a08b6beacc2632b8380358 |
| SHA256 | 8b23eed219b94a58dec0c578c1952dee6b306032899a9d998e8f8586371e9d13 |
| SHA512 | ae24f0050fa00a9603028722c909e3d23bf63d1904d8290982f708cc98266c5a0ed94ba8594ec27b30610fcc9a848178e7a886bc2789d882f096c9ecdf001e74 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 53a4c925e4a60eb6e3c51af4047867bd |
| SHA1 | f8e4110669afa8992bd4934a0c2dcafdcd2df7fc |
| SHA256 | 6d8d1606a3c89c5129f74d9ac50ecab73e64b53b277ae4a5c9e5791ce5096db7 |
| SHA512 | 6527abf0cdca10422b81c027be47769bf4bb3274095a5743424b5b69a5398b61393319e2ec56c83b9f05178c13cca315c64ac03c06fec65a37db7d1b91f5a27e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b1ba5c65d8831dc3d1d68f9cc4449ac7 |
| SHA1 | b7d9b8a4b12c2388e3b67957d5e67e3e80ecad24 |
| SHA256 | c1c44b909674c4cc1ed1c47b586cb018ce66415df97f469f9b559edb64e9ee8c |
| SHA512 | 2324906d92184057960e7278be065296aed977cea0fa63fb0be04c35b09dab721d90eb7c5e62cecadb3223b28f47af47428b90675e0e3d531af3278aa7ec99aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f03e0102802e5d4c6b44f453b176b266 |
| SHA1 | 16378d84da317f63efe34c0468ece0c1fca47a4a |
| SHA256 | 70ff0e283264c1c8be602fb880cfaac397df957259cee8c965ed677d2552a8bf |
| SHA512 | f9841a015f99b8770529c7f73a3a1282d6aeadaab9027803a78987739277b181c74577ae9f33b474ea0470dbfaa277624bce364a1169b460f9aaf61c2df5b1f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 139a9924e0df82fca557edfa371ba6e5 |
| SHA1 | 5bacfcb5a27df001a1bd2ed7fe222eee0e3d4981 |
| SHA256 | 42939bd6f5bf19362f48cede816b9e4776967b7f2195b842af77d689790955f2 |
| SHA512 | 04ddea0feb8524dc7c0677eb4c9a40499969bd24034a820293f9ad77ced653f215adeeef37b083809b308d64986e26c45d61f75fa7d97c4d366d0aba5db33920 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1442498de008c41fa6b634afa5381e3d |
| SHA1 | a13a8a1593745cef73fafe5a99b144a941a6acb2 |
| SHA256 | 77d37598347fc01639c4a7d7cef78daa62991bfdfdc5773f702814f46bcd2294 |
| SHA512 | aa03f49a5f64122604f81e6bfa4fc3131bdb1b174925d81e8c7a7077c1ec749049c51d9ff2affa1981c22ae870566e6ccb90d01dc17ab2f9ccbae3926e2ab646 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 2c8205ccb3ae877d730f1ab85af3f4cc |
| SHA1 | f74b9c195b8b5d09e8471dbf91f5ab299f5519d2 |
| SHA256 | a2809ac7a72a12a53aa813096654a136cda8404b3d5399a4eb1ba85dd42be157 |
| SHA512 | 1f565c91c7cc9c80fb508df6e59bb1f249143d5af2b21fe725534efa66883d08ff9c9885006ec0ea378343bd1e2fb71871cf24d4762fb0cd7eeab3a54fec3335 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c4f3e40ae8b477389530c3a5baf87bab |
| SHA1 | d361eda4e46dd6a98e8c97bef8e803769e1bc985 |
| SHA256 | 55e4af974bbf3d25d941eda179a4a6ed5237d4c65c769851005846696485d193 |
| SHA512 | 92476d8a6ce8fcf0e6b67e58a498957c747b12e60a2c0a6d0e1c94975dfd58ff63d269db71dc041a401b6c1f95f6538850a9747bcb0154f0f8abe43b0fcd9d70 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40af3258659e6cee101f85463e1ef781 |
| SHA1 | ce42d8696ca3a74cf9463c24f4d620c8477b6381 |
| SHA256 | 0078be505df13dd75c6756941f36dab2f781e09a873ea760da509bc1dbd82087 |
| SHA512 | 0f46357799222c92b61eb1c2ff5330408740f0354be123349549cb462912e293836b085e68e5c60d28f812d3ffb1c78735dfce43849fe098cb77278090b67b4b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a9cc8661fb041200fb08d40b335fec8a |
| SHA1 | c3321ebca351538bf2f3e58dad89380eb2cc7394 |
| SHA256 | 795a635d7980802a9bf805fbae951d89465a685ff1714e6c73883c35804eedb1 |
| SHA512 | 1325dfb9a14f1b97085c092c003b556584d15fbe291046e81422b9ef8d3287c40c8ed3b56212336275aca0241152a6000e1a40b33794b0c7e0147321d7909a43 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e06e08fe37fba0ce44feae71771fc681 |
| SHA1 | 16a4f0bb838aa21c82144e14c991edf4d3f6d2b6 |
| SHA256 | 652efdef75ec3599b4643ff834b1f2d1b734da8b06dc930e12ac7735a037caeb |
| SHA512 | 2f868e4d16eebb11085edc5969a58a325f0543960e29d7dc2d5711c2f9b55f387708cebfcf4be7a08c161ce6ee28c46dd884dfe8c3999a458e0206be7d0dc7a9 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-12 22:25
Reported
2024-12-12 22:28
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
147s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\e88e3c089fbc7f8cfd85e26ae293ab73_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdcccc46f8,0x7ffdcccc4708,0x7ffdcccc4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,11486003309192818051,11309920833967528334,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,11486003309192818051,11309920833967528334,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2496 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,11486003309192818051,11309920833967528334,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11486003309192818051,11309920833967528334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11486003309192818051,11309920833967528334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11486003309192818051,11309920833967528334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11486003309192818051,11309920833967528334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11486003309192818051,11309920833967528334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11486003309192818051,11309920833967528334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11486003309192818051,11309920833967528334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,11486003309192818051,11309920833967528334,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,11486003309192818051,11309920833967528334,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11486003309192818051,11309920833967528334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11486003309192818051,11309920833967528334,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11486003309192818051,11309920833967528334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11486003309192818051,11309920833967528334,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,11486003309192818051,11309920833967528334,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4976 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| FR | 216.58.213.74:443 | ajax.googleapis.com | tcp |
| FR | 216.58.214.169:443 | www.blogger.com | tcp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| FR | 216.58.214.169:443 | www.blogger.com | udp |
| FR | 142.250.179.78:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | adsensecamp.com | udp |
| US | 8.8.8.8:53 | xslt.alexa.com | udp |
| US | 8.8.8.8:53 | g2.gumgum.com | udp |
| US | 8.8.8.8:53 | widgets.twimg.com | udp |
| ID | 103.30.145.12:80 | adsensecamp.com | tcp |
| ID | 103.30.145.12:80 | adsensecamp.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | bloggerpeer.googlecode.com | udp |
| US | 8.8.8.8:53 | i825.photobucket.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | static.inilah.com | udp |
| US | 8.8.8.8:53 | i1128.photobucket.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| FR | 142.250.201.162:445 | pagead2.googlesyndication.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| NL | 18.239.18.8:80 | i1128.photobucket.com | tcp |
| NL | 18.239.18.21:80 | i1128.photobucket.com | tcp |
| NL | 18.239.18.21:80 | i1128.photobucket.com | tcp |
| FR | 216.58.214.169:443 | www.blogblog.com | tcp |
| FR | 216.58.214.169:443 | www.blogblog.com | tcp |
| IE | 52.214.135.164:80 | g2.gumgum.com | tcp |
| FR | 216.58.215.33:80 | 2.bp.blogspot.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 216.58.214.169:80 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | twitter-badges.s3.amazonaws.com | udp |
| BE | 108.177.15.82:80 | bloggerpeer.googlecode.com | tcp |
| US | 16.182.108.81:80 | twitter-badges.s3.amazonaws.com | tcp |
| NL | 18.239.18.8:443 | i1128.photobucket.com | tcp |
| NL | 18.239.18.21:443 | i1128.photobucket.com | tcp |
| NL | 18.239.18.21:443 | i1128.photobucket.com | tcp |
| US | 8.8.8.8:53 | js.gumgum.com | udp |
| ID | 103.30.145.12:80 | adsensecamp.com | tcp |
| NL | 65.9.86.102:443 | js.gumgum.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | 20.49.80.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.18.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.18.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.135.214.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.15.177.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.145.30.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.108.182.16.in-addr.arpa | udp |
| ID | 103.30.145.12:443 | adsensecamp.com | tcp |
| ID | 103.30.145.12:443 | adsensecamp.com | tcp |
| FR | 216.58.214.169:443 | www.blogblog.com | udp |
| US | 8.8.8.8:53 | www.linksalpha.com | udp |
| US | 8.8.8.8:53 | 102.86.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.39.65.18.in-addr.arpa | udp |
| IE | 52.214.135.164:443 | g2.gumgum.com | tcp |
| NL | 65.9.86.102:443 | js.gumgum.com | tcp |
| US | 8.8.8.8:53 | aba.gumgum.com | udp |
| US | 8.8.8.8:53 | c.gumgum.com | udp |
| US | 8.8.8.8:53 | gumgum.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| NL | 18.239.36.106:443 | c.gumgum.com | tcp |
| NL | 18.239.50.48:443 | aba.gumgum.com | tcp |
| US | 104.22.75.171:80 | widgets.amung.us | tcp |
| NL | 18.239.50.53:443 | gumgum.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| BE | 108.177.15.82:80 | bloggerpeer.googlecode.com | tcp |
| US | 8.8.8.8:53 | t.dtscout.com | udp |
| NL | 18.239.83.27:80 | crt.rootg2.amazontrust.com | tcp |
| US | 141.101.120.11:443 | t.dtscout.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| GB | 157.240.214.11:443 | static.xx.fbcdn.net | tcp |
| FR | 142.250.201.162:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 106.36.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.75.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.50.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.50.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.120.101.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.83.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.214.240.157.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 157.240.214.11:445 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 157.240.214.11:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 172.67.8.141:445 | whos.amung.us | tcp |
| US | 104.22.75.171:445 | whos.amung.us | tcp |
| US | 104.22.74.171:445 | whos.amung.us | tcp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| FR | 216.58.214.169:443 | www.blogblog.com | udp |
| US | 8.8.8.8:53 | kencew.blogspot.com | udp |
| FR | 216.58.213.65:80 | kencew.blogspot.com | tcp |
| US | 8.8.8.8:53 | 65.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a0486d6f8406d852dd805b66ff467692 |
| SHA1 | 77ba1f63142e86b21c951b808f4bc5d8ed89b571 |
| SHA256 | c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be |
| SHA512 | 065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a |
\??\pipe\LOCAL\crashpad_3212_LUBUGZFWHVTUYRLH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dc058ebc0f8181946a312f0be99ed79c |
| SHA1 | 0c6f376ed8f2d4c275336048c7c9ef9edf18bff0 |
| SHA256 | 378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a |
| SHA512 | 36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9312f4b9dfadbb2df103e2165e198f10 |
| SHA1 | 0c6064e067806e80b3b88ee20f79fbf63e2977e7 |
| SHA256 | 556bc720c3b4fe6a14010b88ad673486710de45ad7f6bb6d231f9ef0ac01f020 |
| SHA512 | d4ddbe33936377f24b47ee4df8af3c9e0dbd9b7d282a2f2fec3eb025c6f2b7b1ffe88024c5b0b937805284d51474f4d9593c4e1283c1a5f4f2a28a11be4482e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
| MD5 | 89227c3022039a08affb0601f35d09ae |
| SHA1 | cb635db23a571c62e6b5429efea92a477c6863c7 |
| SHA256 | 6efd8a897fc70d1ae105bd3743b0dfb0dd9631c9076e30b03b952792fbde02e5 |
| SHA512 | b1371cd7370595c3db6fc7f11775e073b051c3e778bc6983007fd86a2f5bfe338d3f46cb716c17ec19fe7991455e4345c094ec7180a13cbeda455fdb4acf833f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1f0dfda9abfe4030d151e888a0779f5d |
| SHA1 | 058e5f097725a1426512c0ff3757317d601591fa |
| SHA256 | bb44ae52fe18b85aaa74900ec587b72fed76f9d0fb063f4f2119d146e9d5b8df |
| SHA512 | 41c14a06dc6e1457dc3c7a65f43c0df9769bb08b7f9d751c74e0f0b4d43f2c4989d181e9e8aeff85024000c89aaef3f3c389afa024d8b02a2c6c0b3048a38b24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6d2641469deea59e0085dc0df2f9c133 |
| SHA1 | 75d5ba6d850e64f08d7e97d09f1b6725368b7dbc |
| SHA256 | df756729bf5de0b2307320324a248a0f58fe8778d57f983e8b8cd82cf9537b77 |
| SHA512 | a80c67bb87163a8627c31fea0cdafa4fe1b9b58972ad53c7aa7fd723c03f372ad6f9f68c31db19b38cd6011226fddd9dea80f5b92bc034c88413e65a1351f680 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0b2312c25c9a6d4adf0517d90ce8387b |
| SHA1 | dea8576689b9cac3bd531f4ae4717a7dcfd80fc8 |
| SHA256 | 72629ba35a67b18c3c25ad3197d6358cfdf2117e3e828a9a0737da1eb2a0a112 |
| SHA512 | b5eb0f754a4747fec2b5bb737604347674888453e5d97c04e635d4ddfe3fa91708e971d2a3d14babb187edf739065201ab59732d4f948c0978c398bc3037b0c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0345453d72578933e8ac732811aa1697 |
| SHA1 | b9a4a61060992327e4da95aaec792aead31f3829 |
| SHA256 | b9f63874c7319849ddc0fd9e97d036197d3fab48ba2cdf9041e288eac386551a |
| SHA512 | 66ae378f19a79663592f74013f12e7ede9a5af30944811d76c3ef9f8710d8b4e089164e92934d208f97228b87f39eda88bdce68b931088a3cc4b225660cca1fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f510725615d5871b48377dc7cdcbc174 |
| SHA1 | b1efe082f0c50ba017dd6a48ce3ca097a37325ac |
| SHA256 | 3efe74adab7d542ba5043a80d7649ff2faa5f14c6da8466ee7e1aaf174f4e251 |
| SHA512 | ef0633eef367dd8b9f8f5e0076cb26ab8516421d2cbd1fc74725bb2b0d97f1e59ae259845fd311af59827aa7041f7a61f6f802f1ecab0adbf708a5e7ea7fbb76 |