hxxps://www[.]lumen[.]com/help/en-us/control-center[.]html

Analysis

max time kernel
107s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2023, 15:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.lumen.com/help/en-us/control-center.html

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 47 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a07bbe79b265d14db3b0aa02a388214700000000020000000000106600000001000020000000a4bfa6fdd42bf936e9293ea3ee7fa48b34de5fea5083bc6611bf5fbbece86a39000000000e80000000020000200000008cd9cbdde403fdcbeca9e89702539891b4d075ffcfe45e87163a7d9330c8a8592000000042e715de80f1e48150e219cfdcb64f15c11bb9e8bad1cd16243815eed062d8e940000000885d6cb7828667da87916fc473054b08360de336807063e0a394a42ff35ca4c802443fc2e87d468f742210ea2ed59dc470d667251d777af9bbd375f3fbd139d2	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{C9777D73-1F38-11EE-A61E-C268C3D2EB56} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31044421"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2666556994"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31044421"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2843448565"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2650774595"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31044421"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2650774595"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "395768901"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c038489a45b3d901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31044421"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
832	iexplore.exe
832	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
832	iexplore.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
832	iexplore.exe
832	iexplore.exe
3944	IEXPLORE.EXE
3944	IEXPLORE.EXE
3944	IEXPLORE.EXE
3944	IEXPLORE.EXE
2036	IEXPLORE.EXE
2036	IEXPLORE.EXE
2036	IEXPLORE.EXE
2036	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 832 wrote to memory of 3944	832	iexplore.exe	83
PID 832 wrote to memory of 3944	832	iexplore.exe	83
PID 832 wrote to memory of 3944	832	iexplore.exe	83
PID 832 wrote to memory of 2036	832	iexplore.exe	86
PID 832 wrote to memory of 2036	832	iexplore.exe	86
PID 832 wrote to memory of 2036	832	iexplore.exe	86

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.lumen.com/help/en-us/control-center.html
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:832
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:832 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3944
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:832 CREDAT:17414 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2036

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
f861ffcb9b3526e7ee24c38ab675e58a

SHA1
e3987086779a67e0b6ee225b243c7316e7c41490

SHA256
a02ed0cf35c58f1d72a46fc55e86e724ae797505c2f47a7e7fe51f58bab06906

SHA512
fd3e2acbee33afd9c32e43ac3ae163b51d8f35a57a28b3956a745c7dbd25932a54d9a4d480a2f730683f807e37f2bfb230ddc6851671caffbeddc7eb4c66ec03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\59D76868C250B3240414CE3EFBB12518_C23869A463A81B1B5012B36B96F15A63

Filesize
471B

MD5
9c64dc5abcd1cf6cf8b7cf30b7e7e446

SHA1
05b87aab660d6328702e91cf6a07a991861662e7

SHA256
a1d9f7f77b0cb97039d54aa64c1f7f4f1f8a15d50ba0028c0c5f235a20802cd6

SHA512
453edcb7b34927cbc630fb95515361700408ed54ab891c157bf274f919e95b0069474502710c23d6c7a93809b2b982710088af6fda8c86d0db67063574c80ad6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
a7d0d94827a3b98fcb23b1234aae2b03

SHA1
7edf4dad7e95bd2d8a85bc85602065a3c26d1563

SHA256
973eff9378424d9bde32d5fcd6fca0cc3133abc1ba790cd51485136c0af10060

SHA512
71d29df26d4f19b12711344bc890fc68f4019214a06fb5ae6006b4c040b12f8972c91b4706f756138b4bebb2aefc4845424cd57eafeab443c29cbc4c9f69bd4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
2KB

MD5
de33be34cf36f35bbd7ae16cd4bf47d9

SHA1
246958ef53523336a9a703588fd5ef6e3f2a2b37

SHA256
98393cd2015cc6ccdbb21aed505e7b65d062e5d5a2531e15b3fc1ed4aab29c11

SHA512
dbf9cbf1fc60feb96b35423704373228590c59c1b282772e45b04872d0fb32d990d9d4977956bae188f4e096fc9f9d713e486b08892a32f65953049746555251

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
1KB

MD5
3fbf97788d7b0b2df93056c04afa262e

SHA1
c8e479927d0f9f68effc7e00406db6406a2c43d5

SHA256
251ca17d262a33ef8dc91d1f0651aa5780c7ae503f6c9838a813d99532112d56

SHA512
7227b4d1c922ae40dbbe4962ac0eb79413532b0baedaf08366da96b3593ae13bf079a87edf90170fdaa5465d596dc9ef7c5a0ddbf651a601e79e2b40345bda36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
aa62f8ce77e072c8160c71b5df3099b0

SHA1
06b8c07db93694a3fe73a4276283fabb0e20ac38

SHA256
3eb4927c4d9097dc924fcde21b56d01d5d1ef61b7d22bfb6786e3b546b33e176

SHA512
71724e837286c5f0eb2ee4ad01ac0304d4c7597bb2d46169c342821b0da04d8597491bd27ef80e817bc77031cd29d2182ccc82ef8ea3860696875f89427c8e0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419

Filesize
471B

MD5
e8df46369a39c5d46ad8ca9f01bd7c96

SHA1
0ea3680ab4c4701578d850f3f4842cb4c4d4f46e

SHA256
ba6fa340fc304011c7da99d0616fbd31d865886363540499c1cb6c1436ac6eef

SHA512
611e5d32f90d32634116424d8b0aec9eb07e13111834417262acee589e50196da3496300dd549a36a02eb64b35f8fe3bf65b565d3532b0206fd4d00786039f2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E573CDF4C6D731D56A665145182FD759_972728B485A9F945CC2747A5739A7C98

Filesize
471B

MD5
856a6f7530b4d17a3d8cb712b9d40cdd

SHA1
a6083687a5bdb6b89063be68a3d986d18f3f3c15

SHA256
959d19a20370e9114948b91fe2e91432b61c07e59a4b2b6f93cbcd5c0e94a3a6

SHA512
ee0047ef692121682ee3203ffcde23ccad75126410ee3bec820654d0fd152d42f7a6ca4187fa7b12835ff9be60618d1c1c691cea65a200b479cf7bc49f85e4fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_8CCCAAF453E2BC1BE9F5F49170752275

Filesize
472B

MD5
788e37866b9abaa24edb64f5e2f54856

SHA1
d0da400f927db542f349f094842ba2efa961921f

SHA256
5f8b5822993d9149b79e3bf28029da8e484451bbe8f2a73253f2238fb5222b85

SHA512
2fad508fbb71dc05efe254176e726d9a3ebea276f53633abf3345ce64cb8dfbdce0b7ba073f10122499dc5f4029288c6cbfb67c9da1f23191873416ddf5d34ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
a79a3c1e15afa28f027523b097391422

SHA1
4ee9f5eb9be853bb4b7000595418eb1ec43470f2

SHA256
a2e54043bd17b731e8dc571282a3a4ab19b464106457d8cd7159a3ce921cab79

SHA512
e0e31b741498eca40c7b8a9191162c3118bd0a7eb13b838754ce4a737ba0c9e85d9e01320b5b2d0b19567c9ca459a2647156b78dbf9b3ca2c1bef9e3efaf47a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\59D76868C250B3240414CE3EFBB12518_C23869A463A81B1B5012B36B96F15A63

Filesize
400B

MD5
248723008597593cdafcc12121530553

SHA1
0a3913e284ed3e910105955660405b01aa778dd8

SHA256
c071a25e278b22a2ee5934d26121e4200ecec24c67633d39c48f25cf2dad8b75

SHA512
54c046aea4389a81d1b9f3d1873edfb223e51d3bce65951bc9cd22d7673bfc4bcad7c3293bd1a49d3863a72e0b7e5cd65e7bafc75fb9b4cad22cf527e927fb96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
bad9a2b0a2081fe0dfd17e673b76e1ca

SHA1
42dd5796ba5d44183f80101ef79dd058ac352c02

SHA256
e7ee8b2f6b08ffa197919b47a96293c9ec7694b40c11779cfc286e3b8ab49045

SHA512
dbc095aadedb719d7d9f7b4b6c6073e3f41d6c8030c6fc8e151377bfd06d363c45f452b52bd72a62408548796acb289b00e20bd639c6850029a5449bb7b149d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
458B

MD5
1aa8343600b3759948d4062f43e4554a

SHA1
43b43e3874e80406a7e335b496a8c72f2a82f8b3

SHA256
fb10f3ab6b088d30eedc3fa40d4fb133c7a8f73493e68dfe4d950d7a9f100071

SHA512
46336ebbac7a56be3c1df21f5accbc13e04121ffae7dc9147b80095a6236f6e0e011e3d1898bc7b112580de107978816d189960cc6d8f440ef4f076a5ec7e1bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
432B

MD5
5a562c7f211a71725713b496563764a1

SHA1
88e0f19a51b10fdbc2bc4f6d87047b390a337adc

SHA256
84497647d340179d8c831c2102f0c20ff7d6c844d356d92b839cdca9e7ed6c4e

SHA512
2648092b36a87b2b218e4c767c8d44c409d69fe42141f25d973e9214de6706df48d6221acdfcf0d624974684df51515f8e36d8ee20ccfc62b6b6422363811a75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
c07048ad0bc33facb091d6225fbc0d65

SHA1
22a3cf9d27c58634da1c074b95f25f862a34ed75

SHA256
06b885bc42d3d4c874bc43b9bde1dac46dbfbc368fc410815f557e1d88d96004

SHA512
5b728beda108cc17cc020c8b1462a7752a33c7789f40de82379e72678b8640d4735791f25c8d09611568128e9ae6b7ef722cf2e17af46a9f2a70907de0ea17d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419

Filesize
412B

MD5
2ef0bbb8dbd32f03de1a24c4e2c9529a

SHA1
e5c4170c1189d6f756903092488885aa66e2898b

SHA256
d902fb32a350d238b1255cb6d4abe8314c08f24ee36f00acb2d1857fde537061

SHA512
009701fea641fa318185377bb912c7bc6b72cf99dbdece6d4faa8756a314c7f5f59ac5b68ef968a71d671deeae04c60d15365ae1223e0b887da29983f1cdf0a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E573CDF4C6D731D56A665145182FD759_972728B485A9F945CC2747A5739A7C98

Filesize
396B

MD5
790305e608bf63f0e4064a8f89a26558

SHA1
7e52560ac3e5c60ef6600b8288cdf36ac7e2b8d7

SHA256
353c3c9bd52938a7476a84f72aa338e865cea6108c53b9f6438e7b4bd670c5fa

SHA512
36d1197c64b4cbf7f57585932bbefa0e804f915d461dda650f4945fb60f3fb888855e2992017d3ec223bafac702d54231425c6a0fb38bc8fbbd37c84afd83398

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_8CCCAAF453E2BC1BE9F5F49170752275

Filesize
402B

MD5
1294c3968a6f166c79edaa3f1728951e

SHA1
eb8fd88ffaf46227d1e7c91e2f4a919c26800449

SHA256
db5f01a0052214a5f3a38a38affbf7687cb03b4b59bb5222b9d8ac48f21d50a1

SHA512
2d740d16a6fe0a26480ea0548c3094603caca3a70cd047f7d4163c299b6d7fbcce0f7b08c5f05b8a22cab2e357d636c6c8c6e9cb903dbdefc895ca43cf4f700c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\qwzqiba\imagestore.dat

Filesize
584B

MD5
b1e5f7c8e7693caa5e458064831b8038

SHA1
15fac32065c346720784d7c89ac743f320634b4f

SHA256
2285ef439ab16d6b5a71f8e21a9e3104d0bc8c1bd747bc0fba0869ec80e5cdcc

SHA512
80419377963dfa1804fdbe2aede92179bb4f0300831cd7642cbfff1550c0d52e363cba2c1e29d7029c56ce6c53ffda8c8008b69833843b0ea683768cc8f76a76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\qwzqiba\imagestore.dat

Filesize
4KB

MD5
f38691b1242bb126eaa3d95ac0d4f44f

SHA1
f0d4efce4efc51a5a10cabfd0231527b9cc94349

SHA256
a4fa43e551e15677a4588b13f8c48d0b47f134fc3910aa83703ebd0de925e7f8

SHA512
5e2951ec490e0be325e8dcfbf573a66f77a8f52819834a5503ba38b920fb9aee3196f78ddd93b74e7eff8a6bd29d6ae34bc8c09da6d39d2304f681e0c4745330

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GVVED0TI\Gotham-Black_Web[1].woff

Filesize
55KB

MD5
42c4051434442f15ab475c8036a136d2

SHA1
4b3be9c1687ac639b1f0f62c2e17ccd2426d6782

SHA256
b923c228aac1980c7d4e30be818c05f0c0aa16751214beffa131f6a1e3b03e93

SHA512
722342558dafc6740340feeece6b2dcb9f3d79ccb5018dd5a827cbc870368e4dde494288b8bb4ea8f03a29272491a667688a02e09ed88da4c83bbb200b9cf7d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GVVED0TI\favicon[1].svg

Filesize
483B

MD5
e0acf0381d235fa68c090d399c9b99a7

SHA1
c8e38c0075da414e04778ffabff197a6b8edbaa7

SHA256
b3c71f61b3f185cacb8fe14bfcec402e16680e6942c2f5f6fcadc8d21ab53c0b

SHA512
e45f79d8c3b339b60b779c44b5daa9ea6e1b15915cb31ee458b1dcd8489cfc49d14447a44abbece47c68db0f9f0394c8ce0aef00c0251149d326b254ee9e9e6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GVVED0TI\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\HV5TY8S3\Gotham-BookItalic_Web[1].woff

Filesize
58KB

MD5
ef8224548e0bda0cba202caa72938dcb

SHA1
5a7b37f4decfe10aa5c2e50ffaea4d65a2d0ebc8

SHA256
7c0ae6140a8d6a1392046d452005f9bce8edfe602c732b366313bc931e9e201d

SHA512
327ec77ebc757b7f33169fc92a5722981b0163bbbdf7b3a6e821a93ec10c594c43f867bb4dedd9ef00fb200520c532bb01ebfabf71131406a3b6a7970a96ea66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\HV5TY8S3\Gotham-Book_Web[1].woff

Filesize
55KB

MD5
e38251871ffb8d2ba109d28d941a9279

SHA1
f267b04e55c06d29003d64705fd3da709d6c96a1

SHA256
829cd552114a54a7ecc85a2aed2cd47341b6173ed0dcf395e53c46b51c3a6677

SHA512
2e7835fe54df4d4f1092d50bb2ff81522f3e77c268bedfbfe431b71ecb010c0d9c423296304adc46b2d13c85fa71c2448c615a6784d26ec3f912db90499dfd5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\HV5TY8S3\Gotham-Medium_Web[1].woff

Filesize
54KB

MD5
d633886e17bc246faeb0f7bd1ce7522b

SHA1
28a5abc3eec258ca5f69816e7980ade765605f4a

SHA256
3b1a769d951ccffffc1cbda9cd9abd3ddc10ca946f9a5c7004b498884c899d10

SHA512
00a0ea1460a582e5d7a4d2d677a85bdcc5b3d4065bdb3922cc02615e1495a5fe7170f6a54de92ad4241b08cab2c107d2db7658ad1bcadd24b499476e57be3ff2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\HV5TY8S3\favicon[2].ico

Filesize
4KB

MD5
2aebe08644664dbb3c2325a5bbf08501

SHA1
997c8f94a9169e75cefa0f43063ace1ce74ba8df

SHA256
1242a66c7fa2fd521002d525ecd1786cf55a689642781739c56c7c2d370c269d

SHA512
9d31fef4cf4e00e7cc561033ad0b72d4faf1e01d2399f10612064ef8e01853304b3ecb459583a67da3575247c29721b496cf4323745f1e5252d6f2ef0285363b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NKPTYI9X\Gotham-Bold_Web[1].woff

Filesize
52KB

MD5
e5666d15a28a4c8dced1f506ef64fa34

SHA1
15204f4e14a22059edd2f14813cd743507ba2624

SHA256
01e953cb02a4dcac28cf5d8bd3612f1ae47fee64ddbcc7cecb20471980b0bca0

SHA512
cf4c441cf321ce0653a1e72ac96dc8c5e801e3d5d728215f125da63dbf32d5d03f886c6635987146dc60552a6413755be57789997d7de6ff3d3f672aee9972f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NKPTYI9X\favicon[1].png

Filesize
336B

MD5
2e72140d7a24e0f2d6271a926c042889

SHA1
f1ab9d0040ce83dc17c6c7c22f4cbf6d14cd4b27

SHA256
8f204ab35dc6338e2147f9f17f9cfa319a47082273cf03ea542246041c25e999

SHA512
1c445821c58950f257e84376f819b4282939e402d6f301d440ed89a9189bf28960c9978313e7e901ec18b9929f5ad0116c4ac00af448dc5d02acb85f0be44387

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF3A2EAE9192503AC8.TMP

Filesize
16KB

MD5
9ffcf967410609eab508f254e7ca6aa2

SHA1
061671a355104728137c16cdec077b7312545f36

SHA256
a3ec8754d1131e7e3f9e35a5ea52257b5cae7686f3f4355da048ac16f4a30e98

SHA512
11d215e25afe2eb70c54c54c6b4e3125382c842324889ffc15e1b9f0e333c04473e9a8eed6fbda0c09478693811ef46efe97a16d08209ef00496b98afd6b6973

Download Submit