Analysis Overview
Threat Level: Known bad
The file https://www.youareanidiot.cc/ was found to be: Known bad.
Malicious Activity Summary
Detected google phishing page
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-04 09:03
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-04 09:03
Reported
2024-02-04 09:05
Platform
win7-20231215-en
Max time kernel
107s
Max time network
151s
Command Line
Signatures
Detected google phishing page
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TypedURLs\url3 = "https://login.aliexpress.com/" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TypedURLs\url5 = "https://login.live.com/" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url2 = 0000000000000000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 707266174957da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000969d72c3e5a03a40a0257479feadc03a00000000020000000000106600000001000020000000d5599129948fbc4e88b999a9f43e7eb91a91f85ab652be063529fa14c54bee20000000000e800000000200002000000093e8568bb99244e4fe68f438d18020994586fea4dede81e7963a4ebf7fec04969000000052dbe849250d3317a071b283836544a0d7da93fb1b154901d2ae307fe352e17d407f88b3ac842fe3e39d67d6b5602dfd0888bfe54db2ab55aaf15cf905b5f26d2fcc2a52f369520c96108410631e0e635d8bb5337e19893ce37aa364284ee9282714f16a1103cd1356c53699a7f01e3ee820876eecd93632ac7e384bb74d41314430f3d7b302f0b7d00a0d05f131e58f40000000732c3cab98e2d85643fd793c58d887dabf69818ae3bea7a0c959d5d4a097e42a8a7d0aa1116f71f4490137f7e840ff2093d6b0c7cac23dc95127b5b00a507e29 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url3 = 0000000000000000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TypedURLs\url4 = "https://signin.ebay.com/ws/ebayisapi.dll" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TypedURLs\url6 = "https://twitter.com/" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "413199274" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url1 = 58c325384957da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url5 = 0000000000000000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\AutoHide = "yes" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url4 = 0000000000000000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TypedURLsTime | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "yes" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000969d72c3e5a03a40a0257479feadc03a0000000002000000000010660000000100002000000070b44349e0ed64768d66817ed3e3bbc1b2a63d5e2a02e42a405fbca67346904a000000000e8000000002000020000000fb5ef919d0284420c4cc92c6428b8779d98b9f919fe126ea441650c9b9bba84b200000003fce1758e4f08dfacf370b8eead79ca8f34b6a1037f17981907c8920f38fda6f400000009bb9e22a87d79bed5732272d6bf02c295726dd90263ba1912fa2291b425203dbf41e87cc2549de033282e3053a8ce4fe39a588fdde91b49f3f4c6203a7d1418a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{42510C71-C33C-11EE-9439-EAAD54D9E991} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TypedURLs\url1 = "https://youdontknowwhoiam.com/" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TypedURLs | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms\AskUser = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url6 = 0000000000000000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TypedURLs\url2 = "https://www.facebook.com/" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youareanidiot.cc/
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2496 CREDAT:275457 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef64f9758,0x7fef64f9768,0x7fef64f9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1196,i,8182866174178950353,6545127025416329084,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1528 --field-trial-handle=1196,i,8182866174178950353,6545127025416329084,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1628 --field-trial-handle=1196,i,8182866174178950353,6545127025416329084,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2340 --field-trial-handle=1196,i,8182866174178950353,6545127025416329084,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2284 --field-trial-handle=1196,i,8182866174178950353,6545127025416329084,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1252 --field-trial-handle=1196,i,8182866174178950353,6545127025416329084,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1432 --field-trial-handle=1196,i,8182866174178950353,6545127025416329084,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3400 --field-trial-handle=1196,i,8182866174178950353,6545127025416329084,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3556 --field-trial-handle=1196,i,8182866174178950353,6545127025416329084,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3628 --field-trial-handle=1196,i,8182866174178950353,6545127025416329084,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3924 --field-trial-handle=1196,i,8182866174178950353,6545127025416329084,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4040 --field-trial-handle=1196,i,8182866174178950353,6545127025416329084,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3408 --field-trial-handle=1196,i,8182866174178950353,6545127025416329084,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2700 --field-trial-handle=1196,i,8182866174178950353,6545127025416329084,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3452 --field-trial-handle=1196,i,8182866174178950353,6545127025416329084,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 --field-trial-handle=1196,i,8182866174178950353,6545127025416329084,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.youareanidiot.cc | udp |
| US | 104.21.95.69:443 | www.youareanidiot.cc | tcp |
| US | 104.21.95.69:443 | www.youareanidiot.cc | tcp |
| US | 104.21.95.69:443 | www.youareanidiot.cc | tcp |
| US | 104.21.95.69:443 | www.youareanidiot.cc | tcp |
| US | 104.21.95.69:443 | www.youareanidiot.cc | tcp |
| US | 104.21.95.69:443 | www.youareanidiot.cc | tcp |
| US | 8.8.8.8:53 | api.bing.com | udp |
| US | 13.107.5.80:80 | api.bing.com | tcp |
| US | 13.107.5.80:80 | api.bing.com | tcp |
| US | 13.107.5.80:80 | api.bing.com | tcp |
| US | 13.107.5.80:80 | api.bing.com | tcp |
| US | 13.107.5.80:80 | api.bing.com | tcp |
| US | 13.107.5.80:80 | api.bing.com | tcp |
| GB | 92.123.128.133:80 | www.bing.com | tcp |
| GB | 92.123.128.133:80 | www.bing.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 92.123.128.133:443 | r.bing.com | tcp |
| GB | 92.123.128.133:443 | r.bing.com | tcp |
| GB | 92.123.128.133:80 | r.bing.com | tcp |
| GB | 92.123.128.133:80 | r.bing.com | tcp |
| GB | 92.123.128.133:80 | r.bing.com | tcp |
| GB | 92.123.128.133:80 | r.bing.com | tcp |
| GB | 92.123.128.133:443 | r.bing.com | tcp |
| GB | 92.123.128.133:443 | r.bing.com | tcp |
| GB | 92.123.128.133:80 | r.bing.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 92.123.128.133:80 | r.bing.com | tcp |
| GB | 92.123.128.133:80 | r.bing.com | tcp |
| GB | 92.123.128.133:80 | r.bing.com | tcp |
| GB | 92.123.128.133:443 | r.bing.com | tcp |
| GB | 92.123.128.133:443 | r.bing.com | tcp |
| GB | 92.123.128.133:443 | r.bing.com | tcp |
| GB | 92.123.128.133:443 | r.bing.com | tcp |
| GB | 92.123.128.133:443 | r.bing.com | tcp |
| GB | 92.123.128.133:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | theaviary.me | udp |
| US | 185.199.108.153:443 | theaviary.me | tcp |
| US | 185.199.108.153:443 | theaviary.me | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.205:80 | apps.identrust.com | tcp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| US | 185.199.108.153:443 | theaviary.me | tcp |
| US | 185.199.108.153:443 | theaviary.me | tcp |
| US | 185.199.108.153:443 | theaviary.me | tcp |
| US | 185.199.108.153:443 | theaviary.me | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | youdontknowwhoiam.com | udp |
| US | 34.205.242.146:443 | youdontknowwhoiam.com | tcp |
| US | 34.205.242.146:443 | youdontknowwhoiam.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.212.206:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | youdontknowwhoiam.com | udp |
| US | 34.205.242.146:443 | youdontknowwhoiam.com | tcp |
| US | 34.205.242.146:443 | youdontknowwhoiam.com | tcp |
| US | 34.205.242.146:443 | youdontknowwhoiam.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | ogs.google.com | udp |
| GB | 172.217.16.238:443 | ogs.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 54.161.222.85:443 | youdontknowwhoiam.com | tcp |
| US | 54.161.222.85:443 | youdontknowwhoiam.com | tcp |
| US | 54.161.222.85:443 | youdontknowwhoiam.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.178.14:443 | consent.google.com | tcp |
| GB | 216.58.212.206:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 172.217.169.46:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | rr3---sn-1gi7znes.googlevideo.com | udp |
| GB | 142.250.187.246:443 | i.ytimg.com | tcp |
| GB | 142.250.187.246:443 | i.ytimg.com | tcp |
| CH | 173.194.160.72:443 | rr3---sn-1gi7znes.googlevideo.com | tcp |
| CH | 173.194.160.72:443 | rr3---sn-1gi7znes.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr5---sn-1gi7znes.googlevideo.com | udp |
| CH | 173.194.160.74:443 | rr5---sn-1gi7znes.googlevideo.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 216.58.201.106:443 | jnn-pa.googleapis.com | tcp |
| GB | 216.58.201.106:443 | jnn-pa.googleapis.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| GB | 142.250.187.246:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 172.217.16.225:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 142.250.187.238:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| GB | 142.250.187.206:443 | consent.youtube.com | tcp |
| CH | 173.194.160.72:443 | rr3---sn-1gi7znes.googlevideo.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIH1AB02\favicon[1].ico
| MD5 | 0b6dcf9c1429088c7f079d7cc291bb66 |
| SHA1 | d23f9a17c55011a829c1365bcba999b27c4115f4 |
| SHA256 | 4b0358b16230208179720a09d205b99a3e9764e63815b09e9f1716a02fccadcb |
| SHA512 | 50b3d19252cf4601c93108639c0c82cd578c1869aeedbb327a7f917c7c9142ebe893347c9a065ad8dbd61b0edcb160b5169b7272c2f3a3f807649b007461ab74 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\02cy2i9\imagestore.dat
| MD5 | e7a1109f7f4b4a43c58c35b0d593b695 |
| SHA1 | 69b018e30fa2b9c55f25fa8dd7ed05eb9b9e21f8 |
| SHA256 | 1f56373614c2cabba3a186a70da160022da8a03b1750664ffb6d6e805aa9f324 |
| SHA512 | e9ed690fa78d438934e99b7a58b2ef46e78507f58ad9b0a706693b58ecc77bfacb52b998bf0e955bda0f189085318538e7199f6ac89341aa1e7d13c255a6e63b |
C:\Users\Admin\AppData\Local\Temp\Tar2540.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab253D.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91fa5bb9eed34d5475215afbb2ed5e9d |
| SHA1 | 3dc200eb54cb305c65d8e3072dc8a6bda08a260b |
| SHA256 | a900afff7ec7840480b460f36e866cef3735fda1355a560fc3268fd640265afa |
| SHA512 | 2e073116158480ff79615436104ce91c51715ed4d282275b7049229809f826b50572fb4fa5524c9db39e9cc00cfa93efe0b1ceccfdd3877465334662a0618605 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27df42691612ebe27b51cf20d4b9ff45 |
| SHA1 | 711ae7300b9216d0681c273fedd20b851fdb785b |
| SHA256 | e633f2cf2901eff18d6a3eb7e543659401205492a81145f35eb3a2344ade0644 |
| SHA512 | 3c732bf362f8949b7a8aeef9ace027f989f64d7cae3bd14fbfce7b42d1276c6b818af8706859f17d0666476f22027c25146092c2316d6b8d4f493ba2a7311456 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1bf3c67bf7dbde0e695ad0d42b62ce63 |
| SHA1 | 5b92a3c2e2ecc237cb75818e04757dfb69f53856 |
| SHA256 | 3bae7d1917c839e2f3a72903be8e1d0b43750f4df718652cd11d81af66ad9643 |
| SHA512 | d45a9d03f3feb607f8cf4904e07ec7832ba2306cc151def74de1b02b47288a42e3324f5c89f1e8aac29317af0cd7d6ae767e883ba5dc89b4b9d734850230ccfa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58ab4ca0c8471218c650107f0a5031be |
| SHA1 | d1edb234fb243fc3c7df87671217b49d807d32ac |
| SHA256 | 75272c952789c28f4efe80028d89c5b22875ce5846ab7151b7ee933012f94989 |
| SHA512 | 5bd00048ea424a7b96f072c2025dcea1e4968da6ee9ebbf14c82b554065ec7ada6d6d0163631c36f8ddf81b724053b81db20754b9bedccf18aab8db014055cca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09de9ffc32bc5f9171658dffe1db4b7d |
| SHA1 | 06f66cff618cfbcfc910fcf9ae16f53dc474eb5c |
| SHA256 | db98e6d3be8afee4283d048c4d6fab8cd9a0193e9e64dd247fc04fefed2b52ab |
| SHA512 | a97d617d0a94633820c53cc0dd54013c173a7a4c5ac0b425ac22b37058ba89df984ae975769b8e102755a45c757a547fb667a3eff799efbb146620cd710167eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67532980e058c279977dfc6fa7b97cdf |
| SHA1 | 6cbd6b1f8cd6b7f4f7d4accaac7a3d7edc9446eb |
| SHA256 | 18e8e2a8818184608ece381c7fd4bd0887a3f83d4fe7021d3d44a90157028720 |
| SHA512 | f3fefaef34db277e57b72d594c99f8de4ab4bc5306162e821b76fb74d0a368104f542215dbb1d5148bd9b76b889f1ff84e322bae12d59ebd972fcd5642b92900 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e26112f84c965613a163084f7658e8c2 |
| SHA1 | bcb6f8cf8b9ed2f2e933a5f797a1e968362ded0f |
| SHA256 | a25adc042901060ae905fcfc35dbffdcccd29116a4d5704a44cc1aed42ee9780 |
| SHA512 | 49514d6d81dc9727b16d3dd2c05422319d16bc47461d4aaca999eefd507bc7094a74cb30ae06ef895d97d29187e70be8ccc19f337082827081c798cfd12414c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e39180669ec43ea5b977e383a85da64d |
| SHA1 | 6935227c9f964ecb44e3b893cc09bebf5a4827f1 |
| SHA256 | 209ccd8d1eae4d53ac196a7cf8739f59c4fb8c1a4c1a592eb00ea2011f432ae5 |
| SHA512 | ee6584bd50b4742d2e848f53722e04da3c4416540260f5be2a85f793dcf7c5a1e50f3167f5280ed47f861e6fc0a3aa492d42749cf4f115b21b3b901517644e1a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 84f9d6668de24efef66e21f87072d7a9 |
| SHA1 | aebd251669e816ea049a875d9dc65b932788df26 |
| SHA256 | 06ef3be2816eac25d7d93b9020063711b02cb013902dcf16e177554ba456db36 |
| SHA512 | 1e3e89b385e8bdefbc42063ea3d9fb18d61edcca378f4b3f1409818d975bd470bb253da1c9548dda1595658c2b279050ef73483b75dfbb96f6448c582f8bf07d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVBRC7A9\qsml[1].xml
| MD5 | 514f66e77a08799f9f92e031aa2d754d |
| SHA1 | f09a050f8ef2e5a3ca22d5b072e21f5322c5dbc5 |
| SHA256 | 8f8047de4645d98e025f60051224e2b47191a42dd0870a8c5c002127fb1240f0 |
| SHA512 | e6fb51ef45d314009f78a0cd1af8bbaa1c99e5aa89a14d5c9c0ddd0ef223c2872c69139e6b1c55b67b235b7bfdaac814caede901b4a4facedd6b89cb9a0ddff8 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVBRC7A9\qsml[2].xml
| MD5 | 510fd81a4fbdbe5b8a8e462a5352b0a0 |
| SHA1 | 8e4388191e00466a17262fb1c63e200fd3eef9d7 |
| SHA256 | dee64cf133c99a443cd25fcb5cd0e0d045c14021fe701f6a704d5a81a5893c23 |
| SHA512 | c915d0ec3d2de6713547e69e67ed82b3244f0894814533ff4f32b479d0fd4b7d8d94b7a0b16c5e84faff9d0b72072b87d112fa4448ef98fa687b6499ef37c53c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVBRC7A9\qsml[3].xml
| MD5 | a4aabb3e7540271a1f8f255be11f7c7d |
| SHA1 | 4797e7ae3a20e7055e9122a44b459fb9dcda0fa9 |
| SHA256 | 93372332846a25e6cf7d464dc89318c38a797c2a78910de55f33e4f0790ba334 |
| SHA512 | e662d9ae91047c4363c5c2f75a4dc782cdb9dd86a5dfa2057c1af4a9d1cff1c01526af7b42e916d2dc53d2b6a3b2b4e159d80ce8f89f7c008695bab4216ed9a0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVBRC7A9\qsml[5].xml
| MD5 | f3b28831ba8d86defced8c389c6802ae |
| SHA1 | 50f01b112b38b6cc55ba74cabc547b478e94ac94 |
| SHA256 | 7817ed16388b1dcdec4d299abfc96a943e6069bd82c752bdb151ce38b770c230 |
| SHA512 | bfb8e094d7910314963416775fef51c2bcf2aba928476d1559ffd6c7ed926dc42888abc66e2592139ddb8f784a84cc8f904380533539efb7c36a3585145fd6bd |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVBRC7A9\qsml[7].xml
| MD5 | 3a851facf004cf3172214a0c359df2c2 |
| SHA1 | 589c42ca9d872a69e596d84003e19d90008f5789 |
| SHA256 | 0d3146678f3b0884f87d1b01a477baa7dfcfa1df134d16e63778466870042d46 |
| SHA512 | d5e4636b3e60a7be193d8559be1f4917e9eb93419e8fe791fe86ace870fa27017710e74072bdfcce6418024e77353f5e7d6db8c1b3a8eb15a3c8744cfbecdb11 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVBRC7A9\qsml[8].xml
| MD5 | 51c2e4bcdc71d9ef9d6ec94e341cc1a1 |
| SHA1 | 01d08c442e0556317c1a785e700bffe4107cce9a |
| SHA256 | 019f21ebabd9f16357da829dc651c143517ba963cce34d5601701e689b9352b3 |
| SHA512 | 496b7569a295239633aeee5678ebfffdcf37f7264c48fc3c305356454e9de0673a96c127a67b79cbb5d313472c73901a17d2ef6196a1e7618befdb69cd8ba0ed |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVBRC7A9\qsml[9].xml
| MD5 | 3402dcbd1b3a1c77170dd04fe32fdac1 |
| SHA1 | 7fa9166563ece90ab9892f83fbe33e5f76c50fd8 |
| SHA256 | bf2eb053714657307f1b82f12b7d2e047b8ff230f902d6bbc40aa6e23e8914dc |
| SHA512 | 748bd42ff1f2e2fa8f010ea7b24f94a52bdae31f20dfad2604b4f7c57e078fab2340752b0d5a7289fa49a55c5d607a448f917683f158d337dc506d4b2ffdc7f0 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\02cy2i9\imagestore.dat
| MD5 | 81cdd18c475812dce20bc8947a4a5024 |
| SHA1 | 6626a893957a6a52734c6ad13401f65603ee0b26 |
| SHA256 | 85a119fca8224ea3a6777e0147ec7f698e03aec07f7d74771c88714e92482a66 |
| SHA512 | a951b97f39cfc028450b607e20f3fd9d9e601d37b9aee79c94e45dd9a0666f9affd6ad8905d876b72d7f073ac24366010b79d144edbf92568f78f1f34782271a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E3F2LH07\favicon-trans-bg-blue-mg[1].ico
| MD5 | 30967b1b52cb6df18a8af8fcc04f83c9 |
| SHA1 | aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588 |
| SHA256 | 439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e |
| SHA512 | 7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7272515ec0da21a22c5194ba8f566fcf |
| SHA1 | e4725fb6893b89d078df05350b78a3d18b82a0c6 |
| SHA256 | c12152d1af9e605f6d1eca842075945b966734c0916088f94fe86635f7699fbd |
| SHA512 | da83b564dedcbb635b033a5b57af036da62f83b0c8102216279af94ae2564e00742261045f12692ec0c881ffb874b4218084f3fd89e68b308f542a437cfe70aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f41c13d35549b27112cfe458dd970180 |
| SHA1 | b3f1b90e49817aa02d096b06b5000e23dba74a2f |
| SHA256 | d603a056d1c92d2e75e955dcbbd4fb3351c99ef7ed9e629f5ac79da856d9c113 |
| SHA512 | 7407fbacaa2309fae36a13f0878b3adc4aec4283320c527116221efd5ff05c178bf247a72044cddce059eba3f964518821b9023cfc8d75ddfcaeab2262fbe4c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 07dbd0d4e786211d35618bd2ce0bc6af |
| SHA1 | 110eed8ad7f34760af118bcb1b5e7c505e5e7a45 |
| SHA256 | 1266b23e3c50eddef983e408ce30baf3920d8ff1e3ccff8df7511a54926dae9f |
| SHA512 | f23a2f55c39424648f5320fbe3f75e72723a2b6ab138203b1551b0d6b118c322afdd2c923a575c419dbaeeb1b235283e37a0c2ee45e3fd155f89c5c62a89f852 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 463145297775110744eceefd9efaff42 |
| SHA1 | 3e5efe2daf24a1cbc0de2bc640da1e4e8c5a086b |
| SHA256 | c1c0cc411d072e4b883c1cfbaee8391ad2a3b2f71eb5e295af899db8746b4f10 |
| SHA512 | f769604c50550b49f33e68d16362e4e6977aab82f97dd95089bc3f68dc5ea302ea663f0558b5b346ae5ce9ca11ade742db3526f26f660fdf9f9553658c290cc3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7f4c2e88f12813e537db2300a91fd506 |
| SHA1 | 709704a13cdba61798407922c108b8a634268ee2 |
| SHA256 | 30c78cef05b6887a24b89bd036cc0a4906191ffd83ec99b86e5f68f4e0321108 |
| SHA512 | 1e467fd5f89c6bfdc4e4632041bbf45c4ca815346c70b3968afdcc2c1fabdd7e5d66e031f4c142917dd3a13109697a77dac902d4f72b953e0227728a3e5acacc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C
| MD5 | f55da450a5fb287e1e0f0dcc965756ca |
| SHA1 | 7e04de896a3e666d00e687d33ffad93be83d349e |
| SHA256 | 31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0 |
| SHA512 | 19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C
| MD5 | 6d5ba2f65d1e422a774ffd343dd3f41b |
| SHA1 | ba71076b1d94262fc868d148ea0f283325ea2a15 |
| SHA256 | c9738f9f06398ab31281ccc085b5ed892ab770105bd2b7cdb8c06ce45ad9ef8b |
| SHA512 | 92b2788beb424ec7d91d2746a00bc572f102ebd46fcd5188ef059152e0df4bf4dab7c0dec1291c4e15310043264d5e35990d503f6537bd75d49c7e41079601a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c65030d2255a84d342fc189e2e6b1648 |
| SHA1 | 12fa549e2025d3992169e61d5894088ccbef86c0 |
| SHA256 | 6b21adee63e06bab8571aa4defb05971461336fd4b3500759d172ee5ad542a59 |
| SHA512 | df2683d0ff6a9acce74f42c51b45aa9a18857668d40340e11ae87183fee7bac7bfac63871f74de6e9010f5443a3e804da1aed022cc21ea3da65dfe521391ad85 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00d7bdbbd286d2b4e1153f7f255114d3 |
| SHA1 | 47a1c2ed127ab353d54ed12588b9c3f151ffe1b4 |
| SHA256 | 07474e12b49763d55c8fa9eb447dea47e062b73be8e8bf1f6d271499cb9046bf |
| SHA512 | 48639a1ea88548e00c1490ed3a8d5c8d4ce52f2fa6cbb2de63605874bc0811105eac5a12cb517aabc1dfa9ac24cfb0a4b20cbbaccf4306e40456bd5b9e230d06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80f07c734f481414f133042d01325ff7 |
| SHA1 | e6028cc93595427c08ccec53e6e49ede2d8fe625 |
| SHA256 | 402a13f3de08d0586e46643c4bae3db69663968ce42aaaf49612d3cbaa342c2c |
| SHA512 | db1452f1e160e9e22383238e9d30a43f1dca916c3307f10fe1d6727807688f9913184811ae8e4fda555c9d3a4cef831e48185b49f9acefa214acff8cf51e3506 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 46cf169c43ed6b5b72ab28b665dd96d0 |
| SHA1 | e225c7d6c1eb13676a9eba0a4e12bf47f127d02d |
| SHA256 | 9029e692cda2cb5176ff1aec63e73c10acf0f9b4886bf93e54ad4eccdecf9435 |
| SHA512 | 34f9fcf0f8647c6a35ae8ae5121d772e359de7c1060175845d1d94ff4cdf13453f3c0aa3c4f532f9525569564583f8bf83a9731e9c95e83cefdbc0502cb034d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dcfa2f66c59347da0f440eb59d6a10b6 |
| SHA1 | 20a71128d30c078d62fbc4a687a4b1a990412dcc |
| SHA256 | 1a6176d0e4ae47004717030a476e1b9f322beb18edf1f75fd6eea8551593459d |
| SHA512 | b85ff04fe297dd93b5c9c9ba299b37b8654fd4700bd4c36dca8d32eb47ff7ea5475ea9c2dd3dec473057ef4d38df0e3cf2f918508f4c14a9b1c7d096b7000cbb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a79f36b62dd811bae360bd1854b0a35b |
| SHA1 | 94665613a51e29869b8813df94765f45f3ef49ae |
| SHA256 | d9515dbae50640cfbbfb8b301cc7725233c2b2aba66534389b54bec571b8766e |
| SHA512 | afc399dfe5db1d762a1fba87ffd35dcae2e4b85bf8576960fe8870a8d6bfad698dea3bab82fed12851174271f26f6dc4cb2aeecf35c7898d414e68219559fe96 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d1dffc83a8f56b082dcbbe8313ab6f5a |
| SHA1 | 3c6e7c6391deedeba81601d3d22bd7b4fb9aca11 |
| SHA256 | 4fe2e001e828f2fd18cb76d0e158f3be27d0c9f0caade601d7e061cc71764631 |
| SHA512 | 24ae0612464946727ef138acdeb2b3c582136280e7c618c4de7e2339372ad17996ad4a331e2bddfd7a4f0fba668c325d2e50a4d11fc3e00590f12143dff89cff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c40657f68bb85c8ab32ff53fabc96a0 |
| SHA1 | 6aa2f60dc0ced157e39add6dde0347b160dcc67f |
| SHA256 | 106d47a15dd9a6864b232ce785efd13996193a30a7701ebac78fd4dfa6474890 |
| SHA512 | 9003cc03dea6dddec45d628150d4a72655bb7965d3d371011ad7871fce9cb0feea372ce4edcb558019e4382a9f8d963606eee45da633829d8f1fdfa260cb40dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef5d93e936a983ee4e2626d5e20a457b |
| SHA1 | 5dd8e229d4e1dab55352fbe5c9e4cbb219b18703 |
| SHA256 | f77b9e166e753ef2feb557ce9782bbbac1ea191385dc360703f1677c7ea7f6b5 |
| SHA512 | af23fb3a09634f685335f3ef65e081782355aefa4b8c8f507d2c49a7832ef99e2e656946afdd478927842e23d02079df4503e84f8a0d3d96b5bbb149284f30f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f35e5989e7ab35ed6728f955bb16dede |
| SHA1 | d385e5dc56907b1f45557063c7495ef48dec468c |
| SHA256 | 00188ad7ba5cdae90a54a95ba8bc821d66672767244d1909b404efffa5697530 |
| SHA512 | 4d1cc384b96c8171e620ab533cb66406731f7b913b870599a3a64bba7f508d8cc79c10b8e9813a49c66c227020192305419402487c6b3c36aab74e5a2ed1dc61 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e243e4a47999888903440c8721d18ee5 |
| SHA1 | 1af9ddda52f9cca8486545fc3cc61edde033b25d |
| SHA256 | 89d997a3e5fea49dd42c8f0d5c9521743746bc2408eb220fa337286fa71301f4 |
| SHA512 | cfcbff8d0bfa3c02c41285e837210b9d1a8ee23cfc0992d4434db1060249296b0b6f983f199abf3d6bb1de6c6ea2a14a6ff6dfd3820ae4040792f1ba7435c8c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9501f870705a4b7e3460d2a9fbf391bf |
| SHA1 | 5a8f6dbc2dcdc5a1218b1cd09cc0ce99119a3bd7 |
| SHA256 | c02b52608d38825950cd3fdbddc0fef9dcff0f9e6b14d2edce4584d540ce5a01 |
| SHA512 | cab76af21ec00431e507dbd7e889cc29fb7705a97fd0c8c64b79f102f6df4579302cc5584b25d9a81656add79dc1b09a79dd8cc4684b363062ca943b7fa37daf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bcdfcbacd4098b3f06f8010fd21d1b2d |
| SHA1 | eacc447a73a9178457a536092bb0d5199687c25a |
| SHA256 | 93ad4cfb6c95c2851deb17de15ab18f0d888d918106e007003871475fad632b8 |
| SHA512 | 7ba855787da0658da3484725bdc014ad0d0d36034918e4dff3427d6642b0ee266b0ac1e85cb8733369e00b81c213e3db88c368e52b331541a5690a6cf6550e4b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8c5755563b31924c47a0ecb96ae7331 |
| SHA1 | 20174660c93a54801bff9d60378c4d6823808377 |
| SHA256 | 585f2475f8b9ac331cf8bda779c4879d6dceb3b8c73ea0107e3620cd7db09ce2 |
| SHA512 | 6dfb617155b037606a9c51571b1e146941e865c96b523e8a01ab72b1491d45166eb320a064f4857c5a234db75ddff47ab997081ee53b559f1afda212a1c3bb64 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a859d2658b7c8b7fc77b67d167b1af6 |
| SHA1 | 91ebcd01a65eb938bb325d2f374fa25c7693d4b2 |
| SHA256 | 837f63e7ce6482a19497eabbe66c0268bea5aa1207a25fa9f13c420f884277c3 |
| SHA512 | f35f3ca09d288e5ef89f1a37a24724ffb99b2224579b8e5e92ec0b6476d8f793656e505f5d43f3211f96cdac9d7c7a1b0592fdbfe0d471b50c08823a3e9957a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c24221e533e10bc5d274ce5b92949b64 |
| SHA1 | 6fe2657c44179b71028db18370658e8b675d4eec |
| SHA256 | 2ab04aafa9de1af4ec75eaa59039587dd01cf20967f075610b78db3fa58bff4e |
| SHA512 | 71b7bcc2dff78d16955fe621c70f97ac3d9d8f4a64b128f550caf24a17ecbbce38af52449d8674e71ec576a4e5488f12e71c2fa3cfc9cfe92b8d795b57a107c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4248691beb5b11643f2ea15fb842e6e9 |
| SHA1 | fd41f453485c6024f9dfe72020ed3aa4763ef3e5 |
| SHA256 | a9e59b91858581852d5a5219c04fd6465300e7c64ad8803d93164727b04437f4 |
| SHA512 | 7b4d4843f4fa996e64e3d5970743ada9ad0236c3bbf71668f8f3cb654d286d266648487892840516e3884edef24a22cc79ef8b2345ee78510c7dd6ff6598559d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c5ae64fcfb49ad115247226f27814f03 |
| SHA1 | 67369c453b6321339898bb86842ecb875ab2359f |
| SHA256 | a43a486a773a97775f9a22b91c5885a8043a31ccaa4ed909fc5fd4f58e789953 |
| SHA512 | 998313de47791a89553fd201d9aef35965c89416fc101c6d9af529aa408c61978da163e6c96550485ae74f2e9a694318cd5e003160ce6f86ee7d45f2ee6c9a93 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 575d805a7acb3731207ecdb1b00b5481 |
| SHA1 | b5caa7aca2529ad10d971fe099f5cd0845dad98a |
| SHA256 | 0b9ef81106053b34c34e1bb77a24b7aff940449dd0cf8fac35e23391bcccad7f |
| SHA512 | ff6ea12fbbe863443e0aac9afe43c729cef4959ef9a0791403fd9c789a3049d32b39202cd3e1cc1962e2d3a42b6c900b37253f1c2a2971f790e2a38b2a748d8d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E3F2LH07\idiot[1].png
| MD5 | c25a5b5f9c57ee2b0450ba6000232f21 |
| SHA1 | ed2caba08975fa207119fb1b895b516506f41af2 |
| SHA256 | cd87d30c5ccd43ee025ea376fe4a4f6636e6760de8113713eb55051b0a11fb35 |
| SHA512 | 360d9c7740ba9206e6ac1108039b2ae7b7214944526c605ed9158b2d6009d849c0f37655fbbca8456d14ab2df1b62adb323195442a39298bf34ce50f62fc5aea |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\02cy2i9\imagestore.dat
| MD5 | d9dab1847490febb4efcbabfe58ef43f |
| SHA1 | 668665cd5ad69e605f72d29e2fc0dc099f6f35af |
| SHA256 | 124cf5a489e3a255c09d107744c3902ef3e034c5d111418b17ad974302cefa49 |
| SHA512 | ad61a2e08f202fd900293fdbaca0389100e853b448f8e366f84f60c87162ce6a3ae342e946651da9faa136d52a547fc31d61f6ec09e475e4f96d02e033c5e424 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 073670322809a4660dd96822d0f964f1 |
| SHA1 | 9830bbbdd57b69a24f3cb1900db49815654ac6ac |
| SHA256 | e5c906732bafbd80e3992bad6eda9e925cfc700d383f9f37c0103b721d50f5d3 |
| SHA512 | 4f783e80ae99510a46f9f2518e6d94fa5d24b390915a9daced46efb9fee82244ec2fb12c726e43d928b0ff44721787c7ed979b8371d5e8a1eb7170f30ffad7eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 263155a4ab18d7bb41c0795abf087749 |
| SHA1 | 5e422214351e8354b12213736cce3e0ac15d6541 |
| SHA256 | 081272819f3547b73a09b831622e899d3cabc845da3d952fe9098e27feaa4032 |
| SHA512 | b815cc8c6e09b7126a787137945988c56ec17b52d88ef1190c6e43d4cc769a442e5dd472a4084cc66aa82b8e7372ac257c9aff9a0463b0160032b913f49eff40 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dae3231072f900572e783c999faa1d99 |
| SHA1 | 878478390e981c237d71ca1ab1152b27fc14c643 |
| SHA256 | bd841230594b502f359ed5b9fc668a39b274810ce452a78982e1c597e0671e79 |
| SHA512 | edc1b49f9cea09c2245aaa34bebda94d673a816fd2da5fd663a7716092f794b0435dac7d99f95837a1c15aa3119681597ab60d977ec29ea77b05a622a012ac09 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b51c474c63db6191fd7be7e66ddce397 |
| SHA1 | 8ab6749bce77a28a49b20a24ce2ec84b3d6e6729 |
| SHA256 | c179eb2509d97c888a733e6eff203a1e2d16ef47da79d89de472f7e6a4334ab1 |
| SHA512 | f662bc308f5e393c9b88b2fb9aacd0262589bdd3c1bf57e38a91b3e4ecdb17ea7cb42131fd9cbb8f457216f0331410e787535a2da5837f47adb43054110f4d32 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 30894e58003093ef8239bf5b14cf4396 |
| SHA1 | cec05fcac024fa07a7c3fb5581a983542f37cedc |
| SHA256 | 8d4a901a2ccb920816c48302b9dc0b667e69a2b84314cfa2db786304b1c49444 |
| SHA512 | 932194b9a3921fc835ac15813fe146c86bbc84c4a6a2be272062041a6b8da4ff08c25ea79a5efd7a8c13297bd3a0ffb659045372143e6d03e06920de0f6d593a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b397f51fed4fd0ca837c92d4b94f4b8 |
| SHA1 | 448673ac0e1044d3f3acbf54d9981acde234616f |
| SHA256 | db014e48415b492a29685fa8b6bb56798f9955dbd08e0183294dc3808873e278 |
| SHA512 | 8adf3dec099983fe4ef5fa9bfcdb34edfbfe3c522b640825c2f0346251a056061b3e03de7d8f8effcd4eb3e257c77587f582317d32f19e6160159522048ce7a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 6b865a4a25009a670b321ca00ed328c9 |
| SHA1 | afbaea397e963b9b8300ee31a6bd467a4bc2f0eb |
| SHA256 | 0981491cf173a620af708947ace299d7eaf14426bdd050562d7218ab5b9883c4 |
| SHA512 | 2082960e1ca277b498151073dae05c0a008886b37d9aa011f2fdaa2f4e289860e812afb7370db6d295a05e9e6454d8537f1c646fd2194c07ce89205104a63acf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf3b5e2f1265a8af96c7e3b76c070072 |
| SHA1 | dc93f497f7bd1200e479a4b1f0f383b618f8cf34 |
| SHA256 | 80e3d3911e4a62234f608e67feb92c746beee54f68953db7421bbd46913f73cb |
| SHA512 | 180fd4b9ea70d6e2c36689545b36c06eb5b762c71aefeddb557a19b6e4fabcb90519014113e75549f8228ffaa8420d63c5f6c87d29e1cd1686fb70530e1a393a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58583cf8064e5306211e211f730988fc |
| SHA1 | fc3a850ef13d18b8534d1d76971e151d8962a7eb |
| SHA256 | 20d1e8586cfa24a14d4a4a327cc42b1cc1735b71e796d39ec783f09af76223da |
| SHA512 | 6c99e3787adfd500fd8382dccc59dd0ab815a5bafc9b5e48147ec27e50e0a018240c7f3d0299869e9feb068b62e4768947bd66d11f876724038b764ee5efef31 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49005f5352d3b1b809e0461e4316c8fa |
| SHA1 | bd1d112b736e6d3a141f9c493901e67eb4646763 |
| SHA256 | 90f091c2b7f253eeab825284c2863149752d1a661d3f0b1ac0b0d44b7a9359b4 |
| SHA512 | a09df8bc30f5138b927a7fe1514a917d025d2aff7800f29f188fe6f91eda217147e5682ea88cfe5130a6fc454ab980bc0cabd12ea626ab512e5bfe469167d5d2 |
\??\pipe\crashpad_1892_MXSHVMUNIKKIMJSW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 3769f53ac22cdf6658c874805d9983a5 |
| SHA1 | 53ba470f9cd12bbfde1d1149bcad0029e0f8a84f |
| SHA256 | 87ec66df2ed0afbd05a6094ba5ad5bc5b3ef6807828d00323b1addb6addd1c17 |
| SHA512 | 56ce76ea6aeaaafac14128912b31e12a16a2ca85b97ece7f3034bea5ca3b249c0cfe974b2823f35d38c46d6b3faa7278732b183a86c85f469c422384f08f2925 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 54ea80f685cbe707af73351b4968ab8a |
| SHA1 | dcbe5b431cadf97cb07e7d1bd6114f50cc4696eb |
| SHA256 | 33b56421b382dbbf85c84488aa952cda2537d2ede50777750d8967bb526e9410 |
| SHA512 | 8a10dbf83aadc5e3d69bf05b6d7ef8b681a4c21371175c841b656e204e261d87bc31c5c0536dbd5abd8ad0cf6c1d4c86f6f3eef2575770a3b88ad7462e0e3407 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4ea7470c50aa56e74e39d2f7b878c612 |
| SHA1 | 9047d28ac79b83ddb9368b01630c29b2a17d34ce |
| SHA256 | b50c608a0da000e73d6fce74137b1b46d9d5ff346cf12a7e35442c2543f6da89 |
| SHA512 | 1fa3ffe760e38bd5e5da3628f48b2ae487791ecc9c7b82f13cb2e6a86c239691484bed4af708047eef8817c2568e76b40811560bc592740952507d8976b2b6f3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d76ffecb10ad070a33af123cad9fa641 |
| SHA1 | a29a1f01e4a0f9bc3504dd24e7779a62b5b32a28 |
| SHA256 | 954d45e298c2b3cfd905254997b4e898d8652d4105a755dc3c446b20f988b634 |
| SHA512 | 12afc23b93d36f20a31df5522cb9cb65d362641544caf8e6f183e233106f43e6c84395bcc49e803e0828fe4d50b8ad480b13a7730df5159581b31b27cccfe896 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7bf28eb0b1fde4573eed0434976063f1 |
| SHA1 | f22299040c960adb88a93ab5c9395e73f366f2a6 |
| SHA256 | dbb9269440439d5266f6f650307e1bb8005442e1e334eb2131f56e193fc4793b |
| SHA512 | 17457178c36b5293b7a38aeaffe7ef336f38d9e046be20133989e993457d72f6f9def070974d5e6d745755bb38ac7188e95f0a86307d34109617effbad6bc0e0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf7834a7.TMP
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 41153f717f94d4ca1f3d3c601cdd80ca |
| SHA1 | 73f10f2587e2fc8bfd6dc2e48f746327bcc8ceff |
| SHA256 | 1bc078fbd53be19cb708f114809e68f0bda914921c30d54b8b7a88e8c912ae41 |
| SHA512 | 5c92a675b4c4ff4e208af38836207778683e792c8186771dd93f35a96adc48549ab8fff8e71748369c3f470a05fe632d3fae2b48070e0514b8394073b845ec77 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1892_1995738864\Shortcuts Menu Icons\0\512.png
| MD5 | 12a429f9782bcff446dc1089b68d44ee |
| SHA1 | e41e5a1a4f2950a7f2da8be77ca26a66da7093b9 |
| SHA256 | e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37 |
| SHA512 | 1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\Monochrome\1\512.png
| MD5 | 7f57c509f12aaae2c269646db7fde6e8 |
| SHA1 | 969d8c0e3d9140f843f36ccf2974b112ad7afc07 |
| SHA256 | 1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f |
| SHA512 | 3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016
| MD5 | 3ba7e6919bc260bb6ab523197f2be3e1 |
| SHA1 | ce2d7fe3aa42d99d733266d023f6aef3766e7785 |
| SHA256 | 1032fd6f298c16aaae3f1ae2059591f2f5d40e839de4f22a5bb6d41c38a39818 |
| SHA512 | 2806c96ff57678813e20abc51ffbcb8ebe8986b3775df5d42812be6b50c905840503486d1b963d1fcc6c3de572da4bf9ee175b802032753785d3de69fb0768fc |
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-04 09:03
Reported
2024-02-04 09:06
Platform
win10v2004-20231215-en
Max time kernel
151s
Max time network
155s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youareanidiot.cc/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc43a46f8,0x7ffcc43a4708,0x7ffcc43a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,5662563705081523983,11112814381782918843,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,5662563705081523983,11112814381782918843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,5662563705081523983,11112814381782918843,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5662563705081523983,11112814381782918843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5662563705081523983,11112814381782918843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,5662563705081523983,11112814381782918843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,5662563705081523983,11112814381782918843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5662563705081523983,11112814381782918843,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5662563705081523983,11112814381782918843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5662563705081523983,11112814381782918843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5662563705081523983,11112814381782918843,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,5662563705081523983,11112814381782918843,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1968 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.youareanidiot.cc | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 172.67.143.125:443 | www.youareanidiot.cc | tcp |
| US | 172.67.143.125:443 | www.youareanidiot.cc | tcp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.143.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.171.91.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.64.52.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fa070c9c9ab8d902ee4f3342d217275f |
| SHA1 | ac69818312a7eba53586295c5b04eefeb5c73903 |
| SHA256 | 245b396ed1accfae337f770d3757c932bc30a8fc8dd133b5cefe82242760c2c7 |
| SHA512 | df92ca6d405d603ef5f07dbf9516d9e11e1fdc13610bb59e6d4712e55dd661f756c8515fc2c359c1db6b8b126e7f5a15886e643d93c012ef34a11041e02cc0dc |
\??\pipe\LOCAL\crashpad_4424_MDZSIXRVCBOGMUSR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 36cabcd6d7c940ae178737e8830ab47f |
| SHA1 | a08afb7757323955be68ebc531ae57c67c7ab7ad |
| SHA256 | bcea26d0912c24c7aa1a392830467ecf4c310aa0024e8f9708140dbca88b5532 |
| SHA512 | fb5cace87fceb2dc0a7f4ad3524f0a4b22ef6f9b90612ba839664bfc04d2b712068597fe4523724e8c12d6575db4d91607479fb8e72bf3fd9a93d34acfba7245 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 81e6acfabb03a2cb9074f312b89d5d77 |
| SHA1 | 2e9039007fa463b3054c7028712aa705bbff2fbb |
| SHA256 | 7d776cdec5238aa7b149d4f343f840fccbd2c0bdded758749af357ccbd55a978 |
| SHA512 | 001002882d4f49ab991d0e35a11aa0128f92f53f6fb97883c92081a5859df5e28b807803572e096ca1f8b721ff670aae0af5115ed6d6120a6633134b7741d60e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a2e846bdb6e01e883fbde39eccad2ac7 |
| SHA1 | a20d148ac9d5d27bb76debec4182a35c74730fc4 |
| SHA256 | 9f089abc9f0823d927ab3dac18e1749678715b7f26a576bcedf2071badcf89bc |
| SHA512 | 74e6cb05fdc05442c445de8b9e5a3a87e3bc07d8105fac5ad4fdf701c2fff276f77baeac40419f967c229e7ef0cbb27b9b0d9ce3bac2cd56f33f1c0fc0277ed3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 917dedf44ae3675e549e7b7ffc2c8ccd |
| SHA1 | b7604eb16f0366e698943afbcf0c070d197271c0 |
| SHA256 | 9692162e8a88be0977395cc0704fe882b9a39b78bdfc9d579a8c961e15347a37 |
| SHA512 | 9628f7857eb88f8dceac00ffdcba2ed822fb9ebdada95e54224a0afc50bccd3e3d20c5abadbd20f61eba51dbf71c5c745b29309122d88b5cc6752a1dfc3be053 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2d63c94a5f5926572752ab60afef426d |
| SHA1 | e8a68d9c2b8c5af963c787df554beeb84f25f890 |
| SHA256 | 5b7319b2dfe0744ffd22904af11bd6f989675e5bec39f427e959d45fc23c6109 |
| SHA512 | f3ed02dab106e194e3eabad2e95217993fa69e589aea6734b8a8cc5c47e82ec7d396fa1c576fd515ebb110da42f1017e775869a4319a8a1fc3b242a4f961ea96 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | dba6ea719fba17ba42ab36e12242fd47 |
| SHA1 | 6bd961df78ff6faff73a1cada9ba33bca8f68c50 |
| SHA256 | a681d91ec0813e91a158523638f5ab456ec76a072c9a7f2458778ab054d78417 |
| SHA512 | 1384faf5b6bb75d3d216c269fe3eb3d14641310cefddb57227175a8bbaa339c11b11d30336a1b77fcbdfa9b6181e4e10b4624d17f855e58531141efb916e22ba |