Analysis Overview
Threat Level: Known bad
The file https://oxy.name/d/odMh was found to be: Known bad.
Malicious Activity Summary
Xworm
Detect Xworm Payload
Executes dropped EXE
Looks up external IP address via web service
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Checks processor information in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Checks SCSI registry key(s)
Modifies registry class
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-28 15:50
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-28 15:50
Reported
2024-03-28 15:54
Platform
win10v2004-20240226-en
Max time kernel
241s
Max time network
250s
Command Line
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Xworm
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO085D34B8\XBN.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO085F2EA9\XBN.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO085F09E9\XBN.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
| N/A | ip-api.com | N/A | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7zO085D34B8\XBN.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7zO085F2EA9\XBN.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7zO085F09E9\XBN.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://oxy.name/d/odMh
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb64846f8,0x7ffcb6484708,0x7ffcb6484718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,16766616713218832014,5281484422421124243,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,16766616713218832014,5281484422421124243,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,16766616713218832014,5281484422421124243,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16766616713218832014,5281484422421124243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16766616713218832014,5281484422421124243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16766616713218832014,5281484422421124243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16766616713218832014,5281484422421124243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16766616713218832014,5281484422421124243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16766616713218832014,5281484422421124243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16766616713218832014,5281484422421124243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16766616713218832014,5281484422421124243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16766616713218832014,5281484422421124243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16766616713218832014,5281484422421124243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16766616713218832014,5281484422421124243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,16766616713218832014,5281484422421124243,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,16766616713218832014,5281484422421124243,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16766616713218832014,5281484422421124243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16766616713218832014,5281484422421124243,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16766616713218832014,5281484422421124243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16766616713218832014,5281484422421124243,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2164,16766616713218832014,5281484422421124243,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4836 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16766616713218832014,5281484422421124243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2164,16766616713218832014,5281484422421124243,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6404 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Roblox Cheat.zip"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zO085A0D48\Пароль.txt
C:\Users\Admin\AppData\Local\Temp\7zO085D34B8\XBN.exe
"C:\Users\Admin\AppData\Local\Temp\7zO085D34B8\XBN.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,16766616713218832014,5281484422421124243,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5060 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\7zO085F2EA9\XBN.exe
"C:\Users\Admin\AppData\Local\Temp\7zO085F2EA9\XBN.exe"
C:\Users\Admin\AppData\Local\Temp\7zO085F09E9\XBN.exe
"C:\Users\Admin\AppData\Local\Temp\7zO085F09E9\XBN.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,16766616713218832014,5281484422421124243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | oxy.name | udp |
| US | 104.21.70.24:443 | oxy.name | tcp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | oxy.st | udp |
| US | 8.8.8.8:53 | 24.70.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.110.86.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| RU | 185.178.208.137:443 | oxy.st | tcp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| GB | 92.123.240.21:443 | contextual.media.net | tcp |
| US | 8.8.8.8:53 | ads.themoneytizer.com | udp |
| US | 8.8.8.8:53 | cdn.adlook.me | udp |
| US | 8.8.8.8:53 | smatr.net | udp |
| US | 8.8.8.8:53 | 137.208.178.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.240.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| RU | 193.17.93.93:443 | cdn.adlook.me | tcp |
| US | 8.8.8.8:53 | lg3.media.net | udp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| RU | 193.17.93.93:443 | cdn.adlook.me | tcp |
| RU | 178.154.131.216:443 | yastatic.net | tcp |
| RU | 178.154.131.216:443 | yastatic.net | tcp |
| GB | 2.23.160.20:443 | lg3.media.net | tcp |
| US | 172.67.43.178:443 | ads.themoneytizer.com | tcp |
| US | 172.67.43.178:443 | ads.themoneytizer.com | tcp |
| NL | 88.208.46.222:443 | smatr.net | tcp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| NL | 88.208.46.222:443 | smatr.net | tcp |
| DE | 51.89.9.253:443 | onetag-sys.com | tcp |
| US | 8.8.8.8:53 | sdk.amazonaws.com | udp |
| US | 8.8.8.8:53 | ced.sascdn.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| US | 8.8.8.8:53 | tag.leadplace.fr | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | adtrack.adleadevent.com | udp |
| US | 8.8.8.8:53 | p.cpx.to | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| IE | 52.31.94.166:443 | adtrack.adleadevent.com | tcp |
| DE | 91.228.74.168:443 | secure.quantserve.com | tcp |
| RU | 88.212.201.204:443 | counter.yadro.ru | tcp |
| FR | 18.164.52.113:443 | sdk.amazonaws.com | tcp |
| GB | 2.19.117.7:443 | ced.sascdn.com | tcp |
| IE | 3.248.54.142:443 | p.cpx.to | tcp |
| FR | 145.239.193.51:443 | tag.leadplace.fr | tcp |
| US | 8.8.8.8:53 | system-notify.app | udp |
| DE | 178.63.248.57:443 | system-notify.app | tcp |
| US | 8.8.8.8:53 | 93.93.17.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.43.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.46.208.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.131.154.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.94.31.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.52.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.54.248.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.193.239.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.201.212.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ads.adlook.me | udp |
| US | 8.8.8.8:53 | csm.nl3.eu.criteo.net | udp |
| RU | 212.116.120.34:443 | ads.adlook.me | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| DE | 141.95.98.65:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| FR | 18.244.28.120:443 | rules.quantcount.com | tcp |
| US | 8.8.8.8:53 | pixel.quantserve.com | udp |
| US | 8.8.8.8:53 | 57.248.63.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.120.116.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.98.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.28.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | uidsync.net | udp |
| DE | 178.63.248.57:443 | uidsync.net | tcp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| DE | 37.252.171.52:443 | ib.adnxs.com | tcp |
| DE | 178.63.248.57:443 | uidsync.net | tcp |
| US | 8.8.8.8:53 | s.cpx.to | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| IE | 54.75.130.36:443 | s.cpx.to | tcp |
| NL | 185.235.87.184:443 | ag.gbc.criteo.com | tcp |
| FR | 178.250.7.13:443 | dnacdn.net | tcp |
| NL | 185.235.87.77:443 | gem.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download.oxy.st | udp |
| RU | 185.178.208.137:443 | download.oxy.st | tcp |
| RU | 185.178.208.137:443 | download.oxy.st | tcp |
| DE | 51.89.9.253:443 | onetag-sys.com | udp |
| DE | 178.63.248.57:443 | uidsync.net | tcp |
| US | 8.8.8.8:53 | 36.130.75.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.87.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.7.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.87.235.185.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| DE | 178.63.248.57:443 | uidsync.net | tcp |
| DE | 178.63.248.57:443 | uidsync.net | tcp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s1.oxy.st | udp |
| US | 104.21.234.182:443 | s1.oxy.st | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 95.101.143.18:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 182.234.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tmzr.themoneytizer.com | udp |
| US | 172.67.43.178:443 | tmzr.themoneytizer.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| DE | 141.95.98.65:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | ww1097.smartadserver.com | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| FR | 164.132.25.176:443 | ww1097.smartadserver.com | tcp |
| IE | 52.215.126.161:443 | id.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| DE | 141.95.33.120:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | 176.25.132.164.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.126.215.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.33.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| FR | 164.132.25.176:443 | ww1097.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 39.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.110.86.104.in-addr.arpa | udp |
| FR | 164.132.25.176:443 | ww1097.smartadserver.com | tcp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ww1097.smartadserver.com | udp |
| FR | 178.32.197.49:443 | ww1097.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.197.32.178.in-addr.arpa | udp |
| FR | 178.32.197.49:443 | ww1097.smartadserver.com | tcp |
| FR | 178.32.197.49:443 | ww1097.smartadserver.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | 66.112.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| FR | 178.32.197.49:443 | ww1097.smartadserver.com | tcp |
| US | 8.8.8.8:53 | ced-ns.sascdn.com | udp |
| GB | 2.19.117.22:443 | ced-ns.sascdn.com | tcp |
| US | 8.8.8.8:53 | 22.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | euw2.smartadserver.com | udp |
| US | 8.8.8.8:53 | track.adform.net | udp |
| FR | 178.32.197.48:443 | euw2.smartadserver.com | tcp |
| DK | 37.157.2.229:443 | track.adform.net | tcp |
| US | 8.8.8.8:53 | s1.adform.net | udp |
| DK | 37.157.5.71:443 | s1.adform.net | tcp |
| US | 8.8.8.8:53 | 71.5.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.197.32.178.in-addr.arpa | udp |
| FR | 178.32.197.49:443 | euw2.smartadserver.com | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| FR | 178.32.197.49:443 | euw2.smartadserver.com | tcp |
| FR | 178.32.197.49:443 | euw2.smartadserver.com | tcp |
| US | 8.8.8.8:53 | ww1097.smartadserver.com | udp |
| FR | 149.202.238.96:443 | ww1097.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 96.238.202.149.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 5c6aef82e50d05ffc0cf52a6c6d69c91 |
| SHA1 | c203efe5b45b0630fee7bd364fe7d63b769e2351 |
| SHA256 | d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32 |
| SHA512 | 77ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed |
\??\pipe\LOCAL\crashpad_3464_NFHXZVUWHQTMEZEH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7c6136bc98a5aedca2ea3004e9fbe67d |
| SHA1 | 74318d997f4c9c351eef86d040bc9b085ce1ad4f |
| SHA256 | 50c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2 |
| SHA512 | 2d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b6bd11fe-20b1-420e-9de7-53437c11c797.tmp
| MD5 | e8c566465383c1c87724f247a22a0b22 |
| SHA1 | 4d7ff1e293c70cc5ee68750f56c03c49cb4225ae |
| SHA256 | 0271cde2be6f9888312b674db82afe42443dcb6f93035d45819d2a660b0a3173 |
| SHA512 | 819352d8dd82b6730c841d55863f6e39bdfc8a57339035f3ed77a72ff1754cfcc228956c622e67231073e3b3336f86d86d00cdd1d8047e0c40511c7e73e633d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 051a98c630bf90908bd84ae41e98e443 |
| SHA1 | 6fa9fd5d2e449c6022c942ead074b9e78ce18039 |
| SHA256 | 2de0909387483c99915ea65c240952c4afb757aa84333df4949880c7f42147b0 |
| SHA512 | bd5d4ab499b2b31d149908d35a9135d0b8e5b847d655d8469452a5c8f54c7049d9b801ca2aebde87210b9d3930c4cf692e58a2abba376be6d6a6e4665642a4d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0968A1E3A40D2582E7FD463BAEB59CD
| MD5 | 923ca55843d613653450a84c95415d3b |
| SHA1 | 35ddd69dbe132961021a18c1a6ca9e78791cb4cc |
| SHA256 | 7be9ab7f11b1622e5998abd4df964ccf53ca782f68ca5e165e8af24afe5268da |
| SHA512 | 1406d644683f9c89bae9638d2c88e1618224ac09f5325d7a99d6f7b905b91786028a8937274812c3b90857f2f4decbc34da9aa06c525775e5079960752c26cd2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0968A1E3A40D2582E7FD463BAEB59CD
| MD5 | 285ec909c4ab0d2d57f5086b225799aa |
| SHA1 | d89e3bd43d5d909b47a18977aa9d5ce36cee184c |
| SHA256 | 68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b |
| SHA512 | 4cf305b95f94c7a9504c53c7f2dc8068e647a326d95976b7f4d80433b2284506fc5e3bb9a80a4e9a9889540bbf92908dd39ee4eb25f2566fe9ab37b4dc9a7c09 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_download.oxy.st_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_oxy.st_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5986317d81896cf974a2f333fabbe445 |
| SHA1 | 461f8a43ef401e90420c041d071894c13c0951ea |
| SHA256 | 67e833d11e2d56a8907677551ed3f599affbb8564618d00a8482578c643dddf5 |
| SHA512 | 6e6e5b2fab8531da6f5b8b7a6ca2a16c4730868b93f4ea3e843481f734edba1dbc8a5da16f7bad6140a5691f4438b385423400d1c7adc5256de7bb07f396fe64 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 400d159eb99039011580d7719ee9d8bf |
| SHA1 | 73b634c29a32eec3cc44dc01eee60b37b7b1fe4c |
| SHA256 | 9bb0afcc7deb728de03ef26aaf9db6c234730a76f41dec1ef077dfd366d27ef7 |
| SHA512 | d20e41d0f24751236c14e21ef3780277d848239ea0b87030917760bd849a654349fcde28480d0caf5141a5c9b0eda66e5d4de2ff7814c030c724c6b6cb74852a |
C:\Users\Admin\Downloads\4cc36854-537f-4cf9-814d-9e704154c7f6.tmp
| MD5 | e911fc676e16d81c8988ca63d84decf4 |
| SHA1 | 96943e3edb5c749f0e57c949f01ab207c9832d63 |
| SHA256 | e4fe93c0ae8e099bf826a1551eb682e45f5a0ac95b126184430749ff72d3327f |
| SHA512 | a7d248375c98f7b41bcde7b8c00d49936fa7e155cb343c2cc401838d82ad1723611598dc3fd922c35519f5b1da638b03997ba6f806b260d3666a51ccbcb7fdc5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8d2df589af048f232d523c84393fae1a |
| SHA1 | 089b7396b567b199ad9333ab10c32c95fcab5daf |
| SHA256 | 0a10f12836a169f247ac534c4fce12583a1d2855b1d1180fe08f0e12aae99df0 |
| SHA512 | c499b5000c47d480c6071bce38c5d4df3220d29e2875496bd5932659ebfc340ef6343a9a466153452046752b09527bf13e78942eaf3da9209747a032cc101525 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e5ad.TMP
| MD5 | 9e546bddb8ea1831efb55818b820ccf3 |
| SHA1 | 516139ab980c86378df60586290523ffb642a2af |
| SHA256 | 1399f83fbc7cdf294eab67f420165f7eb364b09a3960b5d0e852ee0cd795de6f |
| SHA512 | e2c71b14bf754f482efa13b24e81e7a1ce90ade147e53aa76f1a8588c4f7b171b69b3f035354f044c3bbcd0d4e77d5f55a71dc7bcd6b66fa1dbac794455c74e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5822b5802339554ce09a7de3e1c77c44 |
| SHA1 | 95e5575b6a86866c4c8dea3a183fb2a7350befa6 |
| SHA256 | 93ff8809bf91f1031001ee04e855e177868b31a40d26173d59585b16148f6273 |
| SHA512 | bdfba2f5a55983237655114a10fbe823e36f2de8078e4c9b15ba71acb6aa8f3248a9b41a9ef9141c0f156270201b98036826d16f64f5f5e624c1669f11443339 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 540a9746bb97611a697292233494ec1b |
| SHA1 | 02798759b5c46c60b16633c8033f569c1ce99d76 |
| SHA256 | 4f99c3f5a805fb2aa5ad29a43082e2384a5ec6722eeb03d69fbf9536c6d66121 |
| SHA512 | 54130d72289f53e45fa949d7131aca1a5777bb3fb3983b6be5fefc2d242d987b82827265fdbf8715a9075736318e63bbee59ee988cc776b480fd151ceec15135 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b9e16b5abe3690964391b7ced3a46ca1 |
| SHA1 | 901ea9eb339af7153cf47baed18b9ec4bb7d7d6e |
| SHA256 | df770d5a4644695ef3a290afedaeffdddbb001eed9332be13dc03ca6c7479c84 |
| SHA512 | a5597784ae31e895d97e8b73df62768bec45899181c674aacace5512724fb2efbd85c91f942e70373cffee001400059646e708f61b2b9be81b47f030d8c33eb0 |
C:\Users\Admin\AppData\Local\Temp\7zO085A0D48\Пароль.txt
| MD5 | 957981fb7200394fa7c0a11300c6f074 |
| SHA1 | 1be0d470922fd41662ef3aadd7ac8c075f2226b7 |
| SHA256 | 503853cff57033cf26415c602644de3a2acc13ee5c1e731d34e5b2bdf7ab6618 |
| SHA512 | dea36c2d9e2cc23afa4da840bf41616983689e395807f5db640f4890febbe2db605a20dfc6fc44796a1331e2b1cbf9a091933a5cf6bc6c1fea7d3dc24dce14b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 783e97baf335372540e3d961712f1fc1 |
| SHA1 | 9b48b3a965437b9b7669e38e9dc93ac47f35da14 |
| SHA256 | ec2d08145adae32658e099542f678774e4e0616b6197238b3239eb8994d1a2b7 |
| SHA512 | 6be13df6020940914a19a08cbbc980f902d98ab0ac8d386d75f2ffa5dc56223e80fd33b2abf6a43f0f009aa4ccdcaab7ca9628d65cd8c23d3dbef5ad3b2300be |
C:\Users\Admin\AppData\Local\Temp\7zO085D34B8\XBN.exe
| MD5 | eab90b91128df3ff427c5644cc29c4a7 |
| SHA1 | 13bcd4e86e84070303b361c42c81739b1a06e3ae |
| SHA256 | 4a908b0a522ae5deb4ca27f69ce95c47cbb513fa0f59739f1c68554bfcd29d65 |
| SHA512 | 55010952ec6ceae9455c2d8534a2e01a1f493255d4a1e4fda46cf18f787a78c00a5a4bce8bc3c8c2295e82533b3b72aa63fdad8213672670d4fc5cffa82276b2 |
memory/5040-364-0x0000000000BB0000-0x0000000000BC8000-memory.dmp
memory/5040-365-0x00007FFCA39D0000-0x00007FFCA4491000-memory.dmp
memory/5040-366-0x000000001B700000-0x000000001B710000-memory.dmp
memory/5040-367-0x00007FFCA39D0000-0x00007FFCA4491000-memory.dmp
memory/1176-368-0x0000028111C00000-0x0000028111C01000-memory.dmp
memory/1176-370-0x0000028111C00000-0x0000028111C01000-memory.dmp
memory/1176-369-0x0000028111C00000-0x0000028111C01000-memory.dmp
memory/1176-374-0x0000028111C00000-0x0000028111C01000-memory.dmp
memory/1176-378-0x0000028111C00000-0x0000028111C01000-memory.dmp
memory/1176-379-0x0000028111C00000-0x0000028111C01000-memory.dmp
memory/1176-377-0x0000028111C00000-0x0000028111C01000-memory.dmp
memory/1176-376-0x0000028111C00000-0x0000028111C01000-memory.dmp
memory/1176-375-0x0000028111C00000-0x0000028111C01000-memory.dmp
memory/1176-380-0x0000028111C00000-0x0000028111C01000-memory.dmp
memory/2688-415-0x00007FFCA39D0000-0x00007FFCA4491000-memory.dmp
memory/2688-416-0x000000001BAA0000-0x000000001BAB0000-memory.dmp
memory/2688-426-0x00007FFCA39D0000-0x00007FFCA4491000-memory.dmp
memory/4060-439-0x00007FFCA39D0000-0x00007FFCA4491000-memory.dmp
memory/4060-440-0x000000001BA80000-0x000000001BA90000-memory.dmp
memory/4060-442-0x00007FFCA39D0000-0x00007FFCA4491000-memory.dmp
memory/1236-443-0x000001EADA100000-0x000001EADA101000-memory.dmp
memory/1236-441-0x000001EADA100000-0x000001EADA101000-memory.dmp
memory/1236-444-0x000001EADA100000-0x000001EADA101000-memory.dmp
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | d2fb266b97caff2086bf0fa74eddb6b2 |
| SHA1 | 2f0061ce9c51b5b4fbab76b37fc6a540be7f805d |
| SHA256 | b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a |
| SHA512 | c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8 |
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | 6bd369f7c74a28194c991ed1404da30f |
| SHA1 | 0f8e3f8ab822c9374409fe399b6bfe5d68cbd643 |
| SHA256 | 878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d |
| SHA512 | 8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93 |
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
memory/1236-449-0x000001EADA100000-0x000001EADA101000-memory.dmp
memory/1236-452-0x000001EADA100000-0x000001EADA101000-memory.dmp
memory/1236-453-0x000001EADA100000-0x000001EADA101000-memory.dmp
memory/1236-454-0x000001EADA100000-0x000001EADA101000-memory.dmp
memory/1236-450-0x000001EADA100000-0x000001EADA101000-memory.dmp
memory/1236-455-0x000001EADA100000-0x000001EADA101000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 904ddbbc5db7cf8b5f627c4e8e28ab07 |
| SHA1 | 537a8d16ddac1af2753b8e121359a99e60697292 |
| SHA256 | 73a9591cd8d51ae4851cd4a7a9068175f5dd187c76d55fee4b3b1a5037163ee3 |
| SHA512 | e9345a7a19e1af4584ff887e64b33933b771308fa8a1ebbabe1f19c09291e4c15586b028afb222b67a3e5cd2fea0ee5f716d4e418b27d1e8f6761a0ff5da6036 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6550ea06607f97c072003e8fe5977fa7 |
| SHA1 | bae90eecf705ecaaa231bd242c4ef1c315785077 |
| SHA256 | 0e698fdf379e78450b87bb172f119239830f92bb7693a6906b82b34061f68b83 |
| SHA512 | 5e1d3a770fbb160c777bfd1ce78a09635687a51277e05092d75d8ded038762e7e99d97d7ab10eeb8c604c866dd603f93926508ec5c5d156825e4030272ecf47d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 97a332058339c496f5803fed0cc07b13 |
| SHA1 | 048a2f857093afb494464284a37864317b1e8c0e |
| SHA256 | e072604a0ca723aa907aff219c113b5013152215b0187bcbebabfa84aeee2ebf |
| SHA512 | 803f6381f366d9f63783a11b2efb3473465dda775c6d3a855670437d79c20f983add512e24a961c9a85fd1dd04e9b444771441ebd719d433a1b993cadf648d7e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cbdeeb519e69238bb63663b3cb1ffa54 |
| SHA1 | 66240f4c27323ebe4fe44fb2b12effbe80387945 |
| SHA256 | 039a6f2e7af2482defeeb2d645c7445812fb0b6ec6ace2604040084940e09c40 |
| SHA512 | 471383335250fa9e5664d32c2997ef4b85a5dc1b984c7394e79fd0a739fcd3297972e9bd6f3dc54af0655148c61f5eb8449b05a17b5c625c7607c94029b77e18 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b79f5f38efbcc4588b98dac43b388eb6 |
| SHA1 | 4e39dcfe4ecbb9abc9860ab4c436b1f68bd74859 |
| SHA256 | 328482f014a030bab558d0755a0c5f6e378264d10862ee00e797d2bbdfc626c6 |
| SHA512 | f8c7741cfd28c14525ee82c12e8c3b0969d49e83ecebbd1efe0926943efa60c3106ad45cb827c0a591d54b63d597e4a6529da7192dcbc393a2cee6b6f22d30f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4e560335cb676ae518c96899ecf96554 |
| SHA1 | 371540729133224921a87dc24a59f50450ef2a73 |
| SHA256 | 109da78a91e5970c5f26c6c9decfdcdc5169151e8f6e8e8e7a1034e736172335 |
| SHA512 | 1e1b6aa185a7e76bd094db266a26a0059e9760c25c7d8f55c07f3f5b3b5540d589674f140b3426b1bd3a86a0dd6e27445dbb071cb6feba4488809a977a04a2ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c389649dda834a671f71bb3a0b4fe51c |
| SHA1 | 6073107ce9b4d3f3bda13b914e9269a1007383fd |
| SHA256 | 2854f85ac113102fc001877b5e1cc2a6ac14b3736fa3682c11443ac536e6fc6c |
| SHA512 | 9c3d28cae70989919f538e26b818ce394ba253f25c18f2516d54d933eb89644b5bb9fe99de47d41f8e8ff2bb95f03dc0ac1c8b4349c5024bf84f2b9cba47808d |