Analysis Overview
SHA256
4abc0bde43b12fb3ffc3f9b7ae9b826fde8835ced5d6b96fd34eca26e7b53e57
Threat Level: Shows suspicious behavior
The file 809f26e396970606f4227ce9eb72c26c_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Mark of the Web detected: This indicates that the page was originally saved or cloned.
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-29 11:45
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-29 11:45
Reported
2024-05-29 11:47
Platform
win7-20240221-en
Max time kernel
143s
Max time network
149s
Command Line
Signatures
Mark of the Web detected: This indicates that the page was originally saved or cloned.
| Description | Indicator | Process | Target |
| N/A | http://btc2016.atw.hu/index.php?welcome | N/A | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\users.atw.hu | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000095e6f444bb0de141b4bdaf2d7d35715b00000000020000000000106600000001000020000000cf5fea95bb515179945d65f8df02484b1f2afe593d88aec307e3cda657f7f4e8000000000e80000000020000200000001987e1c02b792c3c1162265173b1edb90d18235fdfc1bbc917f658a65eb811e62000000017f10736e984c72055fe952248e7cae0da58b4b7de969265b2cda2459906f4cc40000000d24e2c35b40f2ceb0d32970f31c4dfc057acf660a36d42b1f839e0716924ddcec499fde88536a486d07e87f8bdda2a18e8eae7f6134a4f2d915b190d6952304e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 301154c4bdb1da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\users.atw.hu\ = "146" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "25" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "171" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\atw.hu | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "146" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000095e6f444bb0de141b4bdaf2d7d35715b000000000200000000001066000000010000200000004bc3a51d54ed9a70fa93b737a3ec7bc3ba7072da8cda7507656f1e23f975d3f1000000000e800000000200002000000096ef8cc8fadc56c61ab4e9b6e400717bd1c97234d111c6f465d67ad7f463b6ff90000000e9d4e20f8829f170741fec217df0c53c531e3a36f50ddf5403437e9281fe61aa02b5fcd06441669ce0712c6fdd66187b69b99a5b33e2014e1a080b83892dd133fd7663c7c6a95a7df98a7e9ea626c630adee5b90918b22cc0b5e409b9dbb7e7343e160c4d444987880895502ec96499f80805fa104271f2a0d78ea978de9d424cdd0fc80b60fbfc64200971318ad218740000000487e17a17d4493d69ef463311ffc7381615faa4b9d1d0f8b21f15fdee61a0af8dfd6dc8438e2b4f48d2f69979c6c06377c41583ee91fbb1f38dddf547d9132bf | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E71FA0D1-1DB0-11EF-B671-4AE872E97954} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\atw.hu\Total = "146" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "25" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\atw.hu\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423144980" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2720 wrote to memory of 2520 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2720 wrote to memory of 2520 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2720 wrote to memory of 2520 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2720 wrote to memory of 2520 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\809f26e396970606f4227ce9eb72c26c_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2720 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | f.atw.hu | udp |
| US | 8.8.8.8:53 | users.atw.hu | udp |
| HU | 88.151.96.4:80 | users.atw.hu | tcp |
| HU | 88.151.96.4:80 | users.atw.hu | tcp |
| HU | 88.151.96.4:80 | users.atw.hu | tcp |
| HU | 88.151.96.4:80 | users.atw.hu | tcp |
| HU | 88.151.96.4:80 | users.atw.hu | tcp |
| HU | 88.151.96.4:80 | users.atw.hu | tcp |
| HU | 88.151.96.4:80 | users.atw.hu | tcp |
| HU | 88.151.96.4:80 | users.atw.hu | tcp |
| HU | 88.151.96.4:80 | users.atw.hu | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | atw.hu | udp |
| HU | 94.125.176.29:443 | atw.hu | tcp |
| FR | 216.58.214.170:443 | ajax.googleapis.com | tcp |
| HU | 94.125.176.29:443 | atw.hu | tcp |
| FR | 216.58.214.170:443 | ajax.googleapis.com | tcp |
| FR | 142.250.75.238:80 | www.google-analytics.com | tcp |
| FR | 142.250.75.238:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | mellowads.com | udp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 8.8.8.8:53 | blockadz.com | udp |
| US | 172.67.8.141:80 | widgets.amung.us | tcp |
| US | 172.67.8.141:80 | widgets.amung.us | tcp |
| US | 104.21.58.156:80 | mellowads.com | tcp |
| US | 104.21.58.156:80 | mellowads.com | tcp |
| US | 104.21.58.156:80 | mellowads.com | tcp |
| US | 104.21.58.156:80 | mellowads.com | tcp |
| US | 104.21.58.156:80 | mellowads.com | tcp |
| US | 104.21.58.156:443 | mellowads.com | tcp |
| US | 104.21.58.156:443 | mellowads.com | tcp |
| US | 3.140.13.188:80 | blockadz.com | tcp |
| US | 3.140.13.188:80 | blockadz.com | tcp |
| US | 104.21.58.156:443 | mellowads.com | tcp |
| US | 104.21.58.156:443 | mellowads.com | tcp |
| US | 104.21.58.156:443 | mellowads.com | tcp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 8.8.8.8:53 | www.hugedomains.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 104.22.75.171:80 | whos.amung.us | tcp |
| US | 104.22.75.171:80 | whos.amung.us | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 104.26.7.37:443 | www.hugedomains.com | tcp |
| US | 104.26.7.37:443 | www.hugedomains.com | tcp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| NL | 23.63.101.170:80 | apps.identrust.com | tcp |
| NL | 23.63.101.170:80 | apps.identrust.com | tcp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | static.hugedomains.com | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| US | 104.26.7.37:443 | static.hugedomains.com | tcp |
| US | 104.26.7.37:443 | static.hugedomains.com | tcp |
| US | 104.26.7.37:443 | static.hugedomains.com | tcp |
| US | 104.26.7.37:443 | static.hugedomains.com | tcp |
| US | 104.26.7.37:443 | static.hugedomains.com | tcp |
| US | 104.26.7.37:443 | static.hugedomains.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | use.typekit.net | udp |
| US | 2.22.144.139:443 | use.typekit.net | tcp |
| US | 2.22.144.139:443 | use.typekit.net | tcp |
| US | 2.22.144.139:443 | use.typekit.net | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| BE | 64.233.166.156:443 | stats.g.doubleclick.net | tcp |
| BE | 64.233.166.156:443 | stats.g.doubleclick.net | tcp |
| FR | 172.217.20.206:443 | analytics.google.com | tcp |
| FR | 172.217.20.206:443 | analytics.google.com | tcp |
| US | 8.8.8.8:53 | secure.statcounter.com | udp |
| US | 104.20.95.138:443 | secure.statcounter.com | tcp |
| US | 104.20.95.138:443 | secure.statcounter.com | tcp |
| US | 104.20.95.138:443 | secure.statcounter.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M0HR0P6\C01E42B39B03[1].htm
| MD5 | 0104c301c5e02bd6148b8703d19b3a73 |
| SHA1 | 7436e0b4b1f8c222c38069890b75fa2baf9ca620 |
| SHA256 | 446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f |
| SHA512 | 84427b656a6234a651a6d8285c103645b861a18a6c5af4abb5cb4f3beb5a4f0df4a74603a0896c7608790fbb886dc40508e92d5709f44dca05dd46c8316d15bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 7ab98f1c99925599cc65b3574f1f6245 |
| SHA1 | c113d48ecb8188f1e0115f387d54be610c235736 |
| SHA256 | 0ae068bc81356e35c41f7b6da6bd74be4b5757991aad0d21439ef8d10b3e3aaa |
| SHA512 | 8f8fd94643e4d60d4291088309b07fbb3f5972c6c1aa33b8651878717f4df35d8c6fba1342a5280172db23f4099117a70ddce3decbbcf281c7c94f43b0f2e885 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb74044f88f1f610ae6048795e228089 |
| SHA1 | bac345e589fc6c1b45b99b21c17591c775c3abd8 |
| SHA256 | 531c3be18cb424bf96c497b5df41674314883e056d43ebc2983943f271387abc |
| SHA512 | acf5bcb77e6549ec2e5b1ad085e20f7ba47ddab5e58d4b71f072ca6c4d6f24ac2d0ba3718523c4bf11648f3af2021f7c395494565f5700c201ec23e84c6def94 |
C:\Users\Admin\AppData\Local\Temp\Cab9D3B.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
| MD5 | d4ae187b4574036c2d76b6df8a8c1a30 |
| SHA1 | b06f409fa14bab33cbaf4a37811b8740b624d9e5 |
| SHA256 | a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7 |
| SHA512 | 1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c |
C:\Users\Admin\AppData\Local\Temp\Tar9D3F.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab9E7D.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar9E92.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba1233bd53421b80c30c0ba85a694041 |
| SHA1 | 5b6ab9b3b70135c2154addf76697d9b2c19b3148 |
| SHA256 | 81ac58d991b72882212486fc207c813abb2420e4249046d5a11b3f42097f2432 |
| SHA512 | b44e345f18bc7f92a448cf93f3d5838d98c9523a0ca152cfc086b2719019511149263d5f7f6f744c6af7f2c60748cd427138c2f45d275de708961f86f84a9aaa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 421ccd2b0202c27841125d488080b34d |
| SHA1 | 6083c6663541505c2c6e242d3cc565d86fa06b04 |
| SHA256 | c6a49b41bb759803c7b0b84ec2561d61de26937ae85ce321ad51c4dfca17dffd |
| SHA512 | 7447fc49a281bc8c27a776ee4871adaaaaddb9a2ed80db896a9eae0cfaaa91be213b384e3bca9a1156b39444cdb541f2c561ae3af92529f71b0220c7cffde7d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58db80d33f7ed3612048f07f2bc44401 |
| SHA1 | 1edcbdc890de789c179e12d29e3519b3ea8c6a23 |
| SHA256 | a05edfe00fd1b75700f9a16f8262c891a1daf14f744c8e85f5f40bcc83c6366d |
| SHA512 | ceccc1a22c44d5e10a8cd4e667c6ccb1d97e2b215d0d1e9f652807b00a663936ab389de75f3bcf94648c494e33c34801461ba2b7ef31e5d450183bf9805c5d4c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1B1495DD322A24490E2BF2FAABAE1C61
| MD5 | 5ae8478af8dd6eec7ad4edf162dd3df1 |
| SHA1 | 55670b9fd39da59a9d7d0bb0aecb52324cbacc5a |
| SHA256 | fe42ac92eae3b2850370b73c3691ccf394c23ab6133de39f1697a6ebac4bedca |
| SHA512 | a5ed33ecec5eecf5437c14eba7c65c84b6f8b08a42df7f18c8123ee37f6743b0cf8116f4359efa82338b244b28938a6e0c8895fcd7f7563bf5777b7d8ee86296 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1B1495DD322A24490E2BF2FAABAE1C61
| MD5 | 9af03e7e4cbdf835829037e319a7a9e8 |
| SHA1 | ec69b2792d5010ad2882a0f612a2806a32687f43 |
| SHA256 | 6fc140ee41ed9f7c882363a48eec65d824228e85688bfcbffdd20d094eb3fdba |
| SHA512 | a9501981f684ddb802096cd1e61d3dd0e717346c92ab510d6ae74c165c3d113cb43262af8afd4d7e1c3529207246e697db671b210a09b1f3c7120eb90d406958 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8597de8174f93d040ee4f456a692b32 |
| SHA1 | 4e8daeead5028040adf1842785b4f3b5b3953314 |
| SHA256 | 210e9941ef08df9df31634908aad707f1ae16d01aa2c20cc975b353d729be84d |
| SHA512 | 86abfbd658077a54a0e972862aaaf9080461a802528539404df4d2396a0614bfaf25e77b775afbaae9dd0e2b24eea255fc0732597f6bf1b2e9f83682daa53b11 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32d69524c3bef2ea81d3b4cc8b2c1bc6 |
| SHA1 | 06c49a19b91af6681a607d30b46142b713c6caa2 |
| SHA256 | 4b77dbbab1bb9e50d28a234dd1b1f0bbdc232e6c35cc48a9232f5fd01cf856d7 |
| SHA512 | 59b9f572790ea2e0cf3692434e3f1cfdfac86ed65e7231e17995c3b947c644826453bb6560bfd76e8bc765df9a0b58092f74d15a6c4af69f4c14910b4e0a1ceb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1
| MD5 | 10e966d61f64abbb69d3d3b8d8306cd7 |
| SHA1 | 403b38d0043297b7e9655fe11624cb1ea4b87e2e |
| SHA256 | 15a97ee3e443035091133c7cfc297de43afbf47529d2489b9be61c6fe67308e3 |
| SHA512 | 1566128bf837f013568ec59dc7fff20beee710058d2f0d5ee36581ca78476ed6bcf1c34ac5c3f7ea30204795c7f1f9bb195f6f120522b250359d047e7db1d5bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1
| MD5 | c5dfb849ca051355ee2dba1ac33eb028 |
| SHA1 | d69b561148f01c77c54578c10926df5b856976ad |
| SHA256 | cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b |
| SHA512 | 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e3eebdacc6bc59f94a5dde974640c42a |
| SHA1 | 233fd4fa57bde0e6bc3299bc5bb5ccb3acd2a387 |
| SHA256 | c89b9b4e672989ae2891a70b56dc6ef4e4ef943906a3442ba7236a08a05a3af4 |
| SHA512 | 686ebefd3770365165656d0756b3a7aac2e78a895ea207e41d3542ccdc9d0fc3ac93959096dcb827e138b4acd2156fe25d00a3e132706a3ce7024a8965ca2db2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | acc6f321f0a008ddb27dbb96162bb6ac |
| SHA1 | fe13169d3fea80b2e693efab96fefe646dd5705f |
| SHA256 | 7650261d26b394cbc56bd598fa074f821d1c32b7a2f147aa12a85117fa7e80df |
| SHA512 | 9499c3bd9a219b6a2203fec558089816552283225ed85a1b36861fd7a6d183f50dbc99823bea0066ae2b5e7c8c38aaa25fb336c67bc30dbf4a369a6a9d9ef12e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18e5c14c244f30418a96925c56e7a861 |
| SHA1 | 3e3ce9f0545e3bebe5dedcda7e1511ea82c02831 |
| SHA256 | 1a854c207493bbc117e6835e9f7295b88d01ab550149fc582f45f474bd1c8fab |
| SHA512 | 8942ac1baf89d9a3dfce56dfa5cd35d4d9150c170d39670ed5398ebe997f286c705e761769065b46744700f6eb8f27025f9f93cafbcd74c39725555630e8ab1c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d1d1399b5293dce958e50abd67599d7 |
| SHA1 | 9518afa98fd1170e99366e514b1a0c50440e09ef |
| SHA256 | ee48aa48130b4a62045f29c4a9dc9d0dfc221e9cac7e9c43354b5a1e674cac9b |
| SHA512 | c0b4230b08c3f55ffea9be4c30336ec072539aec57b6caaaa64e9a2f9f6af740fc2d76ff6167656c6fb98ed12f9e28dac9fffe51eb0865e6bc5846818632a3f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | daf14925dc04bcfc60125216bcd90171 |
| SHA1 | 00f250305f1a22df43bcc7c4c9772b49aaee6981 |
| SHA256 | 23034b2ff7404054c9bbad373fcd8fae1ea5bd07b8263023ba9323821a2b7764 |
| SHA512 | 054dd334231dc032f7abed72c2005eca1913f5f6cafbc063914a74c10372c84bc8f0955537d2c57d51c65a0e539dccbac2efe96166cf4e54fa7eb737139018c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eaabd0f02b08f6d1df54f6265f589247 |
| SHA1 | 7be30be9b1bdf0a88aa657b0138452e7e4be2424 |
| SHA256 | 75fd1a83e41f42e7c848d11b554f9a904024d297905ea41e120127a31c1a3c6c |
| SHA512 | e4bb71e04f6beb43a76cdc7c503e6561a980a0308ba6a0892c6f083520ab70febb33f59c709052ae6bcf47675ae4dee29145575e3d0621d92c86bdb0d9183761 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e92518fcc0e33beaeb60c80129cee33c |
| SHA1 | d13b7d71255b18468fb0bce9402548afab6259b9 |
| SHA256 | 156b639164114b11b6b7ae278ab68750fb6c1e2a10e8a5707c448ede812b2ec3 |
| SHA512 | b88d6a8eb0138fe4cc396090f1788246dfd8b82e61646c459e9767d9b7288177023fe4c9bede92a81b4d1d1c7405cf8051ce04bfeb76045198a82b413784c708 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb054785e374e96156d4c18627c0f4da |
| SHA1 | 453fa1372d67e9be93ccebc9be00bd514e88fd1f |
| SHA256 | c26f0815b9c63b35e23de70d3c78c199d6a5d4ef54b43c851650e41e07158663 |
| SHA512 | 268c5e3d9ee2ab5e391f8d5e8db3ef05d6afbb232f7995512adc42c1aad5f7f5b42fa21663eb740b3a8cb0abc306109a266b5f0c7ec0ed8d6d7a3c0839d66cd1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 78ddc341a8999afad09898d71ac32486 |
| SHA1 | 3f4aa8c3b5fa17be495d3733a131d6ca38e9b8e2 |
| SHA256 | 2fe813f5b8fb85fad9fbd2ea50218b29991282c66d499904f88dcde3e071cf71 |
| SHA512 | 77be2da926b9d367e7d15cd7775cca4518b40f38ba4ae578e6ee127ab3e4087c1f0c73e5d67a52351a31351ca22d8dbe96f991310455642dae63502253615689 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e4bb7cceca3c48eb61e49ca65412117a |
| SHA1 | fcc366dca9e1fe0889fdc4d232af07b12e83a79e |
| SHA256 | d8ae281a464a41662ab8cf2273397c8eca0fe70502b168247b9a48ee17221ff1 |
| SHA512 | 792835389d53595cd6cf1bfe7cc84353b57e619d99edaad6219b90225b2e85236d1a0c712a52c53281111ebfe9fcba473e344e295eb1070efdbce257c9c74a11 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | edb8b6fbd01e225349acd7913be0d24d |
| SHA1 | faf1dfbcae8f96cb58ef237f1c8ea2c6ffe98bd7 |
| SHA256 | 3a2641c45b2f38673786e40974a495b4620ca3168269357003d7e82fe802a347 |
| SHA512 | 849175074421a442ff4bfe1a8868122d5780fc21ad3c06267bf8e2bb3d93f1918d4749552a182b4927371da883a1b7bc1bd9cda1f42597c7e173034cb030a520 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5728458b4f65e17500b647ea86dbb623 |
| SHA1 | b91cb4f76da7fbe0f95e39d693dfbd0a7873c432 |
| SHA256 | 5db22e3b8cd04de4dc81370491e4b1ed89b954c02f028daefcd85f27937dcd2b |
| SHA512 | 5527f8a24a6066520480ed22a675b741028ddb7a66fc46055cf99d5e3a8af3a9ff8083ecc7710a78782a637bbab6c3bc9b0c5ec4d4c2067b529e47ebc9c479e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38814b6df8a65cf8e7cc334e97c32d55 |
| SHA1 | 32ba3437c7ce0790c0b89870c0ab23412418e41a |
| SHA256 | cf24f943acb191c04ee5a3b2dc8a886a9a10cd66d08c4a812301188d549b099c |
| SHA512 | e850c61cb1f27bc13b6eb01ed812589691e8ec6147e1fd56740afad21e7eff3b554be5992982ce166af283d18f3bbf158392cb11ff32e545cc7e010502ba8539 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8d9d51a53c32f55b271505df7c07a219 |
| SHA1 | f1eaa5dc5502e0250613d83aa668dc2bc1e1668f |
| SHA256 | 274e3c7ac8c8ff0702192b04ac5ac0a859de1c15c03c71815c3794895aef37d1 |
| SHA512 | 12d2e02a6f3ab486c0920ebace8992553bf47784bf6b940b2c14f3841e97821af0d3485111fda565f8e3d3423571613cadd521289a388701814be4b6efa2f218 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 29a26b4f1118ff5a50e6a7d7e4ef1261 |
| SHA1 | 9283e84093bcc10e5a1069080493bef6e6e18dfc |
| SHA256 | 66f2267a713e2340a26fdddf80d426ac3fd3e31725dec833dbd494ec5d9d1178 |
| SHA512 | 8f610ea9309a24b078be78d55ba942029af5e2489f0f1ee6d6a1f218151b910d6b4ff319f1f165f0206fa05c57663cb094e5189b50c6e839217c856aedd9e712 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a1184cb3f7edcdc2702d00c294ae036 |
| SHA1 | d78cf093e1a26c01cdfb5fc355aba85183824f14 |
| SHA256 | 6df78966887b36eebde686abdb4102b86bdbe025b21a0196d56f116115fe85ce |
| SHA512 | b8c784a234938732387e481f845ad3ef35351c3a018b49b70d66f19249157a85b2a0f6850e3552d72e99d8514c6c1018bf493cf39cd13c02e71c8635f314d990 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 055e563d0c0046edf931c929daef7cad |
| SHA1 | d9db8b04b3ed8c886f1911d0851c0ed9f3b08bc7 |
| SHA256 | f591fd95c8906a76e6a2fe3cbb9bec8514816a5601636d434b93b8ba979b093e |
| SHA512 | 58d43aab204f15d5f25d20c178eb7d68e2395369039b49a57890637f9abea66d991037686b34697e7c07d8f1a1007254fb8bda2b08d1c3e8f33a4e2cfd90d4dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cfc67172d5340a0e079ba6d0de7245a0 |
| SHA1 | 1ff2f7517ba1c32dc28b9d573ec019a127609248 |
| SHA256 | 181d8b499d35dce923873c79902c5d3e11db976059a5c0eb4e0dffb42c91820b |
| SHA512 | ef0a7478999c3f05be290c6f4154bb6c029194dfee2d5d485b14cf5b1587b9f510123c49b125420277cbc3da737335d2bd659f17a30467c92e17fc05bf487d32 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 210adc3cb804d16333db089812f8d779 |
| SHA1 | a083e0885fb7de3266ebd2ebb7d35fd47701b358 |
| SHA256 | 900581cc9de3a42adb8ef083f402a7242bd2532c7fb572ec3532828cc5ec7d11 |
| SHA512 | c93691969d9f621c1bf0ba3fc24c4da91f54e4eb27666ebe1769e9afde2adadcc33ea73395d4e2202bf1aa47c4b9d2b3d4e46c236c40f05fc0a6c478b69f402c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\analytics[1].js
| MD5 | 575b5480531da4d14e7453e2016fe0bc |
| SHA1 | e5c5f3134fe29e60b591c87ea85951f0aea36ee1 |
| SHA256 | de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd |
| SHA512 | 174e48f4fb2a7e7a0be1e16564f9ed2d0bbcc8b4af18cb89ad49cf42b1c3894c8f8e29ce673bc5d9bc8552f88d1d47294ee0e216402566a3f446f04aca24857a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7579a8e88223d850d68a01cb45d50c8a |
| SHA1 | e7f5338a101e5c9c8ecf71231509efdce07743af |
| SHA256 | bb031673551334a43b1f18c1858ee0b26267846d9cf0de0e4870996d76d9c3f7 |
| SHA512 | abb7d09de2ed7092f9cc8f0230434658540bde1f1dace97be2f55b9f782e4d73390ef3f936627224afdd376435a8ba80055fbec6b89e3dd50af6fa5a784b5f97 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 19140dfcbefe45c5cf117cf8bdaa362a |
| SHA1 | 0de6aee1922c382cb7c5e56db01d23842be63fc5 |
| SHA256 | 70196f186f18564536358020da63c1daf3846705b9de8033bc53d54063da74d9 |
| SHA512 | 0ae52c9430aa608aacea2a5d5578e08b12fd6c3a2a19180da3650e9691ffa58e7c38c33618af188e7d570fd741a1f4a85e2a405fee4bdd2daa1423449e19ed23 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 344aacfad975e5275812169701b83011 |
| SHA1 | 82f511b5822091d1cffed4929d3c1ed4b1e38847 |
| SHA256 | 3a9df3dc1f7caa430ed87c28813782176c0839c5514a7936bed21372203e4491 |
| SHA512 | 68a2c2e2393451554b10ee1fb8f87474bc73562b1ea16ed6920f7c409362289e2ca575cfd07b3f047394170d1a98c7dd95b937e6f6ad765f5e4d49e14084990f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b3808e83aa6cfb8626d94622ff1079df |
| SHA1 | c88d964fbacd443bc6955fa92837e100b691174e |
| SHA256 | c0dfb6e3f754f9ed14f1aa7418c8a46d49a3052e6ad7ec324ced6d76c3b8a0ba |
| SHA512 | 7d1201643091311cb730796295550daa63357a788e9b22ee3f98006b4d199f1cb3ad01044f5b6d2568900db330a200a740ab6f37ebb6cc1279d0a2671397b708 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d9197151e50588ee788a3ad7b00378e8 |
| SHA1 | 21386b052f651bdcf6646c6b030377b16febba87 |
| SHA256 | c979e15153cc3baf32d802ae800ca31071c1b3d4917361d8bad5a7b487af3f64 |
| SHA512 | 8c721920c0ba2d83c80d1f35eaaaddcaaefba6ecb55571601347a4ace8cef3da2997d7aebfe9066086bea4b5bcdf3576bd46f1db9e0af68fb3bfb556672cb59a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cab279affb384d37b414819b39ec5df5 |
| SHA1 | 437091ce0eebbbf794b0342861edbd23848b7c06 |
| SHA256 | 88097f88c5fbed2f251a749234832d3617d885d252c26853d01d7d0980c57a55 |
| SHA512 | 26c25c5a3e8ed4c47d8a83b463bfb46e0d73779efa9b9d1e15115c9ddd03d5eded2977ef9ff681065ff0f30b8e5adb6ba6988dbc44e5c00fa5883075d1f89798 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b0048c8bf0265bafe6bd704479d8deb |
| SHA1 | c857fc232bf84f0206c096b9f0622346ec5ac5a1 |
| SHA256 | 967bc03d54c4a6e1bb144fab5f6b058af47f7150b0f7e1a308265ed77fbeff1e |
| SHA512 | c01418f4542d2c7de147a9585db181d57ec85d126f30c235e09c678c2b1707ac50058615c8de31ce7b20c97a1e9b8e9ff2e05ce8b4a993a8ffa05687f943fd96 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 460d4d7f085218604c23bb3e7e52cea4 |
| SHA1 | e428975594878f7d09b609805b69460c12618a01 |
| SHA256 | b462cc73d7cf4b5b65dc11834a71a22f8545498846af60f8ebc624b94b3b9015 |
| SHA512 | da82554ef85d345208f6711c76eedb9844a6e2f54ccb1314e503729071acbe666ae633ee524108f96ebcfe386153ca64849a522e635c18b4bac59d3f20c90266 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 62d1690232e17551f8c4e9d40ab9e936 |
| SHA1 | 313f1accbe6c99df4ac41f8a411e207521d1a982 |
| SHA256 | 8fea77bfcec913adb121085ec367809cce9c991406a4642139220c272ed8f456 |
| SHA512 | 83bcbfb972fe40c27e9eadb29746baece3e638563007f531d2c2acecd65100154d534f0a291f3cca5e0cc0cd8de5df1371c6e53b100adaef1cfe17aa83a21085 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97f836c8fb0308029011bd7af1ff9fcb |
| SHA1 | 9d92924bb79b60b8c3ec0dbc36a9cf3afd953624 |
| SHA256 | 52c09364660cda7c5db61f3232d90dfd90551a89667680ffc41f8329cca40719 |
| SHA512 | 506c73275f69a99bb67d8a11a1c6b6ed241a4c2608cfc91e1ad5e360623ce93979e522943b269226dfedb384feefeee5c91badfcf44b835d9853f6402f2056aa |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\recaptcha__en[1].js
| MD5 | 4668e74b2b2a58381399e91a61b6d63d |
| SHA1 | 89ebf54e996e46f4b1e26f6dcda93bad74fc0a1c |
| SHA256 | b0e3acc54460721385d2e472dda7288382f2766a06b38d2e732d034619f9b929 |
| SHA512 | b2ead3410dea89b658bfb0ce67842569641cd6c29889ecfb223a83637600b82b0d2e55cec26750593359663a22896f5da91d3df9f085c204803cd646a7cabc28 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a4264db344d1a0433a195f43e4c18231 |
| SHA1 | c3cef549773c651535af01b07c1077bc63fa7f7a |
| SHA256 | 40be8007eee44bee7ff75aedb6207bcc06fcf1341b2f48ad35442961e3829461 |
| SHA512 | db1e90299c993082375fe18b8d8a5bedab1d17f07c561fe6bb90e5ad969b6213f74c4b8fb50a7d682c530454e5d087ba5c8ae67330daa56d78956ec0a23a967e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 008f1fb9d9b702c73190759ab3ebbb57 |
| SHA1 | e138c22e435b993d90d7e584f79937b83ec9f426 |
| SHA256 | 3e717715946b38173674c3cef451d7d140358eb723289e303cfc0d96b96dcc3f |
| SHA512 | 5eda1ee16a729d7c9d655c7c9f15e5985576783fb1e17f3c0ffd60c63b8c5cc14855ecefcfa16f29284ef3eb6f3ef19c9f1f4917ff4116fee1fdc594d09202d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7c37fb6ff2294923b576213af1a164b |
| SHA1 | 2c1cdef7d598321876a39a5b804934f2a410f152 |
| SHA256 | 60fd461f7fbebb921a5a284e3d0c3d508f65d75db023af5f4f3be32ff232b330 |
| SHA512 | 93276fec1433c1ab6b13e67fd1ab6eadb1db388371756795002bce7eb28ec7c31937f79836f13fd1701ad3dfcf158b0bcf206f16fac7ae4643c9dd20ae98aa8d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M0HR0P6\styles__ltr[1].css
| MD5 | 5208f5e6c617977a89cf80522b53a899 |
| SHA1 | 6869036a2ed590aaeeeeab433be01967549a44d0 |
| SHA256 | 487d9c5def62bc08f6c5d65273f9aaece71f070134169a6a6bc365055be5a92d |
| SHA512 | bdd95d8b4c260959c1010a724f8251b88ed62f4eb4f435bde7f85923c67f20fe9c038257bb59a5bb6107abdf0d053f75761211870ca537e1a28d73093f07198b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04f976d63575036b9f06e50ad8a19784 |
| SHA1 | 25b41d701a309f7a0a57542d78ff527ddc0c9f12 |
| SHA256 | f43b537d738d3c56eafb3e45603627f3aa6cb6c43f75efe1d7250476471f7a67 |
| SHA512 | e10bbce50128e9ca0a5ba3af571dd91185cdb7d71f15e9ad07486246bec24c36b41da62064a86fd6360ce1402ad6813b26a8b8dbc75aae11af063b2837f565d8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d56bdfaa1a5215384cce8495f11471c |
| SHA1 | 19423d9c8b37294486c3d39731d010a228d02542 |
| SHA256 | 5f54d3c5d8ef42e19c35b71dbe2da424ddf7d2fa107ec74dc198e3ef1aa6836d |
| SHA512 | b4297e43917da8af7319cc00e524a0dd0067c4f034ac656ccc2165063a2cb17cbecc7c7dc8f59bc15e417a00640ca2c3622e00bcb3cde6b5d6a3d6e3ba32d1b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ca8934666e6bec9500e32be514aef1a |
| SHA1 | 14b6ea7ecf9852cdf4393d50a8788f471d85f43d |
| SHA256 | f2508c83f2e58a537b18d95ed98ed7b718e4ed915b12f63498df56e741e756e7 |
| SHA512 | 81df0975bb5a4a0247cb131b22c35265558be773977771e1abed15bc9cb8c05867948213ea054dc6d47c39840c24532e2ff2bbac9d427f43c0dafaa89be4f839 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9df6f5a49e2bb82fb2114b289d9b5b27 |
| SHA1 | b4d2edea2db4dd3a006ff797284cb8b08d7be214 |
| SHA256 | 3b62c1b677a10e0e6fc60d2c0f89897950ec84fbc75cfbc3b06e8c537769ee3d |
| SHA512 | 07a2d59e1d1f9a4a6311ee861bf3e6653ebf88bd164acca55dea81c41dc122657737b624d6990a07d66c176664542bd796e7c9df769bb69107a1c13652a9795f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e738dcea1fb190b1a06d2fb3e2efa11 |
| SHA1 | 0e0293dd4431cc16684acbae3a11e2d66b338952 |
| SHA256 | 3c7221ee54b23ba1a2a617278a28db2b770541ebf9465c192723811c690d8bf4 |
| SHA512 | 84bbaff7f3f7bc97d9fbcc8eab66e00cdff50453e369e998b1c981634e03829a5feb8811ea64f34da257a10a03d631502c234086dcf8809d284219d9d8afb576 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f6dac101cae6e0abe42d3c303c34de5 |
| SHA1 | 71e40f0fb6469a8f9593caaccea9def07e568363 |
| SHA256 | d7b0e4517e99f571f4eb8b4712dcd86088184e97a480a2732b6a29e19fc55a04 |
| SHA512 | 8cfaec186aa638722186fa8e5c1b556fdf588f3de75817ee4420c6e35f19fd90ef372ea8c7298dc4f131c8547f4f47540194e3d00c6436c2a72b2de59fba318e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ecc5334044e4bdf743647b4ae1875591 |
| SHA1 | 79f2a16ed93f42ce6b96e5c894e20ae141ac6953 |
| SHA256 | 71377343a7d99a1d60de3d5318ea9b7e4be3de205403ad5e511ae8366fb61518 |
| SHA512 | 03d4ad01a0091a7f0eb88e10706737c697734a34628d4da978ac7aebaeadb7589b68bc2b6b14a9a34e8b0dfd185475ce393c038a06cde2c3dc1c459fa3818221 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\logo[1].png
| MD5 | 0bc6545f07e6f3c17f41c72eaaae29d5 |
| SHA1 | 072ca58156308414c1a397a16f53a8b0ecab3cf8 |
| SHA256 | e6113232e68629172a2ae1cedd7e0ae606ef59d5a5c019bc23cf90f672dce053 |
| SHA512 | 592b355d530f599eca1759bc4b74e406581f72b16a4ba65eb842456a4ecd04963aa8948fc69439687adb10a7a408ffd9ba73290d512591b9c9e47538a177bd66 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0729a5ae371916448d0765911521538e |
| SHA1 | e54515c8cc4db4eb89a4d0830a82773f0560db30 |
| SHA256 | 83d6beb3f613ac3076e6278799dd7fbb007c7577298071da577ca1881cbdf23c |
| SHA512 | c490f160260938ec74ec95e77d641f893a17635388d27aebe7f7e4a8f6a54b5bcaa0a3bab53c804f4fb63f0bab3e55e006d502ef964f4058334b8ad700ae3624 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 3018073f8f7f00b0ed3f41b14c30fad0 |
| SHA1 | bb55b9440b9cadb990cad8dff0da0cd89e539d77 |
| SHA256 | 82cd618febc96c734ea01906cf7e3522cd43aadabcf86437c62fa8c2e7c4d999 |
| SHA512 | cd0b913a265cb4ce2649493c3ed7157eac6013a5d455b67a47e6a4f534500797f41c086f6df4523a35b561c870d7f262e138554752d0c879d62b19b6a627da8e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c7b0420e4ed2a73c31511e00e5147fd |
| SHA1 | 70da2ba0767dc16e6438ec8ef2975ccd752dc180 |
| SHA256 | 4244651fa95b1b7c631d3588b71df1b7f0994bd8bbace9926c952369ecd7fe10 |
| SHA512 | b3888720250882c6a2b39e2ae180e354ca5181e754d305f9dd855f0c3d31bc23f4c679dc7f7c2296a2139469c84f0fcb70eacb0457f4e0bf96faee41ade93ee3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7f320e633deea4a351061acd7b9830c6 |
| SHA1 | 7e62871811b7db63e9bdb93f9149aaa7572408a6 |
| SHA256 | bf1ff984c5430c81b343b5efa5660d03e28a328f8a3182e103ee10b9a6d167fd |
| SHA512 | b7e49f969d139b4409f7b8ec8b27e85fa9d40926d53f9408eab5fc4bf1ef06aca195e838166b54a9c4b588852b474058d7b07154f1d3d0615b56f01978ef5bb4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4aee8bba50bd96e0324867917c95ea30 |
| SHA1 | f7e22d535cfc21b6ed7855c68350b517379374d2 |
| SHA256 | a312bd1e0a04197809833d446e3ec368158c3c63c20cedc79907090b0a83c188 |
| SHA512 | 78d2ce6c534cadd372e250c5ab4824e51711724a4af9daf7b2bd2bc2e1da90f7a00d6f22b6b9a1ef593c3ae2719344ed403ebe1eda10f1a83c809ed83ef632f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e2d8b4b23c4ee29ee3367c3c49cd593 |
| SHA1 | a2bdea98e50ade0cb3ded52cd26dedcd18b6c4b0 |
| SHA256 | 3e80c7e8f6678ad3b48a5d56bce2c6372078193cdbeb8a452ba12159561bdd78 |
| SHA512 | 592ebdf3a6d8015146f6149568ab887f748540b2a35019be40f25220f2e7f8dbaab184519c7a9af851f2593aa53e30fbef014ab695908eb953398871bf5421e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac3cc5f2da3b064e8f9c1a80ea95436c |
| SHA1 | fa7f39757977c769e95a7c58622080e57defc0f3 |
| SHA256 | bc8f8844cbeeb1477cdfaf943ba30e35c44e8bf9294d984fb56fa22cf5af6f40 |
| SHA512 | 6f83e03667da331825b62ca3964ab14dde601ceb1ef749cedcb1ea7f463af170af51abc382c5646af1fc2a6874b2ceb9707ff5085b35a407155f18b6844a92c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 80a2f499e351bf670237926df54ac433 |
| SHA1 | 9900c19ebbfc1dd74093ae6f91a07648cba356d1 |
| SHA256 | d3020be11317fd167a782dbc65ad3f53ab9b374b5826d455f916154ae885f037 |
| SHA512 | 07025f34af85d6668406c93bb6adbace4dd0dc708cdb5726da448d034e71dcb3ad1f7af58670b2900e2e0e0e2dfc8d3e4a0f801c7dfd59d70982386b9d41b7a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e2d23e893e3244aacc8f864cc071d72 |
| SHA1 | d9aaa16418975fcc98089f21d1e3b405b5112004 |
| SHA256 | 3dc3be1023f3c5c01fd4e286a20270ad5571187622d17d8389b2c170fe91308c |
| SHA512 | 153658785760371dbfd9fdc919e3b53bcff043120d4a97ef33f922b8ac821723a03e6c3f7f4d90cdac1a3e5591200fd1307936540916b2eb7edf18c5a315e065 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a0778ced7ee9f525377429ee2e42aba0 |
| SHA1 | 0c9e7e6b4a6abb9de2d6910fd5d28b53a80dc746 |
| SHA256 | 232213d07b948032acb24a06fe2c93e8a0eab9a190e1117e6fefbd836656f368 |
| SHA512 | 1cc3593969ba6a9ca7afe25417fc0957e03e601e24cc349348a4023749ea7a95b8f9319c073ed4efa5c08dc705102d0a51490325133d4c21988358ff67c301b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b4b675afcc3f0333ff55c8d041556123 |
| SHA1 | a4e16b4c01cfcaa9bf26be6991de212297dba5fe |
| SHA256 | 6ee38c061341b439d84af9e6cbf562faa5c9e94ca80d56deec5f06fc00188213 |
| SHA512 | 8843c41048b2001de9d55f8b4a2681161d0dfd44cd9fc96c01b828e460f97bc899ac8498fe7ec406699a3d57640af7c44875b2cff869e6d2a8019c9bbadb1cef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eaeba16c9dcca021997c79d594c26279 |
| SHA1 | c5c06f6ebb7221a58752574d9b62a4cd4b8e08b3 |
| SHA256 | 37a02b2760e82a60082a419d8d6d7b5713810fb92a99b190d3551f7f2952506d |
| SHA512 | 2bace75f099120445c26fd1af371e0c340cabcf79d26c1180941b8d8f5554b14c831300b5266915bc75e50a2f6312643570193ad38da418bc2050a4021d42e50 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-29 11:45
Reported
2024-05-29 11:47
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
141s
Command Line
Signatures
Mark of the Web detected: This indicates that the page was originally saved or cloned.
| Description | Indicator | Process | Target |
| N/A | http://btc2016.atw.hu/index.php?welcome | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\809f26e396970606f4227ce9eb72c26c_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8d05046f8,0x7ff8d0504708,0x7ff8d0504718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,5580667152891686261,11245304509904808000,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1944 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,5580667152891686261,11245304509904808000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,5580667152891686261,11245304509904808000,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,5580667152891686261,11245304509904808000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,5580667152891686261,11245304509904808000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,5580667152891686261,11245304509904808000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,5580667152891686261,11245304509904808000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,5580667152891686261,11245304509904808000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,5580667152891686261,11245304509904808000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,5580667152891686261,11245304509904808000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,5580667152891686261,11245304509904808000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,5580667152891686261,11245304509904808000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,5580667152891686261,11245304509904808000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,5580667152891686261,11245304509904808000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7144 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,5580667152891686261,11245304509904808000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7144 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,5580667152891686261,11245304509904808000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,5580667152891686261,11245304509904808000,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,5580667152891686261,11245304509904808000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,5580667152891686261,11245304509904808000,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,5580667152891686261,11245304509904808000,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3128 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | f.atw.hu | udp |
| US | 8.8.8.8:53 | users.atw.hu | udp |
| HU | 88.151.96.4:80 | users.atw.hu | tcp |
| HU | 88.151.96.4:80 | users.atw.hu | tcp |
| HU | 88.151.96.4:80 | users.atw.hu | tcp |
| HU | 88.151.96.4:80 | users.atw.hu | tcp |
| HU | 88.151.96.4:80 | users.atw.hu | tcp |
| HU | 88.151.96.4:80 | users.atw.hu | tcp |
| HU | 88.151.96.4:80 | users.atw.hu | tcp |
| HU | 88.151.96.4:80 | users.atw.hu | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.200.42:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | atw.hu | udp |
| HU | 94.125.176.29:443 | atw.hu | tcp |
| US | 8.8.8.8:53 | mellowads.com | udp |
| US | 8.8.8.8:53 | blockadz.com | udp |
| US | 172.67.161.123:80 | mellowads.com | tcp |
| US | 172.67.161.123:80 | mellowads.com | tcp |
| US | 172.67.161.123:80 | mellowads.com | tcp |
| US | 172.67.161.123:80 | mellowads.com | tcp |
| US | 172.67.161.123:80 | mellowads.com | tcp |
| US | 8.8.8.8:53 | amazingfreebitcoin.com | udp |
| US | 8.8.8.8:53 | btc2016.atw.hu | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 172.67.161.123:443 | mellowads.com | tcp |
| US | 52.71.57.184:80 | blockadz.com | tcp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 172.67.161.123:443 | mellowads.com | tcp |
| US | 172.67.161.123:443 | mellowads.com | tcp |
| US | 172.67.161.123:443 | mellowads.com | tcp |
| US | 172.67.161.123:443 | mellowads.com | tcp |
| FR | 142.250.75.238:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | magicdental.hu | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| FR | 142.250.75.238:80 | www.google-analytics.com | tcp |
| US | 172.67.8.141:80 | widgets.amung.us | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.96.151.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.176.125.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.161.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.8.67.172.in-addr.arpa | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| NL | 23.63.101.170:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | t.dtscout.com | udp |
| US | 8.8.8.8:53 | www.hugedomains.com | udp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 172.67.70.191:443 | www.hugedomains.com | tcp |
| DE | 141.101.120.10:443 | t.dtscout.com | tcp |
| US | 104.22.75.171:80 | whos.amung.us | tcp |
| US | 104.22.75.171:80 | whos.amung.us | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | cdn.tynt.com | udp |
| US | 172.64.153.173:443 | cdn.tynt.com | tcp |
| US | 8.8.8.8:53 | static.hugedomains.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | ic.tynt.com | udp |
| US | 67.202.105.33:443 | ic.tynt.com | tcp |
| US | 8.8.8.8:53 | use.typekit.net | udp |
| US | 2.22.144.139:443 | use.typekit.net | tcp |
| US | 8.8.8.8:53 | de.tynt.com | udp |
| US | 8.8.8.8:53 | 184.57.71.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.70.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.120.101.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.75.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.153.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.144.22.2.in-addr.arpa | udp |
| US | 67.202.105.34:443 | de.tynt.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | p.typekit.net | udp |
| US | 2.22.144.138:443 | p.typekit.net | tcp |
| US | 2.22.144.139:443 | use.typekit.net | tcp |
| US | 8.8.8.8:53 | secure.statcounter.com | udp |
| US | 104.20.95.138:443 | secure.statcounter.com | tcp |
| US | 8.8.8.8:53 | 34.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.95.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.statcounter.com | udp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 67.202.105.34:443 | de.tynt.com | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 67.202.105.34:443 | de.tynt.com | tcp |
| US | 67.202.105.34:443 | de.tynt.com | tcp |
| US | 8.8.8.8:53 | 25.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | de.tynt.com | udp |
| US | 67.202.105.31:443 | de.tynt.com | tcp |
| US | 8.8.8.8:53 | 31.105.202.67.in-addr.arpa | udp |
| US | 52.111.227.11:443 | tcp | |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8b167567021ccb1a9fdf073fa9112ef0 |
| SHA1 | 3baf293fbfaa7c1e7cdacb5f2975737f4ef69898 |
| SHA256 | 26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513 |
| SHA512 | 726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54 |
\??\pipe\LOCAL\crashpad_2552_RJGMTFZXHRLVQYNV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 537815e7cc5c694912ac0308147852e4 |
| SHA1 | 2ccdd9d9dc637db5462fe8119c0df261146c363c |
| SHA256 | b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f |
| SHA512 | 63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 48f8de85ccee5e7b269593d4a0b5fd27 |
| SHA1 | 059d88961b7aabbc8b88112a3beb7854faa5d164 |
| SHA256 | f58ac50fd824a86c635c95e2af3a75a4378d1524c8b018eaa385b3003d555e76 |
| SHA512 | bef72ed54c3c9480cd9b9d98f1331bd1d7c66d8abf03c0c276bd137affe00bf40d35808b0bab111c048b8dba5efb597daba940a0e5a0b658c1a75a43ab2a4073 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | f998b8f6765b4c57936ada0bb2eb4a5a |
| SHA1 | 13fb29dc0968838653b8414a125c124023c001df |
| SHA256 | 374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef |
| SHA512 | d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7e8e99ddddcc80f3cbc568937f82a8dc |
| SHA1 | a8f3f3693291ccd69767ebd0fe21189ed5a78e4b |
| SHA256 | c2f295bade38ddae6adfd12b9a7a8d478aa477974348ffff41d63a127744b399 |
| SHA512 | 1bc49481fedc746facc328ead5e7e1bb3080ed58f1e6adfcd3d3fb10c56cfb0620dd7b7b5d0b3d0125f447349d3d92fa97ff76f9db9d1a053097f3b5718fae1a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | edf485c66b9268a89791e2dd5f7a0b58 |
| SHA1 | cad31623684e30bece1e6d0744cc42c69e46b1ba |
| SHA256 | 9bf4a1b1ca6b70dc1267346c236c5fb9517253ac747b37978f19b5c9cd363acb |
| SHA512 | a7e095d1604f3d1422d914ef9825d564b962033c0ce80f0cc2732a7d0134ae46797058942517e5455e957c7912eac7fe12d4607c13e28354669500ba0f30981a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cfb02a3c375a6457e59eca8989115ad6 |
| SHA1 | c6f48a9c6e3a0e7d019b5a8a0f821f1736fa6680 |
| SHA256 | 4f521fe7ccadce60c109339392b7a8ec516c1323d23b6d29f3f90a2501ca4858 |
| SHA512 | c041eb984e87d46c4dfd39fdd3f90a79866d5f28c3b0d63387c1475eed84f66149970bd2ce2ae64244153f4798965152c96f9aadd0cf71d7bedb45018ecac51d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e3ec0abd6db9073db6bc82549c2a019d |
| SHA1 | 9921d62b1f2a5e37810c166b48240541ee2afb0e |
| SHA256 | 4b0d47d14dcb5646168172018b49bc25f1485d229e8a04896203d3b2e9f4ad6c |
| SHA512 | 9225df070ebc66e8862f3b93d367ab793b880a127ba080852294284bd3f17c9ed976f8b51a9ec521a455976602c3ac3f1917ec60e6d5f783dd8c1d70d59e2f28 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c402e610e7bde73b301d61ed64e59ade |
| SHA1 | cda215ddb4a6d40a4747d6ad4a3a66841905bd73 |
| SHA256 | 11f85fa3a098c49e549fa5a4512fc04b15497d728ef84dde5d1b18feabcc8ae6 |
| SHA512 | 2583ad28a3a6a75a0796ef50aed15f644fda2a9fc177f6971b63734ef423a7d92a90775b9f31dfd00bae718275809606ea64c643af4ae842e3e7832e36fec042 |