Analysis Overview
SHA256
8da0c5888758941736d2848399f68d588506d224a28d4fe615b447bca9ee6d85
Threat Level: No (potentially) malicious behavior was detected
The file 87899032fbdd0892e09c9a0aab9e969b_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-31 15:49
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-31 15:49
Reported
2024-05-31 15:52
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
147s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\87899032fbdd0892e09c9a0aab9e969b_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcdb8546f8,0x7ffcdb854708,0x7ffcdb854718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,5228017758996312085,6844149098725497285,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,5228017758996312085,6844149098725497285,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,5228017758996312085,6844149098725497285,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1520 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5228017758996312085,6844149098725497285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5228017758996312085,6844149098725497285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5228017758996312085,6844149098725497285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5228017758996312085,6844149098725497285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5228017758996312085,6844149098725497285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5228017758996312085,6844149098725497285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5228017758996312085,6844149098725497285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,5228017758996312085,6844149098725497285,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,5228017758996312085,6844149098725497285,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5228017758996312085,6844149098725497285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5228017758996312085,6844149098725497285,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5228017758996312085,6844149098725497285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5228017758996312085,6844149098725497285,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,5228017758996312085,6844149098725497285,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1992 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | lusterka.by | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| BY | 31.130.202.141:80 | lusterka.by | tcp |
| BY | 31.130.202.141:80 | lusterka.by | tcp |
| BY | 31.130.202.141:80 | lusterka.by | tcp |
| BY | 31.130.202.141:80 | lusterka.by | tcp |
| BY | 31.130.202.141:80 | lusterka.by | tcp |
| BY | 31.130.202.141:80 | lusterka.by | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 172.217.169.10:80 | ajax.googleapis.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.202.130.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| GB | 142.250.178.2:80 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | awb.by | udp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| BY | 93.84.119.243:80 | awb.by | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| BY | 93.84.119.243:443 | awb.by | tcp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| RU | 88.212.202.52:80 | counter.yadro.ru | tcp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| RU | 93.158.134.119:80 | mc.yandex.ru | tcp |
| RU | 88.212.202.52:443 | counter.yadro.ru | tcp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.119.84.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.202.212.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| US | 8.8.8.8:53 | 119.134.158.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_652_MXNQBARIOGHQQRTW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 393f9b6abb79e842d0e3b0caec1b5872 |
| SHA1 | d842610b4e8bd7b7eda7f45805210517ff3032a4 |
| SHA256 | b2c2bb37caf45f4a13a3f1882f8e103e9e8d7379be830558681ef6f0f5cbce9a |
| SHA512 | 2fa6a8d1ed668dfd640ca85620d5139d07c9b704527491327df4055b07baded878cd19748f8fb4d56bc5e0a6aa515cb23fabd5a59cb5b7a2b7b1e0b3fadbc19d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4b48a9a3d123e74ef4d81079dacc8350 |
| SHA1 | 6d13e97fa727a87c30b407eb7357812dc4ae590b |
| SHA256 | 217df7e3866885439595b1a1228af8b1b3239adcb65609d271fcc734f45cfab2 |
| SHA512 | 6269b99f0867f7db51c3a0fb2f893471b12f3501d506e91e9a508664468fbe691c7a2dbcce7acb54434d985757f2db3682c5ca6cfec18b5dbaee3d8b4b8d6f13 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 344c819db54349348fca93c80aa1563a |
| SHA1 | 003dee9c85a21bc83c7b2a76503bfe92e0537c83 |
| SHA256 | dfa7c0b26192d952196c93175cd1f82458708711bb5231e317b1ac5c402c1b95 |
| SHA512 | daaa3a3327fd15a7501a634ce1c1cb755590a98b3f9d19311c90df1ae79c090219cfe1168bc579a5231e53890dc58aa63aa7f01becf199acecb8b67efb3517d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bfab72bcbe6f23250777e3cae73f2606 |
| SHA1 | 32a732d84d10c43b7b02ff43b428b6f20389780a |
| SHA256 | 83e8381180b84dba07590842aeb26988853fecb518f7b743189d31abd55ca838 |
| SHA512 | 7eb466a3cd4fea17e223616edef684b53bb605beaa090b052c3e0719774a6257e5bf118eda9fd7d07d1b4901388e48818ae37f1c3f0726b58301ca71606978da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a83dbd26622f5a56764316e7eb971acc |
| SHA1 | 6fd85b97968b690aa13aa839ebabffe461fea8fa |
| SHA256 | 6c3b6b75465b7d19945315de1b046f52a5b19d0e95b01df3860df0ccbadac983 |
| SHA512 | d5c6132937b26d9eed70d38e7340f5c5cc9b9296380aae2bfed3c60709bcbcd00970d380d7e0cc1bd2756dff4f484aeb3d0a9d383092a1b40c00176c4e6cd0f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b536.TMP
| MD5 | 4c85df16fb5be746eb267d346b52de78 |
| SHA1 | 558c617005ba637dbd850d9fe12b582e99cd695b |
| SHA256 | bf834483ae1372a31b9e020306397035eff579f193bcbb71a0214ab580a8fb06 |
| SHA512 | 8230e61db3cc467df8a4ed68c93aa3ba33bc4a4fc3ac7155b24851882f2d5a2e713ba7fb8e6b686a85af44066375e528bacdfe60d0c96d128af2cfb286e2fa06 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c280f42c54d3fbd41af66db5132b5e57 |
| SHA1 | 650a0ccf591c82ddaabe8c12a56a4028abc3fdde |
| SHA256 | 0c51bf79c7f132f992f9cbdf961a92288f53edbf678c526752e97a2ae431535d |
| SHA512 | 1796d10fda2c92c40687285cb54cc707f7ca9e410a05a3ccfbf6eabf4232e55042a75b77f61457f58bfae65f4844db8ebe9d42501750d7349d698904a06cdc18 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-31 15:49
Reported
2024-05-31 15:52
Platform
win7-20240221-en
Max time kernel
126s
Max time network
141s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\awb.by\Total = "9" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "1510" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "12442" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "219" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "89" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "110" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "225" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "337" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "40" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\awb.by\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\awb.by\Total = "855" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "18" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "453" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "61" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\awb.by\Total = "104" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "331" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "325" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "614" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\awb.by\ = "61" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "325" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "12320" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\awb.by\ = "1000" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423332450" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\awb.by\Total = "1000" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "331" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "12320" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "233" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "429" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\awb.by\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\awb.by\Total = "61" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "447" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "18" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "646" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ff6bbc1ac901b40ad5c6b975e30e144000000000200000000001066000000010000200000007fcf100ea1920eb400405ce10734487a8517eeae008e1a869436de6ed266593d000000000e8000000002000020000000ba7ce893d6a0f374c0f30d98ce66d249391b0042111c0061d04592d76ca07048200000001c1b8308628705a34f94da9032f5700ca5227086d119f6dc1dd8709d889f9a9140000000300138a469eaec4ee921e7368a2e04af982fc02acae32d2f71dc22ed757e009550ae94757dd3f3ba92d6eee781c8ef96631a9057c07df12c1acd5ea5ac31975b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\awb.by\Total = "136" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{64C04981-1F65-11EF-9CEF-E299A69EE862} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\awb.by\ = "855" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1096 wrote to memory of 1816 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1096 wrote to memory of 1816 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1096 wrote to memory of 1816 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1096 wrote to memory of 1816 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\87899032fbdd0892e09c9a0aab9e969b_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1096 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | lusterka.by | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 172.217.169.10:80 | ajax.googleapis.com | tcp |
| GB | 142.250.200.2:80 | pagead2.googlesyndication.com | tcp |
| GB | 172.217.169.10:80 | ajax.googleapis.com | tcp |
| GB | 142.250.200.2:80 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| BY | 31.130.202.141:80 | lusterka.by | tcp |
| BY | 31.130.202.141:80 | lusterka.by | tcp |
| BY | 31.130.202.141:80 | lusterka.by | tcp |
| BY | 31.130.202.141:80 | lusterka.by | tcp |
| BY | 31.130.202.141:80 | lusterka.by | tcp |
| BY | 31.130.202.141:80 | lusterka.by | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | awb.by | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| RU | 88.212.201.204:80 | counter.yadro.ru | tcp |
| RU | 88.212.201.204:80 | counter.yadro.ru | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| BY | 93.84.119.243:80 | awb.by | tcp |
| BY | 93.84.119.243:80 | awb.by | tcp |
| RU | 88.212.201.204:443 | counter.yadro.ru | tcp |
| BY | 93.84.119.243:443 | awb.by | tcp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| RU | 77.88.21.119:80 | mc.yandex.ru | tcp |
| RU | 77.88.21.119:80 | mc.yandex.ru | tcp |
| RU | 77.88.21.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| RU | 87.250.251.119:443 | mc.yandex.com | tcp |
| RU | 87.250.251.119:443 | mc.yandex.com | tcp |
| BY | 93.84.119.243:443 | awb.by | tcp |
| BY | 93.84.119.243:443 | awb.by | tcp |
| BY | 93.84.119.243:443 | awb.by | tcp |
| BY | 93.84.119.243:443 | awb.by | tcp |
| BY | 93.84.119.243:443 | awb.by | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.200.14:443 | www.youtube.com | tcp |
| GB | 142.250.200.14:443 | www.youtube.com | tcp |
| GB | 142.250.200.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 216.58.204.74:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 216.58.212.214:443 | i.ytimg.com | tcp |
| GB | 216.58.212.214:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | fe0.google.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\f[1].txt
| MD5 | b0016965a1fb667abf32580fe96a3a30 |
| SHA1 | b6979790f4e311abd3e5b0756ce79edc7c5b5f95 |
| SHA256 | a45deaecc878c70af266f6751f98e52695d0a24629fbc4b42d25c702ec1b0027 |
| SHA512 | 99f7c64adcdd250daa05c5c2e3536904c0ed438f0a34679619d47f7a69a7e5e81d110425a791222c39408970534527d53537c09e537d039792509e0ba54d20d4 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\css[1].css
| MD5 | b76ddb80a4ffcaa0d748ab0ce348e766 |
| SHA1 | 677830b546fffcdc66cf650302f7bb1d092608d7 |
| SHA256 | b85725abe510347fcbf31c13165e0ff34436f6fe9956d5a0e68e41c33ab91691 |
| SHA512 | b67f661e84044324a8af3c92b129645fbf0cd0d9359cf7020f7526caf3d718809eaa43ef2d7be73c932428001f91fb5dfb9f6430d8e79092d1f8d66e753abf15 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\css[1].css
| MD5 | d1399c9e61371643ef62c66a3390706c |
| SHA1 | 7e50837ac0d83905c3bec8f0435e158e882dcaaa |
| SHA256 | 3bbf40a682fd3c0afae412c6e8503534e60f626697313022026dfbebff6f0953 |
| SHA512 | bd33515c0f72e668c03427e2a8e9c8916993b5ea9ecd59901257f9dd27e91142855bed6cbd74d1a4e34112cc19e3988544cca90312d01fffbfe07bb85b64f1e4 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\magnific-popup[1].css
| MD5 | 02bdfbb4e8a7572521ca983cda648465 |
| SHA1 | a8305cb2190573214d1187a2ad4689c3483f49b9 |
| SHA256 | bedfcf708d4eb8aa69f75e34183121fee89c8167559fc125f9b4e640d16973e7 |
| SHA512 | 34531719d0a8ca0e53e4c38cf25d06aeb12157e4dd304c09bb845531ace757752683eb4e79a04a96ad988f1520a6191805bb8680f02269574ddab891d988f8ec |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\jquery.magnific-popup.min[1].js
| MD5 | b93d1f2e39d661695e10942e449a1218 |
| SHA1 | 3ab5061cf4d7a2c9f15fb3ce53ba65c39c9f5669 |
| SHA256 | 84d67810a2d6b8d796f974fc70e7d48debb43e8fd29831e97b3229dc9709b7cf |
| SHA512 | e8023d72726b104cb72df46443593220470dfc834a44d4f3ac37c4b1b4beb377abbefc758e36f0a381d836a80451353a16fe5a69f2c8b982141f73eccd7bcf6d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_D727CFA7BCFAF501CEA426110263B756
| MD5 | 7af261e33ae6f6f97edde108c3a4bda6 |
| SHA1 | 28f84cc7dce0adaaf6f85bce343005817d7621a3 |
| SHA256 | e128b7e5e3668481748bf8197a834f5d013ec29813ee26c71c3a633bb9521097 |
| SHA512 | 88b9a97d29201dc47341592275daa88547a472a9b6c80bff4bf6468ef14f701d366426553406fa9e7977f64d088e9880cbcb3231f8cccb4dad35a5e4ac47a9fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_D727CFA7BCFAF501CEA426110263B756
| MD5 | 32f900fc049cc72bf4176ca814c7bf9a |
| SHA1 | b5777073e136f30bcc2399c60214e96a57d8eb45 |
| SHA256 | f82448427a27e6f4934aac4dd78c6e1bd2ce6c788110ab99613dacb80a58cbbb |
| SHA512 | febce1241d8533fdc63a97d6aafa26efd85d922295bc53a0335a34e404a37bfa2998c7c73c830c5bd93c755ff32fa9520d5abc30e46c6b3f204857d513631573 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_D727CFA7BCFAF501CEA426110263B756
| MD5 | 50bcdf801bbfd9ea5e574cf77f778e0d |
| SHA1 | 60c9c62aa0ebcd06ec0106c9afd2331839dbcddd |
| SHA256 | c08dcd48a123a0e3c189e987af51153a41a4c46bbf1cded547b050d0b21e8040 |
| SHA512 | 5623fd457604dd5fbff62734b320a24a29d2f6c6c75799912d08676b5e0c7c5a777e5adb57a394b56dcf859ddce9a1b2dd072621b2e3f0179d181aa540bdf089 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\6RHOVMZN\awb[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\6RHOVMZN\awb[1].xml
| MD5 | 7becde9659d68164ccb80ae5407671c0 |
| SHA1 | 3bf96e75990cc25ec005ef304e1e0a9759a89418 |
| SHA256 | f795506579c06114aa3da7ce683ccb26df96f36f56831701d03a480032d6a86e |
| SHA512 | 4ffc2381363baff47775f845dedd17f7e1b30eb21795d2ebdb6ef56fde6da372708d2eafc6cc73c9caa06c31db279da6389c4500fc59fdd39923326d5b875286 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\7KWMUN66\www.youtube[1].xml
| MD5 | 78309c87b268827dbdbcdf7a4f8513b9 |
| SHA1 | b3920818d3565b7944421c6fe802c8f473a38701 |
| SHA256 | 18ab93260feeffea704e4b879239f12560b425751a51a809fa5a39186fa16efe |
| SHA512 | f6a4dfd7e873fcd316bfceac90cd017013af26a4d3de61a76542ebbeff5e588d239b1ac1c5e1ae73195a7a6d60b306d93d9184d6db562db0269f652117615211 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\7KWMUN66\www.youtube[1].xml
| MD5 | 1c05bca7e1b980d71cad1c4bf794667b |
| SHA1 | c6c352d1c384e16fa1f8f855716eac7b79cf9f55 |
| SHA256 | 2282e1a275e0fee0d31fd933d7058b2ed1bb86a376657a58631275179844c7ba |
| SHA512 | 8ab5903bc90ec661026b156b9a4c02bd3499b9bb1ceb45f3f4d281437253270c636248e0003b16834586ccc03a0a227a0ef96ac2f56fb54678af3c15416e9084 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\6XZ9YHBY\www.google[1].xml
| MD5 | aa38bc380f7e5299dc71e09ee780d5b2 |
| SHA1 | facdd5b3d6926e6fd79bf50f88f560b5510dcdc0 |
| SHA256 | cbd0f5d3629b5dc9afaa3768075836ae6ac7cc56cd7759b1e017c587055dc11d |
| SHA512 | 6347d3eb83bfe1c10f87a5e252c726af8d1c0c97642b5bde73c1b6b2cf5eabbf38e901f05eb98d4f9bd1227f2c85d83c65396e58e7f2860a41e6cb02689ca26b |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\7KWMUN66\www.youtube[1].xml
| MD5 | f3204439123e7a4e24bcfc22521a3736 |
| SHA1 | 7f1f575591eaf871adfeaf9d85f7250b910a6685 |
| SHA256 | 9ac90389809adce0d005c81b0fef33dbeaed803046b911b5ac4047fbfeb20912 |
| SHA512 | 473926c2fd079e5e179273b9c1fa5bac569399044fa8527c100c9b983b4e7ec184987aa6459fa8014b5216f621351ef397cc10f4ad3ee08724ed6cdda21b6c69 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\7KWMUN66\www.youtube[1].xml
| MD5 | 31721e3327ced9c6f891d16e424f1c64 |
| SHA1 | ab2dd7ed5621a75489ceeef73203769016e58439 |
| SHA256 | 30c27b015df6f55c92d8eb28168dbbe7b661a80f2b3a281dc7beff408ea7d4dc |
| SHA512 | 6c24e57855cc81ca8c5c6bf2d8d74b18b7254c67c8f3737fc36666d77b111607a9ebfaefd0248876a11e6433bc2fe12ff0cd85b3779fa9af11b7e63e9d484523 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\7KWMUN66\www.youtube[1].xml
| MD5 | 7926819820dd762819ba7cb41c4c5697 |
| SHA1 | 697682fa05776b3bf2606d9b9385ad151f11b6d4 |
| SHA256 | cfd913d560840fe8bd12edb8eccc7fa50dd6ac0026dbc1e87da07333cffb9aa3 |
| SHA512 | 3c19e7ee1377431456ceb582ecb31f7b1bb5d21cdf7a63b26fd01734f857b8abfe0790868aa8c5286c58c84288d4080af8c011eac955870c03c5295cb5f5028f |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\7KWMUN66\www.youtube[1].xml
| MD5 | 80ff68288e538f961c0de4493c7d5564 |
| SHA1 | 6421d6dafec294e69aae2106941222fd18fc3624 |
| SHA256 | b05aeb8536086e50f33cb7eed6b2f75b047ab40409f681b5cbd6696976318680 |
| SHA512 | 65649d2b0d2ba2fb923621ea8b9566465717c88dc29a443e37a692ad9475504c6eaaae5af4f449fbf599f2253aafb6dae4fe885a21274956af02debb67cb9ae6 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\7KWMUN66\www.youtube[1].xml
| MD5 | 11dcfd449a2568323a8fe5321cb1aa33 |
| SHA1 | efb73c21d3573212cac906a50fd666a6f5dcfae7 |
| SHA256 | c2309a0804fca731bd957f32807f8f9c41e1cbc13c65b4547c02c725d00bc28d |
| SHA512 | 4b8183958fe59b61d45b5ebcb359395a1efabc8e44ff40db8cf0f9327f3374ba2e78563e7c5ecfd23c1648ee106f5b90707b008400c9712f856e2f85d5ee424c |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\7KWMUN66\www.youtube[1].xml
| MD5 | 62e0b7c0d67eac7703255b3429fe802c |
| SHA1 | 6b508c80fcdfa47e717e6d7a8c5769f2bc162f60 |
| SHA256 | dcb8deb0b470dfc0b470317a194a41f3d47099674f3cc7db6bee01b8622ee048 |
| SHA512 | 289b4cdbf1f5a1379a4a7826438b774adf0b7400d1a977708e05cacd8f8075b7b7cf24dddba924e5fe35a267d519a60a17892f2ba6d9cd29f99cc83de6ced7cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a2e8227861447edb8f24b892c1dc23b |
| SHA1 | 872fb29f21558024d0a02ccf064f18f24bd425f6 |
| SHA256 | 616d597b787f34bde2841a6809316dbbd9bf6310cd37b18cf84f87c626da7b97 |
| SHA512 | f719077eae0f09ac6c973b1b8ad2c98cbe057b89cbf033c61b76f2ba826ef0b1d8c5920e0b680581406a1479a39788c31869dddf7b4c850fff46226f8042c282 |
C:\Users\Admin\AppData\Local\Temp\Tar517E.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab516D.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar529D.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | af81340531a9d7e4aacdf02c91982bae |
| SHA1 | 7b96c93ca380774c19b0a5f8342fa6f44fc158bc |
| SHA256 | c4b1beeb6f9d88482f984ac1001f2c9d5caad9763580a618c4198a9f9522588d |
| SHA512 | 945743d20c72f561ffa75c8a4880435854e5ef1f231f1ced77cd94a5ed527853c6c2740a2d6e5375196203c2e22ecf8bf32a5b0e28006af31d3c9b17f7de02ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a0300d3d50325e4c08e6928f3e902d3 |
| SHA1 | 4172726d2db6f09d3f4c175aa858f9f163d154c3 |
| SHA256 | b8125f49b6fe6553010f953e772849433ec7ce6f4e77f20673793a31c32951c3 |
| SHA512 | f03a60586fc1ea50734ee8d110b78b5adfdfca457b5f089c7b9758fd8de220be25471875febe59d78c5a1bc994082a8625621a049a35f2b8b5f8f834d902fea6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc424f93572c3e70f5dd36999fb68d08 |
| SHA1 | 27d947cdfc2634706f49c2286fe2992923b430bb |
| SHA256 | c05c9c32619808e411675833fb7a9bd778e511b4ff257126f53d65a4ee2a2925 |
| SHA512 | dc60c427394897cc719e895b96e68722de9ad32d9e9dcc700ea4283774e77ee41e009eabae5c1e209ec399f634aa236c1aaf72c881beb9699e6b6313842283f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d694bbc88822150e08c3ed05863acad |
| SHA1 | 175ccce04955b98acce4dd127e535bec633812ef |
| SHA256 | 540d4cf9e85d4791d4366f3e1f10a7e63750db20244ad856bf7139a54d454e3a |
| SHA512 | 30661dcf4461b8377a913cd46894d869d1aa2b534ebe26526805b1e8d82a780ece10b1f08a9019f3edefa3b6b00c2b809f3048271efdf1c2c1dd60ccaae6e7d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9cf2bf7b3a30ea9a698f58018d2fcbd6 |
| SHA1 | af81c5b1f75e7a7180c4553a57817509619d38a2 |
| SHA256 | 7283d16d72a833c1c439b36dc8e0b38ed85ba4fd8fe97376229342312b5b1dab |
| SHA512 | 9a2da3a9dee524cad67d8d6077622830b73a523e0121c79e6620ea53b4a1eb82e5b7e93c67dd59f1951b45887594bb7d0f2f08c5cb7db87368d5127aa0d6b9d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b6911dbc483b2cfa1938e7a12e427dd9 |
| SHA1 | 4abf690e8faeb573847ee17b2763c84b967c8c8d |
| SHA256 | 5bd744b6ec9631fcc8bca81515406926f60c44f98803abd458321c36cd0c0080 |
| SHA512 | 1e8a02953143d1235d3fcb87c3dc5403e2b2a84917700a6ed645aa20c9578bb4d0573fc61e13a7ba453921eea764014fd9d159061099fcf828f0e21af51ccf2b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 316a5211f8d2691ce6d55714c676d86c |
| SHA1 | ade60a3d9d6c0d54ffd88f9e3c0d65120405bc99 |
| SHA256 | e46a7050884624ef8a75b0e9a7ab4fff5772c76bd74507c17747ccfe91386b82 |
| SHA512 | bc0dbe91d79cf11957a4c95ac111459b7aa807a9bd17827f7f65472d8206d69a3e5a807751733f34715c0b9e55a6e99354fd45665a84eaa7c426820ac4d56e0e |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\7KWMUN66\www.youtube[1].xml
| MD5 | 664a9dc6db79f8ab3a2159e37c12f62a |
| SHA1 | 1696ca8a5a1906446aa15501c00062a114038e32 |
| SHA256 | a2301be1f706897715feb08ceb333333dbeb58b95b1c5644dadbb45a48a920f2 |
| SHA512 | eaf26547bbcc0f6e60035891838d0a3ccd3c7331a1ebb9b41aa6b3faa6b2da230bd74b089c02de8e8bddf82e8700b7cdb0ab67ebe01f5f68318e49a58e3d8fba |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\6RHOVMZN\awb[1].xml
| MD5 | 6e2a9a63c4b34482e1c5aeca0dec855c |
| SHA1 | 9796109fc27c273cad32857806fcf9ca4a00453c |
| SHA256 | d8803344ef1b1d8abbdf8894439a6a3ded2998e7619baeaa905cb21dca33daf3 |
| SHA512 | b186185573636cd9cf16b34fef242602a540e912d902ab1373cb24350ff2214130148526a9423d4d5da20e3ee8b766c82f84cf347bf5bace2c5c2619f9e7c42a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6db45d8f18dfef82482662006a467732 |
| SHA1 | f12e3b2c199521bc99ae2e2fbc2d4270344027ed |
| SHA256 | 57fd67ed24ed4947f2ed0f2eb5befa19cb622c1035b1aef2eedb72ffac4fb1e7 |
| SHA512 | 30c4ad3c5b094eda9d14b830516546601feacd5d2fcb13d48a624b0049de174b1a0065c34964a2bcbf7c0893b169d9c73fe3cedeb58e09da31413d41477377cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 569319503eac0888fe30817cbe6d9123 |
| SHA1 | 289d1812a6d257dc5f0f82b3370a5c37040de219 |
| SHA256 | 2f0663d25fb414801d3132afb35f3fa539939f8d0af44dc89ca116014a726fb4 |
| SHA512 | 95406166293843c247ac05aff79059a6f8f2d74640532bdaca1a1389ebfc1dae8e1808e3d5727d0fd3cccf7c1a5eaa218c2dffef4737ee467a7ff2ac158e6bbf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 289ef9b2b73dc6d78f9fbcb64387ffd9 |
| SHA1 | cb324a07782e88234735426262923b612398134f |
| SHA256 | 516ed80de279cbd8b9fb337db66a7d53ecb32709b617d8b6782baf994bd8bb33 |
| SHA512 | 71304b397c049df79116caed9e82fcf4bed0475b98b9eedcf9e5e321f90d6314a7cb065c066dc37963d734f61b332eb79384fedc3ece2080628920d97e38958a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 21b3d109271d808888ac4baffca2b9bd |
| SHA1 | 3e405beda61faa3c01620e51db7bbc80fc12a85a |
| SHA256 | f5a271655d8d4bb344093bd4560369dcead2a7eab49ff75db1c4350fc9f45489 |
| SHA512 | ee955b64f9ababb6318deb85f8683353a0942c6975556c4f45015f5eb9a2cfd5c0f0516fceecdcab638beb4ece543fca6bb8ece960d84392258ddd31199116b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 78dd18883c5df5522ba505ab2512c100 |
| SHA1 | 82199501106ab911f18e10ac79798bd3bb886cf6 |
| SHA256 | 64166cb6b34d6f3b74f11eca262ce1b42a2ecc74f6090d6034b5627a26aad0b7 |
| SHA512 | a2a2576a30bcab83a5c5dd9299b9639e1a3ab9e702bac7398f9853f68480677af2bc66e8953503d08a95222e1e6704a167f46cdf701ee83b5c60917638b2c246 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b112716e4a7dcc2cd21d83d3587ffdc |
| SHA1 | cd49fe3900d6499f44d0fb338ca5c8e4f3b8070b |
| SHA256 | d8bb36abf0028a84e561bbc68f14efdeca2977224b3aa4213ea2a94d7c54ec24 |
| SHA512 | 2fb664d8621906143d4af31de08f53731fda321694b0ef4d8d3e9f27efb6db2a12b46d69934f45cc61eac6467904bb317ba9c627ab5359fa0b524e441f01fe27 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 6881a14acecbc93159896a57d2050127 |
| SHA1 | 4be36af42073f062963de76e300d052f68feb989 |
| SHA256 | 67e660c9f4efa7152573e84976996fd9873237a4a4c23661a93bb2f85747ea17 |
| SHA512 | 3d6e0994f36eb35062f8e662f5a01be6b6bf662215532aa43012708314cd368b55693a374307a287083f7f10cffac730a24276eefaf19104b91c11fbd00d53e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7b6210da1e65cad32c2720b80e83765 |
| SHA1 | f971243eddf99aec7fda4d9b0a36f97809bf9f9c |
| SHA256 | 5273fb6f558a84136207474c2a071c05f505da07a127a17d51c8407b6f3ca704 |
| SHA512 | 7a01503d6358ac6917d8a17f0dfec2f2183c31b8a4132e78946ad9316324b86635519335105fa49d26149618e4d48a78637a93054528c9e6c9054a9b19e5ce0f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c9d5a15408d2e1a205c8eb9f880b5fa8 |
| SHA1 | b10c8dce099bec27660d436e21bb462e1dbdf12d |
| SHA256 | 6d1b7e874395e58cf49c885f404454ec1801a477ef5bef5cf4db2924d41a750c |
| SHA512 | dc16acb8dec6fc10973ad92028dd0d2d182e6ce12ec3cc5d08006d4295cd3914c152c90ead4ded37a0a2f61ca1c5d8c3c333b25c83d2f35f859c7591a1dc7812 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c3e3f83c3ce301d4dba0c33f15611ab6 |
| SHA1 | ae71b2f83dd2b8d6dfd311fceec9eb6eef36f51a |
| SHA256 | 00f4e20abf72a3374bca9d3a6381a89034dfe9dbe95c38a0049f721ce1457d66 |
| SHA512 | e1588cf3f25d262ef836b8c155971d16ad994c6e29113eaea4e0ad6e8ab48a178c4b2500afac5a785d5b4ffb42f282c1fb5baf5431b43f358c28d177584c6df4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7fc1b8c3e6907845f159857b11d4708 |
| SHA1 | 3496706ba271684c683bb9508fc537a84a4db9a5 |
| SHA256 | ce110983ba08912241b2216b1fba3f14096d98644ad2350bb176b706f100e116 |
| SHA512 | c54e60b5e8132a8891d577960ef909d9227916fdac44202f71e82b03d6ecf07f73a7d28d556732c9a0c7fc484eb1bb5bb737c318209a70df72450677aa18a3bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22ceae802801f38911200512e7f70ac7 |
| SHA1 | 0c23574e99e71d2adda7304d24628650591624dc |
| SHA256 | 5101286aae16a1c5a223f482f004ff339e4f07b407c628adb87a8cd83946e0a8 |
| SHA512 | dc0faff2df5adadd3224ff85fff2428455b25176dc398b843bf9564971c511caf9b80ddf7513b091f0851865cc23a332caea3746348c5075cf870ab0fd72ed87 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 45b810c2177fac62c1247b162b479f18 |
| SHA1 | 9df1748a4547130a6bca151b4e2c8b2b4e3b8ed8 |
| SHA256 | 7ee582cbcb67be325b947ac306434d3c9a15bee6667d48a16cfa88317f4625ae |
| SHA512 | dc67c84984d2d14fb75a4965d54d6edee12690d7c6436c0bce3eccb3c2ffef92e72c71918c2b5cbc0f8126beca2df61fa0e1eb70f6669927869d4fc86c77e49a |