Malware Analysis Report

2025-03-15 04:01

Sample ID 240825-tpzy2asgkh
Target c11cd9f5f5c4de21b11d6e6ab4c467e5_JaffaCakes118
SHA256 d1f0517cae61c3d7b8e438f5ea4d4bbc4ec38919e0cab698a2012fa19ae92247
Tags
discovery motw phishing
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

d1f0517cae61c3d7b8e438f5ea4d4bbc4ec38919e0cab698a2012fa19ae92247

Threat Level: Shows suspicious behavior

The file c11cd9f5f5c4de21b11d6e6ab4c467e5_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery motw phishing

Mark of the Web detected: This indicates that the page was originally saved or cloned.

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-25 16:14

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-25 16:14

Reported

2024-08-25 16:17

Platform

win7-20240705-en

Max time kernel

141s

Max time network

150s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c11cd9f5f5c4de21b11d6e6ab4c467e5_JaffaCakes118.html

Signatures

Mark of the Web detected: This indicates that the page was originally saved or cloned.

phishing motw
Description Indicator Process Target
N/A http://btc2016.atw.hu/index.php?welcome N/A N/A
N/A http://btc2016.atw.hu/index.php?welcome N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e00d98190af7da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{22DA79B1-62FD-11EF-8A2B-F235D470040A} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\coinfo.5mp.eu\ = "61" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "62" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\users.atw.hu C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\5mp.eu\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\5mp.eu\Total = "61" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\atw.hu\Total = "62" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "144" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf7100000000020000000000106600000001000020000000483d430a8724661360932d5f44c1a7de8672a4e5f8191c81220cd57952f7917b000000000e8000000002000020000000fc75084048505097b5a00ec36353f00cd1714460ea4c6c7942d91e2f8b055c742000000083bfc43c883ccfe5c0b264cddb5468ba189eefe25632068095acf5f018d88ecc400000003c786aac81c79a420d28e49a1be31fa378eab65b3d3d0c9f0c265e48da7b1fd4353f540882096458bad9412b4d51b96b8e9d272ea045ce13857fc8d720ce6cf1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\atw.hu C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\5mp.eu C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\coinfo.5mp.eu C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\users.atw.hu\ = "62" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\hupont.hu\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "123" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\hupont.hu C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430764352" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\atw.hu\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf71000000000200000000001066000000010000200000007a274d3238456e999d4c62f18ac7b76fc30a8f40c81111b58fc1a9a9f8b3b5b9000000000e8000000002000020000000aaebc75c8831a52220a0c7a84921c5526719d9117f3d3929de204f8bcd36cfc790000000da202dcbdcfe4eb69a5a6884b63c871f0551d3da6530bfaf77690cdb60695444e41ac1954acd69b4e64d00480ec50f8c4832e4186c7236c53dd4360cf291a3dec8b5eec84ea6ab6abbc99128fe5666cc8301c4fb6dcdbdbd32d8ddb87215c5b4cec9cfaf93da319eed96dc31935d612bdf1a263129e1f2958f41a05aa5be5b4c15da97b5e82c62824bd70de80e21cd09400000001941b84ffe3929b3339f2106ed2647494937303ff1fdcf4a45d3329da18f2a076e4950e0f1d9d0a24cc95c5c99de3cd287b52976de69c351dc80f561ecc4b12d C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c11cd9f5f5c4de21b11d6e6ab4c467e5_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3028 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 kepkezelo.com udp
US 8.8.8.8:53 ztracker.org udp
US 8.8.8.8:53 image-bugs.com udp
US 8.8.8.8:53 kephost.com udp
NL 185.45.194.19:80 kepkezelo.com tcp
FR 92.204.54.74:80 ztracker.org tcp
NL 185.45.194.19:80 kepkezelo.com tcp
FR 92.204.54.74:80 ztracker.org tcp
NL 185.45.194.19:80 kepkezelo.com tcp
FR 92.204.54.74:80 ztracker.org tcp
FR 92.204.54.74:80 ztracker.org tcp
FR 92.204.54.74:80 ztracker.org tcp
FR 142.250.179.98:80 pagead2.googlesyndication.com tcp
FR 142.250.179.98:80 pagead2.googlesyndication.com tcp
FR 92.204.54.74:80 ztracker.org tcp
US 172.234.222.143:80 kephost.com tcp
US 172.234.222.143:80 kephost.com tcp
US 8.8.8.8:53 ztracker.cc udp
FR 92.204.54.74:80 ztracker.cc tcp
FR 92.204.54.74:80 ztracker.cc tcp
FR 92.204.54.74:80 ztracker.cc tcp
FR 92.204.54.74:80 ztracker.cc tcp
FR 92.204.54.74:80 ztracker.cc tcp
FR 92.204.54.74:80 ztracker.cc tcp
US 172.234.222.143:80 kephost.com tcp
US 172.234.222.143:80 kephost.com tcp
US 8.8.8.8:53 users.atw.hu udp
US 8.8.8.8:53 btc2016.atw.hu udp
US 8.8.8.8:53 goo.gl udp
US 8.8.8.8:53 coinfo.5mp.eu udp
US 8.8.8.8:53 btc2016.uw.hu udp
US 172.234.222.143:80 kephost.com tcp
US 172.234.222.143:80 kephost.com tcp
HU 88.151.96.4:80 btc2016.atw.hu tcp
HU 88.151.96.4:80 btc2016.atw.hu tcp
FR 216.58.215.46:443 goo.gl tcp
FR 216.58.215.46:443 goo.gl tcp
HU 185.80.49.249:80 coinfo.5mp.eu tcp
HU 185.80.49.249:80 coinfo.5mp.eu tcp
HU 88.151.96.4:80 btc2016.atw.hu tcp
HU 88.151.96.4:80 btc2016.atw.hu tcp
HU 212.40.120.230:80 btc2016.uw.hu tcp
HU 212.40.120.230:80 btc2016.uw.hu tcp
US 8.8.8.8:53 stat.dyna.ultraweb.hu udp
US 8.8.8.8:53 www.5mp.eu udp
HU 185.80.49.249:80 www.5mp.eu tcp
HU 185.80.49.249:80 www.5mp.eu tcp
HU 185.80.49.249:80 www.5mp.eu tcp
HU 185.80.49.249:80 www.5mp.eu tcp
US 8.8.8.8:53 www.bitcoinbazis.hu udp
US 172.234.222.143:80 kephost.com tcp
HU 212.40.120.246:80 stat.dyna.ultraweb.hu tcp
HU 212.40.120.246:80 stat.dyna.ultraweb.hu tcp
US 104.26.2.214:80 www.bitcoinbazis.hu tcp
US 104.26.2.214:80 www.bitcoinbazis.hu tcp
HU 185.80.49.249:443 www.5mp.eu tcp
HU 185.80.49.249:443 www.5mp.eu tcp
US 8.8.8.8:53 f.atw.hu udp
HU 88.151.96.4:80 f.atw.hu tcp
HU 88.151.96.4:80 f.atw.hu tcp
HU 88.151.96.4:80 f.atw.hu tcp
HU 88.151.96.4:80 f.atw.hu tcp
US 104.26.2.214:443 www.bitcoinbazis.hu tcp
US 8.8.8.8:53 ddserver.ultraweb.hu udp
HU 88.151.96.4:80 f.atw.hu tcp
HU 88.151.96.4:80 f.atw.hu tcp
HU 212.40.120.244:80 ddserver.ultraweb.hu tcp
HU 212.40.120.244:80 ddserver.ultraweb.hu tcp
US 8.8.8.8:53 c.pki.goog udp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
HU 212.40.120.244:80 ddserver.ultraweb.hu tcp
FR 216.58.214.163:80 c.pki.goog tcp
HU 212.40.120.244:80 ddserver.ultraweb.hu tcp
HU 212.40.120.246:80 stat.dyna.ultraweb.hu tcp
HU 212.40.120.246:80 stat.dyna.ultraweb.hu tcp
US 8.8.8.8:53 atw.hu udp
HU 88.151.96.4:80 f.atw.hu tcp
US 8.8.8.8:53 ajax.googleapis.com udp
FR 216.58.214.170:443 ajax.googleapis.com tcp
FR 216.58.214.170:443 ajax.googleapis.com tcp
HU 94.125.176.29:443 atw.hu tcp
HU 94.125.176.29:443 atw.hu tcp
US 8.8.8.8:53 tr.affiliate.hu udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 mellowads.com udp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 okosleszel.hu udp
US 8.8.8.8:53 static.ultraweb.hu udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 104.21.58.156:80 mellowads.com tcp
US 104.21.58.156:80 mellowads.com tcp
US 104.21.58.156:80 mellowads.com tcp
US 104.21.58.156:80 mellowads.com tcp
US 104.21.58.156:80 mellowads.com tcp
US 104.22.74.171:80 widgets.amung.us tcp
US 104.22.74.171:80 widgets.amung.us tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
HU 92.119.122.13:80 okosleszel.hu tcp
HU 92.119.122.13:80 okosleszel.hu tcp
HU 212.40.120.246:80 static.ultraweb.hu tcp
HU 212.40.120.246:80 static.ultraweb.hu tcp
US 104.21.58.156:443 mellowads.com tcp
US 104.21.58.156:443 mellowads.com tcp
US 104.21.58.156:443 mellowads.com tcp
US 104.21.58.156:443 mellowads.com tcp
US 104.21.58.156:443 mellowads.com tcp
US 8.8.8.8:53 hu.hit.gemius.pl udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:80 www.facebook.com tcp
GB 157.240.221.35:80 www.facebook.com tcp
FR 172.217.20.174:80 www.google-analytics.com tcp
FR 172.217.20.174:80 www.google-analytics.com tcp
HU 92.119.122.13:443 okosleszel.hu tcp
US 104.21.58.156:80 mellowads.com tcp
US 104.21.58.156:80 mellowads.com tcp
US 8.8.8.8:53 blockadz.com udp
FR 172.217.20.174:80 www.google-analytics.com tcp
US 8.8.8.8:53 r10.o.lencr.org udp
US 8.8.8.8:53 whos.amung.us udp
US 104.21.58.156:80 mellowads.com tcp
US 104.21.58.156:80 mellowads.com tcp
FR 216.58.214.163:80 o.pki.goog tcp
US 104.21.58.156:443 mellowads.com tcp
US 104.21.58.156:443 mellowads.com tcp
US 104.21.58.156:443 mellowads.com tcp
US 104.21.58.156:443 mellowads.com tcp
US 104.21.58.156:443 mellowads.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
HU 185.51.66.10:80 hu.hit.gemius.pl tcp
HU 185.51.66.10:80 hu.hit.gemius.pl tcp
HU 185.51.66.10:443 hu.hit.gemius.pl tcp
HU 212.40.120.246:80 static.ultraweb.hu tcp
HU 212.40.120.246:80 static.ultraweb.hu tcp
HU 212.40.120.244:80 ddserver.ultraweb.hu tcp
US 8.8.8.8:53 coinmoin.hupont.hu udp
US 3.19.116.195:80 blockadz.com tcp
US 3.19.116.195:80 blockadz.com tcp
HU 193.178.119.42:80 coinmoin.hupont.hu tcp
HU 193.178.119.42:80 coinmoin.hupont.hu tcp
US 8.8.8.8:53 www.hugedomains.com udp
US 104.26.6.37:443 www.hugedomains.com tcp
US 104.26.6.37:443 www.hugedomains.com tcp
US 8.8.8.8:53 www.hupont.hu udp
HU 193.178.119.42:80 www.hupont.hu tcp
HU 193.178.119.42:80 www.hupont.hu tcp
US 104.21.58.156:80 mellowads.com tcp
HU 193.178.119.42:443 www.hupont.hu tcp
HU 193.178.119.42:443 www.hupont.hu tcp
HU 193.178.119.42:443 www.hupont.hu tcp
HU 193.178.119.42:443 www.hupont.hu tcp
HU 193.178.119.42:443 www.hupont.hu tcp
HU 193.178.119.42:443 www.hupont.hu tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 static.hugedomains.com udp
US 8.8.8.8:53 www.google.com udp
US 151.101.193.229:443 cdn.jsdelivr.net tcp
US 151.101.193.229:443 cdn.jsdelivr.net tcp
GB 173.222.211.9:80 r10.o.lencr.org tcp
US 104.22.74.171:80 whos.amung.us tcp
US 104.22.74.171:80 whos.amung.us tcp
US 104.22.74.171:80 whos.amung.us tcp
US 104.22.74.171:80 whos.amung.us tcp
GB 173.222.211.9:80 r10.o.lencr.org tcp
GB 173.222.211.9:80 r10.o.lencr.org tcp
GB 173.222.211.9:80 r10.o.lencr.org tcp
GB 173.222.211.9:80 r10.o.lencr.org tcp
GB 173.222.211.9:80 r10.o.lencr.org tcp
GB 173.222.211.9:80 r10.o.lencr.org tcp
US 8.8.8.8:53 consent.cookiebot.com udp
GB 92.123.143.152:443 consent.cookiebot.com tcp
GB 92.123.143.152:443 consent.cookiebot.com tcp
FR 142.250.179.68:443 www.google.com tcp
FR 142.250.179.68:443 www.google.com tcp
US 104.26.6.37:443 static.hugedomains.com tcp
US 104.26.6.37:443 static.hugedomains.com tcp
US 104.26.6.37:443 static.hugedomains.com tcp
US 104.26.6.37:443 static.hugedomains.com tcp
US 104.26.6.37:443 static.hugedomains.com tcp
US 104.26.6.37:443 static.hugedomains.com tcp
US 104.26.6.37:443 static.hugedomains.com tcp
US 104.26.6.37:443 static.hugedomains.com tcp
US 104.26.6.37:443 static.hugedomains.com tcp
US 104.26.6.37:443 static.hugedomains.com tcp
HU 193.178.119.42:80 www.hupont.hu tcp
HU 193.178.119.42:80 www.hupont.hu tcp
US 8.8.8.8:53 region1.google-analytics.com udp
HU 92.119.122.13:443 okosleszel.hu tcp
HU 92.119.122.13:443 okosleszel.hu tcp
HU 92.119.122.13:443 okosleszel.hu tcp
US 8.8.8.8:53 okosteszt.hu udp
HU 92.119.122.13:443 okosteszt.hu tcp
US 8.8.8.8:53 dianetika.online udp
HU 92.119.122.13:443 okosteszt.hu tcp
HU 185.208.224.23:443 dianetika.online tcp
HU 185.208.224.23:443 dianetika.online tcp
HU 92.119.122.13:443 okosteszt.hu tcp
HU 92.119.122.13:443 okosteszt.hu tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
HU 185.208.224.23:443 dianetika.online tcp
HU 185.208.224.23:443 dianetika.online tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
DE 157.240.27.27:443 scontent.xx.fbcdn.net tcp
DE 157.240.27.27:443 scontent.xx.fbcdn.net tcp
HU 185.208.224.23:443 dianetika.online tcp
HU 185.208.224.23:443 dianetika.online tcp
HU 185.208.224.23:443 dianetika.online tcp
HU 185.208.224.23:443 dianetika.online tcp
US 8.8.8.8:53 szemelyisegteszt.okosleszel.hu udp
HU 92.119.122.13:443 szemelyisegteszt.okosleszel.hu tcp
HU 92.119.122.13:443 szemelyisegteszt.okosleszel.hu tcp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 image-bugs.com udp
DE 157.240.27.27:443 connect.facebook.net tcp
DE 157.240.27.27:443 connect.facebook.net tcp
DE 157.240.27.27:443 connect.facebook.net tcp
DE 157.240.27.27:443 connect.facebook.net tcp
DE 157.240.27.27:443 connect.facebook.net tcp
DE 157.240.27.27:443 connect.facebook.net tcp
DE 157.240.27.27:443 connect.facebook.net tcp
DE 157.240.27.27:443 connect.facebook.net tcp
DE 157.240.27.27:443 connect.facebook.net tcp
DE 157.240.27.27:443 connect.facebook.net tcp
DE 157.240.27.27:443 connect.facebook.net tcp
HU 92.119.122.13:443 szemelyisegteszt.okosleszel.hu tcp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 173.222.211.43:80 r11.o.lencr.org tcp
US 151.101.193.229:443 cdn.jsdelivr.net tcp
HU 92.119.122.13:443 szemelyisegteszt.okosleszel.hu tcp
HU 92.119.122.13:443 szemelyisegteszt.okosleszel.hu tcp
HU 92.119.122.13:443 szemelyisegteszt.okosleszel.hu tcp
HU 92.119.122.13:443 szemelyisegteszt.okosleszel.hu tcp
HU 92.119.122.13:443 szemelyisegteszt.okosleszel.hu tcp
HU 92.119.122.13:443 szemelyisegteszt.okosleszel.hu tcp
HU 92.119.122.13:443 szemelyisegteszt.okosleszel.hu tcp
HU 92.119.122.13:443 szemelyisegteszt.okosleszel.hu tcp
HU 92.119.122.13:443 szemelyisegteszt.okosleszel.hu tcp
HU 92.119.122.13:443 szemelyisegteszt.okosleszel.hu tcp
HU 92.119.122.13:443 szemelyisegteszt.okosleszel.hu tcp
US 8.8.8.8:53 use.typekit.net udp
GB 2.16.170.113:443 use.typekit.net tcp
GB 2.16.170.113:443 use.typekit.net tcp
HU 185.80.49.249:80 www.5mp.eu tcp
HU 185.80.49.249:80 www.5mp.eu tcp
GB 2.16.170.113:443 use.typekit.net tcp
US 8.8.8.8:53 secure.statcounter.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 104.20.95.138:443 secure.statcounter.com tcp
US 104.20.95.138:443 secure.statcounter.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
BE 74.125.71.155:443 stats.g.doubleclick.net tcp
BE 74.125.71.155:443 stats.g.doubleclick.net tcp
FR 142.250.201.163:443 www.google.co.uk tcp
FR 142.250.201.163:443 www.google.co.uk tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 104.20.95.138:443 secure.statcounter.com tcp
FR 142.250.179.68:443 www.google.com tcp
FR 142.250.179.68:443 www.google.com tcp
FR 142.250.179.68:443 www.google.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 92.123.143.234:80 crl.microsoft.com tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 104.17.24.14:80 cdnjs.cloudflare.com tcp
US 104.17.24.14:80 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5J67VDZD\B1849E375B02[1].htm

MD5 0104c301c5e02bd6148b8703d19b3a73
SHA1 7436e0b4b1f8c222c38069890b75fa2baf9ca620
SHA256 446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f
SHA512 84427b656a6234a651a6d8285c103645b861a18a6c5af4abb5cb4f3beb5a4f0df4a74603a0896c7608790fbb886dc40508e92d5709f44dca05dd46c8316d15bf

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GLOK2QLQ\classic[1].js

MD5 45bfa6dedd6f7a9ce980b168e0350ad0
SHA1 82c6b381da9abd8cb3db22ba4868287fe4e976f1
SHA256 856420e1f59d0096185cdaac909fa54a9f596f52255d7a5f1ac502403f61d3ab
SHA512 fe515466aea51caaa48f7d5e930ffdaf17af947f99d773502590448a64b868ce887db54ab838d1823399a7f662245c8fdfa5086a747a66fd3ed986d2db74457a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SYK1B9BG\users.atw[1].xml

MD5 3371f5d6d9e719b70a88eefd007036a0
SHA1 2a8c810fbeac37aca9f5a835d9de0daee906d0af
SHA256 45fe3951d884fb6e3155614ae17b10560389983ee93974312570f14e5f40baca
SHA512 a92f282753f1371f22982cc5eb796ad0d0e49a3cca71e768b5bc190e79498f83c6406f0b66a98200978eaa86e401c021c85deb1781e7ce2f8657a1615804e922

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SYK1B9BG\users.atw[1].xml

MD5 66a98d1c61cf2c01a29b1d8742de7fe6
SHA1 3782b9bf4790c971d1f98dc82f21f83ede50756c
SHA256 bb46c619bd6efcc9f41ac8e23636ecca9593b496fce0d53e03bc3d28613308eb
SHA512 c808306cbfcf10bb23895c12058e85eb0b98425d8f1c5295bd8939f8242be7cb4c5a737e0e9d00faf7772efecf94d8fd88f74837eb32d70309e47d86bd9be2ff

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GE5J41S2\B1849E375B02[1].htm

MD5 3e47b75000b0924b6c9ba5759a7cf15d
SHA1 0feca720e2c29dafb2c900713ba560e03b758711
SHA256 1785cfc3bc6ac7738e8b38cdccd1af12563c2b9070e07af336a1bf8c0f772b6a
SHA512 1d6c61c1f237e2664f242b96dfaae5feb325771723d76fac41dba6ef22c45cafefb0951f43309fc6bc852b98a5406d3c2909b606688a882d43c6fb905162b10f

C:\Users\Admin\AppData\Local\Temp\Cab1C49.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GLOK2QLQ\xgemius[1].js

MD5 d7d0733766b3d0eb6ef37ee8959a225c
SHA1 2fbccd5c272c1d4a2dd86d538702953c231f91c5
SHA256 74e779c0f7922eea1e8804d94d82a4aefeb518c867b53e07fdd42af1b3989f5c
SHA512 8fb4d6efa381dbe6cff5deda4bda4c9236cc4208117bb5c1d0a254e418604373480a289431db0209037e421e7d566fda334978b11a3f2e05624441c6b23b7185

C:\Users\Admin\AppData\Local\Temp\Tar1CB9.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GE5J41S2\lg[1].gif

MD5 b4491705564909da7f9eaf749dbbfbb1
SHA1 279315d507855c6a4351e1e2c2f39dd9cd2fccd8
SHA256 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
SHA512 b8d82d64ec656c63570b82215564929adad167e61643fd72283b94f3e448ef8ab0ad42202f3537a0da89960bbdc69498608fc6ec89502c6c338b6226c8bf5e14

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f3e79f4caaa35570bce041791c35bdc
SHA1 2b910332a4b68ec406c8e2b90f0a2ec7c0976d4e
SHA256 e700698bb864bf7efe67f9868bd566fdb01025ae18909c2599db9574f8528635
SHA512 e937f49fc6f08612397e20a88c95ae544356bad7308ac6bac8212cbdd7d4882c669e549ea898062f418ef9d5521038a2e6dbd8139365afda7db33fdd1af5ab9a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cbff3e1241ac15d20eeeb8486ca8c479
SHA1 02edad9ef482631cbd52ef312e89194b10c8d864
SHA256 622114a25e0b7c6dec1fd6b5ed7a10fbfc822ec721afef1f3df87bafc05a033c
SHA512 7e58efde39d56f72db4b3b74efd3f9e5ea3c0e67f0f0f664ad7b60dc2a8ff51ed877339ebab5c97b799ec87f76b28b42035d18d034b0494a62d47eed143c4853

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fc4347b7eb65da5660f040f0d0009367
SHA1 e98edf62ab7db3032a5e575db4894022a7c8d356
SHA256 9fae2723c54e9f59ff5d4ceaf2153568dc8b958cf79a5189196d085787d3c87c
SHA512 1d29c6fc577a0d2dfbefeed50120a62b1c90cabe3818b58b599fa4d9c4a65563979a39f79bfe9d71d27e6b3f338e7f583d269bb8d768e5bf1963478b17e5429b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C9535F304D98EA04417045FA4005BBB4

MD5 7a80bad8d817031d3a1908dca6cc4a8f
SHA1 42fd36df1d2dedd426c531e9f016d82956975f1a
SHA256 1010b78d45e90f1e181cb58b94846dca08619ea719fa3e801a69650670663f30
SHA512 02a764e567cf90231a3a914bbcf8b45b6939e77530ffe8c5f4065892467c7af68633b37338ed4783317a5a17fdf06991d4da391996597226522109a00780acd9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 712f160b501c059a987bd19b8e6f616f
SHA1 d6e5d4a4e3faefe6838db5bf44c09b58cd60eee7
SHA256 106837d81747222349d42edf2a7cd9516a0f09f5200799f3bf95596562b75eb9
SHA512 ee7aa763e3361d7ac209deaaaebf42c5db1434fea31291b55ed9518ed8e25c0c06fc1695522aec35f51692864e1fa27ef888e0aad50d46e3e97d9f3cba18b88a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GE5J41S2\f[2].txt

MD5 34056357701927ed45bb10178e372a87
SHA1 a93d486d2e5bf3f5320f6047521975bf78b0335e
SHA256 1acebaf5c8704fc3d102ca01838870c5fdff2f8d86c3f06bbca04af06baff7aa
SHA512 a34c43afdc0213ff3262d8bec102d7e14e9fc41295e86f58fde470b1781788100943bf7f3b55f225f32e9c6d533df9670f10787e28ce5e68570bb9d59980a3fb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db16015cae8a1da3925792a7fdb61855
SHA1 64f06ed762fd98bc2490dbf1c0dffd4f04e2d484
SHA256 95d5d754eac75834941b44f01d56aed184fea6c6cee9c0b45901964c141aada7
SHA512 c4246af65975c955424597e3b228d6315776b3a3853f7e2f101191796352f574cfcbff21d7c58391b40f3fb1fd28f15111b0568041434210266e461493334950

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

MD5 c5dfb849ca051355ee2dba1ac33eb028
SHA1 d69b561148f01c77c54578c10926df5b856976ad
SHA256 cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b
SHA512 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

MD5 b5dbbf9dec2746ed0ceeb8d6b7a9d851
SHA1 a66e08b559b62f6faba69df5f908e372245edb43
SHA256 6717b421331cf18756f48612f069a9988c71894def4cd89c51e97f952736a67a
SHA512 4361a3a7a5ef9a15a9b93ca8a349333609d6d53413059a7fb9071fb6003f3e23c1c73ca19211833e91608159b474b7d761d7e7c222a693360acea12b311bb733

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 52bc5eafdae539e24d2940bbf0f5b270
SHA1 ccdc6ff546cc5979b95e79ddb285ec1eb3490ff6
SHA256 4720dcd22ed5d5213e5e5b6bf3ee18fd38a04ff95cff2e30b7ac8a3fdf6c149d
SHA512 96286f05182a5696bf2c6114aebd63d825acf7eea162cc9932bf78f44fe47d31e09b77c5adb803b7e649643c7f36d9ea7ae2c641032265c08e06996ae4ac7dac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 536bf1b454f73b17f6568bc308815863
SHA1 99136a20c4693413a533660a95e24daae58fe4cd
SHA256 780abcb84597ee3b9e37df35e72942ac7302b12ea54d9c49a447597c678fa49c
SHA512 0e69c9bb4d35e5d479b4c986e36b2430d9efc2e4f8acb60f085aeb10d559867fe2d8f6de7d8e32173477f10fd2d65024a64b872b35e83b9bce613de55563c8c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a3cb64688c77774a7835d595d797ed5b
SHA1 525327c7cb90935d0e931a6ace39f06797fe2886
SHA256 2bffdce6aa16d5a1b2399fe4a11009b39a571822e292a57e1cbe2824fb18e0ee
SHA512 6b1cc0bb28e4cb2e2fbddc5909ff2d80a5dd2c3d524554f8efbf538559f129a461d68fba2df91ec47860f6ce79db700804dab8d8f5c86696bf851f86dbaae105

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7af2adccf00b45a5f5e36ec505f73448
SHA1 5d05da0b2fa3050aecf4d58b2137839c2aa2b7be
SHA256 d0d37a711e9010eab72cfb465a052eb107c38f327c9b9a9c16d2eb833a7f8b7e
SHA512 23428c07966a34abdcbf7d511277025d91a3f1c5458741725576c36cf8fc3692d8d087fda1ff1268f26fc461641cf8f8977df01d257f1562d7ed893e48bd53e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ce1464cc797c7691d9f79619d4d34a23
SHA1 24e184826cc636dde9eb811c10b9d437c2807631
SHA256 8bcb4c318e4c116c26dc1641524ee51a805d3d942f08c93beb5d48673c9b2d90
SHA512 34d59eb9d8c5fca1ecca514c8b3a186ce23af2d7c3e501796cd38b9fa1a617bec16ca7f3a7e939932c5cf4b26887dee8632ee1eae76e5616d00edc2073f1584d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GE5J41S2\jquery.min[1].js

MD5 8fb8fee4fcc3cc86ff6c724154c49c42
SHA1 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
SHA256 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
SHA512 f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GE5J41S2\uc[1].js

MD5 bd2d736b30bff20d43a50f828c133bb4
SHA1 935139c5ef3db76abf4eeafe0a3cd903ce41f7d7
SHA256 9929f6ce09316f6dee3a0fbb02cd899c8137a88256b6c97b0935f6a89c7164dd
SHA512 2dacc424895f4251f137b795d0363bf1629bdd0272bb3aab6b6bb73b21200af6791cc16bbc5ba55e871702c7d7762134dfe4a0ed8eb812189d7500d1d49a30dc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bdf69dcdda42cf438ae51dc6a5d36e07
SHA1 25f9c1ef0b9a951bf7ea19c4bf1fd59d8a1f76e2
SHA256 ceef9dc32d51f55df4d79fc0e2001dc4d3446fc825c0097e468bc6f7f58cc1eb
SHA512 94c0397b1aa0b6caf78ac3e25576baed64e68044f091df7ebadc0c9c6d28dd5b4d92574e34ef8bab1e42b3bd5a0585025142815293afda1d1668b1ac992e78c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6048f877290fa20d33b0600203a9e647
SHA1 ed96ba5cbbcb06c9c82b25ac04e9b63d51b5d572
SHA256 617cc4aa14584ad3a37c0619f965370af67b2709214aa41d9d463bed6c1477ce
SHA512 2f532099fa3c60639cef9c70aaef6d1f736467b47da5a972897f2d7b1d6cff88e7c49c619929e85a85a0a70972f1a2050ea5ff62cdbff687e1aa826ee6231d91

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b271a7390b82edee2e4b034706243a37
SHA1 4b5b64750a657d5bb24484faccfaff195e3a446c
SHA256 3979dc774b448cd7993ebfb104a21427ff3ee643f29bdd4eb1d524bcf18dfae1
SHA512 422370e09d9a205f7c6b3e7402e530425b6c264d3e845cc13f96a5bb416cd2cb5e4cc8eb452f41650de3a770654c61cb7fb94b288db0ab40299709e34c657e3e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e0abe1a33410a3068aa1107399aff8a
SHA1 f2ce3f50a6eed5d86ba926cc6b630881a7ae2512
SHA256 89c3a1ca7002adddaa9a081af904f76c0b020a38765f31d1a1eed0fb4c3a2848
SHA512 ae6b1b6a5adc6c3533301b0651d87a90ef7c45f2dd73071889f6f546a87daacd637049ac21c58aef38c171ccf75e2a2d874530b550f093699c1a172a4135c6d0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GE5J41S2\pingjs[2].js

MD5 d9dc366e3803b35be1dda7740b9a37f5
SHA1 618d85e23da327df93d3e7d48bf8b20445fa9e13
SHA256 0b1675dc9a49550e861790b602dc75457bfcbf45470ce6f2e38cc923990b8175
SHA512 b4f026ed7cfc5d4631766d5390995584d1ecf4f8dbf8f64a843696f82e0048acecd30a412af61eef46dba08bd0f2c24ad6153db8c99cb0d4d5152e612bce39f0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GLOK2QLQ\pingjs[2].js

MD5 7716ebae2f3ca7a653e674c7972bd7e9
SHA1 cb9e97cc839c9869dca788cb2f7d1e589b62b1bd
SHA256 b68bc2091c78fac4e0aa8b01ae45c2ebb692ab1851416ae83787d49b5e3688dc
SHA512 81174c42be2bab3a386c66a93d37f1d3505c4ca60688b9ee04b034dec42ba4caf75c0a71421ab5207123b00847372d99b1d0de21cf3cc2e8d99ad6167d30f3f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eeff37765c66810bdf30f1d02eb73fd1
SHA1 126a2fc29232314174abde8762e3cfcb1fc9aad2
SHA256 35112ff4f94164e0c276105af4daee1c59cabce545c45f1217a8fee2d3c54f87
SHA512 14f733e1fd064c4e6a3a30d6f02592181eb18923ab6946ea5226f43c344aa6ecb401ff29b64949a817ad57e2418860fbbf451de7ed718b67051401e962e3c81b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5J67VDZD\fbevents[1].js

MD5 9ef1afe4b475a2807eed911a8f05257c
SHA1 7597da6344e15a0ee13308f17fef7954ed78fc1f
SHA256 82adafd2815d9ca49a6771392b15c4c7683f0490a8825ead54dd2d2594d44c62
SHA512 7d1faf6995c3264d7be3a18c3c3c47f744c4fe33f8bbc0b182dd3346eec1fab868839bd69441dcca9675fe839fd4ca4f93330d5f89f72dbd3dff4ed69960b300

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e9f523179b1d85e4cda47ccae94695f5
SHA1 54c45b3c06d3924498b6119b088df2b22c79e239
SHA256 3d072926bc2f3f8ba861777a79c4c5fcebe0cb56edf583c235ef52b321417bce
SHA512 50867e33d3998be9681edee061bc481cbfacfe17576815fde1ef2590449a6f4ac637b6ad043412bb65f7558b3c8ec12bbf130745a5fae665679719f849098e78

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5J67VDZD\fooldal_background_[1].htm

MD5 0345d30128e6b9f3d2748e64e577a9dd
SHA1 7aa05b57cbe90de809f06bb9ae06792ca5259e3b
SHA256 70ff11d0760150dac0a10eb21931d6a3005b2ad70651c5bc613c911224ed2a1f
SHA512 964c1f1155e847d417af8c7214110a7927ab2c249066b0768e30cca10bf487aae41dd803cd47ecb3b273fdef9c0bab71470110e051eef9ee6ebdce7b4158dc19

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d68acc034c257cd013c86232b9c3d6eb
SHA1 afdad980b624add49237760aedff1642cd0c003f
SHA256 051a1e21637b3dd66480574233d99e175ace6ca8e6ddc7b9d70bc7d032540d1c
SHA512 5162257ec7ef3e85fd784acb562f96f3c15440ff844b2acf19ea713f9ac22b17ddcf35bafca4d73f785d642c4ec27c98c3d252a571f77eb3c875a107525a6e8f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\DBMRTH3E\coinfo.5mp[1].xml

MD5 be28373b9395cd6937eebb385ac1a683
SHA1 7dfacaac934b1b842abb54e63904e7f7daee4346
SHA256 8f5df4b98d4222081a838b09f9085609f233eae1846d3ea578a5eca5d1b625cb
SHA512 b65b57bb02d6b946054a28cece65f821592a113bcee8d4f1e6490e44aa5d81e8f0d39314c516d586d63be72310124552372ac52ff869b73aee445b7465a1987a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5J67VDZD\ga[1].js

MD5 e9372f0ebbcf71f851e3d321ef2a8e5a
SHA1 2c7d19d1af7d97085c977d1b69dcb8b84483d87c
SHA256 1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
SHA512 c3a1c74ac968fc2fa366d9c25442162773db9af1289adfb165fc71e7750a7e62bd22f424f241730f3c2427afff8a540c214b3b97219a360a231d4875e6ddee6f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d215d10edefcf87d7dd2c54b0b40ec3
SHA1 68257f138c6f70d90110331ac8d8905fcf619711
SHA256 202b392c08ce128f33d31d3c091a143c801c07209932273435f3c11b8ef5aa51
SHA512 f625d543425fe4e1a913cc80613fffaea1178b2fec34de3f1a23d9da2d1c9b332d916b77ba74abe682f1d7065b62043512e9e69f0a3ba545c9bc65047c18b75b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 318de6c385b21ac66cfe508e4d3ce521
SHA1 e0431c05c840fc9c775bb759fd03f60a36acb583
SHA256 fe97c2fc8c968e970333253ec835b8d52c9adc30f8620f2ecf59903751deba84
SHA512 1c1c6f1ea70ceb75381937f76c340b5fbebb491bc200a1412dea6c880276824061134703da29437c1941c35f7223762b132567633f686ac15f5186aa7a4b271d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6fb29833c33e166e5bc32aa502c7c059
SHA1 db75edbc40a68210e550daa5dfcfb79053397862
SHA256 b7d87db4fc3742df3fccc58ab8afe027684184a253e8d4979d0466bde589e9c1
SHA512 3b1b5d938019effd1a467bd989845c8aa985c7052d0e0292ca403fbcc5fddb779052bc0c0cc9a5ba919752c44a5674dda7e80d1b2cedab7702047fa2e716e1b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 293a8f1512d590a71a2874e543900862
SHA1 fab89e29f191519c770b2a305720a196c4ff3eae
SHA256 5d3b266b0945bc80ecea20f26db9a8d769d95d6a20aadf00105ccd8f1836a9fe
SHA512 a88a1b3c6066619c80f92d6f68a6f7b7af3be311825305b2dd4e2fa221c20cde4af55cc623c91b540c53f9fa8b021527feb55dce524ef5d774a9f3a413074aed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 337f60a82d1b72e0e61f8fd7e8d24a87
SHA1 301c1ef319a7d9dd2601f4aed95c850c395b9168
SHA256 1327f67626dc536605ee4cc60877fc5b0df086af99413fae00bb9ba1ceaf5788
SHA512 d0e2d548a7950f261619424a61420ef1e468f7cf67077158e93c7a5bcc2852090a669f7057e97888ccd79f199984231481843feac36835bfe88962d9c86c458c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9bd0a55345cd2d92a6a56aa6e8b7fe26
SHA1 c0f1e9c086634eae38f03bdc0787fd6e30d5da7d
SHA256 dfc43866321459c9176dc4244c50592701194d832dc22c9a55aae59f9ba6fab4
SHA512 133412e47f67cf483bb3a48dc5cfa6812a62a4c5976fd864cdf09202cfcb80b3feb43471b41b749cb43191672aa43e6cc0825ac73febcc34eb8188ea1cba83d4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b22fcb4185e522af10b8d66eaae47e76
SHA1 105b8a2e0f986ec61860b11a15fb073452d23f81
SHA256 f1f131e704db196e573dede6e945775e8a20a82035270bc42837cb8c87b2e29c
SHA512 89b69048b47b02bb48e4d6611bbdb466be62d5803402f7a3775e10320d16700350d7aea4b6ba311d20c4018413d5e3d4a1b99b0435e6349e67fa7343890e7cc9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bcaff0756920a94f67ab4dddba934e72
SHA1 97327d14f4f97eff762a9af4d28066b9531f0e5a
SHA256 5b1891bfcc0d95ad50cf26b0e4852147f96cc4696ffd3962209e1e1c80917cd7
SHA512 071212b693f20f3ae590a60f81a5bf921c247161ac996eef2c0324903b4d19cd454d7c5a8f9e0b3fe277765ad342c718b832bc9e729c7bf6c182ed79bbc2cd42

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 05e33c3956f37f2dffefe0c4ef1a1726
SHA1 dbb6cdb764c5fae9c6b937fdc4c0314f5e2e11d4
SHA256 edb98667e6bea151c57f984508b15b83883fa76dca1cf34563b03fbcf9fdd606
SHA512 91985e50dc68f496cce642b19fbb2e5154b06038d08821d76d8c001031ba09a749265aba5d4efd306ee1dc34645c644192b7fc564fc3dc8c9d23c16b2d76cc8f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c4fe4d819d80bad3c0d411022a1d2ec
SHA1 4c490f383d3bae3ee109c785b5309d5f8d557cfc
SHA256 898c6a82a618d93bb5a2ebb077a18027a6e099eb62e5779ceb89f7524cfd97f0
SHA512 da40c5d47d2bb9a4190109b7c2a19efcaf50fc4e88baa3609b90f089fca8caa80d04858ef45bfa88337cf3734d821d732c1058199a6e09dcd3669f9345d9911d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GLOK2QLQ\api[1].js

MD5 ab5175ea0aa59ffc2e708e46e696547e
SHA1 584bba2f70a97c9067ba77516d440ce2c5d20e58
SHA256 f7a612abfd561539ec3734a62f6c65b35b07c54c546a157aa99b35663d0b7bc1
SHA512 9d7acd7d0a3e9e45a0e907567f5f0fc4b33756ea1dc24b9ae662db06a245b6ac2239a5169a7229f1febec13d38879758a290e36a2d2e3a430685227f218a25d8

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8I3CVQY\recaptcha__en[1].js

MD5 70306d36ce9dbcbd8e5d1c9913a5210f
SHA1 04949ad636f8cd09bf91059bc4aaf1973c92a15f
SHA256 1425b3dc4e809e5488aae10e2eb2511f652c6a9c3845c98c3fe69f07fe0c9e2b
SHA512 a7f00ba83fee80e7f2006c9e1f0121e2e515f4956182924e67c95a8c5522f30735f7bf4a6f7dcf3cbd29a685e967b1c4ddfd72d7f1f4cefbe55326becdacb275

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5J67VDZD\jquery.min[1].js

MD5 c9f5aeeca3ad37bf2aa006139b935f0a
SHA1 1055018c28ab41087ef9ccefe411606893dabea2
SHA256 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
SHA512 dcff2b5c2b8625d3593a7531ff4ddcd633939cc9f7acfeb79c18a9e6038fdaa99487960075502f159d44f902d965b0b5aed32b41bfa66a1dc07d85b5d5152b58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ea93e0a2b038fb80d40a071827541eee
SHA1 03df77c64b17107a9a61346462f58b60bd4e3b31
SHA256 519b22a7d34e0aa489fcf942af777286b26b477c1bbb99b99a572cda8679a3a3
SHA512 f2ee763c548673ebda3b4dd32524b85a816c740dbb5f0b17ad6841ee911783fe4b0d6a88c4fef64e95df7b76b40b3a39f9e57e44db12756f3cbe47e19a79a183

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 faf5cd314fa3c32ea54b9bd6b9bb8ba2
SHA1 c7eb5c73d74a7501207c2200ef45434e59eadaa4
SHA256 8613e8e09a96bf394b95a9499105b7d769749f3cb2dc98415f18998fc8e62e33
SHA512 b0ae4c90598bdb1d0f3e43a355be3c51c45a9892afcdbf6921f682ca564c2b8498637885a0670daadaa5ea9af99889bda66dc9f20892ba1fad290ae0ac5dc9c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4011e02293e348a158db7f122742f31c
SHA1 0db3f972a3e1cda0a9aaf492b5f677ebdd5db405
SHA256 1833d1be9d61787c1ca38505ea4886ee3b18f6ab5b12a5725ceae4f8fec9b6c9
SHA512 bfe87d85728e763a9c024394acce472b8159d1e45e1407f3a311f7d2923ef5b276688dc728533ac6aeb114729b0ac237e6257b7c7c36e7fce15a2f4f8e8f05e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 028dd067a1df1e6c8127820b4e5efd15
SHA1 0c6b89a19bee8ea6278b19d0f0291db78e9206cb
SHA256 b502a93e135f75c93c7f56831be35c21225ef4b69f0f2a9bef3ea3e6e8ef3850
SHA512 1f359c013ba49153d09e868541db2403a319f82bc49b0d1f5d16cdd549aa100dbda276bd4c979693b4b5b8571f476df3f8fa79dd9924abf0052bfd07e4744862

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GE5J41S2\analytics[2].js

MD5 575b5480531da4d14e7453e2016fe0bc
SHA1 e5c5f3134fe29e60b591c87ea85951f0aea36ee1
SHA256 de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
SHA512 174e48f4fb2a7e7a0be1e16564f9ed2d0bbcc8b4af18cb89ad49cf42b1c3894c8f8e29ce673bc5d9bc8552f88d1d47294ee0e216402566a3f446f04aca24857a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25565ae777385227721aa3a3192edc6f
SHA1 207f1efbc28fb3c734d1dfa2f14d985adff44063
SHA256 090910816e558c9238f5530a44067826072ff32937238a7fd52e718039778a9e
SHA512 9c041a5817b8823693db4a20eb87aba7db197670a3912cb2cab110c96502b85c547c46e530e25446468f088f26dfdbaffc733dd73eec268f40b1ffe688e2e1ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08145bc79ccac242411a07dbd950230d
SHA1 4de8bc6f1819939b42ada403f5f4f6edfa365261
SHA256 dcb7ce568b72ee1f8554f5fa0f62502d2d5ec623a198a4dac458069c66570e14
SHA512 bf461d2873fe88c189895a6b90fdc7a69ed08275ad8907edff98f709ea2b8040a76e0e7f03e040362a4a1e4a02f278b262a8ec35c1882465e915df004b2bd659

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GLOK2QLQ\collect[1].gif

MD5 28d6814f309ea289f847c69cf91194c6
SHA1 0f4e929dd5bb2564f7ab9c76338e04e292a42ace
SHA256 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
SHA512 1d68b92e8d822fe82dc7563edd7b37f3418a02a89f1a9f0454cca664c2fc2565235e0d85540ff9be0b20175be3f5b7b4eae1175067465d5cca13486aab4c582c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 871836ae959881c1f54cc8efae7f5f84
SHA1 79af3b1d7b85f71b1b76a2241e980a7383e5f69d
SHA256 6bfaafa4192d8c33a62555efae4c791add72611d3b768452e62b4169ec5236e2
SHA512 f4f74eca5f3e97b47e2d6a911959dcd72b981d53399fe30efb62b1f06ee7099a6e2f3839cbef58abea293032be08eda7521d41558734d8c23d143b077177b07d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a8ac221a23bfd032a12b24ba183d4ae8
SHA1 21e9064439305e1a797b3493862580a57101bfaa
SHA256 0aeaafe9cbc139de0392036b0ec9f93316a720ad7d61575ebac2f36a94f732d7
SHA512 7d8eac0db137a7fcd77e53d8778b70243f17fa103d4cdb81e1f4375f44b024f74d4c391519d9cc5a5f723cd35a2cf37867b5dcf8ca0bb7427b3e20535c37d29c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9ec4d028f8e76db3134e897446c90307
SHA1 559db35bfc0a30797a84bb2f4b18e78dba193149
SHA256 06748497227a39ffbd024d04b17e864657d92ff448496f381e81781e7c958dbe
SHA512 d988d9cf547962f6ae01bd84ceead93ffbf7093ca0a636ee83ccb78beaee2e10b67251b10c700c1b87ad3f1ba173eb570e979f1ae93728cd12b5f33d1db7deaf

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\17TK59VH\www.google[1].xml

MD5 5e2ed044ae51ffaf41a9d5e27f475723
SHA1 72b96b182452b47dbccf0d4da3961542a5fb3ce6
SHA256 e03cdb6a7c845e14a6e2bba631eb6dbf9130aca75986226ac7f4e3a235223088
SHA512 c497a370d2af69f360d53b105a5f46e4812a94284ccd2d14fc3729e635c40b26a219bce2205b493d374d368a08073b68eb0452d434fc75ab9035c46b4b3a9a0e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GE5J41S2\styles__ltr[1].css

MD5 4adccf70587477c74e2fcd636e4ec895
SHA1 af63034901c98e2d93faa7737f9c8f52e302d88b
SHA256 0e04cd9eec042868e190cbdabf2f8f0c7172dcc54ab87eb616eca14258307b4d
SHA512 d3f071c0a0aa7f2d3b8e584c67d4a1adf1a9a99595cffc204bf43b99f5b19c4b98cec8b31e65a46c01509fc7af8787bd7839299a683d028e388fdc4ded678cb3

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GE5J41S2\I_b5htTMNLJHcN1tGMPKX4Koxovcxgr06TNbUnVpSiA[1].js

MD5 885e13f69da8ffea1732b54d4b2568c6
SHA1 b0b6bf4090caeb7f0ea419c3bcd1c1a9152563dd
SHA256 23f6f986d4cc34b24770dd6d18c3ca5f82a8c68bdcc60af4e9335b5275694a20
SHA512 38d6aebd782692fe7c526fdcfc25019fec0e9bd10490eebca084c10fe78c948a377306930a99597509d2235f184621c494d6b2df2d460f6ec7b68010df228355

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5J67VDZD\webworker[1].js

MD5 bee77be8de464aedf5365dd44d9a2549
SHA1 f9afc095c73b55721cf7d914cbc3a4a384dd8fcb
SHA256 c0c09670c579a1f941ed44532f85b6507f7a4b8c8dc6ab28f341b7c4607414c8
SHA512 c216ffb19e1f67f5193ee889f6b4f297f107d90b83300151f2a8395a4d6bdb679567b781de26d024066814686417336ba8cf9c68d605ff5b0d9e1be7008bc295

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 835265cae9d1a4b200857f7376ad88a1
SHA1 d26f296cb46abe38062b0f05ccda142239ac1543
SHA256 7b2f7bb767603f0873ac97230e5353ea1df8ea90a022b5d77c6c5a063f16f600
SHA512 604c421ef28128bfdaba1901c0a22695d0813e6def8f4b0d96d2a578082778fc4bbe09ad673bc6e8b04f8346d41c94f254f387f07234e3e463ff0923dc15cdb6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4f334e84a1c26b524dc53209eaf2344c
SHA1 0ec5fdac50ec7fb9d3eafea7269bd7ccbb559fe8
SHA256 4b3f5134ffdb856946792c6ba49c0f26fb3f211d912abe55160599dff7687009
SHA512 6259abbcf7a79564bd402d89a66881a03d6f837303c7e69342b5b0452be824b68b99a15fb16fd04ab5835b4e0f9f16846c6bd6326124bcbe9ba794f22f78dc3c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a2350405b00c2908baf7ef0a6b5bf9d3
SHA1 ce3aa3da0776ca64cd9cee99268a3ed743a725ad
SHA256 8bb7e6a37fbd3b3e7d3a4a281d6f933708d644ee926667dd1817fcfcf19d982a
SHA512 3ff81f5fc79d80a87feaefd11576ec892f8d3c2474273085a5110bb7aeb1fde1d8f6f07b0b22e9a7fd59feb38bccd4551bbc92415a065ce30f4a40a1aca35f14

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 357751640dd796372cbc1e137fd6ee14
SHA1 8666d88df3181dd29321dfb9f50ee503b6b3ffff
SHA256 89053dee9e2762bc5c3b29ed34266ca66a2fb9a189c1bb64a44993b7fceb5c5e
SHA512 dd14c01087f3055468b115065c833f6eab66933907be5e924b7d5af9853d801a3dea1af0c3751448de3647b5fec02c082149b1edd56b284106e6545461399c0f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 00a8b04b61025ff2f08fcfc2bf3981a2
SHA1 27dc1d45a9f1c5f384af04635444ba5f1c18a1c1
SHA256 1bc2ce016ba87ff6525b0147947851465a281206951ed059556155364597c17b
SHA512 c0c8aa63132700d4378c3265800bb3c64831c7f30a64ccfd4c6833db424757258a9dd8ddeef913b88277fc17f43796beeb023abf3858387e16e52421b5fd813e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08827092ad2087b62063ecbc519f04c6
SHA1 54b6e23f484fca3b1c6d70a32c24483d74d3ff98
SHA256 34687d8f1d11779120316875402b7b031ec72639ddb2660801cc747bd7ca2ada
SHA512 237d5869be702ee00676c7f5ffa3a70a785ae61e255d6a481cde0b20e23e0a7c287840fb23bc90ecb5d20c0fdfa0c1b1106919116af2cf5747f1fe58c6cc4adb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 221590ef9623044266c0e9a120fa9879
SHA1 097ce9a3050482eb192221796b7bbfa2c66b8994
SHA256 98fa3f6d7ecd68fed63d059ba400494d8205e29bb0fd524949cb3972fecdc6e5
SHA512 71f93df1c8c4227664244e3db266d685b9561e3daa2c38705cf637a50f24d6616fcf824e5366ed495c51707ab7f3f1206bb5bf1e701e7424d8ca06ba7d1aa30f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2567b110a7f71f6009f2a61e80b1fdc6
SHA1 20c920e90e7902390d34ea0f10dd620b6d3891d0
SHA256 8206cff81c2d7cd90529ca78cd31e112316cc565ff196ec3700b5940bfb2178d
SHA512 1eb5bca9539ac941eb38e0c69401d9b4713dc3291da32eb3247251d9c8244fc864ca8bb1dee20820ee71b001f8b13942e10d042f2c1be21abc330362de26e8c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 27f64f547e2d55da3db25891ebca7994
SHA1 211bbc3bf3728eb9d7d6e386df68f872a1a561cc
SHA256 532b24790b61985e367114a6f6ceb5b002f3467bd8ed0cc3af28b2d225dd7987
SHA512 bbfc711bcab1ecd78569078d1aa3903b10dfbdd658335901cce63f65c0e6abaf93f63e3d7ea035e735d8d7e9f33fa93be897117ce9d0820eb5ad9f1f33ed981a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 449d0b973372a39a9f20e7adb1f49bf9
SHA1 e5573ca0264b6346f2a9bc29657fddedb3731861
SHA256 c496fe322c7b10a38b6ada8b1737dd56dd154a3757a10f3cb3694a66221af943
SHA512 f41e7ed8c8bfce9931dae8475f2896176cf2989030352a838d50b56a1a926d7062039d77bd1e1eae04b6908cd292b3e799683a2006cdc64f5d4b29062de49e88

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 30c8f1659b5153f942c43f9e6e8b599e
SHA1 503c1cd18b42fb3d242ae576d474550ec78582eb
SHA256 785549bad11083c6fefe19e42a407a5d6c1339f8521cafa4431d47524f323198
SHA512 b934d2b49833fc018d351cd75a206abd9b349f18e5ec7616c76510e92b1d8b87ef575c1607f4e510bef011c3e4d5c9e4823e9ccb1e8ff611e66c4b0aefd38fe9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a77094b9c81db91f67fcec69d88649af
SHA1 f903eb195fdf7bc57b0aa4bc9500e1b6546af874
SHA256 ea1c444fbd4bb5456d3f91451ed1ffa0b39501ac44b565001fce8af04ce24a27
SHA512 8cd78c1ef1a249207e04d50f9b0737b7135803511e65d011f34e03b2e4022aff31a8fc7bbeb616882702d590f6b29d1aaf374d06d9769e4002c84c8191de851e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cded13477821acf7583197c710f25e13
SHA1 4e43a1e70ba14ab9aa7afeddc0d22b57bc44c33a
SHA256 71d6749e9ecf4c35580cd1b2b3c6050fcaa1fc2d3092457901a6b748af66f9d4
SHA512 cdb35184c159d4542b90d2b1d227e392418f363cc36da07684e8022a62c9745c3ffd8c0c7f6269ecf32a77f218d85e2b8a97b314dada04ca08a18617e9fdf91c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 24ce44ce3432151a42d0f53cb4c8b1e4
SHA1 e91a8f1cdbfa89472b79f086eb0ba643c1de82b4
SHA256 1764227b18e80101211f9a13ed2efa04ef886fe8ef1db1f0b9d9c3562a75904e
SHA512 d33cc2a1b6ea1178041c66631e4783b7a0e86eed19ea39ebd559bdee6240b5d16a14e4b20b5171ca89702f27383067f0bb0876a2f220a86dbd576bab46d8aa99

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f1f8a2c176164bfe9836163956fa2014
SHA1 fd45b88e46432678c592549903704c58576da839
SHA256 4a1774dd868b8e7184a2ae879ad3ec86aff4eca83e0cae04b373d924b311aa24
SHA512 977ae6045be95bee504d85a9045e56b2d91e98e3d72b2870ed4725464d3438127bf0173702745a4f71f092d55d78929d807483b6a6325202388d7b0b882e05e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 79ff97d836ee2ec3383853ad06452480
SHA1 bfc87b220f853aad4e4f45c260ef863a54755d65
SHA256 d208683d30c8a7118d42916b3a8042ef9d9fd9cedf753f163d4550069ae44838
SHA512 c98099be2250c491839b1c82fdd62242de6de86cb869f64c24ff844ff9648ef3f51ae1e38542c413e741f3765a0656e9a78524b3e9fbf023db68f30d36d409a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 44c7480a5fc3cf5b772a969d2bdfddd6
SHA1 faddfb05c013dbd59075416ff3fc997bfa475588
SHA256 e51b9fae15c7d9061334a25939964493d1633ce265bff9b3d07e6d4952a7a832
SHA512 74460c8f9ee6c96bc15be50ba4debf961a8fd09bed9ec58704a155510861f06176d635a47285dfc7ec111208a47e5b3c4e34b30e2e99c84f691f5c4a08b9030d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ab87e1df7d5b4bca0f4e5aba5dda5f64
SHA1 38b06db0e7cfc0bc8339be9024fa2305c778052e
SHA256 193ccd469501781a9de7287e06461aae79aa79906ad1e7eee107cbdc05d6c569
SHA512 2542a87195cceb4a197ff59d5895b9b3f6ba438e35d409c9774f408212c968fcab9fdc0577f9ddd611f2e6ec1af8a5ff77a90a2b4c553782ffef68928e87f097

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 009b349168b322f570cb9c97fb9aa535
SHA1 49193d9eb5e7bb9de98957b104c13c3f19fe0132
SHA256 d43224dcbc7b6ef5347d04fd0d439c1b1068eb67e25665838fcb89d20d4795bb
SHA512 65378517af083131c67bc5e6d0683d534a6ccf62aec44513d8eea95d661064e2ee677a1129f9adca7ec8c5045d7b409b4469f0c85c6852e59bfa475da78d9879

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c504030df955d9e4342ec2127c762fca
SHA1 5cb3239e9b4bb54fc82b5646a774ade972e90701
SHA256 2c72611b6e1f920b5bb9a30aa2f0450b121fab7bf9cdbe75184535a185d19117
SHA512 28966abf9bfb6ffb5f44b2ee52e89cd090ae1dfb3c41038cd81f86cf03a1948cacad89aa436688a5be1fada439b1cb16770af693e7cd36c1ffd8692f987b5416

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ce8393ed80b9c92b73695bc6f30f7a75
SHA1 072b45d7d70a6e7b23f4bfb5e6f4ed280835fb84
SHA256 37dc997f4e266be23aee89b0e923b9b930487c6d479f20988197f5dd49258279
SHA512 511dc6bc79ba8b7102412c3e4d2f5ac7690071311cf31fd2105ef1e4304988850dfa2ea13bf2a3a31c03c32e2ddecebcee2dc7f148f77cc4f34d61f514524481

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 26b0d96753e2e38541e5558655461766
SHA1 b19082da625275d4beae356e93c942a6e7806594
SHA256 f4bd63965695425b37acb10f2523b9c9a68a26dace3e532622ff42ed5626cc64
SHA512 218966cbfd5e6f4fd4e7564b1ab139cf085030768a4dda596412dfc1afdf1e919380b67d855baccba95a6c477cf95ccc15c988fbcddbe9968777baadc1ccd902

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-25 16:14

Reported

2024-08-25 16:17

Platform

win10v2004-20240802-en

Max time kernel

147s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c11cd9f5f5c4de21b11d6e6ab4c467e5_JaffaCakes118.html

Signatures

Mark of the Web detected: This indicates that the page was originally saved or cloned.

phishing motw
Description Indicator Process Target
N/A http://btc2016.atw.hu/index.php?welcome N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4916 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 1740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 1740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c11cd9f5f5c4de21b11d6e6ab4c467e5_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa8fa446f8,0x7ffa8fa44708,0x7ffa8fa44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,17238554798068128877,18308280177560388531,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,17238554798068128877,18308280177560388531,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,17238554798068128877,18308280177560388531,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17238554798068128877,18308280177560388531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17238554798068128877,18308280177560388531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17238554798068128877,18308280177560388531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17238554798068128877,18308280177560388531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17238554798068128877,18308280177560388531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17238554798068128877,18308280177560388531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17238554798068128877,18308280177560388531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17238554798068128877,18308280177560388531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17238554798068128877,18308280177560388531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17238554798068128877,18308280177560388531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17238554798068128877,18308280177560388531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17238554798068128877,18308280177560388531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17238554798068128877,18308280177560388531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17238554798068128877,18308280177560388531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17238554798068128877,18308280177560388531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17238554798068128877,18308280177560388531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17238554798068128877,18308280177560388531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17238554798068128877,18308280177560388531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17238554798068128877,18308280177560388531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17238554798068128877,18308280177560388531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17238554798068128877,18308280177560388531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17238554798068128877,18308280177560388531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17238554798068128877,18308280177560388531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,17238554798068128877,18308280177560388531,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7996 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,17238554798068128877,18308280177560388531,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7996 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17238554798068128877,18308280177560388531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17238554798068128877,18308280177560388531,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17238554798068128877,18308280177560388531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17238554798068128877,18308280177560388531,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,17238554798068128877,18308280177560388531,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8976 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ztracker.org udp
FR 92.204.54.74:80 ztracker.org tcp
FR 92.204.54.74:80 ztracker.org tcp
FR 92.204.54.74:80 ztracker.org tcp
FR 92.204.54.74:80 ztracker.org tcp
FR 92.204.54.74:80 ztracker.org tcp
FR 92.204.54.74:80 ztracker.org tcp
FR 216.58.213.66:445 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 ztracker.cc udp
FR 92.204.54.74:80 ztracker.cc tcp
FR 92.204.54.74:80 ztracker.cc tcp
FR 92.204.54.74:80 ztracker.cc tcp
FR 92.204.54.74:80 ztracker.cc tcp
FR 92.204.54.74:80 ztracker.cc tcp
FR 92.204.54.74:80 ztracker.cc tcp
US 8.8.8.8:53 kepkezelo.com udp
US 8.8.8.8:53 image-bugs.com udp
FR 216.58.214.162:80 pagead2.googlesyndication.com tcp
NL 185.45.194.19:80 kepkezelo.com tcp
NL 185.45.194.19:80 kepkezelo.com tcp
NL 185.45.194.19:80 kepkezelo.com tcp
US 8.8.8.8:53 kephost.com udp
US 8.8.8.8:53 www.facebook.com udp
DE 157.240.27.35:445 www.facebook.com tcp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 74.54.204.92.in-addr.arpa udp
US 8.8.8.8:53 19.194.45.185.in-addr.arpa udp
US 8.8.8.8:53 162.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
FR 216.58.214.162:139 pagead2.googlesyndication.com tcp
US 172.234.222.138:80 kephost.com tcp
US 172.234.222.138:80 kephost.com tcp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 138.222.234.172.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 users.atw.hu udp
US 8.8.8.8:53 goo.gl udp
US 8.8.8.8:53 btc2016.atw.hu udp
US 8.8.8.8:53 coinfo.5mp.eu udp
US 8.8.8.8:53 btc2016.uw.hu udp
HU 88.151.96.4:80 btc2016.atw.hu tcp
FR 92.204.54.74:80 ztracker.cc tcp
FR 92.204.54.74:80 ztracker.cc tcp
FR 92.204.54.74:80 ztracker.cc tcp
FR 92.204.54.74:80 ztracker.cc tcp
FR 216.58.215.46:443 goo.gl tcp
FR 216.58.215.46:443 goo.gl tcp
HU 212.40.120.230:80 btc2016.uw.hu tcp
HU 185.80.49.249:80 coinfo.5mp.eu tcp
HU 88.151.96.4:80 btc2016.atw.hu tcp
US 8.8.8.8:53 s10.histats.com udp
HU 88.151.96.4:80 btc2016.atw.hu tcp
HU 185.80.49.249:80 coinfo.5mp.eu tcp
HU 212.40.120.230:80 btc2016.uw.hu tcp
US 8.8.8.8:53 stat.dyna.ultraweb.hu udp
HU 88.151.96.4:80 btc2016.atw.hu tcp
HU 88.151.96.4:80 btc2016.atw.hu tcp
HU 88.151.96.4:80 btc2016.atw.hu tcp
HU 88.151.96.4:80 btc2016.atw.hu tcp
HU 88.151.96.4:80 btc2016.atw.hu tcp
HU 212.40.120.246:80 stat.dyna.ultraweb.hu tcp
HU 185.80.49.249:80 coinfo.5mp.eu tcp
HU 185.80.49.249:80 coinfo.5mp.eu tcp
US 8.8.8.8:53 www.5mp.eu udp
HU 185.80.49.249:80 www.5mp.eu tcp
US 8.8.8.8:53 f.atw.hu udp
HU 185.80.49.249:443 www.5mp.eu tcp
US 8.8.8.8:53 coinmoin.hupont.hu udp
HU 88.151.96.4:80 f.atw.hu tcp
HU 193.178.119.42:80 coinmoin.hupont.hu tcp
US 172.66.132.118:445 s10.histats.com tcp
US 8.8.8.8:53 mellowads.com udp
HU 212.40.120.246:80 stat.dyna.ultraweb.hu tcp
US 172.67.161.123:80 mellowads.com tcp
US 172.67.161.123:80 mellowads.com tcp
US 172.67.161.123:80 mellowads.com tcp
US 172.67.161.123:80 mellowads.com tcp
US 172.67.161.123:80 mellowads.com tcp
HU 193.178.119.42:80 coinmoin.hupont.hu tcp
HU 88.151.96.4:80 f.atw.hu tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 172.67.161.123:443 mellowads.com tcp
US 172.67.161.123:443 mellowads.com tcp
FR 142.250.201.170:443 ajax.googleapis.com tcp
US 8.8.8.8:53 46.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 4.96.151.88.in-addr.arpa udp
US 8.8.8.8:53 249.49.80.185.in-addr.arpa udp
US 8.8.8.8:53 230.120.40.212.in-addr.arpa udp
US 8.8.8.8:53 246.120.40.212.in-addr.arpa udp
US 8.8.8.8:53 123.161.67.172.in-addr.arpa udp
US 8.8.8.8:53 www.bitcoinbazis.hu udp
US 8.8.8.8:53 okosleszel.hu udp
US 8.8.8.8:53 cex.io udp
US 8.8.8.8:53 poloniex.com udp
US 8.8.8.8:53 hu.linkedin.com udp
HU 212.40.120.246:80 stat.dyna.ultraweb.hu tcp
US 172.67.71.137:80 www.bitcoinbazis.hu tcp
US 172.67.71.137:80 www.bitcoinbazis.hu tcp
US 172.67.71.137:80 www.bitcoinbazis.hu tcp
US 172.67.71.137:80 www.bitcoinbazis.hu tcp
US 8.8.8.8:53 widgets.amung.us udp
US 172.67.71.137:80 www.bitcoinbazis.hu tcp
US 172.67.71.137:80 www.bitcoinbazis.hu tcp
HU 212.40.120.246:80 stat.dyna.ultraweb.hu tcp
HU 212.40.120.246:80 stat.dyna.ultraweb.hu tcp
US 8.8.8.8:53 tr.affiliate.hu udp
HU 92.119.122.13:80 okosleszel.hu tcp
FR 142.250.201.170:443 ajax.googleapis.com tcp
HU 212.40.120.244:80 ddserver.ultraweb.hu tcp
HU 212.40.120.244:80 ddserver.ultraweb.hu tcp
HU 212.40.120.244:80 ddserver.ultraweb.hu tcp
HU 212.40.120.244:80 ddserver.ultraweb.hu tcp
HU 212.40.120.244:80 ddserver.ultraweb.hu tcp
HU 212.40.120.244:80 ddserver.ultraweb.hu tcp
US 8.8.8.8:53 shp.hu udp
US 8.8.8.8:53 static.ultraweb.hu udp
HU 92.119.122.13:80 okosleszel.hu tcp
HU 212.40.120.246:80 static.ultraweb.hu tcp
US 172.66.132.114:445 s10.histats.com tcp
HU 92.119.122.13:443 okosleszel.hu tcp
HU 212.40.120.246:80 static.ultraweb.hu tcp
US 8.8.8.8:53 www.bitstamp.net udp
US 8.8.8.8:53 blockadz.com udp
FR 172.217.20.174:80 www.google-analytics.com tcp
US 8.8.8.8:53 amazingfreebitcoin.com udp
US 3.140.13.188:80 blockadz.com tcp
FR 172.217.20.174:80 www.google-analytics.com tcp
US 8.8.8.8:53 www.hupont.hu udp
HU 193.178.119.42:443 www.hupont.hu tcp
HU 193.178.119.42:443 www.hupont.hu tcp
HU 193.178.119.42:443 www.hupont.hu tcp
HU 193.178.119.42:443 www.hupont.hu tcp
HU 193.178.119.42:443 www.hupont.hu tcp
US 3.140.13.188:80 blockadz.com tcp
US 8.8.8.8:53 137.71.67.172.in-addr.arpa udp
HU 212.40.120.246:80 static.ultraweb.hu tcp
US 8.8.8.8:53 42.119.178.193.in-addr.arpa udp
US 8.8.8.8:53 234.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 170.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 244.120.40.212.in-addr.arpa udp
US 8.8.8.8:53 13.122.119.92.in-addr.arpa udp
US 8.8.8.8:53 174.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 angolnyelvtanulas.shp.hu udp
US 8.8.8.8:53 atw.hu udp
US 8.8.8.8:53 www.shp.hu udp
US 104.22.74.171:80 widgets.amung.us tcp
US 104.22.74.171:80 widgets.amung.us tcp
US 8.8.8.8:53 www.circle.com udp
US 8.8.8.8:53 consent.cookiebot.com udp
US 104.22.74.171:80 widgets.amung.us tcp
HU 212.40.120.246:80 static.ultraweb.hu tcp
GB 92.123.143.130:443 consent.cookiebot.com tcp
HU 94.125.176.29:443 atw.hu tcp
US 8.8.8.8:53 www.coinbase.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.coinmama.com udp
FR 216.58.214.66:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 www.instagram.com udp
HU 193.178.119.42:80 www.hupont.hu tcp
HU 193.178.119.42:80 www.hupont.hu tcp
HU 193.178.119.42:80 www.hupont.hu tcp
HU 193.178.119.42:80 www.hupont.hu tcp
US 8.8.8.8:53 www.kraken.com udp
HU 94.125.176.29:443 atw.hu tcp
US 8.8.8.8:53 t.dtscout.com udp
US 172.67.71.137:443 www.bitcoinbazis.hu tcp
US 172.67.71.137:443 www.bitcoinbazis.hu tcp
US 172.67.71.137:443 www.bitcoinbazis.hu tcp
US 172.67.71.137:443 www.bitcoinbazis.hu tcp
US 172.67.71.137:443 www.bitcoinbazis.hu tcp
US 172.67.71.137:443 www.bitcoinbazis.hu tcp
US 8.8.8.8:53 localbitcoins.com udp
US 141.101.120.10:443 t.dtscout.com tcp
US 141.101.120.10:443 t.dtscout.com tcp
US 8.8.8.8:53 whos.amung.us udp
US 141.101.120.10:443 t.dtscout.com tcp
US 172.67.8.141:80 whos.amung.us tcp
US 172.67.8.141:80 whos.amung.us tcp
US 172.67.8.141:80 whos.amung.us tcp
HU 92.119.122.13:443 okosleszel.hu tcp
HU 92.119.122.13:443 okosleszel.hu tcp
HU 92.119.122.13:443 okosleszel.hu tcp
US 8.8.8.8:53 okosteszt.hu udp
US 8.8.8.8:53 dianetika.online udp
HU 92.119.122.13:443 okosteszt.hu tcp
US 172.67.8.141:80 whos.amung.us tcp
US 172.67.8.141:80 whos.amung.us tcp
HU 92.119.122.13:443 okosteszt.hu tcp
US 8.8.8.8:53 131.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 171.74.22.104.in-addr.arpa udp
US 8.8.8.8:53 130.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 10.120.101.141.in-addr.arpa udp
US 8.8.8.8:53 200.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 141.8.67.172.in-addr.arpa udp
US 8.8.8.8:53 188.13.140.3.in-addr.arpa udp
US 8.8.8.8:53 cdn.tynt.com udp
HU 185.208.224.23:443 dianetika.online tcp
HU 185.208.224.23:443 dianetika.online tcp
US 172.64.153.173:443 cdn.tynt.com tcp
US 172.64.153.173:443 cdn.tynt.com tcp
US 172.64.153.173:443 cdn.tynt.com tcp
US 8.8.8.8:53 www.hugedomains.com udp
US 104.26.6.37:443 www.hugedomains.com tcp
US 8.8.8.8:53 latogatottsagnoveles.hupont.hu udp
US 8.8.8.8:53 www.google.pl udp
US 8.8.8.8:53 www.mrcoin.eu udp
US 8.8.8.8:53 www.vip.onlineangol.com udp
US 8.8.8.8:53 s10.histats.com udp
US 8.8.8.8:53 hu.hit.gemius.pl udp
US 8.8.8.8:53 23.224.208.185.in-addr.arpa udp
US 8.8.8.8:53 37.6.26.104.in-addr.arpa udp
US 8.8.8.8:53 66.214.58.216.in-addr.arpa udp
HU 92.119.122.13:443 okosteszt.hu tcp
HU 185.51.66.37:80 hu.hit.gemius.pl tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 cdn-cookieyes.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 static.hugedomains.com udp
US 8.8.8.8:53 use.typekit.net udp
US 8.8.8.8:53 connect.facebook.net udp
FR 142.250.179.68:443 www.google.com tcp
US 104.22.59.91:443 cdn-cookieyes.com tcp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
DE 157.240.27.27:443 connect.facebook.net tcp
FR 172.217.20.194:443 ep1.adtrafficquality.google tcp
DE 157.240.27.27:443 connect.facebook.net tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 log.cookieyes.com udp
IE 54.76.224.206:443 log.cookieyes.com tcp
IE 54.76.224.206:443 log.cookieyes.com tcp
US 8.8.8.8:53 szemelyisegteszt.okosleszel.hu udp
HU 92.119.122.13:443 szemelyisegteszt.okosleszel.hu tcp
US 8.8.8.8:53 37.66.51.185.in-addr.arpa udp
US 8.8.8.8:53 68.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 229.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 91.59.22.104.in-addr.arpa udp
US 8.8.8.8:53 163.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 173.153.64.172.in-addr.arpa udp
US 8.8.8.8:53 27.27.240.157.in-addr.arpa udp
US 8.8.8.8:53 206.224.76.54.in-addr.arpa udp
US 8.8.8.8:53 88.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 194.20.217.172.in-addr.arpa udp
HU 92.119.122.13:443 szemelyisegteszt.okosleszel.hu tcp
HU 92.119.122.13:443 szemelyisegteszt.okosleszel.hu tcp
HU 92.119.122.13:443 szemelyisegteszt.okosleszel.hu tcp
HU 92.119.122.13:443 szemelyisegteszt.okosleszel.hu tcp
HU 185.51.66.37:443 hu.hit.gemius.pl tcp
DE 157.240.27.35:443 www.facebook.com tcp
DE 157.240.27.35:443 www.facebook.com tcp
FR 142.250.179.68:443 www.google.com udp
US 8.8.8.8:53 35.27.240.157.in-addr.arpa udp
US 8.8.8.8:53 consentcdn.cookiebot.com udp
GB 23.53.172.14:443 consentcdn.cookiebot.com tcp
GB 2.16.170.113:443 use.typekit.net tcp
US 8.8.8.8:53 p.typekit.net udp
GB 2.16.170.51:443 p.typekit.net tcp
US 8.8.8.8:53 listamester.hu udp
FR 142.250.179.97:443 ep2.adtrafficquality.google tcp
HU 195.56.111.153:443 listamester.hu tcp
FR 142.250.179.68:443 www.google.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
FR 142.250.178.129:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 imgsct.cookiebot.com udp
US 8.8.8.8:53 www.youtube.com udp
FR 142.250.201.174:443 www.youtube.com tcp
US 8.8.8.8:53 14.172.53.23.in-addr.arpa udp
US 8.8.8.8:53 113.170.16.2.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 51.170.16.2.in-addr.arpa udp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 153.111.56.195.in-addr.arpa udp
US 8.8.8.8:53 129.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 magicdental.hu udp
GB 2.16.170.113:443 use.typekit.net tcp
US 8.8.8.8:53 img.youtube.com udp
US 8.8.8.8:53 ic.tynt.com udp
US 67.202.105.31:443 ic.tynt.com tcp
US 67.202.105.31:443 ic.tynt.com tcp
US 67.202.105.31:443 ic.tynt.com tcp
GB 2.16.170.113:443 use.typekit.net tcp
US 8.8.8.8:53 de.tynt.com udp
US 67.202.105.32:443 de.tynt.com tcp
US 67.202.105.32:443 de.tynt.com tcp
US 67.202.105.32:443 de.tynt.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 174.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 31.105.202.67.in-addr.arpa udp
FR 142.250.178.129:443 tpc.googlesyndication.com udp
US 104.22.59.91:443 cdn-cookieyes.com tcp
US 8.8.8.8:53 32.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 cdn.inspectlet.com udp
US 104.22.56.245:443 cdn.inspectlet.com tcp
US 8.8.8.8:53 245.56.22.104.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 hn.inspectlet.com udp
US 8.8.8.8:53 36.56.20.217.in-addr.arpa udp
US 67.202.105.32:443 de.tynt.com tcp
US 67.202.105.32:443 de.tynt.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 67.202.105.32:443 de.tynt.com tcp
US 67.202.105.32:443 de.tynt.com tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 104.17.25.14:80 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 silktide.com udp
US 8.8.8.8:53 www.google.hu udp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 67.202.105.32:443 de.tynt.com tcp
US 67.202.105.32:443 de.tynt.com tcp
US 8.8.8.8:53 de.tynt.com udp
US 67.202.105.31:443 de.tynt.com tcp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 719923124ee00fb57378e0ebcbe894f7
SHA1 cc356a7d27b8b27dc33f21bd4990f286ee13a9f9
SHA256 aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808
SHA512 a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

\??\pipe\LOCAL\crashpad_4916_CHMMDMMLEHABRUKV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d7114a6cd851f9bf56cf771c37d664a2
SHA1 769c5d04fd83e583f15ab1ef659de8f883ecab8a
SHA256 d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e
SHA512 33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\34b2ca57-e820-4f1a-becb-9a8bf9b54e3a.tmp

MD5 e01642bef82436292eeb738028b1ab04
SHA1 9c3c6f02e518127d3038de08753ec2b2ee29a876
SHA256 6cab48a7d999e34f91fceaeca66caaee49b111d93724e40915a3b832b7832c30
SHA512 318b22cb35f9d8491dbd4f0538abdd8e6d3ab8e1e19af732bddec930b03d776a798918cc3b351fe7270b2b9b696da127ea5cfb865d5adacd365947e34ac0d0de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fa9e7bc82c79b1471357aa7898e3783e
SHA1 3ec89ec5307627a9d6b5a2119f9c096bc4f9d641
SHA256 9e73cc900ad804314391387b2ddeabda4cdb18281e6a8143c60464a1cb8623ab
SHA512 50fdddb7a0897f911d00659eddf06226c3df6098efe33febc31fc12d505497232c9295c0f915bdf81318c00a66604ea5b06ef0f0285e06539b535bb6c946ffbe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 38450351235e38c1f5615610c14f1592
SHA1 9a0ce76093b0d132be0e4db48026791eb78ed266
SHA256 3f8d7082a529d9ce97e8e724a8b8b68d53baca634f31ce414c887da8cfdcd5ca
SHA512 16729b4109a8270c8f5bdf87a1a72ed1b4dd4ff27cc707303df3c8e98af2e8cb16c4e3760725408e76e7418e1d54352d0c984f464e46f53b971df2f034b04c17

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 021feab5ce772790410284fbecc609d5
SHA1 4086f53b98d49c0d51b2869b4294f638f579c040
SHA256 b4b5b19bcd076a67164666744070ae32edcb3acd47aad1dfe4778fbd50f1b31c
SHA512 2c249ba164466f556975698bf16793df895afc84c6b962bda9727d60e84936c53ef178da75d684299e348bf9cc4527075334d7eeb9d31972cb6f274fa873b146

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

MD5 2257803a7e34c3abd90ec6d41fd76a5a
SHA1 f7a32e6635d8513f74bd225f55d867ea56ae4803
SHA256 af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174
SHA512 e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

MD5 c7499ca185afb8a4b149196d729b7d1a
SHA1 515a63fde84030ddad31b84390f9ab655637705a
SHA256 517f12733d8c3f36f4acf51221bba37f77af472a283b7e65e9c6fa6ec8615ead
SHA512 4737416dae70e637999ec218c38d176ce2571cfe892b704bcb3a68cfe4c0a8a2deea50f9e1cfc2f70da05126d748df73747e19d72f983eb335ddd350068e23e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

MD5 178e37ca63c93845678cb128374b6ae5
SHA1 5dc2826344197e480afe30682d5a50bb5ecfdfb1
SHA256 46af5395260d8f263aef54efccbb3044a3d3633fd7d722b71f9bfb1515c3b677
SHA512 d19c55e0d7d7345b0a6d79a9afd718fcee12c809d0b9f715fd3fea28740ac0e57ce1f8df6c729319b0f226a1ce720552c033cdb5924c459a59e794c73c22bb40

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 88042200e8dbe53f88f883024333060c
SHA1 2aa8c121892226ba9b5bead51335cdc679cb0e1f
SHA256 38db1a69248f71c3cbb721cf7df26a54f174ea5ac79050a12474e09789576874
SHA512 2fdb8f779d1ee0f258e653b60ddfbee3fac202e4f2ce376c91b8a5f6ab275f817df5269b38d7fa227dd6ead94df463072f147c0b0ccfd7acff41953855947006

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586184.TMP

MD5 18e63c0ce52718f0e80e9ebb7efb0ec9
SHA1 0e0b2cd570ef034b8c592830fbe5f4ed1f4fbb96
SHA256 2d20715f5ccc80dd65f94abae5924ffeec111aa796cd99234986c290b19df2c4
SHA512 57a27e59ae7d67612bfdb6a603e4c97a823628072acb6eeafd4a1456c0da668dc2759a1798b4a85c0d02c008ef5de6050d6e135f97ec586f21414b41ecfd9297

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 815904ff50c3d8e1cea87c66dc4b52fe
SHA1 3ba90e972fd46206fcf2a0dd710b15b0dfbc8516
SHA256 2c47b07df85f90b4127e543b2163dfe587a1a9f12588eb7b8994cafa4390a96f
SHA512 81bf2f5ba8bb81608371db51d08cc2f8e5be8d130722ce899c96e7543c51d18a6e195a2b3f78df57d10c578ea6c90b64298e1497687e9726a22a25f51f4259f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 07fa3bf3af4a6c13a0deade6bc75db5e
SHA1 2b5add7cd4ad2c59c7c881e814ac6a7c944f8a7b
SHA256 ff5ed81a1e5e435eca3117ba79e447e4def844293d084858272b7f319bd5c54f
SHA512 c2d24e276ffe1db5a3e7cf88cc9c33c216b2c01cd50d56c02a316af202255e057e05de7b61f536e5b46f0b6fdf28d2971ebb59560a05f17c07f7c90178a099e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f9814cedcaf4ffa8e8249fe99db4c86c
SHA1 ea7f238014c3245a73ad5701d13c446264240ecf
SHA256 d63143791565f5f8c620fb35a8de2fc29814e0b6059f83cce9f16d4e03ee84fb
SHA512 a00672dd4a47f271f2b6ff3583c1a6be23afadca6f1bda9568ba800ff6ffa030deda790b94432ca3c453fdfd7ec59fb3d0bf6fff777fb648445bf7162467a4e0