Analysis Overview
SHA256
b7abed1406109e1931d0d5976a7cae96fd029deb900185da2a5871b3ed950f75
Threat Level: No (potentially) malicious behavior was detected
The file 91f32f2824232b868b1aaad70e26b75b_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:27
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:27
Reported
2024-06-03 13:30
Platform
win7-20240221-en
Max time kernel
125s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000aa8ecdc58a78254e991fbf5e6a738dc6000000000200000000001066000000010000200000007e096bc55755566d7ae1d7415ab0d33014c1e1ed7970676dfcbd23bb11a921d6000000000e8000000002000020000000111aeeb34e5c6be58c7f70ae7cb5dffda32adaff9208c34138cb6b2639ae955820000000f918c6021e611912dded222be22f8fba23feeb645c493e7f4b8ba5e99d9c0c23400000008eeb0fdb7395cab15ebe45045552b39f9a48c9e80a8274ff84f123c611e6eebdf251bc8e4d8b0ad95e6f25eb04b99e84b47d8c446176730cb0bde5158d3271ab | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 2010b7efb9b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423583148" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{18F820A1-21AD-11EF-A3B3-6A83D32C515E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000aa8ecdc58a78254e991fbf5e6a738dc6000000000200000000001066000000010000200000007466e3feb60ce5f5141a355345e28606947ee9a48f713350bc1c6de020204fc7000000000e8000000002000020000000d37a0003cffe97c30ca36288f5d67755a456db8431bd5940f650e1acc914baec9000000017ad520f4e6bd4fe0d6214c6b8750783e77c7194e08b1df9ceea337ff6f330de0923772d496066c08eb9b84c6b96dac6ab278f82c27c7e09897e6b913ddf609f7e7d906b808b18069c22a6f1f8cfec5ae803bb46359125fc10878df3336b07835e42b1c5b29de7d76612ea14786cd8fab6f8dc8109a755df10d7dd6167e09a3b35e2af7ad95b83a9b80f61ce05799d89400000008fcf3b29786fd2ac51c7401a479ae219eb75833c37a782b0c5770912d0ccb96d0c53dfb18e27879dae2d1781cd000d0515b5083db6d44efadc4294d64f560b3c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2276 wrote to memory of 2060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2276 wrote to memory of 2060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2276 wrote to memory of 2060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2276 wrote to memory of 2060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91f32f2824232b868b1aaad70e26b75b_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2276 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 172.217.16.225:443 | lh4.googleusercontent.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 172.217.16.225:443 | lh4.googleusercontent.com | tcp |
| GB | 216.58.201.106:443 | ajax.googleapis.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 216.58.201.106:443 | ajax.googleapis.com | tcp |
| GB | 172.217.16.225:443 | lh4.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh4.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh4.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh4.googleusercontent.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | cf7914e9b6794bded8aec92b21c05410 |
| SHA1 | 052becbf7837463377ea2e32ea6c55bd478d54c4 |
| SHA256 | 7d62fdeb71ee3e9c8cba3cddac6157a4b6cbededeb9e275cf9e6f5d7f099cb72 |
| SHA512 | 2d9d6472a455d27b3f0d17b44386780c1a0beba23ccacaf81006403c8e0d5a8a5136c88101ba8a74fc546d14e4e7273182fd717b24bf9a8b4dcbd8d0710d0c9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 13ed5e0369cedc64c8437eb9a493a981 |
| SHA1 | 880053c91809fef7b2a3d688143f554d5a05c0bd |
| SHA256 | 3560614f2f62c19498d2ad6c3b9fa8f232883167479de05e924a5a3ab19a8454 |
| SHA512 | 18b3c940a3b722b58c476af4141ab987ed9f7557c1e52f3f20548b2c209abd67c943761d22e20ed59c36d69f8cd911285aff7efdf2d20f51c35cad62932aefa0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 88a690c3b80e12faac4a01edd4c3823d |
| SHA1 | d7c65c7c15d4dc1389e159755435d957b384cfa0 |
| SHA256 | 4187b818c8c9217ab43046fb9e545f98df6077a3e9ae5e93bfa4deb42de861b4 |
| SHA512 | 77ee473c62e256387e34f4c35616e4d0133c5e3c696d2d300a21ff1a30ea93ec25b617f1680ccfaf979fd4bffb73d937820ec22feba3499952a8a67cc0e2d6b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | c3e93d3c181f2a779b0f94a09bd78a52 |
| SHA1 | deb0834ccf9effd8cabc0bacbe1b157da17302d5 |
| SHA256 | a10bb176c551804844ffd7cd973f2bd74ed0f4ba469bd25a469609b5fbd3c8f2 |
| SHA512 | 4cb5eb5c3f0170f23ba05c43ea7b44bd630c4cfea40c07efa8eed8e90787defb3615379259a6a1303041ca3c729c275a24133a62042e12b0dfa51bdacef8572a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 1573a47071c7de8f50e3d2cffbf22a89 |
| SHA1 | f300aa82163153e4c538387973a0fe9f85f62aa6 |
| SHA256 | f87b415034e2f1e4edb335de3f3cd5af971c054e25d9969a9179ceeebc14049d |
| SHA512 | 91c7b9bc0bf623aecd01685c5ef7058d24f151cf997a1efa5e68398f556c3b5d4a37568be9e9e05037c3450abba6c10cb3f60254c88a44c162c0da77ce6b6930 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 66226109fa3f4d92a9f84241a39c0e9f |
| SHA1 | faf8927c849babd942de2ddc75265a6f1bf63461 |
| SHA256 | 78387da910324beaf1c51678e35b0931c3e3c99ed7640c575287662b1ed46ed5 |
| SHA512 | b7738e23004727b38a81e9845f8b665d9210560f9687d7e510b5393da9bb19414c3ea577119703ed813c007f1105e87aeece12440691c2411ca12d020fef63a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 0f257b2ed0adac866cc4c53af28c3392 |
| SHA1 | 9298dd7a0d6daa699568462bffe2e7d2d9f197b0 |
| SHA256 | ff66e0765ef534f3a0def39a0ef8e81ad8ca613801accd4e6a52590a37158b34 |
| SHA512 | 04a2bfbbf28a12df2651acedfbe24674692274094a49ffb95e3bc1f31c0f1184273ec06fc214a85222197e4201503a19bd6c9f640034957a9655c89a285e3a7a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | c42021d77a03dc944c1c2a6ec684443a |
| SHA1 | 5864f0f0fc442fd2083c39723a814623f199adc0 |
| SHA256 | 6855282e919cf3c3402a2c9fa47250ce5834bee2c10ebf03d1df3a5686f7d790 |
| SHA512 | a45ae6caef686b2cac215d8558611af8a9c2fe98a9f9d4ea2e363e2a5384ed3a69a5a2667f4b84edf42c44eae7f559ebaec9a0c306a1b37534190673475d4bb8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | b826cab72080f3dccc20206fc66a6395 |
| SHA1 | dd23beefe168a25be82fc3b0c29b4c55085ae5d4 |
| SHA256 | 0b80eded1f3c7d475d098d38eb141fffb9ea3cd9d0a345522bcd9d76ebd14253 |
| SHA512 | 23d025d5aa923414a175bb4d9c122c29d912085f408fc6e29c544a11b8464a0acd8c598037e1ec76aeb1226d9369a842057ea8ecf784ba9cdf934ad049fc4b8b |
C:\Users\Admin\AppData\Local\Temp\Cab1E3B.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_6B69C29B30EAF4FCF9E240B3D6A77FC9
| MD5 | d15af181df28a93d3dd0ec8748e1fd4a |
| SHA1 | a3f4ca80c6c94c21fba95801b8171186374fe808 |
| SHA256 | 897c589d175c21601455adee18069f1ff0b0701b57d11a3f3fc1b13c2f9bea6a |
| SHA512 | 5dd966491348ba2d0095e208233340e0638421f0314363534e8e97dc1688dfef943c6185b47e52133d83ef7f23a4a624c0cffb89d6ecee6d57fcd4400e708bb0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_827A2BD464611B5891D523F77B43FEB1
| MD5 | 8c33153339af9a1a90286d544b920c11 |
| SHA1 | 9246cb65cbae1520f56e2ff7025342d928bf70a3 |
| SHA256 | 919969b83dbc076762b3c68a24e4ed52e0adb5205bc1d59edcb3edfb0a5d91fb |
| SHA512 | 30c6a3fa055e2a6b96d8a0fbae366e1126dfc008a75af45e829bd80824ab809ac3f0bba09d0b05c0ea9ec8b35a0e4dac815737fdc5477b6cde9a1fc682dfd583 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_827A2BD464611B5891D523F77B43FEB1
| MD5 | 3cbd995f8bc61a3669d6dccec2391d8a |
| SHA1 | 39e5903bb99f1d045f6b0c2429b43ea8e2d551da |
| SHA256 | d302d7266945490d5d06e91e1c2557830688004c572f39343357dfd57ada50e5 |
| SHA512 | 6335e0e9db04d46564a47818a02c3ed714ee705dbc70ecadf252f2813ef62ed14bf739ea545d69e3214d21600a2d9257013545ab3bd7eeba17fe1fb07b2a22ba |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\platform_gapi.iframes.style.common[1].js
| MD5 | 682c26af19b240f98d2cb951721fa54d |
| SHA1 | 18e58b652c7f82a55ab4b1910693686049e25d62 |
| SHA256 | 96428f0f585a874c185d560538ad83ebfad0365d760fcf9fcefe80add9e3c980 |
| SHA512 | 078aeef086271b7f9cf0f6e3a1e7908d7e38465a1a7a4de6f2a785147e9130551a2995e80600824da9341d58e5425d4505518e90eea9ffe1c64f4f41825a9660 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UA1HZF3D\cb=gapi[2].js
| MD5 | f9255a0dec7524a9a3e867a9f878a68b |
| SHA1 | 813943e6af4a8592f48aeb0d2ab88ead8d3b8c8b |
| SHA256 | d9acfd91940f52506ac7caeffea927d5d1ce0b483471fa771a3d4d78d59fda0d |
| SHA512 | d013be6bfc6bcf6da8e08ed6ff4963f6c60389baa3a33d15db97d081d3239635f48111db65e580937eb1ea9dc3b7fc6b4aecb012daeee3bf99cfebf84748177e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c8b1672ade1747883b07c7e7e072699e |
| SHA1 | 49a8e63d795e7a6aac4d051b157bcb450efe6df1 |
| SHA256 | 6442c3d6ca46b4fc1de3ca90d9ba6c1681da3c0933fba4e9fa50f3c733f4083b |
| SHA512 | b2f12ae34a1069041fffbaf7a89e6f0c633f8ef47816cb59d928af58dd10afdf7d73ebe536b7385cb1f6fa716b0c31ed3e3f6af3e615be9ec3777d17ce3ba751 |
C:\Users\Admin\AppData\Local\Temp\Tar3FA2.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab407F.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar4093.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d9f546288daeb7a38b8a85dd43dd0a6 |
| SHA1 | 2acdde68cb864d6af03ef3362106356a8c6b1753 |
| SHA256 | d7596e75b2196cecfd7fdbc5312955512cd96bff389a0e7e220a4290044ee3cc |
| SHA512 | ff1d89e0e1c3601e7a7101c9e78042e8bc1841c3a016cc98f98f8bb722ca2f52ae56888cc33a46ddef3ff0f4c0821f0f1737fe8c3f336423f4242541f0dc5b64 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4849f0c776137704f6646ecf951c97d2 |
| SHA1 | 5ba87b573e8d4cc8fadcbf68d9aa6b9a98b75890 |
| SHA256 | 2346c68fb8de485c05abb37a98eec4f72eb178fb5d749b398ac90f018aaadec5 |
| SHA512 | 40b1361aa52cdfa5cbe1de0b0bc90b549be4e99f5c42605c1fb9bc151c059c2ab0cc49e44e5e36d982fe55eb2cf5d7b0379afd87586b748f2869747770181cd2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 579b0b57bc1c2898af42ce0ef08dc63a |
| SHA1 | da5266a81fbb834d4ccc90a67dfd7add0b16620d |
| SHA256 | c5f60f394efb2a2e37d27e451af6ece93fcacc48ebad6165b502e1782a0bddc8 |
| SHA512 | f8ed71db7485d8c7f0ca566bd8a1cc3d80a9ec1cb39db3532ab82a52d5b44d65c37dd480d8f9b353621e5c3a88675779425b3272372ddb9e65b81151d2d2d5c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ce6066eddc0126063a0fec373a332ec |
| SHA1 | 5da77daeed7bcb5e0d9e14b0c80bd817f2ba459f |
| SHA256 | 50dd0f1e7e97df1ef7eac9df448d47233e87bf473aefe5827d25f535141bfac4 |
| SHA512 | 1d1fd1b35ac15a773b84e553b4aaf0865f218fe1246e07ee7067659610adfba69352700d68241a9105115c351942a3a728e30f904a4bcd70de421d679f529d23 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e76858afb7e48aea31116841c6e64d85 |
| SHA1 | 66338c62bc0acb1066a152cad0cc74f3b3d4b13f |
| SHA256 | 4d591b40fdc7dda7b3946c2741079b7077d0cfd9d3b34449ceea9b3b0b6e6962 |
| SHA512 | 243aa003f5c349d883d30d5513acc9824683a80fc6e2f44046d63906bff6ffaaf83179ba022944dd4296513f259d702c8a16879934e1a2abe2d0d83f76cb8c86 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | daa45d33780b674c2dd8c567c12dddca |
| SHA1 | b0dd28c53b61ebe9aedd46ab0b9dcc619a6e4910 |
| SHA256 | eeb2a611debf4d3c859311dc29b4b2070e7f9f0e5057c3e53ee6892d699ac7dd |
| SHA512 | b99279192780a633238823e36ebeb3e3a47a2acc602cc7eb7308e65938495cb13bf040e97d82a9030b975e4f1ec2abb3bd8eb5da0f7e5f0f8faded96bcebacb9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 84260818272652f048cffe7b2ab64db8 |
| SHA1 | 55e2c3c4caaade574f796c072760ba9e163c2e17 |
| SHA256 | e26ab40b6c3fd929caa7d7b94864ac59f2088636448c8d64913e59585cc79862 |
| SHA512 | 5546087a8a1ae90c9ac0447c358247b7ba5059ec3b064809bc788daa6f6c4b90052095232849990b64ccc8b8f34332a31ee92afbfbcb4636cc1475a85e5fef1b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58246198f0d8a56e0b6fa748ffcb188c |
| SHA1 | c67ab128030d0ec631ae8348836c61a722b9e418 |
| SHA256 | ae60d76bf4d6387985d43ef09dc21e697dd547c31368413b8b2569d90220322b |
| SHA512 | a53dc55336ccb9aa45c38fb9f320f8fb41bd03d2a9b736b429ebb4a913e8c6432e35109ae5c61fd3690dcae559bbb2d73f83826a923ba48196550e20d147c18c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c09b98e35ebf4e7fb60f733103f01a3 |
| SHA1 | 43d2446fae1c140dd29cf2464b4e6176a89eeec9 |
| SHA256 | 9a7568adbc09e6c5399c3f7b06eca9ab77a83c9b621854bfdedc7ef69be5894a |
| SHA512 | 1e7552188f495fb1d45856027793bb29e8590e47e63aa0cb4426d3eaeb7f82d3ee8dc477da8a26fed992e46a05738c5c84acde3965c6eada55488aba98218d28 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPR7YYBV\3604799710-postmessagerelay[1].js
| MD5 | 40aaadf2a7451d276b940cddefb2d0ed |
| SHA1 | b2fc8129a4f5e5a0c8cb631218f40a4230444d9e |
| SHA256 | 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2 |
| SHA512 | 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JB8Q1DZR\rpc_shindig_random[1].js
| MD5 | 6a90a8e611705b6e5953757cc549ce8c |
| SHA1 | 3e7416db7afe4cfdf3980daba308df560b4bede6 |
| SHA256 | 51fdd911dc05b1208911b0123aed6b542e9d9f04c94d7504c63d89ca259ef679 |
| SHA512 | 583636571c015af525cddd5b8dc2ac9964aba5a7a9b0acd3908e4aeb4c2ee74cdfaabe49b0aa13d7b142748542426864e91e88e90d7f73bc647f0bfecb0ff7bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c62038e6798f80984b78c5ca4ae1175c |
| SHA1 | a3c77616d044a18fde6d71c14ee3614dff1c435d |
| SHA256 | a1aa6fed090b6c73da2fc38781108e8316b7c785b7353c58cf002a4ba9567db5 |
| SHA512 | 491824fce4b7f943bec31adc13e324a7bf65972bb5d655ffb17d1df4ff9b9f7bedaaa48eb2f03e4557dc3be0c58e462b44e5385b966f7a971d917ee96355127b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be085c25cfdea0a989550191184a1e7a |
| SHA1 | 9bad4960255415b52fdd28a6b01ef506d9c8a5b9 |
| SHA256 | 75670217bb3dba0f12137a9e72675ba12a6c11b4fd97e320a729d5d93725cd3b |
| SHA512 | 71f4519c913e9a53c7bf38c569ec8ff8a8d289371ec1c7aae555e57834f9c9d567d856b5d8e7bffd27900aefd392fd7dd392f8d33d929de4b398689b5bb41c05 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 4507fe2e1deb953df3f2f50e201da3f5 |
| SHA1 | 666b33996a1560c23d804dc6da8c5498307c4073 |
| SHA256 | dea12817231bd2357fbf6f592636b727e6879e2161e50a458f1559bb67df4b78 |
| SHA512 | abc26094d6c18a0d2d5cf053dbd87b8383ee8cb209380ccf2fd213832f0da7df12da77115bb41ea232e42facd7acb028322cdaf44a005d725f94e76e27401d85 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 405817f285426f160ea8e9aacfca45c0 |
| SHA1 | 49f5d1a375d3b6fde910b133e7f4ac096fc36e85 |
| SHA256 | 4a191819d58d8ed230462ab627bbbbacd406bb7329aa6039dd8011dc0dbf5569 |
| SHA512 | 96b452cfbb2814bc9172008f60424f46d252daff70da35dd2dafd650e726ed107ab243c065075850262a267fff9c2134379cfaf9f3263faf3eff3100b1dc958b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e7204575bb32f4d3bb0bf034152d804 |
| SHA1 | 132166b4cb2ed0306fc146c5e633239c71f95baf |
| SHA256 | 3e3727415bfc1709e0ff736d9f10bfdc43e202d8a8eeba0eefc0e3c4ae2e2f37 |
| SHA512 | 9df64b67368224cd667d9154ec6028f79dc919a24535f7e039df8862eb83efafbd6e5e9b1fc224119df2d2929fee62190e2c7f2b8543431e0d3ca6471e7c37ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ccbeca97fc8658295c1690057a203461 |
| SHA1 | bb17ded8afefa3d251cd8dea48d3f75af9c9b333 |
| SHA256 | 2ccc626772efec9b09b2ee06e6b2ccf24476ae857da4ff04dda07adba759bf4b |
| SHA512 | 1384c8094ad70f108a08e7bd5b8ae7edd054de0c0323177950abfdf10d6f6326e7f10726869d032e544653274dc53de85f8130352f30291aa7704712859812fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76291d35afaf877e74b3d96039bcd420 |
| SHA1 | 14bd89b4911eeebf25b33ba13d0a472566fa86bb |
| SHA256 | 3e34c8520f8bba233212c58374a3124f544baca521f169d8373550b6cc11f861 |
| SHA512 | 72ce259f7ef547b56c0d72b4be4aab52413962f356c4ae6cb64dd1dc4b74f9a49d581b95484656b2d7cc3755b1c0e561df7e5d02fa5429d8bf126b5032e7dfde |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 7ff31f82985d1d80817b232047088efc |
| SHA1 | ac46bc87dbf91da5397c2b059bde7c405f58ed9c |
| SHA256 | dc81d33b8fcbceb2044e2b6cb14cc909b48eb6252061a281d493e0a6a6b18b56 |
| SHA512 | 82fb5a8e73515d5c20837feb3310b1adda997811741e1354ec2ce1bb895a04c62a5e0c0de1e041976ee92899c0dc62b5cf0c960aaf7485577d17f019d64e9049 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f77d378c048c8c4f3f6bdcc486cecb66 |
| SHA1 | 20f24e55d6732a9d3b0792544bcdbe7fd047daeb |
| SHA256 | 316cde484a974a06d97e56d745d10fea2a4bdd31be7b7af6ac257abfd71ea20a |
| SHA512 | 8acb86cc8dc18c87ce49554e58b64aef9aa371241c30ead79123701669e98563b79c480da5986db6afebbbf796c5fcba7bb8d2a294104f4488ede57f4b2ad877 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a4d738ff159f4a5fd564fb6fff513176 |
| SHA1 | 017191d71956f57e82dbd4a6fc495b8d5b28c5b6 |
| SHA256 | ace570880c478fb638ab55831cb0b5c88825837a27028a6b18573bd9c63fdad3 |
| SHA512 | 5b4b787feb4624e69ae2e2a220ac6d1723ea41b523f3891be64e1f14edddb05073c549e8ee2450b0ea691d074c2ae7399f8e7f8bf2b0d87a19bf88781a706db7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38140da0fd0de5e43176a9015dbeaceb |
| SHA1 | 387ef121a7abd112193e8de25143a13eab3b29d9 |
| SHA256 | 768e3d662b0bc066fbbc495e8e2d065993eab5665afe5264f1d1ccb29c22016d |
| SHA512 | 2c435660f4fe48309b8e6d0d7d06ea5cb43a7662517325bb379a7a7b69f4b3b3cd12254e54c41732de4a0306b7a17ba184f57fa0cbeb4df85f10bce236100423 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aecbba175c0393990e3b2287caf2a5a2 |
| SHA1 | d6ff2fc37be616b87af7cbe8bb41a4213f57d80f |
| SHA256 | 8718db9c6cdfadc07d580d192dc4e250cca1a5cb998b7f52dfed208d1ef20116 |
| SHA512 | 4ff8ddb3dfeb7340bab5f95e2df1a407ad32085b17fad2b6c0d15a3c21c516db22e520e104f0f463c8914a0804b93df0393088d2a8ff269cf1490b213ef24c8e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c07a6720d8c7c0a161c4c9ac5ef4c939 |
| SHA1 | 26195b0e28bf59956c5c8c1208df7c92e64f6e79 |
| SHA256 | c6bf1b7ca70190a875778c04d72a56df413cd4f6b0abb21f18dba520f0826bcb |
| SHA512 | f0bd8e36c89e2bc59dc4870f91c7ef6773609be2e4fa444fe33faaf50d0915c274e3243eb2ac9eaa277856470120e8128b9acd73dae28d2e5f3eb29a5107a35c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a33335dc0e11368f6fbd1186503c4da |
| SHA1 | 07fc474ebb0399d2e76267beb5ef59cf203f022f |
| SHA256 | da27068fa5976f186368d3a087ba65296f4c76df7a4dabc305c9bba9b582d734 |
| SHA512 | 6ce907eb1ddbb5a35edaa726d5bd5d5932da16c356507a400182adf24af41b9d0707f1ef815f1ba26968f8ee7d44b828dcfb5fccb799e50f6653eada8059dfd9 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:27
Reported
2024-06-03 13:30
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
146s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91f32f2824232b868b1aaad70e26b75b_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffb324046f8,0x7ffb32404708,0x7ffb32404718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,14240071867395561331,1186340524759544449,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,14240071867395561331,1186340524759544449,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,14240071867395561331,1186340524759544449,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14240071867395561331,1186340524759544449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14240071867395561331,1186340524759544449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14240071867395561331,1186340524759544449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14240071867395561331,1186340524759544449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,14240071867395561331,1186340524759544449,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,14240071867395561331,1186340524759544449,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14240071867395561331,1186340524759544449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14240071867395561331,1186340524759544449,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14240071867395561331,1186340524759544449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14240071867395561331,1186340524759544449,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,14240071867395561331,1186340524759544449,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3096 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.200.10:443 | ajax.googleapis.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| US | 104.18.10.207:445 | maxcdn.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.178.9:443 | www.blogger.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh4.googleusercontent.com | udp |
| US | 104.18.11.207:445 | maxcdn.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 104.18.11.207:139 | maxcdn.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 142.250.180.1:445 | 3.bp.blogspot.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| GB | 216.58.201.110:443 | developers.google.com | udp |
| GB | 142.250.180.1:139 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| GB | 142.250.187.226:445 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.200.34:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | www.seodocument.com | udp |
| VN | 45.252.249.18:443 | www.seodocument.com | tcp |
| VN | 45.252.249.18:443 | www.seodocument.com | tcp |
| US | 8.8.8.8:53 | 18.249.252.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 35.197.79.40.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ea98e583ad99df195d29aa066204ab56 |
| SHA1 | f89398664af0179641aa0138b337097b617cb2db |
| SHA256 | a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6 |
| SHA512 | e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f |
\??\pipe\LOCAL\crashpad_3716_TJELDZAPUIWSRTKJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4f7152bc5a1a715ef481e37d1c791959 |
| SHA1 | c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7 |
| SHA256 | 704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc |
| SHA512 | 2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 80a4d6032cca1901ba7be276c8956c38 |
| SHA1 | 4ab4a16c3c2d1445bb908f5fa883e0290abb167e |
| SHA256 | a50dacec8a637ea5887ca02e1de39b23a7a53726f0fd1c9549f7e761915d4610 |
| SHA512 | ab587a2cf1b8b756407a1beb3768ce25cba57f1b2f69349d0d653a760263872db82a1f86d810495160deba0cd72660e8514da7b8108b4672a58875f44878208b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 083d2ae36440de316102aec60197f620 |
| SHA1 | c29a2196992d21b3cd9e47cc0b4c30c0b821418d |
| SHA256 | 490d88c0546b38199d5eb22d858acb339304056381c3a709cfbedaa150fd23c9 |
| SHA512 | 598bbe98651b2eee276aac711cce6a732f2668d554a2175700da207e7c49af40b7f39d15331a476f0fd8f537c168ea4938cb80da58894df9a8a031c42654e730 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\03de0867-c025-4646-8a90-7ff14677382c.tmp
| MD5 | b5f9b239ff5a33f4db51d3e1d454bd29 |
| SHA1 | c483b85898eafda43c810eec798fea40e31fd066 |
| SHA256 | ea4a74a6fefd86aa85138699164a981afa95f38355d0b6c6da8ad13888b3ca6b |
| SHA512 | 34970855f42d98cb74478a47a2099327f83a3f2c3e54289c3e2bdf3e71c57795324daa07ceaa5f72312821d428ad89e25f64f3dd14123bfec7796da216470694 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 23536ccfe05b737ae639fe63ee4cc435 |
| SHA1 | 6d2e9822835dc3e6117a4d2addfc8f241fbdbc82 |
| SHA256 | 6ae9edfc411ede03661a3d910fafddab3d6b313d1f4668dc8c5a84c5ab23a3ce |
| SHA512 | f416e36b2322bbebd211fd1ea69c88883f00c7b00f14474a5fcce4a408840c0d1b0304eb8941509a38157d0583485f638959eb7d5b9ae668aa88c1d3eee8dd0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d381221933939e57adb3b9dc1b82606d |
| SHA1 | 040ef4f88fca0305a56a98ca9b45c33624464a09 |
| SHA256 | f641ffa5e1811d07802455c44cbfe7a48f19f645c2328cf393cd238bfce9a388 |
| SHA512 | 063d9673636a7be5cf7a9dceaefb5f7379e45559bc538e98942d63eed458e51336ab81aa65a655fbd78e0e7b8e9f61e438f7e77a2b7929392b4b276a8ede0a33 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f339.TMP
| MD5 | ab678698d630efed48da49bb108e5ec0 |
| SHA1 | f9c134f043c53a7736280f59c0328d0968fda5da |
| SHA256 | e7e1b33db2a8e3d087a3294dbf547d6141d18d10b38938dcb7a72e9c78171e90 |
| SHA512 | e751198abf6a00d590afea87829e30d561c5ded8def989b95391fbd92a3316df5ee7548dee971568b58c47a0e3a7bb4e18b3431e920336edf3758537d551b7a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f83dbee96d20977753f7168dff80d0bd |
| SHA1 | da4300e9cc7dcf3aa49f4edc99ebe1991095ec97 |
| SHA256 | b2aa7151fb1ddc3878de28f87e8f19bb28fb2a61527ff90466380a96add727e1 |
| SHA512 | 9e8379131d4e70abc724b8e832837ce4c08554b3c63426832a35cd65160d6f404bc14b50e686ba258834c9b1c85f335e69b2f7c8c7ad68845d0daf539fd25597 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ed96153ea17f3706685163d968f29e51 |
| SHA1 | 3380f6cd4f1a659a93f91439525d8834be9b2791 |
| SHA256 | 9e67101e763b69d00924e01f7cd09eeaf31467e18cfc8b7dcc029c84ea7d780c |
| SHA512 | a43226f20c574617430f917495cb511ae01f92219f1e9635b1f0fe790f3c58c85982ace557243c2b483eb3f2a3d55e92da9231858912700794b7afe87c406160 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b51c952c9d5a1617ac434908569a1c2d |
| SHA1 | dd489aba8477c9d0a792cfbbea7ce9eab6c47813 |
| SHA256 | e3417d60439af1aeea9c0a766f02ee90dd9ebbeee333c767399df7080c01a3f5 |
| SHA512 | 842943a604fd055a4867ccca0237c503259a3f92f50f7f29b37865eb12e1488df01b344d5d1183c35597a82cc8caa8d850fec035ff021d0177457d2ca63c54df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c755e267fffd519e5fef444091b49f80 |
| SHA1 | 62ca99bea3d272266463ee452e451695a7fa572e |
| SHA256 | cc39b3245f50c35e52b143e359c5283e353d26f5fd2b41e4d04422473155a133 |
| SHA512 | c8f06f1fd1b20d2e4dbfd995bead53e95cfad66cea4ddf19913aab62d25e969c320bfe3037435504959fa7b22991af5f7376e46bc9f36c58746cb0cdd4455546 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9164c7f804d85fd53fbeeeb2396b08e7 |
| SHA1 | 4857e5d6ca703b295ab829e92eafcffed352ce55 |
| SHA256 | 978926ee60e12561ab5ba746968dfbbb19fd0e845d2eff012de4dfef1c002e63 |
| SHA512 | 9e4266cd425028267db3cd49a47f1d32df62dd06c45b703a5da4068b48a635c63254b6d4adbea54e69119c71ec23cda07e7d9f17da411eda2eca7d5335f391eb |