Analysis Overview
SHA256
65ee557b2acb693914f404d0dd00039592668185c9a2f6c3aeaf474015a99f6b
Threat Level: No (potentially) malicious behavior was detected
The file a2fa72374b8c2acea629affece102559_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 23:42
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 23:42
Reported
2024-06-12 23:44
Platform
win7-20240220-en
Max time kernel
148s
Max time network
152s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00a1024122bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6A202BC1-2915-11EF-852B-6265250A2D3F} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424397610" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003cac5904b186c542ba5400de6f56c92400000000020000000000106600000001000020000000f167388e0b6be18c81e1cdadc427e3fd7d32d9900c0f5aa5697614f44cf4697f000000000e8000000002000020000000231d15af6b2180730824f82e734f4ce96a0334a56f3cd93fff000e2588a66359200000005b79acaafb2d6be69d0bcfe25a5ac97813ebc84885cd4d286050540638845f1540000000da92d491f62dbcb89b6dec67d80aa3389e16d1d6607f1a92f594cd8c5b9cec1ddafc6025468261df65d5850821aaa277441a7a57f64bb2c65f6b3c2f3b2bd6ea | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003cac5904b186c542ba5400de6f56c924000000000200000000001066000000010000200000002504ce23fc41531b83bd050f115ed193225e2199e7abcc510b5fe7dd51e02cf5000000000e8000000002000020000000bf20a34974d0da9dc12bad0d733423d9c97a0441779c317ac82a705e82fb38a390000000165568d2b958d1353849ccdb18de4b780138d20bf464633f4e8671c97f8b4dd9c3eca529c3a48178110699de6341251ff0b86c76e70fe5f0c2e3d6eff5aea2632681358dbda607eb60d2a0abb6e653d9637932fcf5f118a9b97a47251538c2a6cf5ad07716da2699fbcbcde36b975bfb89bff34018999ef1e53e412939cf48db0727ff5d1ff133fe4df43329dd1c367240000000d23f66c74c293add2c520f2f6974caf9104f0b6ce8c3e9c847052e67400fea28e9aa1972535cc14f89e0f33df6a07d810b87efd3fdd560cc3d71a2d9b7982ad9 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2764 wrote to memory of 2896 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2764 wrote to memory of 2896 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2764 wrote to memory of 2896 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2764 wrote to memory of 2896 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2fa72374b8c2acea629affece102559_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2764 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.in | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | ws-in.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | resources.infolinks.com | udp |
| US | 8.8.8.8:53 | static.nrelate.com | udp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.187.226:80 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.187.226:80 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.3:80 | www.google.co.in | tcp |
| GB | 142.250.180.3:80 | www.google.co.in | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | ws-in.amazon-adsystem.com | udp |
| US | 172.66.42.247:80 | resources.infolinks.com | tcp |
| US | 172.66.42.247:80 | resources.infolinks.com | tcp |
| GB | 142.250.178.9:80 | img1.blogblog.com | tcp |
| GB | 142.250.178.9:80 | img1.blogblog.com | tcp |
| NL | 193.33.194.160:80 | static.nrelate.com | tcp |
| NL | 193.33.194.160:80 | static.nrelate.com | tcp |
| US | 8.8.8.8:53 | www.33porn.com | udp |
| US | 104.21.30.212:443 | www.33porn.com | tcp |
| US | 104.21.30.212:443 | www.33porn.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| BE | 23.14.90.73:80 | apps.identrust.com | tcp |
| BE | 23.14.90.91:80 | apps.identrust.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | router.infolinks.com | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 172.66.41.9:443 | router.infolinks.com | tcp |
| US | 172.66.41.9:443 | router.infolinks.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | fe0.google.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 6328f4444c92e449be65e2cb95519d19 |
| SHA1 | 26980e2aaee3548aafd419694da2c867c60ba9a1 |
| SHA256 | 88212d6e6d61b87cec0348cc7d0f52c771186e6755b47dbed4f56f0dc9ed7cd1 |
| SHA512 | aecdc9328724358ea7f8727e720cf88405a471266d0e2a9fadbde01736da4d6cd941f67576e30a4b8c4af4f960f86a2d755ab70e71b9699348aef27d8ec2b400 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | e56e8a78c63bf428e8186c359188db32 |
| SHA1 | 4b93123e24fd5fb6ae6cc24cd34f10edcad3c366 |
| SHA256 | 923d62615b366a5efb3ecb1eb53d50aa7639815b1d6418fd44f619d810709d59 |
| SHA512 | d4d2d26ba9ce9fa36de6f0c34ee296a557fe8ca8258a003fd8df3555f3448cb26e64ab01ed89fb7888e9cc0608d6502192052a1d52d6030f192f6096353c274e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 653ca9ab117c62ec9df1e563cd4a3ed4 |
| SHA1 | 7fc753101c36af430236ecbe04544f53a4ad6ea9 |
| SHA256 | 581ed26fcdcb2efa2dfae476e3173ca2c280dbb0101867aeebb47c81da8b6d3c |
| SHA512 | 439b19490c20dd70c1fd760c8ab44c6078e682b924f30e99f1d39d2090cd2e77f14a837770e0c8f3255815ad8b6ac5a61ed8dfb3f597e047c3a3f49721a5a04e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295
| MD5 | 6e7dd6f11d5e350651d3d0adf83a1f95 |
| SHA1 | 775be071a8048638379be9c1ab35b7214a36c6ab |
| SHA256 | 022a32f5488a315a72d8fbfefa929cbc029a049cca6a1e62dd392a4b57533b82 |
| SHA512 | 430272fe8fc9b5e7f7032cae1605d07ec945da382092118ba9034f4960df5dba83ea7889ec3f30a19369a78de3b85b48720a63600aad1f7ca4092efcb201c6ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295
| MD5 | a4c3e4b3f212ccf9719236eaa8f728be |
| SHA1 | e017a18974a9969ca60ca2499ac54b464d91a2ef |
| SHA256 | 0641546fbe6a6bf201d918796cf5efa992632208053037f369a6173cc2afd39a |
| SHA512 | c4c229eec604f4022ab0d439eb8b95bbdbb554d809d4571745957f0da5dc740e4ecb13757273b9dcf9f431a5b1ca40d53a539e2ccfaadbf7c161dba6b8b2734f |
C:\Users\Admin\AppData\Local\Temp\Tar302A.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab3017.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8c888fc442caa910d1257887d8c9da72 |
| SHA1 | f5d842ede65790eb7614636a11a595f9d7cfb66f |
| SHA256 | 287805b08a91f8c41a7895aff8b22eedda2cb4084aab25b395e2d1dfce3850a0 |
| SHA512 | dec379d9dbe8183cb15834e9a160e46d1e10dc1264d79567ee0bffe4ee27756f3d5f2f730d4024cefa2d77ce5ab3d0d1bf2064bccdb4ef00bf6d6855a3e574cb |
C:\Users\Admin\AppData\Local\Temp\Cab3124.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
| MD5 | d4ae187b4574036c2d76b6df8a8c1a30 |
| SHA1 | b06f409fa14bab33cbaf4a37811b8740b624d9e5 |
| SHA256 | a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7 |
| SHA512 | 1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 02c00c3774086f8b327054e33956d1ec |
| SHA1 | cbfb82b289ca28ade692eb36faf5bfcd9508cf88 |
| SHA256 | 96a5cda89b30dcb1f60b286d1f43dd1c8fe194a30cced6ed8ee505b11e5dd0fc |
| SHA512 | 3a50cd0ae0cd20df977e87333b84f7a9ba0d0f7ea800ff99a0a613b2464ac71ef347f8be6eebd846943f280f26403fedbe146bcd442419449299e4302178b55a |
C:\Users\Admin\AppData\Local\Temp\Tar3177.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00da4be687a1c2acbe9030ad79dd2a6c |
| SHA1 | 5091d4de3f2b3183adba9288e3621f1cbf4132be |
| SHA256 | bc35722ad926c07beb0eb17b8e1d4bd896547e36e4e38858bfeb9d7817a5222c |
| SHA512 | 197a7762f9a851202d669a5d19ac73cdfc6df5077a2524f1fd2082733b8ebe07ba3babd3927a6eb05b2ef666e7c6c0a4d2395b5462dcc6e00ddf3a1e158a59ee |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\platform_gapi.iframes.style.common[1].js
| MD5 | 682c26af19b240f98d2cb951721fa54d |
| SHA1 | 18e58b652c7f82a55ab4b1910693686049e25d62 |
| SHA256 | 96428f0f585a874c185d560538ad83ebfad0365d760fcf9fcefe80add9e3c980 |
| SHA512 | 078aeef086271b7f9cf0f6e3a1e7908d7e38465a1a7a4de6f2a785147e9130551a2995e80600824da9341d58e5425d4505518e90eea9ffe1c64f4f41825a9660 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\cb=gapi[3].js
| MD5 | f9255a0dec7524a9a3e867a9f878a68b |
| SHA1 | 813943e6af4a8592f48aeb0d2ab88ead8d3b8c8b |
| SHA256 | d9acfd91940f52506ac7caeffea927d5d1ce0b483471fa771a3d4d78d59fda0d |
| SHA512 | d013be6bfc6bcf6da8e08ed6ff4963f6c60389baa3a33d15db97d081d3239635f48111db65e580937eb1ea9dc3b7fc6b4aecb012daeee3bf99cfebf84748177e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_95776108E5303B05527E9B63C6628F47
| MD5 | 31c72108356bcbb5569409aa463923e3 |
| SHA1 | 647712555d187d6763bdafc3e9c2ee9645bae56a |
| SHA256 | 16c8fd04d2e7f175e0092f4e468aaa9b762e79720e99683c787e4ed130404cdb |
| SHA512 | 4768ecbf85c6c15bad385b1c5b6937e4243aa4bdd0163ef49bf219047b6d9920a535a860cb29cc02dd5a427f170ff43d4e6e7fb5b3505233d24d671e84205e60 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\R34J2M33.htm
| MD5 | f4ba08d558dda5e243243eb9e75e591e |
| SHA1 | 5b1d7c6f9af81b6c284e815783011a86f866d5b5 |
| SHA256 | 3d6ef4e9d9f9b312007315ac77dd739b820888c15c9f5f95a137a8a9257a8e41 |
| SHA512 | ecdd68871f7e83f3ee2a30d34e7cec4d1d526edb52e1fb77805d6d50a8473317fc945e30993a501edf5a957a0ed248d2f1f9b2e03fb99fa9f8e2882ae84ae5bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 68f3157bbcdefb3ae0f8fabd2e8839d9 |
| SHA1 | 1203119189e9f08917f09aea5558b81edc278bcf |
| SHA256 | db77cdc2ddf643ef2fd570d0a82b6bf8f83c9bb7c490dcf29f5f25234fa66e1c |
| SHA512 | 3c156741779cdcfb026a055d272b12d60639127ad23091af7914fc04d451aaa755dd22f19570ed2a73600c9f56f7ba7a833998a74c3048e603006cd8a79dc2b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e061d1c7d36ee7c726d3e6e94033629 |
| SHA1 | 66710799976d839e3804a1801309abace1fb5ea2 |
| SHA256 | 226032be19fae857dc48097b474df8a60fd760e59712c3a7e90e79506ac96514 |
| SHA512 | 5558fc2da218e787971c5dba2f299d4b65f1cbcd815c9d7335cf04e4cc0a24b11f462af60b3d5ce56b57da86b38f18af39ccdee83872c611e24b7ab9e7d22e86 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf9f846799ec765690bdf2d9564988ff |
| SHA1 | dd1b5792e356855b283be81e3b3fc855f326f80a |
| SHA256 | a4ce62ee6d93e86a88d00b4ca8851ef9b592768ff916549c326809dc47b18c43 |
| SHA512 | 644f0bd631886358bc88c9c985585ae74f7b684be23b6bec87e826bdea913637ec599fb3bbdb1f4776b8386a5eaacf4168643041bb0ea14b91007ac1cbdde8e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a39c3e44ab09e4b2030a671e23ea2eee |
| SHA1 | b3e7ceaf96e53e356d47a564a267823f34a21321 |
| SHA256 | 1deb0293709c6c5f8962feaea795f75847f3e63fe49ae02326fb8fa3a45fed52 |
| SHA512 | 33a85a5fa7c8767a8cac2e28aa5de5f2440074cfac4d03c82471ddbc64cbe84a9d8ebc1bdc94ac784b2aafe02ee08810a8f8db376db70a0a12a72a9f6931bdc9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e7a834b727190be6b1ca2a5ec8c7264 |
| SHA1 | b6be99fd10177c21a9b128086c97c5871f6be2bf |
| SHA256 | a50c7acfaa3b6313393918b36c0487ca367eeb60716758d3ce3a40510cb5dcf2 |
| SHA512 | b3a702f2f1f9436f084e8a2dfca3c7aebd6c2d3dcb177bcf361778abb15b7218ef70b87e61572e4928b2ce882eed63595bc4d6a5c869a3945511c4abf40eb2e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 382b13b8efd5e02df8d1229f4972273a |
| SHA1 | 57ac7f5835cde76e00cbf5de608f95e6bbdf1b17 |
| SHA256 | f13b431d1fa353e12ba9887981a5bc298f3044b20c5cc0ccb0626515bac7f77f |
| SHA512 | 3ae761657c2aa903ae27d1ba4240feb7b90f92d3b9aa1dbf9de6933c02b78506e098288be4d38ea23ca11cbbf6effdcb49da15ff995857220acaf96230b9bcd6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92a11fb0170833b707fc80550ffb2000 |
| SHA1 | ecea3a6dabb860998bbff9d669deda991bbf359a |
| SHA256 | f1ff14eb751d653fcd402606f2ec4deb22f6090e60f6317ff5eda6d624b46305 |
| SHA512 | 6805cc9414a6ddb3c44973c072dcc8c495da8655ce6858f9a24b5e0359e43e9baa83fe8b9253ca7a18e714f8786e08291dc271c2339d47e16d201b4ce2dc68a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98276c50195a2838166258d69b706f77 |
| SHA1 | dcd5d4149e4e5cf041037d4e71995d1b0c5c00c8 |
| SHA256 | 9912f00adf4292f48b90a9158e15602d764612040dfe1e230e295c6c5f0f249e |
| SHA512 | b2f8d0e871ed73828766f0f1f190fc783779983590d996d786236f431b691e9e36aa0443e7f6c864a895a62f370eeab2d9c2b6177038bc701ae3e776d1375485 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\3604799710-postmessagerelay[1].js
| MD5 | 40aaadf2a7451d276b940cddefb2d0ed |
| SHA1 | b2fc8129a4f5e5a0c8cb631218f40a4230444d9e |
| SHA256 | 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2 |
| SHA512 | 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\rpc_shindig_random[1].js
| MD5 | 6a90a8e611705b6e5953757cc549ce8c |
| SHA1 | 3e7416db7afe4cfdf3980daba308df560b4bede6 |
| SHA256 | 51fdd911dc05b1208911b0123aed6b542e9d9f04c94d7504c63d89ca259ef679 |
| SHA512 | 583636571c015af525cddd5b8dc2ac9964aba5a7a9b0acd3908e4aeb4c2ee74cdfaabe49b0aa13d7b142748542426864e91e88e90d7f73bc647f0bfecb0ff7bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 51cb821b8f996c284323f0bce3a323f8 |
| SHA1 | 6bed6bbba507e6caa60b1ec270f6e83fecef6e98 |
| SHA256 | a91246cdfa58b5a385393a90eea175442c5c557e3f7fbd4091f65c59d14e6463 |
| SHA512 | ea7e73070376e035cefb0f322d5b47e9ed7c64795f3f5113b9ad05610920b1abd10e571e3b43fcb19952e7263f6bf4fdf7098d534557bf0b2f79cb43b3141342 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e3264313de0b656783cea120afecd26f |
| SHA1 | 93617956af09f16ede758ded60eeaadb5f67f3ea |
| SHA256 | 41169a7fb8c443aedd811981e6785e7f108b11eadcb2a564a4a6e8f3bba06175 |
| SHA512 | 1e992d6ae37f8f33ae24d70827d572dd2b199ea4966f3467b18c8c245dba9c905d5bb33c3e595bc15c0f87fad5f4363d7781acf0c42480ace1baf8241313e34d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 17439acecf97e3d243b8a55cb036096c |
| SHA1 | db60deb57dc24c1dbc582fc5f8732c7f29071d00 |
| SHA256 | c533517fa0c6fe7c46a4f7dd0384baf6e4b83cbc69dd5fbe195d209c40875e8d |
| SHA512 | d2ef6d1fbb76073a721fe421a8bdcd19aa67d2b21a2da637afac49855ab670754f293aceb3ed63dab765dc49923fac5ef415eb552f40b6fee7c0bde46261de02 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 37433e01b09a2dbaaf0be250e2d571e7 |
| SHA1 | ac4dbc9855dc70e80fe6e00b369d60a788bf02d7 |
| SHA256 | ba1dcbdc50c202e8134b011d6b7580d03252271dbb423cf0672e3216d9abf54f |
| SHA512 | 997d13d5509c8275a1471c5319e3d9033c673bcee037b3d2442ea92ba2c5871039faae66b0c9b4deda265cd7f8ec5adcbfe6f7eba8e09250466ce3b90bfdd8f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd034df5f690d775467763cbd4987a29 |
| SHA1 | fa0b5439db3573b8259d6ef4a8936b1d80524ee5 |
| SHA256 | b7e9b57b95872c1edcf817248e045afb71c0b898a95b6ee9bf27015a793e1246 |
| SHA512 | 77696c3bf36a14e4a20e46e413f4f84f8ae4c387b38f552230c546fd3ce3f7bd0078bd58b2bc497cb6373708ca40b0e0b3cbdd515be98dbfd3e4720e9687d9b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58a63038bc02f75ef858e63e73a57f20 |
| SHA1 | a0d399851c9cd6eac94241218a3040cb6e7add61 |
| SHA256 | 62cc971494924e4b2a7ac3d0dcf58ee3f46ad28cd68017c009afd59735beb72b |
| SHA512 | b8e3cb6b186684bc929170fe2d0011fa6d6e99c96ef7a22d09918c62008ead50ac15b2aad427e2b9684fce74e0e3f8a781e014c4d3b6deb850a34fc4b97fabb8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c15cdac411c69d034c6107d52e27b8a5 |
| SHA1 | 9ed7afdc182e488fc10c4178552efacfa1e52637 |
| SHA256 | 33dacd4f650ccc058cc94af931bcac2ced67fa025d3d2c697ea48bb605675789 |
| SHA512 | 7fe8baed69ec2734e914c17c71a82beebd68bb979408b05d9a16991b91ec9a694a5bee65f0832c08d63c88d56f1adf6655a9389afce8be4b75b0926c25aaa563 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d3ba34e04832acef5365a40449ab391 |
| SHA1 | 722f2b7308f7c91471355708b2e3fd46dab84dfb |
| SHA256 | b02d4664fd0bea32c47f66b9e0eb943ef668c2fc68ca88c9a099768a84596359 |
| SHA512 | 3f01fdaeeb16b6838b4577b31efd944cb24b5f8650f67cd2bca95935a2e000b211238efd7fe43a2bb8ffa7ae3ac511b1a5ba84d05d1e9a5e4d141467c428c77e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 47b707892d06a9658900ad27e0e8777d |
| SHA1 | 40a8a6a148d6a3d9bffc1879283255c763fa7f64 |
| SHA256 | 5c5eb1db17b343c9e130d0d6708435c84b5edbea1952643638a2e18a6be307fc |
| SHA512 | c9b57d0aae708acbcc21bb11d6bdf5a66d315e9e6f9c40b67b76b7376f685aada55ec0b563e38217066eb6647f0d19ab4ea6151cf2e73141c3276e5a25203d48 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dada1853e4bd686732db18988177df37 |
| SHA1 | 8f3657c61bfe5a6183a244d3690bbf41bb79d184 |
| SHA256 | 1cec999d592cf44f2a97a5878391d0ce3c82d36e960372dcb1425098ead0aa0d |
| SHA512 | ca9e3cde0bb0d08ff8025ec9a9b95514c87da52c23b6f874c250d412c72a9224906623a63e1438770198550225039672cb289029fb43b3a3f287f8dab5fe14a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5293147e9a1fad658364d169a1900ad7 |
| SHA1 | 1d88479dac7823a84c2080b299b4e40fb7185db9 |
| SHA256 | e033110b18b739bf6033e622ce75b8c74c59c6900e98020fd8c321e852fd9439 |
| SHA512 | 71db20848626799bc0b7908c0019ee9df617fa994a3131991b8e483bc7d8142b37468b11a459c5e243f282c741d1ebfd910b01d6aa57c7a33ac35eb1046260c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0fbfe6c084d577f1bb353bdd530cbf7a |
| SHA1 | 63430c3c0f13c94a122a98fe068a9763d4698da1 |
| SHA256 | 91a0bef5abc83d662f907c8137b4cf3393daf69e35767d6616a6bc348a19b7ad |
| SHA512 | 2b476d305305c0fde141ef79d04e10b9b734d1bcdba854ecf45f0d8ec20c678da6abc14fbad3e4df03f90b90d38171f6f8af6bdc5266f109aa30fa27c6c99198 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 23:42
Reported
2024-06-12 23:44
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2fa72374b8c2acea629affece102559_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe4fd346f8,0x7ffe4fd34708,0x7ffe4fd34718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,13878743142838107657,2919071301089497181,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1996 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1952,13878743142838107657,2919071301089497181,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1952,13878743142838107657,2919071301089497181,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,13878743142838107657,2919071301089497181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,13878743142838107657,2919071301089497181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,13878743142838107657,2919071301089497181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,13878743142838107657,2919071301089497181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,13878743142838107657,2919071301089497181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,13878743142838107657,2919071301089497181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1952,13878743142838107657,2919071301089497181,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6916 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1952,13878743142838107657,2919071301089497181,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6916 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,13878743142838107657,2919071301089497181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,13878743142838107657,2919071301089497181,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,13878743142838107657,2919071301089497181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,13878743142838107657,2919071301089497181,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,13878743142838107657,2919071301089497181,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6204 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.google.co.in | udp |
| US | 8.8.8.8:53 | ws-in.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| BE | 104.68.81.91:445 | s7.addthis.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.187.226:80 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.180.3:80 | www.google.co.in | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.9:80 | img1.blogblog.com | tcp |
| US | 8.8.8.8:53 | resources.infolinks.com | udp |
| US | 172.66.41.9:80 | resources.infolinks.com | tcp |
| US | 8.8.8.8:53 | static.nrelate.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| GB | 142.250.178.9:443 | img1.blogblog.com | udp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| NL | 193.33.194.160:80 | static.nrelate.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.33porn.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 104.21.30.212:443 | www.33porn.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| BE | 23.14.90.91:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.41.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.194.33.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.30.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 142.250.187.238:445 | translate.google.com | tcp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| GB | 142.250.187.238:139 | translate.google.com | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| GB | 216.58.201.110:443 | developers.google.com | udp |
| US | 8.8.8.8:53 | router.infolinks.com | udp |
| GB | 216.58.213.2:445 | pagead2.googlesyndication.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 172.66.42.247:443 | router.infolinks.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 247.42.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| GB | 142.250.187.226:139 | pagead2.googlesyndication.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| GB | 142.250.178.9:445 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| BE | 104.68.81.91:445 | s7.addthis.com | tcp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| GB | 216.58.201.110:443 | developers.google.com | udp |
| GB | 142.250.178.9:443 | www.blogblog.com | udp |
| US | 8.8.8.8:53 | technologyinscience.blogspot.com | udp |
| GB | 142.250.200.1:80 | technologyinscience.blogspot.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 1.200.250.142.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3a09f853479af373691d131247040276 |
| SHA1 | 1b6f098e04da87e9cf2d3284943ec2144f36ac04 |
| SHA256 | a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f |
| SHA512 | 341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016 |
\??\pipe\LOCAL\crashpad_1096_RDNVHURSRWSLFURV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | db9081c34e133c32d02f593df88f047a |
| SHA1 | a0da007c14fd0591091924edc44bee90456700c6 |
| SHA256 | c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e |
| SHA512 | 12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7f4c27f2650dee3a394b7b8a02cc76b7 |
| SHA1 | 2618dd90b6f0cfc6810bb93494140a2dff42565a |
| SHA256 | 72edac005d6c57e1efb4b1993b0f22e4ef60597d6a1cfd862436437a52953e48 |
| SHA512 | b781ee47e9a91bcf0704cfcd305d7a51f52f7d476efff4da9a05346a685f25a43ed31d27507ca1c689a730a8b1ba34fbf90d62eaf65305bfdad543f718fb8412 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 842bbd3d0e9e312799e2360bb0364183 |
| SHA1 | a7aa25e9a67ce2f84efa23287667c73cf04c90f0 |
| SHA256 | cc3f500ecdc72bcd16242d9e830c1258788f9e1d649210006452ba5da76e1ecf |
| SHA512 | bdbf387983cf5ba39c1c1153f4ed0c5ab143e275b13db4d6d424c9694ddadfdd823c73fdd9a1cd8ec94009796711c9b62fc7e6f37a0b14ba02934b2b45ca79ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 75c91961b6b47bc8030f2810f58a20f0 |
| SHA1 | 0338e79f6664325ddc4015ecc22e34164e073799 |
| SHA256 | 6fd787608c4695b5aec7e61ca296cf34365c45290004c4ffd815590cb1305dc0 |
| SHA512 | 61d831647f6ce4928db6f13260b52b91be310ea3a73a88581653ab47a60acb0932f31b32e8e4efbd85c885ace2c16f245df32a97626bcca6fc56d76212d8cb5e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 53bff734631b2b9051743631d3d3b616 |
| SHA1 | 34975d2d3c5a51eab1a7cd1d117bc2076f864459 |
| SHA256 | f48e2bda997b86d3ce80ef861478ecd9ddbbc4160efae2bd3250c4901b359255 |
| SHA512 | feacc6df8767109b6c2af2920ad58237e7d23e19219a08e0a4bcb322aa394ec2d7e504440e62ae326b0fce88e3cee64f4d530bdd5aa7d98e1401a0e432ce79ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | e1c71f7c04be834f5587230db2ad24b3 |
| SHA1 | f3bab9cb99d9f343bf7ed3981aaa7450515d2424 |
| SHA256 | 9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899 |
| SHA512 | 205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b42d.TMP
| MD5 | 6b429c01f617e5196bec92b11e598477 |
| SHA1 | ed631b99f08617673a68073feec12e0590402148 |
| SHA256 | da4093f2c26679c2983c62dcd21db27fc6bcf665fe28e55ff886543f9130a4ac |
| SHA512 | a19f665d170420a2d3349ab0fa4785a2d6c69c86683aa3b4c45c94943440af2ac629525bcfdba01331ba3f189fff493f8a729053acb40ab504e0c0786b8e04a0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8f17eca26ef1fb4a7b45835afc4dfd36 |
| SHA1 | 275c377ee5f49c49f9935954e85c8595a07e1505 |
| SHA256 | c32cd5b5b4a6493deac4bd01607954085f4a332abee32d5ec1c0cd3ef86e034d |
| SHA512 | 8140328c9c16c76d299fb0e8c625474f36163c91342894f9709dfab3f9f5f97b11856454ea858209d88bbc29c813cb9c6f819a40ef0b494c95aca2e364ecdbac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2412ea8c2ed0bec5904132382469100f |
| SHA1 | a3c7d3d569fc74c3d514f2c613d76f78ee690e94 |
| SHA256 | b5869d366246ec488c4961cc1a2e3c8b735c09291a96a32e61c8ee90b972fc6f |
| SHA512 | 3185d7175ea8981f1a2db7664711fa9e1a67112d6a96690bc947c4b623b44d2e576688f777fd531253758c04035b2eefffa8f21eb979b818a9ad6c41266b9b2a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9f3998751ef8b23e47a54fc81c513b0b |
| SHA1 | da7981b7cbaf50fbe5dec1b28e65b025e33b9b15 |
| SHA256 | 530b7126319c5829ede866004d1b2fca0b967a090daa96ea52d5561755a9d5dc |
| SHA512 | d2d144a046138bd2d78ff47e1a202243535a0dfd923a2130df6d548d24d4a17c2d37fd2097542654e27b3e48e09e81a6434cca901e839c4b3a2d71d45aa4ba3a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a5d25d8d53bf18aab394c2285cd4aae9 |
| SHA1 | e9e3c67953bd77a79ef293f6a7e5808386c7da01 |
| SHA256 | 7125170e74cd66efca3a0c450fa8b9fda82bde90e55fcf9280fc725a31212fab |
| SHA512 | 700b6d5bccc793d798073bee81127618e0071a37694280fe73864dbd83b0b1a949629797f069f228b0797b3ea7ce0e658499fc2056e6425acc487b719dd90e8c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | bb33a11927903afab82751ebc8d1c079 |
| SHA1 | 4d38224a9ed70c5d84d90171b17a18f2359bebbe |
| SHA256 | cb0764af525bd40b22ddf0c600cb63af5ef51b87165ab50bf89729002780fb34 |
| SHA512 | 383565b26e608abfb83435e1b47317b47e77716eeb83ee169107241743239192444a27379b108bd7e15d32d11cbae26032b00660b0211b6f2cd84321ef36d07c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e169014821929c24217d400c27ae3365 |
| SHA1 | 88c2c603810489c1c40ff8b5d1c1d0288c1703c9 |
| SHA256 | 669549c31ac99ac66282bbdb1e4c55956064bd9a6f6cd85a5405548cabb0a498 |
| SHA512 | 250754ad3e15d1c715cd5f85db2ca43ef18a637b3c57b45d980a629cebe34f15391d8178ae68bc390eaf17188ea20a84e449c0297c9f7149b541f562124aeb7e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 33d9f1a275579a45667e51de8a82613b |
| SHA1 | 9a3c37196e517717258cab12ab74fd6d6a154827 |
| SHA256 | 9ad2677c0ac5ffdca0662085f365713ed662ade8aa3e54852e1c2d40025bfdd0 |
| SHA512 | d469fb9ef93118bdf62524b118a1ae7158f9b53465965154221231da0ff7f88fe0957ca7b86bcc9003fcf724eb39c424bec31a84da654ee76f6ea69b0c2efee4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 251cb7787b0341784cb49241cfb06be5 |
| SHA1 | 95fe5cc4302b79bb5f431e2d5256add8737b532a |
| SHA256 | 8b8ae690ceafdf2820bc87dacb9a65af681b1a317e9e676c9bd60dc956e38351 |
| SHA512 | bf997ac1585a9a15b8485debf36e8e624fc7a42203d200a86e8a129d91bc7d0e302c9e08a0b55cd563d6343019b38e120398aaf52b0eef275e7fae6a00380612 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 857efac0d20005fe005568b8eef4a4e6 |
| SHA1 | 38258a1c88ecf8316b6414504b113eafb4f44e72 |
| SHA256 | c34908208d0ab3e5fa036a9b52b20c515ceec2fb73c426f574de4010522a150d |
| SHA512 | b402f78c65cb80fb31a1bf87b1cfab57d9863fae2e0af6731b313a0bdcca0230918e761cbce63198fce6240b31563483ac8c47ae4f95a907898bdabee54ec2ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0118715c2f309b101a19a98da7c16a69 |
| SHA1 | fed18e2ae4d6fee65281a1e142393d5947082a7e |
| SHA256 | b713b2f148d2ab681b499082419327fbd36ff4d355104d06f38db47ea8c718ba |
| SHA512 | a837e2157563e9789802a67d895c18a5c7a3515b4c480132b6d773827ebf1793fc86826d180d9f29841940341211f87a0a0102e056f9bc7bea83ca80be926a41 |