Analysis Overview
SHA256
1bb9aa6b134a9d538594b0df08019860f4e92946d49aac4eff42083aaeeeb739
Threat Level: No (potentially) malicious behavior was detected
The file a11aede3a8c5b5e1817f35b5e3eb0335_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 15:10
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 15:10
Reported
2024-06-12 15:13
Platform
win7-20240611-en
Max time kernel
144s
Max time network
148s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000decad951f952ed2d4a606db9a2ff821e3b379e5cf556173a2b958171b0f7648b000000000e8000000002000020000000d2e91978badd20741c539bfc7bcb7b09bf540a9ca62b8e5ddb16bb0cc8591937900000003f6962fd9bd43b854ef315eaf7d4e1eea48507eece46f0ba3bcc65c1c32ec513ac2814f3648ddf2297a53187aeccb511aa40a6f1295486c57be3037cbcbf58574004b0e6aff0f464de4220d9084866a3de978cf1d4596c7aee5663af751e0996442a1253ba8fd98aaa74bcdf5d6a4fdc17932b5fb239bf2bd714d022b208f7ab57c88aa49786ba742912030d46ab40d4400000007909eda5433c96143fe8fc086ea87904d3527df872ce2716fd20d905034ec1d260740f2c8b367dec01967a686863f4f62137ca21a23e2bcb61f557a680588b5b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000009a1607d24bc2422c576bb5918245fa9215c8ed8cda40cc45db36c2bebb082c0e000000000e80000000020000200000008e8eb2b69216b6ebd1915a47cfd042578104ddc2a95eaceb1b21993324362a2b20000000d76d8ffcad7d2c3a9525131ebaaaa86964da364dc8887220244e0b50ab3df83140000000a6d5ffcc62185173d8910e83fb56f74d630a18f510a9f4604b48cee388cbe954ee0490060fee239152bbd16cdfef06948fa11e13e43bd342199219e25e88e9eb | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 501a17d3dabcda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424366928" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F983AE11-28CD-11EF-AF9B-7E1039193522} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1176 wrote to memory of 2744 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1176 wrote to memory of 2744 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1176 wrote to memory of 2744 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1176 wrote to memory of 2744 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a11aede3a8c5b5e1817f35b5e3eb0335_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1176 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | static.mackeeper.com | udp |
| US | 8.8.8.8:53 | loadus.exelator.com | udp |
| US | 18.172.112.82:443 | static.mackeeper.com | tcp |
| US | 18.172.112.82:443 | static.mackeeper.com | tcp |
| US | 18.172.112.82:443 | static.mackeeper.com | tcp |
| IE | 34.254.143.3:443 | loadus.exelator.com | tcp |
| US | 18.172.112.82:443 | static.mackeeper.com | tcp |
| US | 18.172.112.82:443 | static.mackeeper.com | tcp |
| IE | 34.254.143.3:443 | loadus.exelator.com | tcp |
| US | 18.172.112.82:443 | static.mackeeper.com | tcp |
| US | 18.172.112.82:443 | static.mackeeper.com | tcp |
| US | 18.172.112.82:443 | static.mackeeper.com | tcp |
| US | 18.172.112.82:443 | static.mackeeper.com | tcp |
| US | 18.172.112.82:443 | static.mackeeper.com | tcp |
| US | 18.172.112.82:443 | static.mackeeper.com | tcp |
| US | 18.172.112.82:443 | static.mackeeper.com | tcp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| DE | 18.245.65.219:80 | ocsp.r2m03.amazontrust.com | tcp |
| US | 13.224.191.223:80 | ocsp.r2m03.amazontrust.com | tcp |
| DE | 18.245.65.219:80 | ocsp.r2m03.amazontrust.com | tcp |
| DE | 18.245.65.219:80 | ocsp.r2m03.amazontrust.com | tcp |
| DE | 18.245.65.219:80 | ocsp.r2m03.amazontrust.com | tcp |
| US | 13.224.191.223:80 | ocsp.r2m03.amazontrust.com | tcp |
| US | 13.224.191.223:80 | ocsp.r2m03.amazontrust.com | tcp |
| US | 13.224.191.223:80 | ocsp.r2m03.amazontrust.com | tcp |
| DE | 18.245.65.219:80 | ocsp.r2m03.amazontrust.com | tcp |
| DE | 18.245.65.219:80 | ocsp.r2m03.amazontrust.com | tcp |
| US | 13.224.191.223:80 | ocsp.r2m03.amazontrust.com | tcp |
| US | 8.8.8.8:53 | mackeeperapp.mackeeper.com | udp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| IE | 34.254.143.3:443 | loadus.exelator.com | tcp |
| US | 8.8.8.8:53 | assets.kromtech.net | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| RU | 77.88.21.119:443 | mc.yandex.ru | tcp |
| RU | 77.88.21.119:443 | mc.yandex.ru | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 6102726.fls.doubleclick.net | udp |
| GB | 216.58.204.70:443 | 6102726.fls.doubleclick.net | tcp |
| GB | 216.58.204.70:443 | 6102726.fls.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | event.mackeeper.com | udp |
| US | 18.244.18.90:443 | event.mackeeper.com | tcp |
| US | 18.244.18.90:443 | event.mackeeper.com | tcp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| RU | 87.250.251.119:443 | mc.yandex.com | tcp |
| RU | 87.250.251.119:443 | mc.yandex.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab57C3.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar57D5.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b81eb6bc1c058755cc001776f956ddde |
| SHA1 | b0ff7a0d82692acbda33a35202e9a033de3651bc |
| SHA256 | 0cf821694e4a0b426bbda80d70bcdad46d8fdd57a905237f2338cee5d917a0b1 |
| SHA512 | cf15e82a4f9b9cc4ffc41abffbf33e41ad15496e7ecc9948ec19b29f4b8fc3a017e586e8eae6d3be20c14edb9a319253046e26a7ebc738c28d47e71c944ad54e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2aec18c7691ca1a05e80d9b35712450f |
| SHA1 | 39f5ccd5c791ad35ead9cab1bfcd754a480f43c0 |
| SHA256 | 1353f4b0b7427ff9a635cc0d37bd40fcce38e94632e08334798079d873e71d5d |
| SHA512 | 32c96d2f98c932ec8d07eff296a5ade94a968d252324b4ba6d7cce38367f84aad9655c89c5fecd0eb2f68ab96f4bee92fc7fcc5b3b1a1779b43b9d3e38d97c52 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d134e732ff93b963a463dd40b1c4415 |
| SHA1 | ee138d7979036e612a6b9fc706d7e048533a20f8 |
| SHA256 | 089d6367ed06ee6656048718f1e0ffbc19a5708963daae4e3de6b75200799a36 |
| SHA512 | 773893105f1ce66c7d9b89b6f837af7678c5289bac5826a1d3008228bd7dc98f1d9663da58fead7f9f9f95b3d043f27f2b9e8dc496d8f9737f381a660ef0bebb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ec350dc7c3690bba3b80f5e8f58beeb |
| SHA1 | 2c46ea82f732f9818bcb5d0c2e5021509f377117 |
| SHA256 | 0fdb5f2c5a3aaf8f1d34e3eaf85ec65f1b603d1db6b974df9538d96c727f6095 |
| SHA512 | 1dbedb0ca093f8e9b62ae544b6534d7521b245c79e3975b88eeca6e38664b1a48067e7aaeff9cb9eb17827a66d3a82dfb1b04bf039888718a892388276d1d18e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8da123fd3a7e5fca29843aab215ad377 |
| SHA1 | 108497e1aea35639224c2680bc0dfa66bbd22be1 |
| SHA256 | f967e81cbf31a386519a076282c6fd7fe7eac2b25e8de2c57c027ae2c2e643b6 |
| SHA512 | 885accf0fd3c31f18c6e03bef9b1b196ad77c526a75809ecb5ae2efa896d563255fe182e2b9f594ab97e7a5860a8c2fb31833ab83a0c1cd2ff024236d67312aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 0d7e25a1cb52c6a2e326d0786300895d |
| SHA1 | ccd8950c57cc52cd42ce7cc5874573fbc1d14332 |
| SHA256 | b7eeea841d28c51f46a459de42f3a72195647ffd5526bbe026d78afa9236162e |
| SHA512 | 2e33f77f3cc099cef24fb25dd95445f24fbeceacae5163a8a00d8ede96edbb5ec43e7f0e1d70d77b0fe2f27bca8589bb4816334c0bcc5b8c522cdfdbea775d05 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e0af0c5e975cfe058f32ac6a0aa112ec |
| SHA1 | a1391c36bba58dc168a8659c32063522c32bafad |
| SHA256 | 64a3664b23151d656f288c8b382ae8ebb7fff798ecb59715dac7c633988c060f |
| SHA512 | d80e5949061d3878b93b0bf4e8f62725da1fed314e9d14114a820f9f07553d3c42f8ea3f1352335f686e2900a1be8b4c66f005a542b7b2f7a65f4951ba9cd297 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7aef7432d73edc07618726058be8b63d |
| SHA1 | babfe4707051d109eca6f6844c470989ac247c9b |
| SHA256 | 9eb59ada257ebf9bd1cc7e93eab35fb54d4056d47bc0323831961a71061c760a |
| SHA512 | 0f3d19d119d85d316d3f1ba5bb7d174dc5bf68281bd19c74846edf940c7213b19fb041b1a42f8ca14b9304f7f7efe4ffa8551aaabc94334a1db352c384cf1903 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4d4d12f0036b720e0a4d1d48891dc28e |
| SHA1 | 8e808585c00e11891f77c4a5f1bdab021db55ab1 |
| SHA256 | ded205cb382853637d7aff2a6ac72125a4763729ba7712eb3df956e73852eb68 |
| SHA512 | 63ef98f92546a32fae7f1722039a49ed75b43113046ae2fbdb209e0930dbf6d63ba13de0f82a79449ab42af0e362694926dafd54a130f70e179823719df66ab0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8cb92e340a7e28871d2f7add76ea426d |
| SHA1 | b95d8cc1a38b8e72f8b87205c20aa51b9e1c5d86 |
| SHA256 | f8aed3404ff2ebcc52051e642e06517935fd5e3cd022775ad3e5985beafd3025 |
| SHA512 | 6bcfc81778b48e7ed35fb37b3d4efa19912233aeac604d86f8f0f1063ebb18ed9b25cc0b24ea7d1cc9613f5408157d66c7f8fee813115045e692114cb868b816 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f328a9fec09f8feba3c7438321d9e2a7 |
| SHA1 | 6a6787ef0ebf77b83944f14da6fdeb093abec13c |
| SHA256 | c5703d4ca46aed517cb82ce70afe362e4c1a7c8007cdf3fed8e01484f75fecf4 |
| SHA512 | 9f70ba8dfb1495a610478515acff69d4a1bbf41af0c3717c8793cb13fb3dbc569e2e5e0d1749a47c675faed81e12fb7d62e3d4af9cf889f02901750b6dedbd52 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | 924f38474e2ef05fe842ab577f84d68d |
| SHA1 | 254af278b130bd925baa800d7d6558eca542fc99 |
| SHA256 | f843e10cd7d000096980972db2b00dc6788f9b093373ab8694f9c69a3f7cf664 |
| SHA512 | ba509d0e6d4d1ce7ea368bada33a5e7767ae3e49ec64de61b1ca4d240ab6455acfb87dcfc9651d3012105016e8507f1156a4fd86b1ef979866555af6fb83789b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | 79a72d1f0d3aedb0a047c06d095ba5d0 |
| SHA1 | fdd4b89ae4c9dac4ff2472a2295af868f769952b |
| SHA256 | 2c2f77e5d5974d00dc146b5ac76a72a80548a9d53d7fa840d2d8681cee0805fa |
| SHA512 | 4e51f1073aeaa731d2cde6f7b069b7f8586acb0d32b0e649ca646eca487ee86db8b1d8a748afb9a242ecbcee5500c7073ee43cb807e6fb2dc814e4943e8d5598 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d206e5660b971870870578934b81cc85 |
| SHA1 | 79a2487add65674170a3bcc071ca16590f3d37aa |
| SHA256 | 2a2d5584c99256796c1f1ab95e20532cd772b60aad82273a10b16e5f38a33598 |
| SHA512 | eae5be745940af4ced4457385637393ee24412e2fa33403fd6b52d5768b0fd65ffd647aa7d34a30a1e0d9e1163f7423c36846642ebfd2cfc9bb68a3ef2c0ad46 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 7c3f0f7419aaae1435245c73a6602bdd |
| SHA1 | ddc738aedd070a8d8e3420b345df05ff3be08476 |
| SHA256 | d428aae2a7ab6c523ce4a767071d89045ac0540745bfa8610c205caf60fcb54c |
| SHA512 | 4bbd374c9ded8083cd9cf111758c58494d464833ac810c492c314187bca23074d9a66547a2190651c932722313adf5169e601c8d37afe70505bd5ef5696ea580 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 903cc7ec3a0ad34bf66fadd0f3e614ce |
| SHA1 | f77072e7aecb539ed306aed54c1bc59bbc33f913 |
| SHA256 | 02ae9525c35dd0dfc609bfd91ee8edbfed6556567b17e9e565f003e05f0f03e8 |
| SHA512 | b596f8aadac10cd615339ee1a853b9402c040e9174b02b6fdd8716097d7da212bba0a593022ce84919d160ed832ed2614d07b80145a0725c2dc82ca7e03cf51c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 5565f32a192373ece59d8398beadb2a2 |
| SHA1 | 51f78cd07e923edf9c604d9d96b96429eb0a7643 |
| SHA256 | 9efb3e8defa02038a46ebc0032a50498a8da6b13c03c5a5fb3888bc187e7bcba |
| SHA512 | 7ec7836866e2f561c628e2732dda2c82eb386d1d327f2c7a062465da8e82016bd7a9e127699585b2110a9bcc3a7991014fdcf9796f456c61b96fd8898aee45d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d3a3156c73990553a51d234326c2d01c |
| SHA1 | dc90743538209e46c6c5c65968188070e9ec1804 |
| SHA256 | 2689819db26b423063c426f6380cd49ff37957989c2d31fefc7e48b81bb7a4d6 |
| SHA512 | dd5ef336b665e5d9de72a650b59fc137a8646e46ccf3ebeeae335f4454e6dd87f570377af2d6e4390e1b5e47983e1cfd30406d4d26de1a6063c0857ed8e13d31 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0977c0a3ce959692b78bc92b6ee7397b |
| SHA1 | 4f17afe4967833b3e7ac381212df94d7ae077c87 |
| SHA256 | e5cd3651abd3d22b8762441bbd34008ed23c4a460104e86b35e65cdec8c047d8 |
| SHA512 | 5ea89c9bb3f63b913c864ee717eacd6ad3d0abc9ad22faa518429bda8d2d74966d49959f91d5a185bf34b23b59cae48fa7faaf23b0199b8afc384e74f86aba78 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517
| MD5 | 1bf4d60af2793323988192d68ccb7c1f |
| SHA1 | 5b20ce5287e48460532a07802fb155cd19499f8c |
| SHA256 | f00cc0d7815365a5a0253eb01c125121c70ce33ff16856f034aa0da9eff58e1d |
| SHA512 | cece782bd2a530eca216ce2e2e391e8fdfa87d58fe810d2db90cfb07dcfc0d5057c51607c7e325bd6fa4b998fe95ea9f9205ed63ec7dbacb6b76d455757cb513 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517
| MD5 | 44c3d7c15dfac0734b5d142dde705eed |
| SHA1 | f9202378d00e540b53b50c5e4234dc6ebb4ba958 |
| SHA256 | 3a33912a6f22e1ddc1ac810ac6a6af4f03fd7dd7e8b6c7b69108773e226b25fe |
| SHA512 | fea60076a613ecc2dcb3a627536c080cbf0375e76603b0b7b1a9858fb0c0b18843494bc81cbc8f22eece681011467b1ec5f9a25605cc453485d58553d9dcf842 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed8f9e84a989004087cbfdc7384fd380 |
| SHA1 | 5c60b02f5700d9d3ada3050d706f7fa1604dbf2b |
| SHA256 | 56b105c8f8b5b2d94f3b1bd096d76fb4ace14e95b8db47cb8079574b9117728b |
| SHA512 | c2da410d45bd272af0467b35ed1facba486ac6fe6e84de940cd3aa425f3bb2601c2e900ac51746e36837d2a15425522a4b421c2409e7d9cfd18e57eb6b6cbebc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\83D863F495E7D991917B3ABB3E1EB382_5F77C0C9928B8D1890CC6CEDFA8F13D9
| MD5 | 6143e216a466d385bd905b2c2d5245b8 |
| SHA1 | 49a54b2af8aa62c88d0a1b9d634911ecfc346179 |
| SHA256 | a4b39503166270065546360a70c90d2217aaeda928431598c4478327e71a4e02 |
| SHA512 | 46cc4063434f99dfcbf5d42b7649cc83aa823c5508c30ac9485d15a3319f10a39c8ea80372609b47d074d166de8f3869a2cf3fc80c19acb5dd66b9093f40766f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\83D863F495E7D991917B3ABB3E1EB382_5F77C0C9928B8D1890CC6CEDFA8F13D9
| MD5 | bc0e62f36329009ac70e869d50213118 |
| SHA1 | d4d12c51237b9b939064ab2b5ec0cf02280bf090 |
| SHA256 | 6256f022156b97e0700bc7810f0d1b43958b9c4feccf6a9e8428d18698090b21 |
| SHA512 | 1494526104377f656b4100257d8023dd9e65c07537f70a74a5ae163c6c370a8637c6e465fec71dbcc534bd6f7528af05b0506ba03a9772b92f2093f3af0a3dd1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\83D863F495E7D991917B3ABB3E1EB382_5F77C0C9928B8D1890CC6CEDFA8F13D9
| MD5 | 453e395083ee840f2dcfe95dce5a8e0b |
| SHA1 | 6aa5e6e97eff918807aa26a164ed376681a7e517 |
| SHA256 | bf12c5f504c3c68c7205846145bf02456cfadb3cedd658fb0b626d0898aacf1a |
| SHA512 | 9b9c2bcc46a43c91b0c44f51f555c74d77002192edc9a64408cf15bc39cd002384b72e4b05fd4346170b3baa8a831a66bbafef5abb196eb41b35e69a7916be34 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6faa6f8f466be297df97874f67770cd7 |
| SHA1 | 09c0aef5b851f59bed083749e853240bf330fc8a |
| SHA256 | 101c9f808285a24f1f2aa2a8604e6524886f1aebaa4acf695bb9545b510a06f0 |
| SHA512 | 6856683521bcbca167be554d511751f5da910de2c14fda64861c935dc1f6255c5f999acd4cfc59c302d9d31fac42f151ca5020f92bf1b90216795c19a14a0c65 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7312f096e9328ae4619fe2e86102280 |
| SHA1 | 0ec1572b02a531857e98f47ca8d73a007005bff4 |
| SHA256 | f58565178bc09b723050a90c6387c7ef3954ddd7ab76db40dfa3afd96e4fc5cd |
| SHA512 | a9997899b1541e332e2843e8dac4448d51fa4b781a781bba7773435d97bdb8408bd770327d431a2565a128b7d5dfe0fce928a395dc98b4204d7a77ac062ee690 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LT06Y3\loclist[1].htm
| MD5 | 4aa7a432bb447f094408f1bd6229c605 |
| SHA1 | 1965c4952cc8c082a6307ed67061a57aab6632fa |
| SHA256 | 34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a |
| SHA512 | 497ba6d8ec6bf2267fe6133a432f0e9ab12b982c06bb23e3de6e5a94d036509d2556ba822e3989d8cd7e240d9bae8096fc5be8a948e3e29fe29cab1fea1fe31c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b6f15df28bd1825db5ebc516f42b73ed |
| SHA1 | 7b22afc851cbe593ea1ec498a9ccb3ec3a234f7a |
| SHA256 | dba953658bb583a21ce23b496f94c0ba63edf1e1bb3beb670002111e58f33265 |
| SHA512 | 0733dec8cf12e7609f8e767ed35052742b79f0c7887a742d28a83cf106975cda6abd4257af9e9caab153ccae421e4f8a30a413464d1e7252b2aa9360388e5028 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\83D863F495E7D991917B3ABB3E1EB382_4D506EBD8371D43E19D08592A41A426D
| MD5 | 760cd3d40f345d36f7facbc6511b5e86 |
| SHA1 | efaba60746570e85a5ecff762bb519311fba7150 |
| SHA256 | 339d35e67eab6e527b6865c2e7d176e766d675f5b7695f38bfd059932bcdd359 |
| SHA512 | 775b32119732090b6b3b8145f0b8ddd60631edd0ecb249b8503c71299338d8f88ec1467e939d71c3bc1eeb1567342212b0ce42f2ffe207fcce36180f999369af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\83D863F495E7D991917B3ABB3E1EB382_4D506EBD8371D43E19D08592A41A426D
| MD5 | c6b2df9f334da25aa3a50860d6547db6 |
| SHA1 | 56cd17bf0d9bceb71cfeac10874064b1f6719f6f |
| SHA256 | 6792953a119540095fd42a392dfc2df966946b9a366a88f3e1c319af0ff425a2 |
| SHA512 | 15ee3631ab14fc7b42865e2044707b0f2a08e9d97d121db1db2d0e8563babc42155c4c0f71c8c89734b6cf3cd8f3f3166dd1c73618f9d6e51cf169fa75e8d899 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67d3d7f75ecf099b2fd18ca39b52a404 |
| SHA1 | b8be873dd35ddfc3e5bb1fcf6d4a3a5a8b056bf7 |
| SHA256 | 40297de430b53cd9d69b99cd1451e06338efee804c0e8685e4c2875a13df75c8 |
| SHA512 | 1b32b409a3bf468ea6a1cd0c361423b02dad3da9c1ba4a69f04a362fd86e43910d1f591bfd8253b550e8f43f884d9fbc20c138d28710619eb24606304f63f8b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 878a8cf00175adefa66d4578e9b879f3 |
| SHA1 | 7e5a1bef3d01fe2be7a739b464da588f43e2319b |
| SHA256 | 928f69e3db7c9f402d9fe2bec804da13df12f6ea342f5730b7b0843c7dd7070f |
| SHA512 | 648a02a526ffef3ed138bd75e856448430afd19d6f342789d6986643b41eda663c1b3a776ba29133082c4059169ee41c0e510221c893af668443cc86aac8dbdb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 86a2801cda9e39a0823f6467420caa80 |
| SHA1 | 077400d5297829639e1567a63c83cb1a21c8725b |
| SHA256 | 6d51ced40038654c99d9f3b19e8ea13152cd81fe0072ba1937a16f0cc2a0152e |
| SHA512 | 413682b3a676d111c701dce1fe3a5d86225c1ecd4d2fe26f2c3fe09ddd031bce9fecc95b45550d53873e0bf3495252dd6879eb8d443e3889de5c569d17aa492d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ff9e332a809e0ed2fa5bb6f79bf333bb |
| SHA1 | ef7bb9c1dabfd1828dffd170da2a1579e333bc87 |
| SHA256 | a9805d03e2d8c10323ebf869529ec0ce5a51dbf5902c9d4d4a53ce5a833330e4 |
| SHA512 | 79946863f99ddd0a2e4793c2a483d61e2eaea2f2f13feb302ee439e765f13bb69fd87c615efa9001dadbff44bc69233d807e4596ecd619658896087a4e788b38 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18737fd5b03030778a72e7bc077aac06 |
| SHA1 | 49986a8284f8b6e805e5f79a0c73dd8d6c43e91d |
| SHA256 | 5821b528f5ebd15b0ae5fd61bc54edd90375868f0ad142a40192ab9f2847f052 |
| SHA512 | 466134364eda577ee4534e6df4c4adfba1170c34f6fe7aeb6ed8a7d45cf4f88813641635a2aab8bdd54a9f3bda7f4c32e6b0dce8b491256072f3b1632102db36 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWTP8BNA\js[1].js
| MD5 | 2e537e48df164ea78aef396b635b9621 |
| SHA1 | e93f3303d84afb59e7b2bde39fd2f9e2cecba699 |
| SHA256 | ee8aec2ff7bd597391d59cf620c96bcc540cd5ae2e472d6c9a8c0d08cefe4af2 |
| SHA512 | 5e09de1d04c09d98ee09abdf60bb49443616b777f259e2b423dcc85d1f13d4ca549fa905384535008ad72b32ff61f1868c74d132a44e9eca41f8d0fc66708eb9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_47A43067FD26B14BE12C55F112579786
| MD5 | a503800161977dc1adf3e4ab5de77153 |
| SHA1 | acc48b16874377d30180b4cdca09d05b0df94c96 |
| SHA256 | 8ba5c2bf462f462622fdbc492dd73b26946109eedeeecbb1790379331b2ed90d |
| SHA512 | fc6f4355e7437f3ffcb1b78e2099384d0962b7dcc009e9dbf507f494a5e93b7ecf0159424b2ce54f0f0254cd54fc83119cc64d9bf1656798b4c83703839c1475 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e730e6634c567ac26806d63d2bcb613 |
| SHA1 | 771d077b11fefcc7f6ea5081bb85975374d6888e |
| SHA256 | 59c76282efd51858755694fe5d42001e6681efea2502559c60f15ca39999e2a7 |
| SHA512 | e5b06c18e8aa0e7773512fcdf6b409e44e59b62c8fce5abc928dafec4d68643a0cf8d05cd2813f88e1591842387345af98949922cec15a355ca045da3c355cca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04ddae85e368b0a087a5789022463e7f |
| SHA1 | 0bc72e108bee629433536054cc5b57044da49651 |
| SHA256 | 0bbf29f064eb6bf9468fe6ec4c79a63d50d28be1439888ef04259f235cc5a8d6 |
| SHA512 | 2c54a2ae05d85364d92158454ec2b6396c33c88db8cfc76ec5eab5e8db3743ebdec1d639a1756303ed31e7649f294420fec7f0c826459e1a131da1147efd7bcc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e675efe6b97aca42bd77fe57dae5df00 |
| SHA1 | d69070e93767d6d8bfe248e2e341d0e896473366 |
| SHA256 | 617efa4fb15bbdeb4216c6502ae6248204cd4844c92f84316148c8b311f28b53 |
| SHA512 | 4fc33de227e97d193b20c428820596399af6216a92b7c9b4a0aa3c0ef6305fde9993ee4cd55ab5e660cfbbc1b8c73f2cbf3a4731a9fa0a00984ee52e444fd4c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6bf9a4c3caf89ffdae5e377faf1dbe4f |
| SHA1 | c0bb756e6efc5f0bbd38af734c77600e25e411f3 |
| SHA256 | 44b4018d23a4689642be94d1722e07c28124ca40ae1b02e7386947efd7b822b6 |
| SHA512 | e89a331aa7771dce0bc438da5d1c7d4a4169463713abe9086e02d0b7d6461c8a4523d8de77e8a072f18a271044944cbba6ea0d01fe296afda22d5c30a9d4f65e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e6aaa12576093c6fb2b9dd45e7593532 |
| SHA1 | 90be429c00cb6d12a783294d5cfd5d821bf59f5a |
| SHA256 | 9ef7a78b655ab80832f65e279bddd070e8a823702c8d311cd37dc1485e174963 |
| SHA512 | e9434dd29d41449074764f3c4e7ec04bfd196c064e26d1d7fb3b73f8340051bfa45aa8a8454b42cf57d8468299536dfa48b7ec8973115fa014b980872fe1ed41 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5c29cb4fcd617279aa15ffbbe774604e |
| SHA1 | 20eff42d39e282abb14fa8fed027a0ab22c786fd |
| SHA256 | e5ebe64b6be6bb17ca8fa878daccbe7c0c7d9e5d1bc5c9a10f9fda3394862d13 |
| SHA512 | 348b69a40ce1eac3cb57cc928114a07b6be114b2ee7e42610f92c68c993f256942df20cf2a5d37b52c03062d46c7a7e65042bd0c97236c8b678648c4cad5a4ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 750ca4f31139e875b8a839358723d6c2 |
| SHA1 | 14a0b107119874ce62d7374045a220ff4213869d |
| SHA256 | ce6e468df162476166a1496fe3eba5a2a16c2df156c0cc1c6ec4bc1f7366a6f0 |
| SHA512 | 80b4c97c0199df47665241c12641b49b8db8377b56ffab31a9337f07fab82a07c1e7241905ed525c626ced7b15e00b9c446b9bced33998bec583ee628baea0a5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab129450cf772ef91b2fe3377e494b50 |
| SHA1 | 8a5db5481d8bdf32a8df770f4c3db150e2e78e20 |
| SHA256 | 9c45c82ed532b6ad6ab83830a6317f7b2b2001d5178b184039e247f29aa595fd |
| SHA512 | 7a32bc6cec16f06e8328cc6e8935194a86d12645fb4293f3dce0448ecb0aae8038e33d1f3fcc2949514a4b35c22d5efc65fc4d2431c0357730093b03edfcdc3d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49644f95a4cc5f6673f665a03292a30e |
| SHA1 | 5eee3b2a0a9236bec3f775fdc70fd80c6f23faca |
| SHA256 | 0a60097700fc836150ff8188040fd6e749acff7de355085b95b3821f4d484177 |
| SHA512 | 6ccdd0d51e4c139c124cc29708b8e0487cd3fc07320eb8cfbd943cba0cbb893386736ab386153c29ee434db183be0360f9aa2edfa5976fdbc63203142838efee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 79317ec592358ea436889bc233cdbdcd |
| SHA1 | 894a68c0bc76344de2a02a656c56efe9399709d2 |
| SHA256 | f75e372f2d5ff736b1ea3aaa7f288a27a2137268e548d409a8bc0a847070c176 |
| SHA512 | f31b6cb153cd3ca855fbd510701d3c21d28f31a1d7b0bd915907c04eaa23036621b9f0052eac2e8f79f0808606de901ab246e8f32da8cafe74b29bec0c7cbe1b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 86bf869609bf0494a67f897f76a72129 |
| SHA1 | 91789de333e2b39b8a46d46ddce6ada064e5bc7d |
| SHA256 | 48f3e8a343f1c9bf6654b1a4f010d4ef78c099ac212e7acd11ad37feb58a51c6 |
| SHA512 | c0ae862fc9d1d438fb213c4208d1d74c4603a6cba7fceaa54f4a2eb4f70b7dacbafb8202674a811c39317570cf97ae1ab0824e9a9c85fab0c60a8041762f9a6d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c3d514c09c92727def84620d686211d5 |
| SHA1 | c0101efcccf3ce1d10301a9b220ce0cd11e59af7 |
| SHA256 | 0bb9b166993a6d71f75f005679a6dc2e99508e28c2623b2233a012ce70fffb61 |
| SHA512 | 482a88fea3a084e10e2889d946030709d1e1daba9f9f1c336c1f40a8f121563533d0786accc8ada9e7f8c40e4045e559306c09c6a37e4324d05ef1f5f51da3dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aeaca3ec6b2ae5842ff44261a705d92e |
| SHA1 | 18e2f4917ee9bfdd6f1844566e684762dc6d6234 |
| SHA256 | 51a4a54bf13bc2c63e6ec208d8e7a2008f31675d8c20ff4d0a5c51a6f95f4cbd |
| SHA512 | b724dad87322f71704ea6558b7b868ee2bd46320e3b95d491e01a971cc249135cba1a3689471b22be8b1a87f4a62b6897fb0ff5e4cd2190a5ed73edd7510a2e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a2f526cabee4378b56d087c06d402c0 |
| SHA1 | 6ba6a703df7a33699dcf7b53ecb805f54cae146a |
| SHA256 | b33134b3fcee17045cb0251d23c7d0da819a9a655aa48a192eb8ce581c78e168 |
| SHA512 | 548b66e3b1d2aa95e802c974c740eb81c25974533845bc5db60a77acfc2ee75aeeb97e122a8c5585106fbc4aadccaccb7f9f18d16afd21d7c62df1f13232334e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 77fddfbde1c4a02e75c29dba952efcdb |
| SHA1 | c9411fcf3e4d4e9e0911ab4d80c81dec9e84522d |
| SHA256 | 7d066a989644416653e7e8e019aaad835de17235994c11e2cf5d96e6f0cfca2d |
| SHA512 | f685c30c2f52c4ee3d6891d1334ff6c19330e991848cf750165210d479384873a76692f47bac57261506433848caf45964cffd13ba0e90a07433ab15cc9a8f62 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 86660f705c89d8e644efcde9324fdefd |
| SHA1 | b48d93f0ad6fda0220f05ff14d3b30d3c417394f |
| SHA256 | c0f3a0e18fdc0a302cb34f9858f8d92ca150e64dc32d5ba79fca376e862a240a |
| SHA512 | 041d18669ddd5f93c7fb84db295feb2dd8b73848f7a6687f799d08b07fbf175d6c25a7a025b59409079aa83c2b2315ab0d6fcce196db236380b3ef87d29793db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | addfda9c4b7d4c1f65e8a23989fc6c53 |
| SHA1 | 0bab3f843d6671dc55237479e1c1e5fe1fb97ed0 |
| SHA256 | 05a8fa2b3547dbb9665d6511de8bc73b96447daf378dc69aa47c8c2baced1f18 |
| SHA512 | ef5770ce1f6fb94d17f8c6f3cc9003b95e6c262ce4888c16b74cf13ef0b2455bba0de836bb87de86c7b376d573743ebd12ef770716e42118c3001fca3d946d47 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0eb19e1078236969575c4302faec64de |
| SHA1 | cbef6c6bc7c5146edd56174d5fb17d2b13d9a9e1 |
| SHA256 | f82575b8ac985084a0dcbbfd7d6f0d8ea260d7087db7f2e37ae08c266e9b952b |
| SHA512 | 8b114d44d6a9936f3f90b6d8d1c155c972dad6dc0dc796cd3a3f80204f86666fbc45dc02b72b8d334779f05d4e69e385d7e4a0ea67c54ca24a463a60279f07d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20999a76e4a45cfd0c1a014520e25f86 |
| SHA1 | ab3715e0404b5cc138d3468cd84638bf635999df |
| SHA256 | 9a866a4cdb44998b90cdde7352859254fab4dbbec01fa2de0b0e3a267506e9f7 |
| SHA512 | e2e40e4f916e9e7e6433e632947a691231ae59c7100a95225e1c77739d0444f8cb86980bf25beb94b1147613ee04b934b220447cb041abcfceec42c1fd977757 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 15:10
Reported
2024-06-12 15:13
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
125s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a11aede3a8c5b5e1817f35b5e3eb0335_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c04046f8,0x7ff8c0404708,0x7ff8c0404718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,6878337614432027585,15490765598571798223,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,6878337614432027585,15490765598571798223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,6878337614432027585,15490765598571798223,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6878337614432027585,15490765598571798223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6878337614432027585,15490765598571798223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6878337614432027585,15490765598571798223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6878337614432027585,15490765598571798223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,6878337614432027585,15490765598571798223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,6878337614432027585,15490765598571798223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6878337614432027585,15490765598571798223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6878337614432027585,15490765598571798223,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6878337614432027585,15490765598571798223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6878337614432027585,15490765598571798223,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,6878337614432027585,15490765598571798223,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3000 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | static.mackeeper.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | static.mackeeper.com | udp |
| US | 8.8.8.8:53 | my.rtmark.net | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_4008_FMGACRGCPQTGLDEP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5c3999c27878839f7a323a1ae7871221 |
| SHA1 | b6f594d269fe80ab4638b69c1151a2264a05058a |
| SHA256 | a631535dd735ece9e8b110c921ad2d09c1bba1de8e3bff283be4ebd30c9a68b9 |
| SHA512 | 736385e3429c2ceb1e885e7d9ff31fc6e020792b53897a7b6c69cef4fc89a1c30e4048d0e9f51ce279aee9fac214ad2c407baa293b5bfc7a410ee08c6f26109e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e97e37300abcfffa40d024012e0b56c3 |
| SHA1 | a6ae000d7168e19b9bcab5ce765913ebed4aebc4 |
| SHA256 | eecbaa5af7de37a613135011588b8bcc101dcdac3ef330f3264b43f9c746dfd5 |
| SHA512 | 9abff0eb6f57b4b192e63545ed982a3a58f9ae67bf548cec3207fdc8347e7589f5b02e3eed4176b2ce1c97a206bf8fd3adb344663e76b717511128a2d434645b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 92fd98498f225d49c678afbdd95dcfb4 |
| SHA1 | a886a82c02120c1d50d3d467b38c499074fac5f7 |
| SHA256 | 79a8b84e742179417309c5ab05ecfb2d55828dc16cccb745c0176b48df71e740 |
| SHA512 | ebce40e3dbd4004be62e7da80df394a3eedfee1be4419124c35c3b023eb0a3cb3bb6b41031b1fd058b6d9fcf86c05224e64cad48ef83571412d7b077b77f825a |