Analysis Overview
SHA256
255e66dc952c1b498b39fabdd6aa1f255f727f4bfd596f7fd0b2d185c8d3c7e1
Threat Level: No (potentially) malicious behavior was detected
The file a351621cf021c03bd1ee43faadb17028_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 01:14
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 01:14
Reported
2024-06-13 01:17
Platform
win7-20231129-en
Max time kernel
150s
Max time network
149s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000073cd863ea2e6884397d6ffc58107607100000000020000000000106600000001000020000000628e871743c68ce235e77e50ff086755e09c11c2fc6e6a9660c4e9a93e3d64d1000000000e8000000002000020000000306f8bd434d579c558a3a535707aad3b3fca3a1a638aeaff425b671f1b18cae520000000100ca9264210c78ddc07f2a08ceb083f822dcee65c68743c7699b6ec127175be4000000084ed19ad6933f951c1a9afcece687269cdd407e92f0416825f2907ddcff23c3ce171847fd808e26dab92d7dd9dd26b4bc7dd6b87fae02ff86d7a8ae8315d4853 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5290B991-2922-11EF-9E06-5628A0CAC84B} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e057b42c2fbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000073cd863ea2e6884397d6ffc58107607100000000020000000000106600000001000020000000b338a5aaf9ffde963ba76c7feb7cdcc554abb918a2a04ed71d1d563d15aef19a000000000e80000000020000200000008e799fb50eb34a4c1148c13cebeddb7d8d91dd87e909770ab60423a14a0adaf690000000b47611866c0f76308e1d3ab066c2fe0f5eeec5d406f0cc9bdf220f7fb573f78b3197fa4c048e3324d62c5e2eeeee4cc53764a5425c3360851f65b043a05294e01db34efe279c9f86a9333f3dbbbb9d5aab75e8323e0fc4816049e4766945a64659a64f53f2ba70bfefff590c2fe60e7a420c2ef6ee13ac6e2890793c9500d3ba3bca9d9582b008336ca038ae0c4e750f40000000288bee2fef8c14c86d8d8c5204cbb5e0622239b0bdc42b4c980a902ab7da5f67340786587c2448339a63597165a1b65c4628cbd7a405097320284bc0415ac699 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\cbox.ws | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\cbox.ws\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424403154" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2364 wrote to memory of 2212 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2364 wrote to memory of 2212 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2364 wrote to memory of 2212 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2364 wrote to memory of 2212 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a351621cf021c03bd1ee43faadb17028_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2364 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | tutorialforyou.googlecode.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | matriman-posluhdes-ppl.googlecode.com | udp |
| US | 8.8.8.8:53 | i1274.photobucket.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | matriman13.blogspot.com | udp |
| US | 8.8.8.8:53 | lh6.ggpht.com | udp |
| US | 8.8.8.8:53 | lh3.ggpht.com | udp |
| US | 8.8.8.8:53 | lh4.ggpht.com | udp |
| US | 8.8.8.8:53 | feedjit.com | udp |
| US | 8.8.8.8:53 | xslt.alexa.com | udp |
| US | 8.8.8.8:53 | s01.flagcounter.com | udp |
| US | 8.8.8.8:53 | www.123myip.co.uk | udp |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| US | 8.8.8.8:53 | i859.photobucket.com | udp |
| US | 8.8.8.8:53 | dapurtutorial.googlecode.com | udp |
| US | 8.8.8.8:53 | batman-project.googlecode.com | udp |
| US | 8.8.8.8:53 | sundaboy.googlecode.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | platform.linkedin.com | udp |
| US | 8.8.8.8:53 | widgets.twimg.com | udp |
| US | 8.8.8.8:53 | kikiefendiclock.googlecode.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 142.250.180.1:80 | lh4.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh4.ggpht.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 3.165.113.35:80 | i859.photobucket.com | tcp |
| US | 3.165.113.35:80 | i859.photobucket.com | tcp |
| GB | 216.58.201.106:443 | ajax.googleapis.com | tcp |
| GB | 216.58.201.106:443 | ajax.googleapis.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| NL | 142.250.102.82:443 | kikiefendiclock.googlecode.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| NL | 142.250.102.82:80 | kikiefendiclock.googlecode.com | tcp |
| NL | 142.250.102.82:80 | kikiefendiclock.googlecode.com | tcp |
| NL | 142.250.102.82:443 | kikiefendiclock.googlecode.com | tcp |
| DE | 52.29.79.39:80 | www.123myip.co.uk | tcp |
| US | 66.154.110.210:80 | s01.flagcounter.com | tcp |
| US | 66.154.110.210:80 | s01.flagcounter.com | tcp |
| DE | 52.29.79.39:80 | www.123myip.co.uk | tcp |
| GB | 172.217.16.225:80 | lh6.ggpht.com | tcp |
| GB | 172.217.16.225:80 | lh6.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh4.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh4.ggpht.com | tcp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| GB | 142.250.200.1:80 | matriman13.blogspot.com | tcp |
| GB | 142.250.200.1:80 | matriman13.blogspot.com | tcp |
| US | 3.165.113.116:80 | i859.photobucket.com | tcp |
| US | 3.165.113.116:80 | i859.photobucket.com | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| NL | 142.250.102.82:80 | kikiefendiclock.googlecode.com | tcp |
| NL | 142.250.102.82:80 | kikiefendiclock.googlecode.com | tcp |
| PL | 93.184.220.66:80 | platform.twitter.com | tcp |
| PL | 93.184.220.66:80 | platform.twitter.com | tcp |
| NL | 142.250.102.82:80 | kikiefendiclock.googlecode.com | tcp |
| NL | 142.250.102.82:80 | kikiefendiclock.googlecode.com | tcp |
| NL | 142.250.102.82:80 | kikiefendiclock.googlecode.com | tcp |
| NL | 142.250.102.82:80 | kikiefendiclock.googlecode.com | tcp |
| NL | 142.250.102.82:80 | kikiefendiclock.googlecode.com | tcp |
| NL | 142.250.102.82:80 | kikiefendiclock.googlecode.com | tcp |
| US | 152.199.22.144:80 | platform.linkedin.com | tcp |
| US | 152.199.22.144:80 | platform.linkedin.com | tcp |
| US | 3.165.113.35:443 | i859.photobucket.com | tcp |
| US | 3.165.113.35:443 | i859.photobucket.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | www.wieistmeineip.de | udp |
| DE | 18.193.135.209:443 | www.wieistmeineip.de | tcp |
| DE | 18.193.135.209:443 | www.wieistmeineip.de | tcp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 142.250.200.1:443 | matriman13.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.elshinta.com | udp |
| US | 8.8.8.8:53 | farm9.staticflickr.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| FR | 52.84.172.83:80 | farm9.staticflickr.com | tcp |
| FR | 52.84.172.83:80 | farm9.staticflickr.com | tcp |
| FR | 52.84.172.83:443 | farm9.staticflickr.com | tcp |
| ID | 103.146.203.235:80 | www.elshinta.com | tcp |
| ID | 103.146.203.235:80 | www.elshinta.com | tcp |
| US | 8.8.8.8:53 | ocsp.r2m02.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m02.amazontrust.com | udp |
| FR | 52.222.193.204:80 | ocsp.r2m02.amazontrust.com | tcp |
| FR | 52.222.193.204:80 | ocsp.r2m02.amazontrust.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | lh5.ggpht.com | udp |
| US | 8.8.8.8:53 | i49.tinypic.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| GB | 142.250.180.1:80 | lh5.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh5.ggpht.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| US | 104.20.19.71:80 | s10.histats.com | tcp |
| US | 104.20.19.71:80 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| US | 8.8.8.8:53 | files.slidesnack.com | udp |
| CA | 149.56.240.27:443 | s4.histats.com | tcp |
| CA | 149.56.240.27:443 | s4.histats.com | tcp |
| US | 8.8.8.8:53 | www7.cbox.ws | udp |
| US | 8.8.8.8:53 | i53.tinypic.com | udp |
| US | 108.181.41.161:80 | www7.cbox.ws | tcp |
| US | 108.181.41.161:80 | www7.cbox.ws | tcp |
| US | 8.8.8.8:53 | widgets.digg.com | udp |
| US | 104.24.21.71:80 | widgets.digg.com | tcp |
| US | 104.24.21.71:80 | widgets.digg.com | tcp |
| US | 104.24.21.71:443 | widgets.digg.com | tcp |
| US | 8.8.8.8:53 | w.soundcloud.com | udp |
| FR | 99.86.91.22:443 | w.soundcloud.com | tcp |
| FR | 99.86.91.22:443 | w.soundcloud.com | tcp |
| US | 8.8.8.8:53 | widgets.tcimg.com | udp |
| US | 104.21.6.64:80 | widgets.tcimg.com | tcp |
| US | 104.21.6.64:80 | widgets.tcimg.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| BE | 23.14.90.73:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | static.cbox.ws | udp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | s.tcimg.com | udp |
| US | 104.21.85.24:80 | static.cbox.ws | tcp |
| US | 104.21.85.24:80 | static.cbox.ws | tcp |
| US | 104.21.6.64:443 | s.tcimg.com | tcp |
| US | 104.21.6.64:443 | s.tcimg.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 104.20.19.71:443 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | www.trendcounter.com | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| DE | 49.13.151.186:443 | www.trendcounter.com | tcp |
| DE | 49.13.151.186:443 | www.trendcounter.com | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| DE | 49.13.151.186:443 | www.trendcounter.com | tcp |
| DE | 49.13.151.186:443 | www.trendcounter.com | tcp |
| DE | 49.13.151.186:443 | www.trendcounter.com | tcp |
| DE | 49.13.151.186:443 | www.trendcounter.com | tcp |
| DE | 49.13.151.186:443 | www.trendcounter.com | tcp |
| DE | 49.13.151.186:443 | www.trendcounter.com | tcp |
| FR | 99.86.91.22:443 | w.soundcloud.com | tcp |
| BE | 88.221.83.187:80 | www.bing.com | tcp |
| BE | 88.221.83.187:80 | www.bing.com | tcp |
| CA | 149.56.240.27:443 | s4.histats.com | tcp |
| CA | 149.56.240.27:443 | s4.histats.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4A9377E7E528F7E56B69A81C500ABC24
| MD5 | 422b855732e04fc07be203edcfa22b25 |
| SHA1 | d13466018fab1c5a6c7742199a6c522897888cd7 |
| SHA256 | cff6de56594d19e78cc887af9c510249540eaf4b43702eee43ef96e14fa339ed |
| SHA512 | 11c00d68fbe049d820584eeee6fd4fe296a8e2a28a8ce52c7edc5327cb321f4176a105722c3186b4e6d649878b3aa8f651edd64a21c935f05a6b06421f1124db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24
| MD5 | 3e455215095192e1b75d379fb187298a |
| SHA1 | b1bc968bd4f49d622aa89a81f2150152a41d829c |
| SHA256 | ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99 |
| SHA512 | 54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4A9377E7E528F7E56B69A81C500ABC24
| MD5 | a1acac95de921475ec39816ec811bcef |
| SHA1 | c5f2b3a4c42d1b3c676b08b23fe8106879ea5fdf |
| SHA256 | 926ef67b8bf8fd3121cdf58fda140b018686a8085cfe2c35b969e8d71cba3ed8 |
| SHA512 | c877fbf7adebbfbba9b6f136598ad0062ad23fd8549a082f8b757c032949b6bd518a4ae91aa635251532ea8f4cd41d4071355a0e0c7a69bbac78a70555bb6bda |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar8BE.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0cf65b54319cdf74763962487dea4a39 |
| SHA1 | 022fca64283bdd2f19deaba64688d78eb3579ee9 |
| SHA256 | 748ffb6d892ee103b5067fb77ee937ae574eb275d8ded2f9f8a2d21b112abdab |
| SHA512 | 1050f734e4867b557cf8630556e09a677e87f8fdde95769149b429421177482901b9c82555ac8fb23ef5b3f474c7b0c0d49d4de4b0726c0fa1cfe6b79ad42033 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3d4d9883bf7ac8ef13b3573bcdcb195 |
| SHA1 | 5c66665411f1a86dac902084bd791b3ad168c310 |
| SHA256 | 2b1ef75efb39232127c5b3219a96eb5ab4e4132680d29ded49733dfe3fb6786e |
| SHA512 | 638ba94e82507b604bc768115d760acbb7262103df35eb0e86d5febdfa2cc16ed764b6eeb11078bae22c44fa987ccd66d3267c28ac8a43888c01bd47a762bf8d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b0a896f0f3a64fa3b95b7a730c8a9ccb |
| SHA1 | d5bd156d8d1ebd1087cdd881a76c0ccd4e53e112 |
| SHA256 | 401db48b3b267d858c5a0376a98fce88000f61fe193345b57f1cf64a0e84fd4f |
| SHA512 | edcf9679000280c2d626bfa84fbaf9b2668fe20fedf95c4c00d1fda00fa9926477b5ea91036fdddb9d1d5dea48eaf4d3cc6986b0e12c7703e02d7d9c44359852 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 2ddac741b4cfceeffda8d68e239ef229 |
| SHA1 | 2236d2e40321661b60ab52075a0cae3c625203c7 |
| SHA256 | 80e1b742feda9e710e5265cb0cd9ce30ea3b4e9af68d97f0ff095ff423168d6d |
| SHA512 | 88fecd9f553ec9175800cc7e3678c30b21dec91be65df91599ef6a39939c61a21310106c52e88e64bb5efc8417e73fc3680a75062dd0adc26f425bc77670e0a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | f3fcc9afcc4e8529e8e42db4b6222c89 |
| SHA1 | c8a8c60a829bcdcb37530c6fba3717c3279dd14a |
| SHA256 | 2fd7daf354d4feed7352b9fe9575314b5993caded955b6f87afcb0bb3675a72a |
| SHA512 | 13677b14120db3e15d51e24fe4677d8cb2ddb634f31831327cd8771013d0183b13252df037809ba3319974416a59f5ab37b4d71dcb657ea9f58e663f08ab459e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 83883f3328b66dbb2a5532ea124765d5 |
| SHA1 | f10904aebe25e33553c7b3cb45c2a41fb016cf47 |
| SHA256 | 3e9867290c4a61067594219766ee0fd65a6bf6464856ffdefeac3f122a1fd304 |
| SHA512 | 11848ab829569be6f87fe1d21d4307099a43cf347c0e5c85ebba52bead998e4083c64bc487d60dd1820246d082e661c1115820f40ecebba1611edb4a0dc551da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | c92cd68aa9ca043837450650be5d6ad9 |
| SHA1 | 0c8c0dba8d271a48a0430b371a7c3a4ce5f2d7b1 |
| SHA256 | 7eab897248c5c409db6ebbee9419dd34c0b2dec753bd87a5e1177fa543ae8493 |
| SHA512 | c1139663922a805b4f8166d37029e7dcbde8a7d56b6c00a0dfa3b916163ea9809688b6ed232479db28fc50c144642095fb69c47650a2ec26ca00506f206b036a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8fa2f3320d2bd32923cdabd243c6b880 |
| SHA1 | 403de70a1b4dc75ee0d7be0fe04733dcb7882a8a |
| SHA256 | e07c870e01278da98be78d0b195cecb79e56b8e1719b9ad7c35afb16611b0f96 |
| SHA512 | 5e559a24bf60ae1aebfe80f18118b5319fbd6cbad7cdcdfbd25e09e0e796aa4070792a27586cb31044b43ba71194515fee8a71eb62547be82c4ca6642e1ebf53 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 8753f81f8b3867ab21bf074a376ca536 |
| SHA1 | e0580c7a496c363c26d06fe80e540ad0fbc43f52 |
| SHA256 | daf3b371884b8aa7f71b54aef6d5f129351a8612b8455c81c8823988aa769676 |
| SHA512 | a07235c356bc9ffacb824703a2fefcb3213d1bac89d5923a7453c6c86c6037c3e57268ff1f80ad2a826c7fc40b01f9556fbf0937af7cacf19052b744553bac4e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | d3049f1a4b143f13261e38abab901109 |
| SHA1 | 1810917619ef7b98f40697c12f35a75575665f8f |
| SHA256 | 69df6863aa24aedecf107a7e2e0353d592c52a5905cc2833d824c2298733e9d6 |
| SHA512 | 6af844057e960d6f4165f297891b676492281fc4abdd7346a220b1972124fabe2a9e0f7b3825c9f67c1ed885262cf6fb994c4dcd607c1981005291a240b6e958 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | fbe9d0f936a762ac6e55ac00cf56c002 |
| SHA1 | 06d4eecb0683c5d5ffd299937f3a660fa881972a |
| SHA256 | c5fc5aee068e5f7fd00e49b830ad8878cf4ea4ed5eb5c61866202b301f1c5037 |
| SHA512 | 1a8e8b9dac775c856ba1d684d063cb4c98fa0cafdf5d7e58af23d098f65d2e3af7fc52afa655b695a60d582d452e9e05c5a3541921b71de1b0dd0bfac75a4809 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ccfc850e6fe25ca00af5991025a04f5a |
| SHA1 | 37b13e121eed3c28beab048dc2eabd3cfb035b1c |
| SHA256 | 327766c902c65a3cc13b95e72c9300a8a60d92f8b88ae07f35435ec8a1793ed6 |
| SHA512 | 2e111a602fe8b9d71bf2e96eb221a3a0afbd1ebaa24250067ac0faddd93f76db70f4539f4ff952aa91bcc4616b4a4f9c7f74c0bebc83cfb7bb0a8871dc395e34 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 790b42408c207f0a9e295564a79e856e |
| SHA1 | d758752f38edc8c649d0383e391f7a58c1a12315 |
| SHA256 | c94751e78014cb17fe14f46a8c6e88a26329fce3e1044c008c1b23faf77bb115 |
| SHA512 | c5484b5df9ad6313f5bffc8cda1d332fbd2ba21a9cddffdd723dfb3f0dd764580ec6487e952fe692ab2114e38deb9ac0d3c91db8763d9cf06b14691d0c399ea5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16567d18e172b4fe3faf90a5d62664eb |
| SHA1 | 87e0a6c6aed27c1ca879f43ebe79fbfb5dce63e0 |
| SHA256 | e1fb59c37448bd22050aab1bcb6af76c68da9a87d35367f021b64979e2561b70 |
| SHA512 | 1a9a56505916e58b83b0dc7376f5d7e35d024480b748d78f74b8b3e6753853bb740f7b9630c2f8b5786e9a935636c11de703934d3f9096698d2dbcfbf48c10bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295
| MD5 | f728df6e75ced2d6c08d7730be22475a |
| SHA1 | f25547dfef4947a7e90912ac3e0d6b63cf3ddf97 |
| SHA256 | c21f025a52fcefde35ee62611a7a7353339948dd5264b9916053eb79846988d0 |
| SHA512 | 5a8fe0e62fa8b9c1de45895d573177f471f297f35b57b7abf99d6165cda134f815c42e30fcdb126e75cbbb5000facb3d7ac8dd0c153ceff69e67867ae9764a7f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295
| MD5 | a4c3e4b3f212ccf9719236eaa8f728be |
| SHA1 | e017a18974a9969ca60ca2499ac54b464d91a2ef |
| SHA256 | 0641546fbe6a6bf201d918796cf5efa992632208053037f369a6173cc2afd39a |
| SHA512 | c4c229eec604f4022ab0d439eb8b95bbdbb554d809d4571745957f0da5dc740e4ecb13757273b9dcf9f431a5b1ca40d53a539e2ccfaadbf7c161dba6b8b2734f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d466d16ef25ee1012a8d19b54804f868 |
| SHA1 | 0a14c97e4b14b163068e9c0918c9925e504d1e63 |
| SHA256 | 26b4ff63e60d89e24da56335698e78a5bdb7d54e3e23a4b5cc0ce685692a4a47 |
| SHA512 | 9c2d695b49f30b448f57608a1854fc3dd34d83d375c3286e83aacdb998e12632397f158228c69146e52ac9b7918f51d51a8ae89a82c467c8cf4153d0aafef11d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 490352e554b05637c147ba8c96465c6c |
| SHA1 | 6d90d2b2b314e04b58f59da734f78ff53fedfff2 |
| SHA256 | 92637b964683ddfac26e55aa1051a16036f82356a506edf35910267ab3292c7a |
| SHA512 | b3bc352ebf6d8682b6ad2c3c2b12d23065fa5bc2cc650a3d898577f2898de45b11d07851b7fcd5838d9a63e319d0395a625d60f027bcb2a108d3221313442df2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f12a2023fee03dbde97061ae77b2acfa |
| SHA1 | e64977eb520d3e0aa1eb0d9e024ff7bb2a4023ee |
| SHA256 | 50fd04758611454edb0ddc1a4c8fdaa396e9e6eb43c86883410882fabcd5a4bc |
| SHA512 | 90d308905e44ab15ef25d68f20007821cc6b34a639181c2914390d94a1007b069e79a2aa574432089a62d12fceac0d6e40b6736a19a66ace180cbf011802899c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a28aca0691c43e95d87e0f158cf2513 |
| SHA1 | 375c55b7c9415c84f6fff07fe174b0fc68475786 |
| SHA256 | 633695cb444a55b38ade600256c56821c5770502a20637f7dbabb19f6f61922b |
| SHA512 | bccd80fc83709e1759f4aa11664deb8dc147009e544971162e3873ce43058e1b4278fbdb9ddf6f3fa9fc85b18c69208395b8dd81d7e85bd76c5f090fa08c579f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a2fcc08a687ce3ffd74b64e78dd5075 |
| SHA1 | 8886a07a5ce8b6f417aeb3ef93ba3c1c7b091b6f |
| SHA256 | 4c0db79cfbc6b30b5a5de39709e4e0933c8b0b6d814daf49b14836f37b12153f |
| SHA512 | 591c20dda512065ce55fe4edc89285ae4aa874afb6869fcb3642e8f4a865cbfc86d6a3e532a5e6d9e2c15eb0d9b2d490d3a900dc815a8598f8fde64003c5f2a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 61ceba719dff70d9c4d2f482db6d47da |
| SHA1 | f2871b9d40c21257ab32442b2294959d905034d9 |
| SHA256 | 1de77dc98f72972e2a51d18ab5478ad252c0bc3a4b5125db48831bbc89e67416 |
| SHA512 | 19b94bf8ddeb6be00948cb6b19c724b8320a4b98aa9e27ce69163ec9ae2ab72f95324beea716a438682e2ef52b19eee16355f66fbf40ef8933c592634941314f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 49a6c7f86f53122d2819db772a47ce7a |
| SHA1 | ffb66a721c986816621682c8ca9b756864bfc1f9 |
| SHA256 | 20cf454044fccdcb4a7bb0bdd94e9b722f7b8b9a2933972969316f548f3fe002 |
| SHA512 | 33794a584ddf17ac009c3b4463a229f7c80946f63c7cc2bd5060a314d7e38400721d6daf80c1df888d0feca9b2b143db4e9fc6b18defd421ddbeb741afb8e2f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656
| MD5 | 024b0594e0cc5720d9e7c3d5d02873e5 |
| SHA1 | a500249350343df2087e1fd0220f128005f7da00 |
| SHA256 | 4b32e33e09702f9065e0ff13e4b50074b77aa3854a68c1bf8b0b82d20fcc2cc7 |
| SHA512 | 38c9effa598b650e060a7433debdbbe12774544c05135c42993713aaebfcc785094df16a23251761ff23c678a7c6a80a6f9daa4d085fd2a70e535fc66480f662 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9B62UCD3\platform_gapi.iframes.style.common[1].js
| MD5 | 682c26af19b240f98d2cb951721fa54d |
| SHA1 | 18e58b652c7f82a55ab4b1910693686049e25d62 |
| SHA256 | 96428f0f585a874c185d560538ad83ebfad0365d760fcf9fcefe80add9e3c980 |
| SHA512 | 078aeef086271b7f9cf0f6e3a1e7908d7e38465a1a7a4de6f2a785147e9130551a2995e80600824da9341d58e5425d4505518e90eea9ffe1c64f4f41825a9660 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YCTRDDDF\cb=gapi[2].js
| MD5 | f9255a0dec7524a9a3e867a9f878a68b |
| SHA1 | 813943e6af4a8592f48aeb0d2ab88ead8d3b8c8b |
| SHA256 | d9acfd91940f52506ac7caeffea927d5d1ce0b483471fa771a3d4d78d59fda0d |
| SHA512 | d013be6bfc6bcf6da8e08ed6ff4963f6c60389baa3a33d15db97d081d3239635f48111db65e580937eb1ea9dc3b7fc6b4aecb012daeee3bf99cfebf84748177e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d965fd8d9f66399b228a1da32e03de1 |
| SHA1 | 9cd82e4051994f4b3c93e1b33974be3b70a4605d |
| SHA256 | 90c41c0ccd0df4a1c7dfb8999a2855dfb0f84e928a3121657fc71216419c9293 |
| SHA512 | df1bce5bfb195c4883f647037e7c78d84b460d4bf58dbbe23a7eb15dac4dd3cafff2a7258074c82b83a9fa5d231b4c528173aa93bd0ae21ab017c32c74a06edd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1
| MD5 | c5dfb849ca051355ee2dba1ac33eb028 |
| SHA1 | d69b561148f01c77c54578c10926df5b856976ad |
| SHA256 | cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b |
| SHA512 | 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a94b6c811f33827d982fb8eef212e3e6 |
| SHA1 | 7c9835466c7d335bedeed250d31fc9475206366c |
| SHA256 | 016c3926aec31da05ea4e455e31a95f6eb34e6c02874680fdd1fe79a8faee73c |
| SHA512 | c4178f46bc0f71daf8e253b8e0ced26de7cb0d551f7b765372b422af66586e397d7ceaa052e98ff7f55d10bec56e83f906afa9f2238314e5342720f472374932 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1
| MD5 | ddd08b03e48776cb5b5310b416d6e55d |
| SHA1 | 450145735733952410d34caef8a02fd9dac54f30 |
| SHA256 | af8ead70be3bd7ab72af26a627e71d082ce3e64b8f53ce34955815e6a4defe03 |
| SHA512 | c5502da55ff9054f96585fd1f6e6e2b3364b0cb58da63eac6b1703c965e5ef2242442de9e7e3c3a521e084c3118ef72783b72947eb4f87678bd34d9b93e93dca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c828193c6447c1d1283fe0e70099069f |
| SHA1 | 214fab8f9c6b4ec6e6934f99e0edc614679de5b2 |
| SHA256 | a502507eb5c5806443d537785b80a0b26f3882a3215ce358d8dd49aaf38338b9 |
| SHA512 | b39e91f75d1ab01d5568b7602581bf2dfb03ec4b20c1d502612367cd9d071809c09cbdf62c57b87713cd772ae224401b0a5e593d6272c0dc7db3ae820fb40791 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d8f1cc217edcdec2480c459ceede9784 |
| SHA1 | b4050ac46446ca63064cf347625d689008412fc3 |
| SHA256 | f9fa73c54c782994a05e92c38027354cc1c4a122c7ab6cff34ab618c2862f084 |
| SHA512 | 31d7fc8e64335b059c34e01ca7bd5990ef543f828d1cd34e3cb3ab9ede564d06ad083b103648f7b38d990427869f0a4c1ed290ef8fe265df86297a02e31a0bd6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_95776108E5303B05527E9B63C6628F47
| MD5 | 8acb808c655e2ca13fe454c565589f01 |
| SHA1 | 3debdda2d18b17ea55e4a95ceb757f05c69d1525 |
| SHA256 | 681d8691ab2cf7253b68cedb77bd55f899058ca6e2c742b8b57fba011191e7ed |
| SHA512 | 767f5ca97cb1640fad847c1e406dbc7b67279fb602ac773bad5a83aa3cbf3b3189b480588fc0dfac36a1b73632d7c2f6162951ce29f20fc57620c07e36caf6b9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9B62UCD3\WC4ERRS3.htm
| MD5 | a19a806a85498b5c4bf44ad6e34a5ada |
| SHA1 | d46d155956166d18ce509002adb42394548c7586 |
| SHA256 | 5db92367db7bd34a2da5fb0047ca5be8dcb9ccf9c623d2de6c43161327909c6a |
| SHA512 | fbbcf0c85ad1dfb32b04e9e07fd98e2712dc45db17dea458f14a2fdfa6f94d7bde1f8ff6d44404182a0273445742827be88252e7fdc4c04f5cd1475dc2f26df3 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9B62UCD3\errorPageStrings[1]
| MD5 | e3e4a98353f119b80b323302f26b78fa |
| SHA1 | 20ee35a370cdd3a8a7d04b506410300fd0a6a864 |
| SHA256 | 9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66 |
| SHA512 | d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TOSI74VP\httpErrorPagesScripts[1]
| MD5 | 3f57b781cb3ef114dd0b665151571b7b |
| SHA1 | ce6a63f996df3a1cccb81720e21204b825e0238c |
| SHA256 | 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad |
| SHA512 | 8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3141dea5325cf7be89952346a55e730f |
| SHA1 | 42b3ba9524453e415f6f1b8aed85afd07fd51ca7 |
| SHA256 | 00e4571bfaaeb12c62d226f9a113c672b90ef85d0e48fdb95b86682923c4bb78 |
| SHA512 | e37746f516d7565c21e9091af1986fbf137b2adae60677383c72cfa83d245ec136df753e1b0c88495ba0e2ec8d65084e17ea6b692918fceab63c4f32d73b2ce1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a972879f89d223d95417ffd9ce130693 |
| SHA1 | 8dbaa5651165d87a873683a6c5d298cd5860f65a |
| SHA256 | 3b728648e8ea2a543de55b2e14e35776ca5ee90f2166ed50e14e63487bc72429 |
| SHA512 | 34794fe7a5cf4c40f28867193b445524795eafb5eb054945f5a47e68355edf1a4df04ebfaaa797ea067f1bf2746401b67154ae18f4aa20bf913c7de617325dfa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 642f9dd103336047ab3df1c1adc1c2f8 |
| SHA1 | 3f29dd595f6a0ef370441c7bda37d24720c204d8 |
| SHA256 | ea3efe451a8fdad4c128216017e2afdf3a3f323f555ea3af432566999b317011 |
| SHA512 | 5087553679235f21b4d9ab748e3eefe8857771a83fb8324c8f9ebce37c08cec941689a36dab1e07dfd27ea03ea0f3732dfaf7c946331785e7b49613b1270dc1a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 24a3bd41bd860defe27ef695184b1447 |
| SHA1 | d11437462100909233b258bbd33355a65ad2212c |
| SHA256 | dec7cb715c32ef68ac0e57ce145240651c5d22b488dc39302cdcdeb7a6aee13c |
| SHA512 | 6cc6ae4a0d71f4cd3f1bca12621db1aee5c71724378e521f46ee12dd8314076064d9e59dc59f0f932407d2c8afa9e785365947f0f2ec2f94854e24969229ef97 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe84b8802724b1911370e867e34db623 |
| SHA1 | 56cefaa79bbe8e91b615a878ab9997e214f20567 |
| SHA256 | 12670199e35608ae9bd4fabfa6977386196380a4091870e728de8d2ece09f6c2 |
| SHA512 | 273769c4ed141464630bd973609ec7502fe8b9e4c72b0fb05aada80ed2ce60e32bd1687650b8079f26867451fad371d7d0870938b2a74610335e2cf05b483eba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 546232bfaf62368197f36b1efb102880 |
| SHA1 | 40cf676cfdde97239f5c837dac93c412eaab2c6f |
| SHA256 | 241d54099b8c1875c6da3fb256e672fe7fdcd45db71506ce585ac38acfc83218 |
| SHA512 | d8d1f8d4c46ca07db416850014d5cc8fc100d9e8e22df07eea872ef58a594ac270e8f0bced3303eda47c0fbb3527ffcef559fa556fd29f80c6f591f2f22389c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a31f35004c0b4955bcbf96fd6237941 |
| SHA1 | f94cf778002a8be891947e9d19226aefc82a93d9 |
| SHA256 | 0659fd0441c50a11b766d96e5b84401e85ead0880080b9abc2cb78bc83795510 |
| SHA512 | 34901b7e9bb94d1c9293e82c9edcdd04af221911c2f734e44bdb1de1468ad74e6fd6c39074efc4441ba02a45c598a8eb9a401db3b1f8bc061a261fe5070c8947 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c978b2766b0e586ed7e95fee39eb233a |
| SHA1 | 9661c24d6a3c471c66a7b9c5f292f0e7f7b5beca |
| SHA256 | 31e19e5b4b1d73654ff8196ef6e6aebf30387db1efa08b5adb9a619378b2163d |
| SHA512 | b5c666814c6c71f2cdcf25415351eb2e7f422e407b80824652100db650224417fab1c13de23790998d5ceea5e9ffd8d5dd54f75a8ba8f7bfa569a7e70a921294 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ea9667c775b90bd05ddb392a4e37984 |
| SHA1 | f0f9871b92cf913b4679c322a45d3ba109c20e00 |
| SHA256 | 3ba7b7f41dfa34dc9e8c6d3ac26b60a2009a7bb15599b81f75de5cf775617ca6 |
| SHA512 | e0720ac757cd18d09e6891e054916f07d7e1938f410f612cf3d8aa2069b57319250f378dd8d5834d5190c45835af5a90f8d637ff3142d16ac0a7b4e568ab2781 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8558aa7ddc5903615826c3dbfd685088 |
| SHA1 | 652a5768a5024f502e42a94b69b356e99c96a81f |
| SHA256 | 882bedcd17c016d8f8957bef6412416927abda2cddfe4bb9901673de236e6f24 |
| SHA512 | f1dac6763722f55911c9aa4cb0d1fe82e24280e3c9588fdde487a7151ac36d0d729162f837d5702e6a6e146962e4d045602ccdeb2a8045a8a1eefda2eb54d22a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a15a0c150ac14cecd46bebe43803336 |
| SHA1 | af290c35b7775ffed578025f31f2720b2fc30db2 |
| SHA256 | 2e889f694a138b2051a1e63bfbfacdcf1b344500360f662316116a2ec50c4d24 |
| SHA512 | 535930c25a6a051b4564aac6e9dab0d65252b006d33f7cdd1071196c3896b34734b4f63ada67b00c9835e6655217a8de1e6ead7489975c93d486a5599ba9994c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76dac9c936ae67bf9e578f6fe28032c1 |
| SHA1 | b65fe833102e5893f8505ee0ab38e26342db33f7 |
| SHA256 | 60652080a17a974f9775d093b5da3f671cef02d3933f32d590ab7bb08ac9dcae |
| SHA512 | 3a74bbe60a1afb40cf9747bd20c130c134eb5aaa6e3e82037abe146c4d425b4a6598ad3928dddffb7609e9c43a4f482e30a1db6e51f5aa586ec8a9b5624eeed4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc68d6f62b357cda4327d4220bbaa86b |
| SHA1 | d1c7e2b28ca13b416fc5c148b90027b3548280d9 |
| SHA256 | d3f740b2283b987d11b6f306f809c148db7b9ab8e3d49f78725442f335cc1ce9 |
| SHA512 | eba5c800d8cf6222179fa304da8d973b5ebcaed4e7c96b858077e625d16ba559c890541da590a1acfaaf0b5231773c1f484c29acb508ae5dcff5356dda018b10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3853619a9151d5d191008383d7b4fea |
| SHA1 | 1fbf074f6a7f90aaa7948aef013f0e1f5fca1eac |
| SHA256 | a4a6bb5ee9c96c9bdde9c33941e54bc8d949776eb37215b7446f1a115045b74d |
| SHA512 | 58c9f9d1830c7e31c6e5f947fb0447e8b0b18de24666b014f91ab23b7311722fa178d1f711735a4a5455343673ceea747c445c09254a64d97b08aea0fd48ea7b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 46367efac890417c641f2b456fe08934 |
| SHA1 | 76bdbeb2ccb66da9273f7a8704beac5b4f035c42 |
| SHA256 | 33af2d0e7b1aa144ee1a17f14682596a991726bbbb720db77c5f953f28a67f05 |
| SHA512 | 423897eea2edd45e39f952984997a1f34d52be7f636de538978b9024915ec63fedeafaa21bb794d330764e36fb92bdf7366ef262f067784b672635fc30f686de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7e0897c18da7feccff0f2059a4cfdf5 |
| SHA1 | d11b6aab0676985f3f717428e35a1cc6bb24acfb |
| SHA256 | 0a1914e014a2bc3687298a5bb001cdb54c442fdeb9db35481a56ba310584b7ef |
| SHA512 | 22f181310692c235e32003c0f74e55e8df05fd9b5b544eb35f2cf66ee6e6eefc04a8951156a6e683f30b58625a2bb9c9e0d1b5f6d5adfac28e715dfa969b5003 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 783c82a5ab01bbdcb4e1b271d594845a |
| SHA1 | a184bf5e552b774e7ad7ed15547fe0205cd2c220 |
| SHA256 | 82cab2371b8efa83608fba7b00c1b001ea86694fc1d874e8dc0df396ef2bb6b5 |
| SHA512 | 83554dc97a291656a2f8bf97ccbdef8b23ff30315aa3b97d0d7806ce87bc8ed46defee7c502ee475370c299a52d8c0deb2ee26353883c3871fe98825ed8f7bad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 004c7234874958ad39b3c82e93eb6980 |
| SHA1 | 0ee8dc9a165c7e6773105f2b86c6aad779d14f5e |
| SHA256 | 73eeb5e005977fd1c4d2ba3caf58b0acb522408a3ccd3dbf6740138f153b161c |
| SHA512 | 4b2d68990c93d2547459c541f2877dc10a586faf9636ba4555e5f0b5d0b9b87930c5fbc2aa1d741f6201fcdfafb27b1e0d17664aa0a91d00a22fe451d8acbbd3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f74e40951ca2a075a2b3f03060ef67e3 |
| SHA1 | 18da580980c606f3fe95fddf14bf6cb41549783f |
| SHA256 | 0749136ff76dd4f70f8f9076a8c4a7fcafce0377960399248874d46bb3de805e |
| SHA512 | 5c5d0bbac838eb4883a0de778bf23a4b65e7a643429acabdfe53e6775df547626e7ba0e83e90d6c57b2e0e8e86fe0c1fcdb5b6c8f1419c41e7c0e69b206112e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59337fcd2ceb73fa45a8ffb96ad26b1f |
| SHA1 | 92e356516d9b92709f095858bacd3917ecb906a6 |
| SHA256 | 8c5ae57e8905a9c9dc034375c5e936eda992dc729ac5a4858134e6c9c2da21a3 |
| SHA512 | 6ae98aa06d8ef2cf38803782063fa3b9ab28ffa03b27e945cc26793a3c3f5879392733e508b1d5310ce4fc5a387c41ed743e692883a2f4af76fb3817a299ab62 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e84559ce8446640fbfa872fc5740f2f7 |
| SHA1 | 5b3b88ed1acf21258cc56beb1d3e380494abe9bd |
| SHA256 | 8be783a637bfb0cb9b5bf82880287785c34dada17ac753a9ff78583f5b95e6ed |
| SHA512 | 498cc1a1aa8453c9e38a3a36e8a33ca6aab7bcbd0282f5f5db9b59150253d1fdfe5c95c77f00d2605b905d2e77ef24576b6232210ee0e8c2ad08306180a01302 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ffe16677411ce23da51abc583c7657f0 |
| SHA1 | 5cbe010b32f58981a9ce91656a2ec6b0cb90054f |
| SHA256 | 547135b62ee3983575b800180a18f1d4f3809eec4c382b834fcca5009a8441a3 |
| SHA512 | 8f53d40e867ac0f7cffd50df7fef2f6493f081046ef6a8d196bbd5fb2959b7a184afbccd8357b3418cced164702e340280a670bb830918913f9b9d79e9131e2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dcad2c9c98c5ba70ea4356ede2506fa4 |
| SHA1 | 7287d168f7cc809865442c41d7415781a21839c8 |
| SHA256 | be8877d3da5ed1ad5d67b6102ca3ea306eae0fcd299944ec8329e94431a76bef |
| SHA512 | a316d9ace3dcbe2e2022c81660f8a12af9dc13359612e17149f3b0215a01d5b76230ded09b777722d91a26dfbbcc0838f519b68e0d7a8949fb42637f9bcf804c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f3f5a2e5e3530158f645721b2ba807b4 |
| SHA1 | ac7c89f4d1762014602fc570e45322bf390d85bf |
| SHA256 | 40cffa12ae488450966d0f8064ec9cd3c0ba47b21bf91ae5f68b97d739666c78 |
| SHA512 | 863a3e4190abd36ed9b59645a796ed6b60fcfa085bf333a42a41cd675386ab6eb1efee0095802b1c6b302b727d13571427d33c2ed3072adef6cf01994d28c536 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BT22L3GL\3604799710-postmessagerelay[1].js
| MD5 | 40aaadf2a7451d276b940cddefb2d0ed |
| SHA1 | b2fc8129a4f5e5a0c8cb631218f40a4230444d9e |
| SHA256 | 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2 |
| SHA512 | 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YCTRDDDF\rpc_shindig_random[1].js
| MD5 | 6a90a8e611705b6e5953757cc549ce8c |
| SHA1 | 3e7416db7afe4cfdf3980daba308df560b4bede6 |
| SHA256 | 51fdd911dc05b1208911b0123aed6b542e9d9f04c94d7504c63d89ca259ef679 |
| SHA512 | 583636571c015af525cddd5b8dc2ac9964aba5a7a9b0acd3908e4aeb4c2ee74cdfaabe49b0aa13d7b142748542426864e91e88e90d7f73bc647f0bfecb0ff7bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e803e7fc4987a30e671a695679596ab |
| SHA1 | bb714046efefaa1d4af4c380e265923de2ff85ed |
| SHA256 | 83e989b75adb4443bee65b0be398060ba0433b8dd88caf412fa0a89c6f6344ec |
| SHA512 | f4da156f8fd1d95971a519885182fb11c84223958ea32615825bb5e33283c3c6076bfcc65efa88ae79e94f6a5cac3dc525d3673840a477d87f19243b96a3baa3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe13fd95c9dd10f97d5d3fac72edf179 |
| SHA1 | 3713778910a669199aca16a27fa02909a10f3d19 |
| SHA256 | 43c850a572cdfcede0134689992d48aa8e450cea7687827d24f1058844d98083 |
| SHA512 | ca7c21f201aa2aa20ac8ffe218764102ce2483797eca035e288ab782adf6e5bddde1837c79b994fe628e7aadf434e647c4dfbe964855251a09c6f3171a1052f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7f7b717a1721caf7809dad34155d1c6f |
| SHA1 | b815f6d22fd7b35df0a18d0eeb1b3209203979fd |
| SHA256 | cc158a015153e79cb9598ccd6e6835fda6d1545489d2a0557d0a340c1d465cf5 |
| SHA512 | 045c1c039a70d352e88693efb8f308daffaa75ea07577cc60e6829bace4a5340d231ed705099b23093b4a889237f8956265fc284c6659b89c6b898234d5c7e70 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e909a22d6be0b0c5353cefad28f629bd |
| SHA1 | 0833ffecde02af94e4df9aea01eab58a00a33064 |
| SHA256 | 6cb77f267dbdd1c4c362c73325572ddca5feec50a601e4c58f949f4170979d2f |
| SHA512 | 253b0db807c654d7e4c29e7b6bb0b01f3d44b6d7c424acae73d5a1172371cd4e5d00ed678f0e6d4b1a2d2851584ac58ebb2fcd1cc044dcf6634d817db8ab394a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a4fbc7abade28a5062cc97c0da31d59 |
| SHA1 | 11e17a64fcaf7d998615027a2a85466afe14425a |
| SHA256 | ca17ed6c3db7460c89d4fcbec9d10f7980b788277101656fc1767ca81627851c |
| SHA512 | ea70e6b4038b9204e50281ea16cbab017c1b0c70cf62264588a453d750d7af53940be46d797e93c2623e7e5fcaac0335e4ecca92a755339b60ac5060ab907b4a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f0cee909b6d9b80ab30f738d9e69812 |
| SHA1 | 764ff85dba3b19640a7d490f9b25affac4b6b93c |
| SHA256 | 645edf73346e462f7eaf5f2efd7cc2bf2c5a369f8f967dbb51fa29e922661dbb |
| SHA512 | fc80e0a33966a1205b54c8a149744bc185df093effc2c9697fc5d1d8758685e2979c0f27e79147971e2107c86198acf5e6e93096f7bf4585080c35a7f7b66963 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 01:14
Reported
2024-06-13 01:17
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
124s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a351621cf021c03bd1ee43faadb17028_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef99446f8,0x7ffef9944708,0x7ffef9944718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10117583226346196479,2743175010037318872,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,10117583226346196479,2743175010037318872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,10117583226346196479,2743175010037318872,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10117583226346196479,2743175010037318872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10117583226346196479,2743175010037318872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10117583226346196479,2743175010037318872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10117583226346196479,2743175010037318872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10117583226346196479,2743175010037318872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10117583226346196479,2743175010037318872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,10117583226346196479,2743175010037318872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,10117583226346196479,2743175010037318872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10117583226346196479,2743175010037318872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10117583226346196479,2743175010037318872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10117583226346196479,2743175010037318872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10117583226346196479,2743175010037318872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10117583226346196479,2743175010037318872,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4652 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | tutorialforyou.googlecode.com | udp |
| US | 8.8.8.8:53 | matriman-posluhdes-ppl.googlecode.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | matriman13.blogspot.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_2444_WYKISLLQUSQQTJWO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 13f29cb5c94deeeeaab2373a351800f2 |
| SHA1 | 79207d3b6bef6dad049ed85cb0b74cd5378c9a8f |
| SHA256 | 304fd586d2f89d4bc5b1e4c4b0ecb57f6ec87a326c54cdf8f37cc973c823abc2 |
| SHA512 | 52ccbd44b6b21b9fd83c944c9f42524138181c832a102e192532468a8801de6c9d00e4a94bf28d0557018fef32671072b33245e87b52c24a8607e1a05d46bedb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4884e7835c48a440043e1fe483e26e8c |
| SHA1 | b137a18bb3e82bd35ca80bae34099544dab1882d |
| SHA256 | 3e99ff877dc3bb9e222de16c62500912973063fb7930f6668b569df3381c9aa1 |
| SHA512 | 8e562435a4e11e647ba6c9c98363cd69059218848c70b1e12aac52d1b0de6a8717719d254fd3faf6e4ed4bed60a3ef2e1522f83eac05fe6ae42a03186bc34538 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |