Malware Analysis Report

2025-01-18 01:13

Sample ID 240613-g18zvs1dpq
Target a42983d79bd4e8f393b1cc5329058fbd_JaffaCakes118
SHA256 29d364864c3e8de5cf3b47963a9ae49ba35dfa2764ad582454751f47973d90a9
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

29d364864c3e8de5cf3b47963a9ae49ba35dfa2764ad582454751f47973d90a9

Threat Level: No (potentially) malicious behavior was detected

The file a42983d79bd4e8f393b1cc5329058fbd_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 06:17

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 06:17

Reported

2024-06-13 06:19

Platform

win7-20231129-en

Max time kernel

122s

Max time network

140s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a42983d79bd4e8f393b1cc5329058fbd_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9AC99C21-294C-11EF-8221-D669B05BD432} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421313" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003017a11174602c4bba36b995b6a55d5900000000020000000000106600000001000020000000eb93e01565e35ed50b38cbaa0278f035d909cb49ac60adc1c067d463be6fb44b000000000e8000000002000020000000fe5f7e83319a909e77a77cc4f68e1c533710aba9c009942f03369d38efe03b3e20000000d28afa5310f33e4a2444801a0c6e060fdcb1705de741ef4be2c045a5472019cc400000005aeb1b6d0b6e5936280bb438c9b1f72a5205a28abbc900d4f679add03168148d68fd86d0593cb327ee3a2d4216da9036a9ae9f7df4777230dc27e7ca05e066a5 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80f4077759bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003017a11174602c4bba36b995b6a55d5900000000020000000000106600000001000020000000c8f2ee1e398669eb05681fb9f2daef6974f229f1ec69e091e400b165910097f2000000000e80000000020000200000006687f77be3579a8d95564a3c45af64c411234302d262c90918776431d5269dda9000000036252ace7298fb7d5442f7e88036f17e9738ee5962d9db8dae1efffb8d70259e18b5deffdc59ef221210916d99cf053c6c5b9ce3071596fa7c27bf12361a7257740d22483f86bae084f160660c2c9c9b5c5d58420ee4c6761975c045c5bab431bd787b95011fc49e7e0b30ebf7c45cd0372d035b5d11465969d75164a3c02125044fb02853ecd2da6a8cf33724f284b040000000c1469c72e3f55798df8f7b00ce596078bb75cc3bf28755f836e55faa74ef516341ef8a9f4da14bac7aff3992736e1ad0bf480fd65730111103982a378da404b0 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a42983d79bd4e8f393b1cc5329058fbd_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3024 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 pk-sm.ru udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
RU 37.140.192.13:80 pk-sm.ru tcp
RU 37.140.192.13:80 pk-sm.ru tcp
RU 37.140.192.13:80 pk-sm.ru tcp
RU 37.140.192.13:80 pk-sm.ru tcp
RU 37.140.192.13:80 pk-sm.ru tcp
RU 37.140.192.13:80 pk-sm.ru tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.153:80 apps.identrust.com tcp
NL 23.63.101.170:80 apps.identrust.com tcp
NL 23.63.101.170:80 apps.identrust.com tcp
NL 23.63.101.170:80 apps.identrust.com tcp
NL 23.63.101.153:80 apps.identrust.com tcp
NL 23.63.101.170:80 apps.identrust.com tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:80 pk-sm.ru tcp
RU 37.140.192.13:80 pk-sm.ru tcp
RU 37.140.192.13:80 pk-sm.ru tcp
RU 37.140.192.13:80 pk-sm.ru tcp
RU 37.140.192.13:80 pk-sm.ru tcp
RU 37.140.192.13:80 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
US 8.8.8.8:53 openstat.net udp
US 8.8.8.8:53 d5.c7.bc.a1.top.mail.ru udp
US 104.21.17.138:80 openstat.net tcp
US 104.21.17.138:80 openstat.net tcp
RU 95.163.52.67:80 d5.c7.bc.a1.top.mail.ru tcp
RU 95.163.52.67:80 d5.c7.bc.a1.top.mail.ru tcp
US 104.21.17.138:443 openstat.net tcp
RU 37.140.192.13:80 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
US 8.8.8.8:53 top-fwz1.mail.ru udp
RU 95.163.52.67:80 top-fwz1.mail.ru tcp
RU 95.163.52.67:80 top-fwz1.mail.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:80 pk-sm.ru tcp
RU 37.140.192.13:80 pk-sm.ru tcp
RU 37.140.192.13:80 pk-sm.ru tcp
RU 37.140.192.13:80 pk-sm.ru tcp
RU 37.140.192.13:80 pk-sm.ru tcp
RU 37.140.192.13:80 pk-sm.ru tcp
RU 37.140.192.13:80 pk-sm.ru tcp
RU 37.140.192.13:80 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
RU 37.140.192.13:443 pk-sm.ru tcp
NL 23.62.61.107:80 www.bing.com tcp
NL 23.62.61.107:80 www.bing.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar1C8C.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 91204efd5648a3ff74abb316b94f42cc
SHA1 df7cf0a9c6ddd77aeced0d42cb19f7b8e27867ab
SHA256 6b14555137a567a8b442a51179dbca21d3b47a354cf69d8d3615f129f17829e9
SHA512 3fcb4be67e80b1d9c648fbc6fecafac3f13f1272cd66d0fae16b8052c4f5736e1e648f5177f033bf5f1a05c9d57722ca3ecf499a04c678c333831ae35a26fe88

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24

MD5 3e455215095192e1b75d379fb187298a
SHA1 b1bc968bd4f49d622aa89a81f2150152a41d829c
SHA256 ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99
SHA512 54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4A9377E7E528F7E56B69A81C500ABC24

MD5 a01e0235cf1770f9808cdbbf6f015e11
SHA1 4331fc01879c091b72a7b308046b06db8f6baa4d
SHA256 63f941beba9a55fe5ed390b596e288f254a18984dd0f0cc36944d493a1c079fa
SHA512 56e4a0e59e077b658d6816c182128f74ad1545b5386ad59cd09b1c0c367a775c7fae9356ffcdb08fd1333e56425a7822a5f293ce17ed3a49a58c5e8dfc017667

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

MD5 d4ae187b4574036c2d76b6df8a8c1a30
SHA1 b06f409fa14bab33cbaf4a37811b8740b624d9e5
SHA256 a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7
SHA512 1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 b7a0633f1d033740c5db465057a35d11
SHA1 1aee5792b2eafb6115b10a8d1148fe4c483cf75a
SHA256 6a1f3f1ddaf4101cef97eddf139311255b49d7bf02123f6559139736b96f18f2
SHA512 f5c059afea69cfbf392b5f291ae55520a793e844c1946d349c97adf565c491365af8e16aff988d6c2ceb62495affff03b7b5589a279d5b02e659f44803937286

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8295f6caf824e5d2011877e4e1b321d7
SHA1 3d9c7a337ac8a39f3ae77d77f72afbbc784b8d1a
SHA256 c0ce55d9ea4b23eda06301cd324b8dbd536d7c5438c9f4dd550f3218e586d802
SHA512 c85cfd4880f3ad913cca3e01b36dfb44ca3f1b8a1120381adac976ca970650c4876640e08a94bc0f98a17ab5b6e000e22e32dea03c25f1c44881df12e821cee0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 37e9d89fc8d1abc7299df23319f2366f
SHA1 c61f45ae7d6ef45b0777c62eec3cfcbe971c50ea
SHA256 1a952187a9c22a72919e1ae893161555fd049b597cf6bebc8be3e3c4729c8e1a
SHA512 426538a9e2eed5dfe291b24efcc218ebf77b45fe45a8d4917af8d136f4580786e50a2ca530c02aa68c0bd20eee8a9c6ace692df886e455a1953a4561e5be8795

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 80f48a1218400de6b6332cf3931b7729
SHA1 e49d5cf51f336ae0968149da1a702fae4a88dd2c
SHA256 248aa96212df81f4a7778e41a20c7e47c32222104de93244d7ac75443e8ef32a
SHA512 2809081631d3f95e113a4221aa76b6c4a9859c7837a967ffc1bc87c54cdb6bcbd2e0e1ea018771b26045dc198d8091add72e14360f3d5d7960dc4e626341ed1a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

MD5 6223440c7a1d286537d91baa8657d9ff
SHA1 0087f4266397712c79c775e86dcc032d03c501c2
SHA256 919df4597a15e8e5791b9bd235f52311afa6707e959d480366719c885afecdc8
SHA512 e8cd1c061ba683f96cdfeddd819252dfb288cd9767289401870dbeaf9ba1e25303debf94a43fa237f7aba229fcbf4dd0399766b496712599bd4edecac4df006a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

MD5 822467b728b7a66b081c91795373789a
SHA1 d8f2f02e1eef62485a9feffd59ce837511749865
SHA256 af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9
SHA512 bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2258828530414e764f935f95ee8656cb
SHA1 461f17514a3dddae73dc5b0023663bf04c78439b
SHA256 dc8db818362f953c5b1619c7b99a234411d35d7d32c9492d24f58b0ab2e21c8e
SHA512 9f58f1c5d51ed51dea0e5e07871292bf026d298e24e8dd1a633b98fabef4915ea0a48006cd0b99ca51ad65dcaf45ae53bb80cb487f27f8c07389684b043848ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 01d2f6c5fb5bd0ade00db5ca1c4dfacd
SHA1 b52ae3b843c64bba5d0558b4db830a11b4c3e9d7
SHA256 2886c3071c49c2314122f0a7ed98ee3f2b47981b42e6fd0d503a5cd77692f413
SHA512 daca704f228f1bc9f1fcbe414c0e5d5f86cae3f7ab4346dcd1df3f5c4b4f4511426ec094c8d4c2c2f7c828bc6d626d709c151f9ff50024953a9e6b0f7448a31b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4474b788014911c218ec6a668a290883
SHA1 d8fa8709c87afda669cc06d681e68be81df02a0c
SHA256 7a07b1db97e3c492315b7647e9c745ddba0615e53935d5f7ccc2e5e6e5928ed4
SHA512 5bb6b776d425de9370c879485757d7d7af9b03702b76ac29a9a36fed0c90a1430f1aa796f20bcf772075ed72c006da8e83730660ff29f6dd0885ab2c572c68e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 07bad96ff26504cda605a794a4054e91
SHA1 e97ef2842af4c2ac6082295e07dd2bf52ffd98a4
SHA256 cad075dc01fbf8cb89cec66c806dc78ee2412ab40d3e562409bed09c50366c98
SHA512 ce8378c0ebe08b0cae82de1769bcb849925daca2103fe4cdb1a52f47f45b1b6593dcedc14a050684f91d73fce0e2417874b83761dc484eca3b49e77a0a736fa2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ea86bd841e3bf3ca3e45ac16641d8677
SHA1 ca20d7a6b403af2de9b50fa4482c87a3deeadc92
SHA256 5f48788c7d646d0280b29321ad379241eda64e7795427c07208d4a34859ec881
SHA512 8ae5e98f45d8f2ec182e61903b3ad6c6d42372f42a0bd0f83f56c2b4901578a5d74bde22c8714612679774aacd508e019eaf24a6cffab9b78cb6dfd270b5d79d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3802c9c5e22c2ee94e05b66f2916f6e6
SHA1 bedcce5a64ad70189d1a5cf20dddbf3b4a72e6ed
SHA256 bfb3d29a9c2c13b9054f47b57fd92e3c23b3e8568978b021d5de5612788538c7
SHA512 c241f77b7d45d7c36a0a077dccd53ef51bbed9338d909effe22dff9ce3b5a8a21aa43ed46fb78af3a0eaf7d7c71a531a83ec946198c04611c156a7d20d83d1c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d6ab235ea875202291ac898aa9b09707
SHA1 861d11c5e1c97b90282ae523a2cd53660dcfd85c
SHA256 1c9afa554a3674b929a3a45d96798afa648105d0fd3367259b302ebcd027fcf7
SHA512 99e5dcb98cc0fbd99dba2694413e1e7f7948b5e191d44b19e1873713128ae6f7464a7331955621241e2ca93b86bd0f48d8a46d2da4b804c625df65019e781ea7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e0a777571f1be8e0df83535082a7e284
SHA1 5bfc37c62bb53f71c7e979e18f59aa0052fb3757
SHA256 1eabfc6c36312355ca43e204331c0df529c357550fb6b44968dc9be6845028d5
SHA512 f1d7961b0dafebc1693adc433288b3719b04de294a92aaba5c31a7da8e1861b34a9403f1207fc1c422a0242483dda0bfdfdc42748946450410cb6306c9fd84f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 271554291e72f3a03bf44eb60e7548ca
SHA1 7d12ea9667c356d2e9ac539c3f0d9b89c92f651e
SHA256 217aa26caa26b53de97c0906d11bea6809ba92eb8540ca1c56b2970239d3ace5
SHA512 eb2260b88685736b39d93ee17f931e83bff731cf303b0f50cf0e24cb16e7a5c3a7b4928fe569ae2891c69d765e06939e73d9c4cf1ef4aa6d424aedee5a9c44a0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7ITH1I2\b7f5c9fda1dfe939968adf39288d448b[2].htm

MD5 e253dcffee25652f468f38648f5ad2e8
SHA1 2410525860f901d92236a23c22736d3eb6fed422
SHA256 c526e455a7a213ac75ccbc0e32c7e355e37e6bb7f7c20c22e74c7ebb6a103ea2
SHA512 115c5a7c5c20c2a3e83689b598329c44d80b55eb3de037e52e30511f12b17a4d8f017275c015361d1a7a23d991c5f28f5499efaa9317c8b6c1a3267ab5e4d92d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\COKGNSRT\dcjq-mega-menu[1].htm

MD5 2bff0e173ba63a997904534fd33782a0
SHA1 07af28a59e5083e68ab35bba4801cfbb41021de9
SHA256 25903368f373d9aadc5fb5ff551f19a8109a87d8501b0b2b6a3b9385aab6a476
SHA512 8d3d6be85bc52f81a30cdc3982536089cf47b1eb169095fad85f4c86a5069566667daf07c86d03b1d4f28ad84e74935f52e03e9af09432378641f118bb8d772c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7ITH1I2\wpfront-scroll-top.min[1].htm

MD5 1c653cc05c53cd6b921e82a8cbdada41
SHA1 5bb7cf16f1e191a5881990f08e0c71ee6ed1337f
SHA256 c528eb06b64a6fb26b761063f9355104f32f442a9a5a9e5773a9a474ec58db7c
SHA512 b522dd9f5b2203a457cdfb3c11f7cbcca15a68a821161233d77d5eb7df60b14a26713b4283aa50ad831bb364472073902bb47920b1fa2fbd072d9ea9c4aa1271

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2dfdf5c3630aad3f3b04ad5a1d464d3d
SHA1 c513a3ec43e6e9ab3d42ae4bf598b463e3926b1d
SHA256 289c0600eed0a75107345c20c5d052dc801265383f67bb66a224f8bbf7b86421
SHA512 31af36f11a5168d54d3aa492ba5bad4f8cd74234f79c8e253673c01dab40ef16a0fa3ec32f60b701093559be151aa445ba6ebe91d068a4f5fa0518d45dbd55e3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4259fab421e6ff50500df93b094d6f33
SHA1 7ec620e769f66a5b846d5258a7f020cf9f3eb0da
SHA256 f21c0e3d11ff4aad52a2c1aef37008adaf5d1a81dc1aadd2a5fe227fde3897de
SHA512 c49f5b701f8aa97a8e84bc0415ab9533a0c3a7ac03cd0f18970df9eebead01724c6983a10e9f5a0e7c6ee5193de7be77a93856ec374bf01f60b01d26e1bcdd13

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3109875edc4c07654ee3c8c575e5ca64
SHA1 f1bc460cd82bc610dff29eba6dbff4b68ade5751
SHA256 f3ccb5c7a34a7dfcf8d8bbc810d0d2a4d789095f6027b3e8d6e4e8bfa1ba0c70
SHA512 04297f9c1720323beb5f71147b51d9cd799a1a647618de1d2769147917a39833471627c7052824dcd1be36e55975a81a50f989c062607c774b94ab5e0a9afb03

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 67fbe83bb3695202617ef8726bc956b4
SHA1 a9da7b7150572a5e19f6c0911c91fa127d13a5a7
SHA256 240adce22adbdfbb17511af07b86890b8e857a096245ad70e191361edd30ef2c
SHA512 4fbe46d60405f0b1ce927f60db5ac4bfccb87f8ce219254fe941a2b22bdc1b22773734f9234478606f605470cd591415bcd9a205f5bf23aafe617975b4f6fdc1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 941b7e648c3b3ebb065eb2728f3db705
SHA1 a88ca6135d7e85a35fd8bdd622b73f2232e1b6aa
SHA256 821e7992f004ec208b41eecf0c3f6533bc3d4fa750c859072e301f4b48132be0
SHA512 fd3dfdfafa9ad65ca8eae13d881d8ec723e4eca32f78ad69ce8decd22223736934cd50bf95a9a456e067322025731faf3d05a60ad7865991c65b7be07c023e7e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fc453cf7a647509cea11ef6611be5d63
SHA1 1ef5e4eeae77b8287c9c2cc4f1342eef1d3b208e
SHA256 a7aff832c626024fe909154659130fb3ea96d2efda1cee948646d8b5c40df943
SHA512 255ffe6c870f65853cd0cb51dba98ef8c6ef4269e3a3200c1ff4c74a918423045f42674290e006a16b34c9890c6848ec9531dc77fe4e11a3de60bcb21b8860b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7be8d49263e8e5365d0fa37538345bdb
SHA1 69bb1b96c37f6a98c47ea00b5c0562b45d4f6e2a
SHA256 1bd9a41d83602fa10821bfa16ccde11a2e4944a5b8f2068f8b6961300bfa2b73
SHA512 0706d077b0b32f727360c874492fa924fe5666c217d9dd0f89a69526a840039bbd1608e239b52245968f10039e1ba35a4a25085e56ade7b268cb74cfdc9126a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c734f8c5c1b5936a10e025258d8cb7f8
SHA1 e97efd3843eb307beeec9f2ad9a7d1ccca0ba79e
SHA256 e50c5587013d134ac65091bc9568ea6a88e37d0737460b5a75e636c47b7bc3fa
SHA512 ddecb274812c272c4032245e0d7ca7142ee74cb0dde7593393c154f85d67440a52ddc4a22a0784b4c6636afe66445a39ba462c10555b5746cae76f64655562d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 879e02289f7ab13782e4f915adec6f3c
SHA1 98bba298b42046e575ba353ec8bc40b94820b12a
SHA256 e54f3acd2b0390851fbde290342da5a74fa1c8a8fe4efd22cd91627a0222acf0
SHA512 7dd91f93039406692f4f8db2fca64e70889de73e0269ed18dca6792e2ba3e5cd9ce8b1560213e1360de137d318fc211f29038b77467194fd537d16fa3d8138de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eda3f0609a5f6c29c020aa671b066aa9
SHA1 f2f1fd2aafd2d28c30094cdb070b219d0a3c0c48
SHA256 f55ea9cf0bb75b8133112e69576ce33d211f207b6b318b2bfd65f601803df933
SHA512 2a77c8af9197d414e1e00264d02c375c7e532d18341802ca4ef9ce3b0503755e1930410d090b51b7c8a459d3d631c7385c5f0b432408c00de0c8b62537a79907

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b2be6354f46949981540d3e1e34e1680
SHA1 4f73bbe31ec832cb2bb0856df869debe9d6c1a83
SHA256 e3eadb9d8c810adb76dfdd5c96ed17742517aa392ce70270e6969ad101f3401a
SHA512 c77cc5f809368af41964b58a257f3cd01bd0d6a87201b888416c1ede943378503953ab7d4474af0a57a38083771ab10449d4d5f733b1e6e8526833a9fba3dc47

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 91ca6c5a8c90d98e9362760917b85ffd
SHA1 66151121a685ecb77eec553f2501af477d1b0cbe
SHA256 135dd4bfd41f888bac13fcd5869bf50e4c4a9ab4a9bb6af0da72dd3c9242f6c7
SHA512 e0394348de21b8deeb52bb40a2ef6566b58f2ffd8313d15760df55bc89cc2780c52398ca77521af47b1811fb2fe3cb2ed8f1a912c47be0fb5f51206317f87e28

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fad471ba80d97440f4fc0e38a97b0697
SHA1 f46a1fce318d067fdbce870bdd09811b2ffd2913
SHA256 da012134862250acb1d04701ba93a711066ed2334dcb75ff41a79abe8a4e9980
SHA512 b2c656d994570ffc4130f8f1a2121d6afd6ef4a777b9d8d99bbcb34068b011c945c13305a57edb72367f5b90ff5c701c15586d3a80ad6277161b690698941582

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be7f77e2b7ab602a0fc74bf303d5b6b5
SHA1 5fb6201cc956ee8bd0e61186219e772cceef7a6a
SHA256 beb3a2b13086cb4542c150ad5ba17d9fcd94f3bf141dac3429ae80a880196f75
SHA512 07fb01082aa816a2a0612578c138bc1f3649d876f981620e8e0678b3016453528e4e8c9f6df8e8f629a7f400bebd51e135879a9c4fe26405516a4b6200964e31

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8821b99cfb43aebb89b2557e7cbf93d0
SHA1 55071d3c1cc0678b20310d7018b02ddfcacabfad
SHA256 5f183e57497832f55379ee9aa717f4d749f1e99089d05f6bf120409e154e58e7
SHA512 0e1d0cbe1dde2e1749760ffc026465807c5d119c6fc2a7cfb09887dd671dc85a1e7fcb1b281c93ec2908808457b05b0b01325a1a26542f7aa8d641b1fcaeea53

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f76fa76302ce853c59b92ff8c5970e8
SHA1 5023b92b26bcb0394986efb65d6aac7da3ce8974
SHA256 3593e536387554894d617271bd9d2dbff9d691e9f2cd4a1d912062c4769fe7d3
SHA512 231e3820082c9ffebade2e5a764470f3aa5fbae0f3909eafea565848b1a915eb2df3a038b412c2d728fbe436dac130b8d6535f45997330be8438b8fb1da53d31

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c8a2b45331519ba9790132c29135e0b5
SHA1 963450858be808874bb71afef57d3a963e3d584e
SHA256 ca532eceb124f8d6f0d689b1dec93708e3bdf8ef57e37ddc0fe0dad908ceb3d7
SHA512 2b334d9ee30de3bf74f9c4c6ba8617d9c2fdd6dde98022315fdae9c7648af2c89af06ba900546f192d4fe242bcddd1b779f9f9999785f37b318cfad297054602

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f7eedfd1c8cbbd14e67a8c9fafa7ca6c
SHA1 f4a486944ae45fb94c6be34ce250fed98d65657e
SHA256 02df96fd8907319c2f259e0d9d947301b8b2d1c912c84fce6060b333bc680da4
SHA512 c65cb22d66272546f16dfd2ee299d1e07fbb0d6217a91a1d8c36c289bd13115c6f2d1d19198be826f836e213c6445bb974601e22f2cc86c9454d66124aae9401

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d8f9776d8614de5cc3f7c8a4a9c5624
SHA1 d93f396974eb6e56ac686fc503051893b3bb2198
SHA256 b6ed1bd0ca4376d44f44e50df3eeb75a0256f1afce009c71b232d0b10afb6294
SHA512 08d11e4976570ecae4f504d643612cfabc7bee2e35991e823e653293ff175090e150d5482d6b793dd0a896775106de497577e8b97a598331a08af14d4ccfac81

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ba2cfc482f7e9d90a2ae2fe5e599ce31
SHA1 84de22f1c8e41b138aabc2d477f8170248600541
SHA256 ccf4e4000b58057e2e0e9ee811120256b8e70ee681a702feae85e215160005c1
SHA512 1f2790caeb78d15d0d3a87eeb6fb40f7c6a6d909ede508fab0946f3988fb028386ba3437b77b45e4ed77811ae8a9d009f861d0c1bb86a0acfcced1e19a190878

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a3df5cd426349111556125a8c47aaa7
SHA1 2a1ab8ceb984e3fb477390dadb7e3756005aefdc
SHA256 86e8f5ca4e0673c2826045f02034b87e55e544e014baf6b04b8314dd6c5f254c
SHA512 23bf731473412d5252d4644eaaabe6af86b4b37e2cf4d05c896faf8f46cbfe9588dff2b5a5ae6c6d7a39c794aed43fc02b210512a1647267ed2c99dae3abc2b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 89592b309b37167dc8243ba7c7d4ae5e
SHA1 30cd037b0736af5b00b3e70aa53138b1a4edcce4
SHA256 b6b0eac5f4042db0aeb8fb194b45d16765b089880d32d5a619cdd7dcae178a33
SHA512 5ee399bce036f921b0f2c2edcae3fb535bdccc2d294de2bbeef54bce88d93d20a669ddc8be34f022b74cf90828bfe66c4d1536bbed6fe18aa319a2c1c58173ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 311b9d2b7d8a68a95b8bfc91b6012fd6
SHA1 c7ab94764038a67941477cc2fe611113a9cef575
SHA256 0ada2ef883edda7749de4f86cc9e5752cb730d3f5943d84719b3daa9891fc74a
SHA512 7d0a3e5cd56a56f3dae7e1a095a82b45ec062b039f6c65c74f8b096862f17af8f3fb19b790f22026ba0d3f697913509f262f2f5c555fc0eeafc432e0dc3b81bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3de0c114985ea851744a2e5d7394ac5a
SHA1 b9dc2dc273377e2f15dbb25747e06768c73cb2b8
SHA256 f3c64779d93c3016c4dbff258bb0adb7e64d0a8dbda3b037852ff9ac02a9bec6
SHA512 c998d728576fff8553c86270b50187055217f4e9befc22bcaf8734d2d1eb2c2f3c93ad2e0259a50a5d20bdc457d0b97ac69cba0cf8eeaca83c7b2149f947cce6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f8e519d566ca98109d2405e66cccf2f6
SHA1 ea18a5a714039d85dcc22545c48790cd50a5f8e0
SHA256 3dfe50a3d6b63374730ceff7aaf38602c5c02578ea34c53ee9fa969da332060b
SHA512 c5beebc57d4fc6818d72b35eb56b447ac945c82da70838be0e0c0f8ab68d1678f0bc352557794cc845607ba0204961b257ea8702a3ba611ae4f91345dcaa6461

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cd277633605743d5472e16b825ada73b
SHA1 2789926bc65c4d987719d7064cdfbe3b83250400
SHA256 635ea2db07ed6fe111e636a0f0db3ae67e6a09a33d1ce22ba74af2b25c53ea9a
SHA512 4713b63dc3be8c27c382a186e6eaed50a47eceb9c636535d6f989d67c91de2fb5307e455d007a357cdb1b4d0675ff96fc1da87d9175db3e2ee63f685163af067

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b92842e239ec6cc7be01fb74fa137c4a
SHA1 32fe8129ecce15045c727c3e01ab2e3ead649e0b
SHA256 d746b53de1312b90d1491dd06c2f28f7eb6d43b574916c2afe0f5c9d6be0057d
SHA512 5f055f7d138932ed036cae027030a8279dc808f151b6166d5df42040e30fe61f669add485a72aa04dfc7a8b5b13c26e01248a1b7c6784405093f090ed6b718ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 779b0d2457a78e799cf8bdecbea536e8
SHA1 b26bc95b8a3d713f72b594f84a68b5b44b02d173
SHA256 84a789f1eb7ccfc6473b307f58773d46248cc1e125fd86759de238ee47a8337a
SHA512 eca4cfd8bf33ac80f14e4f8e7af47825c81cb93b2380f4d48639fcd751f95d78185a2fd25897fd5c0ea4548be1e66c85a274968ff2b00a7212b4c6bf9b15640a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9cb9f670d8a9e42c203175f8855132ee
SHA1 75dd48180b63b029c2acc8dad2147b6377257439
SHA256 33c279ab49f22296c8b2b494c1005362ceb68dd69f5359744fc6418e5ea28dab
SHA512 676b78fd0fd4e104e0497edfb9e72f7e28e84f5270dae149d68e68f93ad21100e80f1a65d2f01e089daa51a111348cde16126a1bc1357d70b62a1ce62904c9a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3d6d30677b38f1b80bdd37b8b26c75a8
SHA1 ea493ac88a754ad530862d786b354efb16799637
SHA256 810cf6e8625f2204d389d43f147925460678eb5fdcad06ad2980beb78bd876d8
SHA512 028b7f9943f8b254934d5bec6c234f4acd1ad5414a73acad5472d5f9465a0f4bbff6da2913661e787a0d826927a0c280571de7d72381d485f65955980be14431

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bb6216d0434d868a8058bc043edc2f65
SHA1 5564a7406af52e37c5f057584509cd3e9eb46a82
SHA256 ea4a777446692b1f571a892f1c533da6a6a1c2466d8a1edf0e5cf4512e2949cd
SHA512 ee634cb258c43499a41f59e022de5ea7f4fc01cc61a2b3c534c5699ed0738e04514c59ec601ce4edf803aab44068ad8c104a45f53d2a62a472c694e948f1df8a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dcc7b33bcdb633eb30a6798d12b31e49
SHA1 c7a2b055b9ec3561ba312b70f05358569773b764
SHA256 a973a41c2ce47738351a06ba2f4289961f4045dc6c3552b024ab5bcd3dd82a1e
SHA512 6b16c7a437006f966a8c39c7db94a0566c1d28ae5d1d27570a6de3c28c88a6db3a578fa52a23ae641ae6e22b862e71af293067a51916d00d78d912bf76db1af9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 83900c51bd2945922d461db17318c9cb
SHA1 50ced7c97515606290a325bc7dd73ab423e274f6
SHA256 4ca3532eb00d68212f8d026fa318171054e6e26d3acca20bb789d1d27c5c7859
SHA512 35cbb7c342ded252d0daf6995d990dcefeaca6569e0cc9b98d312ea2bc77df979712957680417e3988ffbec378927a86b8fa8fa941c430f05ebc1d94a3fcefa0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f798ee3383f22256ada84f4a54d8e073
SHA1 3154344d9629ca5b504e7861ddda55f89c29fe41
SHA256 db3f9b61905b642887ee9f2b471633f2ec9e597a86c1d0c86117e05fcce1d1ba
SHA512 5959b0e4342628ec6d1a8e0609bf517ccd74b085c42bb298c9e33f43c3d7cbc4b1cf9561fc75fa841fa7b648a7994ff3fc10f54aa4a9dd020accdcea7e36a0a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 73f6704ba82022358fb5097c15642e40
SHA1 2f7948981a3a7f3dc132b117973a6f383c1fbe80
SHA256 e1003a59295eba2165aa2a4ca45a4603169912728681575e66c1312882d0ff0e
SHA512 35654126acc1b3d963b852f93f797b8777d9dc7e5749afebf944dc40966cd6d28f15826548b72b360e1f642c3ac028f57093bb03ffd286bdf3e49dd0a23a2f87

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 64f8da1fe58fd9ff34215b23f02f3b40
SHA1 f6b1a109d8426b22cb9c1565ee5b5b3731d8b3c3
SHA256 594ae28db81d8be41d185dbfdd3ed26c165c2d6a801539790f66dd502173983d
SHA512 72beaf5c214f3b4c7f8923ce923fe9db1777e2552453c6d046c7ae04428f85391b355d050b420760a0f943e963051bcc11bea62b62012e93603d077e6b1295a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 86c51a07b76a1e0023722f2cdca3a67d
SHA1 8454e2cc472ca960d2a0e7ec07cd2f34605ad8d1
SHA256 81e29f48913d255ce338263c68fd3b6d51ff9993ef5a5c1723203e56166e5a24
SHA512 2e20d1085878c3f094656e9b58973e34c12f9a5a594ae057d19d08efd23b7b632899b2f568bf62aeea60f70ec92b5d2b6011d85bc2ab8bb23d8584e8b7ff3174

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1572728a502500ab2a82aafb391d9916
SHA1 f2a71ff8ce21599a763786fe0f2fcbf66a0d3fbb
SHA256 852f21f3372e87ee07aebf92e409a18dd46f97376aa76a3d3b03b33252b2cc50
SHA512 d0c036881e685df29205a45b27c470f9e5061b8c23c78b43477ec2c07ea1c28b1019b2228f725a05baf4fcf7f4e85b75c9abdb5368fda3875c3525b76fe83854

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d2d35d5e85e4ba3dc61af9e8296e358
SHA1 a4a59bd97c9197fc51b84a83e0bcce3077d2d0b2
SHA256 2370536c1e353d9d280267a8c7b07ec1f1f3326fe733fd4d85d22a9a985f3eae
SHA512 0d13a6e4431316fcf65bc3b3c581c74f4a354d13efd873250b8ca1127c5d9fa3c1d2b81384ad7d6befb6734d964a11e3fa5f4ff6f394c702314606b18dadd786

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d1fceebb6a41775a1d86f82203955fb8
SHA1 e262644e62922a9235f96925b0a3914bfeb7dfa4
SHA256 53fb5bb59627618e61281d958ae0aa62037b11adfff57d013ed7b355bc7a0414
SHA512 8956461e8b65fd9274f9520656e786ab1c09b0055dba941ef3fdc7e98e999223efc0d1de7c24a5798d1f1a593f4b59c0321faa8476ba2eb6c542c52e00f09f9d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 46ef3498a942b1a16314109988448dad
SHA1 a9c587702f98cc6f3263314a95682525acf8366a
SHA256 e5ac2fe8f5a4f382455b0457a7c3da88290df7bcfa8100b1fbc82fb5e4a3a826
SHA512 1a34392f2f9e6723328667d26d33ca85d54b4990bee29a713c4326000c077ae536506efcfe231f92761a9ba107da2d12df5efb57a63571792dbcaec71c720fdc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 96cab93ebd2c4865fa1961eabc80f435
SHA1 d628e3c2d26ab036956279c37bd2be12f713ffdc
SHA256 0af138952d4d16cab6ea232eeab44423b2bbdbc220cef6a7966f96db81d257cb
SHA512 8eddac4105e4b229d677243064b33944362aa8df53276ee477c05fd46ba7eda3f161e8c678d2eb7a150ecba16bef7d5569f66aefaa0679bdda633c71483a68ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da5ed2a5cb4929e70ec0fb687c661325
SHA1 e615a0fc3dbe84403e63bbfe07eb9a3676f78f26
SHA256 72af0ea587d6efc040575ee32bab7233facab954fc37078ea9521d6944c21d88
SHA512 d79a692b3ef654f2965ce77c59bd15193ab3da1630bf820598dd7382a9e9ff7bbe533d5d14f647522d7f3dce880e1625418c08c6849acb03179a3c3804d018f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b1fdda3c6c433357d3a3eecd5f9efe5
SHA1 339abcad55efbf3a8547509279b276a58e4e769a
SHA256 fdf40af5512d7bdbceea9107b5a499a98bbeeaefba2c2b613a2037f7d91a91d7
SHA512 4a3022d858928dcb072c1f948f9bcd7762b27e79ea438c2bff087b2b81d11383ef4e5e0678609981cdb615712204f464e2affaebbca2bb50624cb463b176bf9a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ca6fd68facea1bfca88e798b6f19704
SHA1 632cfec83dbca715a2589e02ae5e53739b4cd94c
SHA256 99f931d52da62d9f055729470167f88a56a378c83517ab5336581a47ece99062
SHA512 669706ea671f9d7616539148e889b37871ca4b2863725eae7e1d34d7d8c9808cc14d9434a48f015031850e0b8fdca1e2d9af5d17891811d5b1bf6e68749e0e7c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0da9caba0322b7ec21e3f57e69dcdeae
SHA1 a0227ffd4717ef80ee374578b28c1bc585d3c1ef
SHA256 76da78f098c2dd6a163b4b1c04b6ccefc9317d96b32495d7f8216ac1bdf0dbf7
SHA512 e485a723a94b822153adc1d9ae84617b03eae86237b44ab1cd8b3cb90fb0e3b104241e5e9e530c787916fa2821a1998141020e5d71c12d6ae081cc5b643436ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1a4b8e27d5fefda975ac9b0151df6ea
SHA1 a97db6439a9b5c2e48e328989f7fc214f2371102
SHA256 f1cd6bb55fbf22f320e2c99edbd5e4cbb245aa164160eee15cf184ce6aac5425
SHA512 2ce8fc6902faec2e4205302dd1f0a645fa162f8c4d5353539b15e614b8d517e9e9be4b7b20fe69f591ba96c258a3ecbc1a6f14c4430bead795696fa64355777a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 904b0c0dbc2a2f7da643793cb2973498
SHA1 2177e2115d7b7c41bb8148ef3192fb252c91af99
SHA256 419cad8b5e88614f53ff922687ed2d9c50915f3f6b978c563628f2d2f38e8497
SHA512 06ff76db1a5493dfa4e47eda0a4adaf35956178421c2d41030335dd2b5b565614a8e4d23e26d6ded11d5060a166accd18522dc1522ece04328ce29e94a191682

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 06:17

Reported

2024-06-13 06:19

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a42983d79bd4e8f393b1cc5329058fbd_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 380 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 380 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a42983d79bd4e8f393b1cc5329058fbd_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ff8f8da46f8,0x7ff8f8da4708,0x7ff8f8da4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,7655433800203844728,1002517997068334046,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,7655433800203844728,1002517997068334046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,7655433800203844728,1002517997068334046,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7655433800203844728,1002517997068334046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7655433800203844728,1002517997068334046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,7655433800203844728,1002517997068334046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4300 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,7655433800203844728,1002517997068334046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4300 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7655433800203844728,1002517997068334046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7655433800203844728,1002517997068334046,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7655433800203844728,1002517997068334046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7655433800203844728,1002517997068334046,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,7655433800203844728,1002517997068334046,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 s.w.org udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 pk-sm.ru udp
US 8.8.8.8:53 mc.yandex.ru udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 pk-sm.ru udp
US 8.8.8.8:53 pk-sm.ru udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 612a6c4247ef652299b376221c984213
SHA1 d306f3b16bde39708aa862aee372345feb559750
SHA256 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA512 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

\??\pipe\LOCAL\crashpad_380_RNRCONIMSTZSLQDS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56641592f6e69f5f5fb06f2319384490
SHA1 6a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA256 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512 c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 508ea4151b61f56c22948db28303c0cc
SHA1 49818faf3e5ab7b5075716013d09a17100358e77
SHA256 e78e9905ca81897173a32933b676f7821e320cad8aa2ae55e5de76103620692a
SHA512 66ed1fe660ae64faa81e56f3eec67f6101c6710218028bdc7083de8630f77ef286e66385ffd1aabd6e254e3da09deeba1c5c6e729762125d2d7a077729c0c4e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c7773e017ea2bb95c445f588217cf539
SHA1 abaf677d087a142822327ae74db536bc46c8fba3
SHA256 9fffe547c8281656ec25a504a552c88d411a49bff155a6c7a90759ea0335da34
SHA512 795c3caca9740e53310747eab876f07103ed02a960568668cfa5d890da0400a7e6bf6f36675e2826ae79599cf272e9bbcb6acacc245df292717e9195a6a731ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1ee9df2fbfc07ab8e3a70f30fd04bf21
SHA1 a597e988228dd8406df1830e39ebeebea3916592
SHA256 2d07aecc90e8493f10a41b8377d2b6ab2d73ddb89a543a21403c25d264e2ba62
SHA512 25caa6f1b4c33974c91a897c2835b7122b7432e433bd57fcbbb2dedfc0c8cee4a4e2ee186605837589a59da0b0c70a85809bbf675b2e83200adea7933c05e557