Analysis Overview
SHA256
d8f9af05429495811a08ab606fcbc0a69ff88d3586e0b9b28b6eb3241da55ec6
Threat Level: No (potentially) malicious behavior was detected
The file a4e5b9f09de02d19e5b53923fe4e6837_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer Phishing Filter
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:41
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:41
Reported
2024-06-13 09:43
Platform
win7-20240220-en
Max time kernel
141s
Max time network
142s
Command Line
Signatures
Modifies Internet Explorer Phishing Filter
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PhishingFilter | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = d82ea0d575bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a090bee775bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e70f9ccbd59cae47ba4ce05a6034902b00000000020000000000106600000001000020000000b59cafb510208eb55fa0adcc45a4f9d4d48587519a2acc4636a7c35f4012af6f000000000e80000000020000200000006e75d99be1b80fb44a0c277f89b2c22fe6de5280fd500f7c22470216f0ec1f552000000033fc18cc9e5f31429fe8894d185e1ff439bf201462d408273090957b8f9752b040000000b93641196fa75a3c29cdc9ae7cc191e9a351b70d395a656a4eb4ad74e05d5d6763aae87e98d026edd1e716f5ec823e353ff70bc672df1c00b7520ae1a5aa26f2 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424433537" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e70f9ccbd59cae47ba4ce05a6034902b0000000002000000000010660000000100002000000089fa79eb4bbd6fdebb87e6c4a3aef7307892ab5effae5fc930c189b9544b4487000000000e800000000200002000000068d803eb9aef16992dcabda920ab275295882896d22409a6cf9cb59aee5140d790000000f56706fa62588cd098f0a55db7232f4522f3d67ef84bf6cf0b38b532ce2f54a1048383c15697c5340afb87ca64fb582ace2625c9c20947c921f78d508751b063b3f3c3928e5d3b1c547f35e7d5bbcfbe24ee56e86843353009ba546cde1fb22ac9195052c28efeeeef9f2518b3ee677da77d094c6d7119678b63d22f43137f6bf49b25b48f749f45a47a614c95390775400000004b9991eff4015e27c1819f2b61ff589fc5209123ebff3a1281ddbe0d18d3b326487085e32d8497298a6065da463af532b6a8219b56eaa0cabc3bf5ea7aef3054 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{104968B1-2969-11EF-B73D-E693E3B3207D} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2156 wrote to memory of 2756 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2156 wrote to memory of 2756 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2156 wrote to memory of 2756 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2156 wrote to memory of 2756 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4e5b9f09de02d19e5b53923fe4e6837_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2156 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | static.mackeeper.com | udp |
| US | 8.8.8.8:53 | loadus.exelator.com | udp |
| FR | 18.164.52.22:443 | static.mackeeper.com | tcp |
| FR | 18.164.52.22:443 | static.mackeeper.com | tcp |
| FR | 18.164.52.22:443 | static.mackeeper.com | tcp |
| FR | 18.164.52.22:443 | static.mackeeper.com | tcp |
| FR | 18.164.52.22:443 | static.mackeeper.com | tcp |
| FR | 18.164.52.22:443 | static.mackeeper.com | tcp |
| IE | 34.254.143.3:443 | loadus.exelator.com | tcp |
| IE | 34.254.143.3:443 | loadus.exelator.com | tcp |
| FR | 18.164.52.22:443 | static.mackeeper.com | tcp |
| FR | 18.164.52.22:443 | static.mackeeper.com | tcp |
| FR | 18.164.52.22:443 | static.mackeeper.com | tcp |
| FR | 18.164.52.22:443 | static.mackeeper.com | tcp |
| FR | 18.164.52.22:443 | static.mackeeper.com | tcp |
| FR | 18.164.52.22:443 | static.mackeeper.com | tcp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| FR | 13.249.8.192:80 | ocsp.r2m03.amazontrust.com | tcp |
| FR | 13.249.8.192:80 | ocsp.r2m03.amazontrust.com | tcp |
| FR | 13.249.8.192:80 | ocsp.r2m03.amazontrust.com | tcp |
| FR | 13.249.8.192:80 | ocsp.r2m03.amazontrust.com | tcp |
| FR | 13.249.8.192:80 | ocsp.r2m03.amazontrust.com | tcp |
| FR | 13.249.8.192:80 | ocsp.r2m03.amazontrust.com | tcp |
| FR | 13.249.8.192:80 | ocsp.r2m03.amazontrust.com | tcp |
| FR | 13.249.8.192:80 | ocsp.r2m03.amazontrust.com | tcp |
| FR | 13.249.8.192:80 | ocsp.r2m03.amazontrust.com | tcp |
| FR | 13.249.8.192:80 | ocsp.r2m03.amazontrust.com | tcp |
| FR | 13.249.8.192:80 | ocsp.r2m03.amazontrust.com | tcp |
| FR | 13.249.8.192:80 | ocsp.r2m03.amazontrust.com | tcp |
| IE | 34.254.143.3:443 | loadus.exelator.com | tcp |
| US | 8.8.8.8:53 | mackeeperapp.mackeeper.com | udp |
| US | 54.225.68.202:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.225.68.202:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.225.68.202:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.225.68.202:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.225.68.202:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.225.68.202:443 | mackeeperapp.mackeeper.com | tcp |
| US | 8.8.8.8:53 | assets.kromtech.net | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 6102726.fls.doubleclick.net | udp |
| GB | 216.58.204.70:443 | 6102726.fls.doubleclick.net | tcp |
| GB | 216.58.204.70:443 | 6102726.fls.doubleclick.net | tcp |
| US | 8.8.8.8:53 | event.mackeeper.com | udp |
| US | 3.165.113.43:443 | event.mackeeper.com | tcp |
| US | 3.165.113.43:443 | event.mackeeper.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| RU | 87.250.250.119:443 | mc.yandex.com | tcp |
| RU | 87.250.250.119:443 | mc.yandex.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabDB9.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\TarE77.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 12a8a026e49e3105c31b916ce923c964 |
| SHA1 | 79e365b04919452da6abbafb260fee14eb1893f4 |
| SHA256 | 5405723a104f4e876f41f183d3603e4fe7a18ad75b4125fdb0c22db12f26a446 |
| SHA512 | 83fbffcb6f79c1d6558cf8d10fd16fac5e274b2c4eca67fc7059bfad6ad4d70c933ee40cf118d3f4595783dacbe108f720bc287abd4823243d78a00471e213b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarEE5.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 567e2402ba6c7c61e497b28cc340c0cc |
| SHA1 | 0933a5ecee685d2153391d34c10a200be5d30685 |
| SHA256 | 489b084a433d70133a3a418934b896fbb338cd7f164c5014fc5cbaac322cb291 |
| SHA512 | 0a11ac69faa07b7e53e37839cbf8009cda33075a46405e69b44d363eef49f3fd81cc85265445102e7acd6525f25c846e76909298dc0227a990c752a924cc2308 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7db0d1bdb8fc344ad5c9ef7473846b58 |
| SHA1 | 207880c143cc7aef3980a5cccb200bd50db38b9f |
| SHA256 | ef03f2743792c525169ca700a8a426627f6cd2c20bfb3930aab5a1bbd97e2d37 |
| SHA512 | 08d362f474c853101968d756bb49e79a0d7d234c3bfc813791e0f845d9d5d1b1b8b707279da61b8cd1dff8fd3f31e588fed0c2acd18a744bb95f85e62ecd6aa0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e2400df2cda17d543300a9cf6b315c24 |
| SHA1 | e574c81ed78387f8ce9e894690154b0ac5ff7b51 |
| SHA256 | 35b281e4a3ac00d8baa8ae9b3ec16c6c1beb686ff7a87cc1a416c690046c1e18 |
| SHA512 | 89e7e1a5152c4ebdcde4130f97669a6578bb5520a4033358cfb6a9ec7f8813392c44fb22325ec6bd06296e3c66093112cb5002779e3907706cd8cc3474d1f025 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 292faada3204c30200e34aa800578126 |
| SHA1 | fd1d2e2a251fdcc1bfd795c37965a6d85508b848 |
| SHA256 | 59df2534323dd93c7ce68c18e202298feb6f6c69ee3b25c9ba4b013c70fa3a81 |
| SHA512 | 1d47f45b006c3a35bd707aa078a6e4e239fc088f28a7a9e72dbfc7d5b9366c80711fd173e950c5b3daddd62ad4e66fcebbd1c2098591da31936eb43090a348c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c3f3f8ed6ae3bde4e7901aeab6163bbf |
| SHA1 | ec16cd3d8f867d5a4627bb9101496d9386f2d32e |
| SHA256 | 4faee6657340aa6bffe26702fe5fcf69cc4858140ad633d8ed1979b8e9c27493 |
| SHA512 | 80760aa883b6b8681f93807e1331b436c8eb6afca76aed59be34bb571f5917c03bea95af03d236759555cff98a31f2c19ed9d38bc03b71a4dbf382fa54cccfd5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e68eb3faea88e731a6a18bc1b42582c2 |
| SHA1 | 3af1dda5f9dbfa04e4aad3ceaf6932a287ad0c30 |
| SHA256 | f0269f4c5e4d5a29465ea5add9599958f13e280fef7d46ec47e2a95a80de4282 |
| SHA512 | abf942d2822b9c99ee13fada024bb6b824f37be437777be341f4b6974d57d7315d0b2fcdc500c48d7361ed7e55f43bb9c776ca278a7349d301f3a4af2c90dd37 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab4fcb8e84a60bda57ee7bb30bb4636b |
| SHA1 | ef4f37597af9423bd87dc17230781878d4bb20f3 |
| SHA256 | 57597d5a7c16787bf32c9c439f681cad2ea9ba81201a4ef75063e21faf753aa3 |
| SHA512 | eaec7cde05a238dc461cd64f6fbaefa6b7c5c4cb5d7fb3e540f8297e894a729ddc75b0fd6cc86e4696e2c9f4d4a316862bd69388b171b3995e215f2896ce573d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f96c32b0848e6e0abba9f241190f4db1 |
| SHA1 | 80070845595cc74b7ff3ed0b46f0faab763d9c4e |
| SHA256 | 0a91553db0e060a9a9cb93aeaed30b37c09b014aed963935d9e8ce930ae85baa |
| SHA512 | 14d6e760c9e0b96e36684a58d59a81226c11b219f56268c1073be48fa4030b01d20394f0054b7febd823245de11b5a29cc4f96f9839287a56029fdbc0e3d7388 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0191c1453ce1c31109cd7ed10991f0df |
| SHA1 | 5bb98d091af93721286a7b6f7e71e25be3da7140 |
| SHA256 | ab59ac47fcf51a782f33b8df7e1ead8a964b0922299f6b8200eb490a6d2a0a05 |
| SHA512 | 9e8d5b4a76cffdaa5c290853bb2604843b536edffa50d7c6ac99aacd5b9d31d1ee6d24355767587d493a0b73ea33ee09919fd6f3bf01a1001570b01a9f27a8ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c1f0323093bd69ef0ce74d5b881d8f09 |
| SHA1 | ac15308db355c8f90f870fecd338c5b2c58c5fbb |
| SHA256 | d4685aa3701927e1ba915bf3aa656f57fcffb0c5f7bd742fb79a9d8df785fd41 |
| SHA512 | e56b5ea0f8e6d6e85bf1bad199822f99b5e8b93817b6191e30def0fdb5ee4b4432c4468e4f8b19593861379fe50c2b1a2b3daa762d90b4f5534505c439c08864 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7cb7a1bbc3cb90f3b3ceb3727263878 |
| SHA1 | c00ce4d0855ca3c66c2c12924d06eaa86445e83f |
| SHA256 | 4df2fcea3815567f3a4dfdf33408aec1eb9f52bec0ebab5f7e48f18aea2e04fc |
| SHA512 | 63fd4214fb3bfe821a21486a3765299d91a951771113a4a4ac7173a995ba7f896588af52803311056ef2840397be16bc6437784f5874a5ec78864a3dfd2080ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | d83d6487dcad0b0879703505cc5b57f1 |
| SHA1 | 6fb675be1ea7a9300d6c5f02b0153aa50448c310 |
| SHA256 | ab88dbd445477b770e6f12485bdfd1afea682157a83ae7b8204d9dbb6f571dfd |
| SHA512 | f61e57927f5024efb5d529f8fe8897596f408e3bb65e70222acee717b7bbaca7e8367e5842407f8b158bd7dff8483e66da5b76b5a47690307edc6bb91abaf52b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 24ddc1e0ef85159f20a94c7d22887bbe |
| SHA1 | ee95a2fb906640ecb5250249b40a98af787c481f |
| SHA256 | 15841881837ffdecd7f71c45a90c468f188c509ec2ce14d97c6f048015405c49 |
| SHA512 | bb1d38d29f985b56758564d8d840889586bfe8eaad42b5fbc2fb30abca2b5b5eb0c84e17048cf74cb6ab749b22257f009bcdf13b4018657f9b5d914f6e9c414d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 4bf453df99f059665f29553d763ac8fc |
| SHA1 | 989a3e73db392459d18659f9e299e14cede92b98 |
| SHA256 | a37b270deaeed090c1f15c343d1c97b1eb22d4dca935d5036771cd922f3813f7 |
| SHA512 | ed4dc981b33d56bb8e325cc284551dd6bd3be0de2e49b1e4ee86b3c4b1a9ec6f8e1b6d8cdde7dbe2a18730bf87c4580b20b6341ac5d3411fb71dbbe7135a3a10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b9678cffe0aaabc3b6b860f318f7203d |
| SHA1 | 3a43fb60cfae57b9e1e7f9abcdcd3256ecd993c3 |
| SHA256 | 61bc0eedeb1017777ebf1fdb0bcd07f849fc2a379661a6f08d4c46976439ec24 |
| SHA512 | 85bbd523b84f268e092a90d3c92335bf40bd8320c947477de7d597debbb1cf970986b8f86f9f56d877effe50c060610dfb421832cd848bce7fa2a001007593da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517
| MD5 | 149db89db2180063a362963c3590807e |
| SHA1 | c8bbe25bdec9d0fda696e5b94d267b97faa02929 |
| SHA256 | 3fa66cff182bdccaab97f01692e372fa8373a9171766c9c4ad921c7ef2b9ccd7 |
| SHA512 | 5f78b5f762c254c750b1846100e2361a3cc02e4255bccba555f960dc8723febb4e250bcc51390e58d2a0eec16e10cd89beeb912d1920223de76056a4e9bb02c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\83D863F495E7D991917B3ABB3E1EB382_5F77C0C9928B8D1890CC6CEDFA8F13D9
| MD5 | cbab29035c99d382c3a539d9c3ce7379 |
| SHA1 | 7dffce3880b9f9d8118de7899e682829cbc13e08 |
| SHA256 | 533dc7c720e9e789994798a9a97781dd28ac2604035cc9e7d0e09ddcd800225f |
| SHA512 | 665e16df4dfb54abf66f7412bec8808cbcad3752d6d14cb306ad494357a630ee3ead7ec6e34c323e86cc391a87f0e89a193a4bfe69a1d07b7dd1bb4501fcc14a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\jquery.min[1].htm
| MD5 | 4aa7a432bb447f094408f1bd6229c605 |
| SHA1 | 1965c4952cc8c082a6307ed67061a57aab6632fa |
| SHA256 | 34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a |
| SHA512 | 497ba6d8ec6bf2267fe6133a432f0e9ab12b982c06bb23e3de6e5a94d036509d2556ba822e3989d8cd7e240d9bae8096fc5be8a948e3e29fe29cab1fea1fe31c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\83D863F495E7D991917B3ABB3E1EB382_4D506EBD8371D43E19D08592A41A426D
| MD5 | 5fc2cb94a96cd0dfcb5e4d0e4cfdfabd |
| SHA1 | d8b0e6d15349c743320a717548de8b947bd6c504 |
| SHA256 | e3a7b0a871338263878cfde538c2259bbeba54dda73fd19e8eaf4786357d43f2 |
| SHA512 | c00e07d87ac0930a49a402a271d58d3ff90acbfd619caeaff401b4bee4a0f5f3c898528b48e7837d02a629ed6b6166ce6b168f7964c2e79844a3ec4b25559d87 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c156b2037782ac882d66f41950dd57c |
| SHA1 | 8ca4967352908bb4ff8322bd4dd72b7ebf2d8219 |
| SHA256 | a5a4210303b45ae350eb588f5810a36f31d4cb91c8f4c25b5c2bbec7c7e325b9 |
| SHA512 | b854aa171bf3e5149b4feb62cc65b6246a80500eb855cf98f26bdce1c7c4a95fb639833e7e45bd9c139ef3c18e9b377dd266abbbd10055c38828dd92e26e41e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a057858daf78ef0ec7cb9c160d7ed2d |
| SHA1 | 982442ee9e4439fd97fea7914af4fc0de7d75b46 |
| SHA256 | b34854b0bdc5dd49507e893ba1e307e65a8b91ea3a8df40a36ce11a3970d2692 |
| SHA512 | 327716105c6370a305a6eeb35c6dd27c55830f6c5aef45a60ecf7299f35d07311725903f343bf8e42dc9e7a60b646afc811f314ef4adb5370b887875853aed69 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\js[3].js
| MD5 | d5cb331beaeaf7b3eb22b7c38bcb9433 |
| SHA1 | 4477c5e1990218d1af7103852b0738eafa56437d |
| SHA256 | bf2eea93818463c9587fef13c2f15b4a11fcfe32ce5689105030eba88706d014 |
| SHA512 | 6d478ec278f0106197c0f5eb18e4846f4b903ce9681c4efd2c0fdc7d5de108612d25ae03e1426ec349df70261a5915fc9ba63bbef5bdc66d39b40772608989b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_47A43067FD26B14BE12C55F112579786
| MD5 | a9980af52d5641aed44724a8f643a9cc |
| SHA1 | 8b7125073e49bcf774873da3d495467764e0c2af |
| SHA256 | 67909205cde074e0ac840faef8513862d4f6a779e5eb93c099210d5871421c8b |
| SHA512 | 5e3f1d7abe2d2cec344efd48cb0ae2f2e8f584d4a4c9e1126d6237d7c634b2a0fe07222440d40ed50815cae3a5a1a03bac040d40ddb1a4c9b4ec7e0ec57969ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_47A43067FD26B14BE12C55F112579786
| MD5 | 1810b3b3a76d62ca4098be0bcdcfc3d6 |
| SHA1 | bbb8f1c98f2e9082c8bdf64633693544a8e970d1 |
| SHA256 | 4150f1eed007f110399ed5f029ebd815c584b74fb75b6a8fce09fb4345ac1d92 |
| SHA512 | e349cc25e4286b4d314a94ac5c64fa071b12e5cc23793d7f48e6a8e7a5e02c38452132a38dc85247f2dc09e513c25f45fbd98c407243a7bd5e26a654960576f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_D9071DA43FB0F84E24600A3F8D213D5E
| MD5 | 8f7a464633450969178443e8b011276e |
| SHA1 | d608b19fecfac4a2ff1416854d928e0bebde3c12 |
| SHA256 | 9dbabaf60c89e8f94b6c88bfd4f699355b8cb05e6bc84f65ffd027f064f7d0ad |
| SHA512 | 0b4fecc964443d9c2488743d2b0c410f35769eda2390e8a035842c46ef6b45913cf331235a90d60467c7adcbf3ea2fcb1881d2d9147d9d9997c864d4f6b76a1d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_D9071DA43FB0F84E24600A3F8D213D5E
| MD5 | 6dbfdb3adc4a40a34b079b4e90723fef |
| SHA1 | 3e942a26ef352f0af3503005ad709c76e9f5a922 |
| SHA256 | ffd39351657a7d1fda366bb123d3997bd1f36c862d015981865b4b389f5a1d92 |
| SHA512 | 622043a03418149b9c2505776ff990d305767f0a732e2340c957967c0526e9ccae7de08b5f7036e2120c6e6eeb8e6edd40a72bdcbf030f5d86abd9657c0367e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d9dce5959635b826c5d8ad4dd40b62e7 |
| SHA1 | 61846f5ceeb54dac5be9b1ba04a1b335d402cce8 |
| SHA256 | a7f67bc601308b9543ff45794c1e04fd51c7c19a1f82073c05ff4876d36da516 |
| SHA512 | 9ecf19642cff96aa69dd60419ad548294724151b1a54e4081c4972fd17d68eaf54af481c2323bb93744127af8d385ad2d34ce5cf276cb983df82765d5f6f1088 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4770d0f2e70d335b334eecd16754eca9 |
| SHA1 | 0c02fc5e73f91f5725b50c46b15b0b3b4587c4ec |
| SHA256 | bc0dac1fdfd17db881b23b3134700a3e76074319eefce36b9b622c9666b5a265 |
| SHA512 | 37b64a9d9cf4dd0269331d47d73429ab8d5754258e6fda5140a5511babf0a7e91f5397f4fa52fce81f7857653c5173d9ded3b4fdddfefcf1099a48172aaec651 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8738760ced269a7d87b68a6e35bc5ff0 |
| SHA1 | 37867623194f45638baba974ce8d31d4d27b2ff9 |
| SHA256 | 65a28de8c40cd69017d436b1f8f171c79910b7a30944e3c91413c40b5f68ccb8 |
| SHA512 | 87f840a37ed47462df2f4f02bf41ede9590357ebb270e4261979cbfc3c46834cf8609defe0880ec4f3f1087bfe722a2c4e2be8bf923f7b2b76e732078efa5269 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c636a8638ed7d2951534d5b9b2d4b8a6 |
| SHA1 | f3c184bb5f9f21d3aca28e16641ccafd16ae8c2f |
| SHA256 | ca128b89c15632bbcc118cd8ba63e5c24caa6a3f7450706f62af6b489c77929d |
| SHA512 | a0ee6f7cd1b9de29c4d9c538ec584aff9f28ab8ab012e872f0366b5fe9c65c3b35947ba51bd8703e4a6e1c8da6fbd89d626d6d0258946f4c683578c41e9f4156 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 828dd59fcc4b7738806c54ccc3a710af |
| SHA1 | 2c17a80ad8d24b52c543e84ed5b45cee57feebae |
| SHA256 | d22726e248dbde60f36c24f6508a96ac34d78f1441cbc2af0b2d257ea10ba9ec |
| SHA512 | 1f1c5940cb8a98da1eeaad4fb19dc0974dcb443b5de7e636d7ba1d46fa490e3dc3d004f7561d99703d38ec039bc783aac8e86551827f6bb61c1b1ffb6843bf77 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | af941670fe7d493fc8cbd7b1f51802ff |
| SHA1 | 627414aae89a1365b0bf6978050509203c9d2724 |
| SHA256 | 8f1eca18c649f01c9e0c20660f87163b81558368d64fbdb1edcde5ae5cff4d24 |
| SHA512 | f2f2635d1968a21f88dd72f607dfd0ed4557a4d5ba5f2e660d9feec89a399c5417d64caa097e8f0d1d44c7960c0b01534b5733ab0ddb4b7e91c0cc2ce8daeb80 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e77bb1bec75cb860f81323977eba7f4 |
| SHA1 | a84b118135f72f83d513c931b5b1e7ed6a8887db |
| SHA256 | 1c02be091cb986b077a168c2c18c6d0a62308fdbb20e5cbadbf6ad7dfadc634f |
| SHA512 | 73d20a5928432c3ada26e94cffd2bd821730baa0604143f24566c24b05e2df32da5484ad8801a38af6b624a70255cc29cd061cae6007f9ccfe81213bdde99285 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b1c8d7a8d24bd0c8a7fce823edbe5d3 |
| SHA1 | d92ac39b6fe4af7f023eec6b92a1c998991d95d7 |
| SHA256 | 43a17dae1cc81f6f0c879439a2b1cb491c0d1bd62798cef44040e6cc4ee9b10d |
| SHA512 | 62a38fe510b63d12909509fba205da7e93068d7878e1d5724888a097783a7177c974a59bbc2323844079cd90a8103db626b92fd0512eb389d0552403abfe5e95 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2753248aa593ba4e67c3b32191df844c |
| SHA1 | c7440c69722541a684b105d2b675eef6323d933d |
| SHA256 | a391052eaebb75d8118073df5034b3df4f2449a344cc91dc48b7e821c0f5a463 |
| SHA512 | 0583bc68e776080dbf6b98e44ee82d49f1e370bcbc8b82dce324538532a3d4d65b8dafa1277f0bec55690c4fbbb8f1457e2cce8090820450d6de0c63f3c7e60a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 01f892998705680b76d3d3f9319d92d5 |
| SHA1 | 8bbc9cf19b6fda423a597166b25a383a6b4be047 |
| SHA256 | 765ee37a1f14510e415f0d1f180b3b0e31bd6593aec3286db084e393bfa0d52f |
| SHA512 | c2586783b0902a2280fb1bd3a0a4900dcb55b0e467614c135f2543c806c39261acfa88b617fe2bdb202769fe0e44923b6ef67b92edf7e5f2d82bf7aeb2044dbc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e1e799e6010d1c0149027669a1662b6 |
| SHA1 | 2bcd9549d2d983c7c1794c9664336ca08d16c0f4 |
| SHA256 | 56428af6e719c1dffa130b0a6ce694f72b02961a09adb93aec758f328129121b |
| SHA512 | fcc3240c77a8ae367ba5b6d622dec47fd380ae447c12f99e7c19b0af9d524d655318dfc8f8563f1a656aff0937adc07e29fbbc64718b6442049b28de76d01fd6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d66713dfad82eee9dd802f90e92ed7f |
| SHA1 | 44755f2677f86aa5bca9bc4dea1927fbef8f99b8 |
| SHA256 | b33afad389f9941adb5e92b35a925601294b9196c9efc44c3f4037c3a931571b |
| SHA512 | 528c612ec0895b08cb2fc01b0a324b0e4c43649a6d1d2e1fc497b1064eafada2eb13cc4d3dbb7c7d8254c47675aaa72de510a220c8edc89053b8df083e34a010 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | e2869eb4bb7d293b114cbf172191e56e |
| SHA1 | 3344accf8858d257d223610781ebdfbe864efdd5 |
| SHA256 | 7dbc44db5d2a12f6dcc318da146a1bd32329912bfc27bd7d4aea323a04d442b3 |
| SHA512 | e78055127592d1040db5c353d38034e2f8cd43b44931a414056b1b92880cae8cbf0e61fddcaee7b11c8113cd0857922807be0baeae281bd8a6323ca89c383776 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 381391bf3cfa094b2303b2129c6bc235 |
| SHA1 | fbced9ed6b198655c1ecfb87e5177f7395b3e144 |
| SHA256 | f65e74d6d495b27b244494655b878489b96ef488b708ed45aa083e69e1f5c7fe |
| SHA512 | 19d1f76f9d7600259c02c3714a13ee66a2a5500b983067c0871e299004996fc20fd01cda8020a1a99a0df5deceafc08289e95b8c2a6d853c9d7cd7fb9deee2a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3833575edf54d7bdedca2e46f4aa7cc6 |
| SHA1 | fb2111921b7c807ba5506d95d4a579be6b82993e |
| SHA256 | 1ac137b99edaf57a28e3d6513b462d53888104bf9d7ddf26bcf794e20671e807 |
| SHA512 | bf7037e3056d1d15f6be823413d05aea93d843f4ee7050c73217f94a63614a67edcfedf96675e1dba6541b7505c473ebdf8b6a4c9702d96c4ce395dc24e9b974 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6ca0a220eea622462dd2eeacd03fe562 |
| SHA1 | afdc178312cca7faa7d9eb1dac24290a4cc416a8 |
| SHA256 | a5268a041f1f29cfbe4634aa6b32dfa7a70ec36d8fc9ab588b73e7ca410872f1 |
| SHA512 | 7f6420be960e3ffe5bef23bf840b4520945429ea6bb0fbddf0029775fa09890899911f6e4885856fd7f79dfc4727f39e67c938dec539aefcbcf03235efa3a18e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2eb0b748f73025baa96441b07f1831e9 |
| SHA1 | 518943bba39babe5ff7f630f0e6922998f5709e4 |
| SHA256 | 9f6e4e3f2447af7cc4f8f29b0a46d01bbec75e5b5d13a63c0261237deb82d92e |
| SHA512 | 6202feedf8571db73d034df85ba91d588a46eeb0a3f4fa6144283b38935b28e2260723693d8f1e0ef6e0b32d1b17259cf715d51df5e16b54028cd15dd2104b1d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e53c429cb437f20d8c5bf26d4c67381d |
| SHA1 | 66a9904c84f83c4b894d378e63aab60288c7e5b0 |
| SHA256 | 02a874520c5c8558c0402f32c848db9fb0888fb56d35136a00b64d6983ba4de3 |
| SHA512 | 9b723f7f849bf07d474b9a5c664044b66bd7ecef1497a151daf6423cfef25ca169bba0a1c8204dfc5d6515773f4dd843cad45212d4d34984ba348b939392b58b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 880cbfe3bc6786a83df1211c169a0269 |
| SHA1 | 52b35c3285fec4eb268e22db4a8997012b2021fd |
| SHA256 | e7506f5bc85d7a3516d1ce30d522c175c3b3a8d5470ef2ca6b1b98f56074c70f |
| SHA512 | f047d61eeb5dba9acba2641ed4a4d6cb7cc16fb9bdf8997e9d776dd64d436d97bf977031298530d512d92f155fbad9f1f92f599a46cad358c50ed9c62dd7e0e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab102a3b5f7523935ea4882c43df1944 |
| SHA1 | 54e20c68b1e2a26b47de8ff90b6bae81f3e295f5 |
| SHA256 | 6ca566373a2d125dbcd1190fa2335e1000e2e45ebcba5edc2cc1c0f7b6de142a |
| SHA512 | e680fccfa1f59d4fbb0898f8230ed193fbc192d421eeb0d8cb87a7dd06ca55cb58074f2a4c0f79b4e35156dc729122c240c9948a0a0c7614d02557fc25aabdc6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b867b9c386d7fea57b1c855677093a4f |
| SHA1 | e4e3384a04109d17545d69e2c3f1c96740b2e9de |
| SHA256 | 763a12b2f1cea09da7e10a54978d88d21f1ecdee28c2159aab5e394c8b620886 |
| SHA512 | ee02230acdd1602c960d1b23fdc9269ff041ac757a9ab9454fc4da28eaffdcd0ecee6f73c7acaad3bf61705af9e6c8956224a65e48b3c8d1bccce2f5585a6035 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 30b29f7659de1fa9bc427de84c9761e3 |
| SHA1 | a599c42fba26fd7dad881ddd35d7067ac7c62f5c |
| SHA256 | 38177263e362a302780fc6c315713841ed87092950f7f79f00c535b6e6b14da4 |
| SHA512 | 67068cbdcef7f0e731d3979382caa05909e6a27df493b9bbafc958dd004e12c525bd57d88b0ec999264e94e2181d1b8d836dd697e83d674b1a6ae81b3890a633 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 09:41
Reported
2024-06-13 09:43
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
125s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4e5b9f09de02d19e5b53923fe4e6837_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd711f46f8,0x7ffd711f4708,0x7ffd711f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,2449383018611214932,9801865294004049699,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,2449383018611214932,9801865294004049699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,2449383018611214932,9801865294004049699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2449383018611214932,9801865294004049699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2449383018611214932,9801865294004049699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2449383018611214932,9801865294004049699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2449383018611214932,9801865294004049699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,2449383018611214932,9801865294004049699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,2449383018611214932,9801865294004049699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2449383018611214932,9801865294004049699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2449383018611214932,9801865294004049699,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2449383018611214932,9801865294004049699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2449383018611214932,9801865294004049699,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,2449383018611214932,9801865294004049699,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | static.mackeeper.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | static.mackeeper.com | udp |
| US | 8.8.8.8:53 | my.rtmark.net | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 612a6c4247ef652299b376221c984213 |
| SHA1 | d306f3b16bde39708aa862aee372345feb559750 |
| SHA256 | 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a |
| SHA512 | 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973 |
\??\pipe\LOCAL\crashpad_624_YSIYNKSQGDNJWGPE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56641592f6e69f5f5fb06f2319384490 |
| SHA1 | 6a86be42e2c6d26b7830ad9f4e2627995fd91069 |
| SHA256 | 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455 |
| SHA512 | c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0e7d5bb7ca3996eb4e45af1808a80ba8 |
| SHA1 | a5ecd54bf3605157baa14a4575593c69a6793b85 |
| SHA256 | b24f1dd8b6fcdbead2c960da5a6bbbd724c5b5f5ef44aa8c825f36d7f2f93227 |
| SHA512 | 613536b74e946bbed200c22e33c26fa1359b3f43e2168e794ef161fc9431e3ef06c75f65ef6070c8adbc153177a998bbdf27e27d51484870f984b0b43996f868 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cd5fd9ab4cf44d1bdb6c1b5e85f1c5aa |
| SHA1 | 307854378170fa0360a6067db0a1d6129b89ce0d |
| SHA256 | 6b8fddbcbd7e2f848a6f6e13aed9fafb36d13640fc375c181f1e9f31e89fd48f |
| SHA512 | a324360df45ccce2323cb564dc407a8bb4c497a8bde15fc60a53f0e08977ea1d2b1a07487058975697e794f67ed63f2b5ce1846b86bcc1103fc759b08b8a3366 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ad7b765d4c25d810dc8ae00d7b0ac51a |
| SHA1 | c176d6b9427df07d1517e22c125e77d5b9bc2700 |
| SHA256 | 82efb6dc85152dd552764f4d4b9a095394251b578fea8b8476787e70787fa8ac |
| SHA512 | 441060738f50346fadb7b153850a027d6b692125016e221b0fa7d57fa0893afa5e2e8c4db3c00ac42b9f76d26088e72fb2a0d222e392a7a6892f2cb0990df2a3 |