Analysis Overview
SHA256
f2f0eda37770a030b63ddcdd8cdc3193bf36aeea4a9be978f0e1d431b4c0ed5e
Threat Level: Known bad
The file f555a49fb7ee1929e401072a58e3e21c_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Socgholish family
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-15 19:05
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-15 19:05
Reported
2024-12-15 19:08
Platform
win7-20241010-en
Max time kernel
144s
Max time network
152s
Command Line
Signatures
SocGholish
Socgholish family
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9552C431-BB17-11EF-A88A-DE8CFA0D7791} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b131900000000020000000000106600000001000020000000432e092cd0becc5095a447655c52438d56a25bf90e2bfc3721c44723b58d4d87000000000e8000000002000020000000771dcdb17d4b8f4bf33f120b3b61036edf1052c7314c8150f4531fcee3400c9590000000a1e5cc3bd29fcdd207389ce7446556d61f12d9d3ec658e433f04498dab1ed8139f3482eca1aa3719daeed143d10148e2474e78104c5782488c970172e3e5efd4d53852a8939c35c06de2df01ad47cd054a32434e2d539e4cd24859b68d53c774ee86f1935ee037a19cf70f5fdb84feacea3f7f6291de5463af10f82363bd753713f2dd1e5a410012336ad270ef4c9754400000004c980859cfa91614f7da2e276a225701ecd99b434fcebead3b43a1a3c20485ede1fd1f83217ce4cff769ea00ca9a1e49b2005803afc77b44163fa0dad2012c75 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b1319000000000200000000001066000000010000200000003188a7ca0147f48c36099028ccf46e8e5460435f5794a5b9937e04196b3aa2c5000000000e8000000002000020000000c9548be6a093276f56c4f2ce463c20b14925aa5cc3619c7718b974ef4e52cbaf20000000b716af39f8815971c0df410ab3a6e58763d2bd3ac677e1833f450df09bcf21ac400000005e660daddacc8a76e27395daa4ea44b300a45a9916e18c0af72803e97f5a15cc1f1277cc9c438199e5f76c90bed379c6979147e5fbb1f7d337300f5df3b40ff1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440451413" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c02fcb71244fdb01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2772 wrote to memory of 2780 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2772 wrote to memory of 2780 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2772 wrote to memory of 2780 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2772 wrote to memory of 2780 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f555a49fb7ee1929e401072a58e3e21c_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2772 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | izearanks.com | udp |
| US | 8.8.8.8:53 | app.socialspark.com | udp |
| US | 8.8.8.8:53 | d5pfnesb3enry.cloudfront.net | udp |
| US | 8.8.8.8:53 | vintagegent.com | udp |
| US | 8.8.8.8:53 | i.imgur.com | udp |
| US | 8.8.8.8:53 | i1280.photobucket.com | udp |
| US | 8.8.8.8:53 | farm4.staticflickr.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | twitbuttons.com | udp |
| US | 8.8.8.8:53 | stats.topofblogs.com | udp |
| FR | 3.165.113.35:80 | i1280.photobucket.com | tcp |
| FR | 3.165.113.35:80 | i1280.photobucket.com | tcp |
| US | 199.232.196.193:80 | i.imgur.com | tcp |
| US | 199.232.196.193:80 | i.imgur.com | tcp |
| FR | 3.165.113.35:80 | i1280.photobucket.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 54.224.205.160:80 | app.socialspark.com | tcp |
| US | 54.224.205.160:80 | app.socialspark.com | tcp |
| FR | 52.84.172.83:80 | farm4.staticflickr.com | tcp |
| US | 54.224.205.160:80 | app.socialspark.com | tcp |
| FR | 52.84.172.83:80 | farm4.staticflickr.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 54.224.205.160:80 | app.socialspark.com | tcp |
| FR | 18.245.173.206:443 | d5pfnesb3enry.cloudfront.net | tcp |
| FR | 18.245.173.206:443 | d5pfnesb3enry.cloudfront.net | tcp |
| DE | 23.88.53.29:80 | stats.topofblogs.com | tcp |
| DE | 23.88.53.29:80 | stats.topofblogs.com | tcp |
| US | 3.18.7.81:80 | vintagegent.com | tcp |
| US | 3.18.7.81:80 | vintagegent.com | tcp |
| US | 3.18.7.81:80 | vintagegent.com | tcp |
| US | 3.18.7.81:80 | vintagegent.com | tcp |
| US | 3.18.7.81:80 | vintagegent.com | tcp |
| US | 3.18.7.81:80 | vintagegent.com | tcp |
| FR | 3.165.113.35:443 | i1280.photobucket.com | tcp |
| FR | 3.165.113.35:443 | i1280.photobucket.com | tcp |
| US | 199.232.196.193:443 | i.imgur.com | tcp |
| FR | 52.84.172.83:443 | farm4.staticflickr.com | tcp |
| FR | 3.165.113.35:443 | i1280.photobucket.com | tcp |
| US | 8.8.8.8:53 | www.hugedomains.com | udp |
| US | 172.67.70.191:443 | www.hugedomains.com | tcp |
| US | 172.67.70.191:443 | www.hugedomains.com | tcp |
| US | 3.18.7.81:80 | vintagegent.com | tcp |
| US | 3.18.7.81:80 | vintagegent.com | tcp |
| US | 3.18.7.81:80 | vintagegent.com | tcp |
| US | 54.224.205.160:443 | app.socialspark.com | tcp |
| US | 54.224.205.160:443 | app.socialspark.com | tcp |
| US | 54.224.205.160:443 | app.socialspark.com | tcp |
| US | 54.224.205.160:443 | app.socialspark.com | tcp |
| US | 3.18.7.81:80 | vintagegent.com | tcp |
| US | 3.18.7.81:80 | vintagegent.com | tcp |
| US | 3.18.7.81:80 | vintagegent.com | tcp |
| US | 3.18.7.81:80 | vintagegent.com | tcp |
| US | 3.18.7.81:80 | vintagegent.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| US | 3.18.7.81:80 | vintagegent.com | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 3.164.163.127:80 | crt.rootg2.amazontrust.com | tcp |
| US | 3.18.7.81:80 | vintagegent.com | tcp |
| US | 3.18.7.81:80 | vintagegent.com | tcp |
| US | 3.18.7.81:80 | vintagegent.com | tcp |
| US | 3.18.7.81:80 | vintagegent.com | tcp |
| US | 3.18.7.81:80 | vintagegent.com | tcp |
| US | 3.18.7.81:80 | vintagegent.com | tcp |
| US | 3.18.7.81:80 | vintagegent.com | tcp |
| US | 8.8.8.8:53 | cafelum.ru | udp |
| US | 8.8.8.8:53 | ocsp.r2m02.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m02.amazontrust.com | udp |
| FR | 13.249.8.192:80 | ocsp.r2m02.amazontrust.com | tcp |
| FR | 13.249.8.192:80 | ocsp.r2m02.amazontrust.com | tcp |
| US | 54.224.205.160:443 | app.socialspark.com | tcp |
| US | 54.224.205.160:443 | app.socialspark.com | tcp |
| US | 8.8.8.8:53 | twitbuttons.com | udp |
| FR | 142.250.179.110:80 | www.google-analytics.com | tcp |
| FR | 142.250.179.110:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 23.192.22.93:80 | www.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab40CA.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\Local\Temp\Tar40FC.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | fca35cb6caca81326310e54d8b26f58a |
| SHA1 | 7d909f35ea6a94c3d917656485b3ef9ac44add04 |
| SHA256 | c562442b7a8696dfe84d03b1d10c0ff04faf739739d4982157b6c6dbe98ae8fd |
| SHA512 | 6e575333003ad8ece906bad296fbd22803fb4d8d923383e4ddecd734ea495fd8355e39ba129d9ebe55d9193503e607d89fcdf085f642cc82e44feab55d55a821 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 172f94a314c549e190b492b86118a56f |
| SHA1 | e5b6c526b1efef37866442d88d787ee495686bcf |
| SHA256 | 18c70c3db736867a0111c1fde4277dc8e76ced26e3bd3ce837c2381dd91f23e5 |
| SHA512 | 04790b54d6d3a136de69a91b79010a6ab02831c4116b27e7458cc6d68e68b6ec8edfa5309a1283fdaf0574a244809aeb85934985a20dfd514d7c4658c5c00b22 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b730a8dde500d14dcb9342662a949d2 |
| SHA1 | 3d1b9ac80806ff23c7ba6ea6e2b40b4993b00912 |
| SHA256 | 7c113167332a7e04cd48dd9c27d8a18d57c93499bc9ba3d46881d6bc258ba719 |
| SHA512 | b3b1676b3716f5d2b60392c6b5d3b8bcfae21b3801944471aa78293d54b305238aa223229d57cfcebc2fb618d368ff0da1849729aabbb23691555c243e96e4cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 447438f28161dee5157714ce607131a5 |
| SHA1 | eceabc44f08d0131450ddf657ed05c4030c22821 |
| SHA256 | afe12f2674831711b8a6e89cb6444eb841268298c3db1b6b6b0e0de4d3ea502f |
| SHA512 | eb1af81921097fd8e708c93dabe5895a0e7293f4bd251f34888a6a9cea9bd47024c5ecdaa68e47438764e6a53fbce5c7666b8d412890a076b811e1f0cb4fdee3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 38387fd7803e0524542e5399aadfa1b6 |
| SHA1 | d19931626548f69c8e2fb0a54b911ee20982b76b |
| SHA256 | d94fb235761ae1eecf15aa5a7b28caabb1d5d8d0527a0a77f867daba003d4a63 |
| SHA512 | 5f41d11b5a80dafb97cb3a948b8c7cd21270e95a53b38df8a49fd744ca99f152ea688d72ec97c9b62c537f705226bdf510952298844e3ea27bd1c3c8f06d3879 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e0079df45fe4cb2194d18c639e299db4 |
| SHA1 | 4599f73851c796d0950ff91cbcd4d2d5b67912e9 |
| SHA256 | 5ed2de9ddead8b4cfef2aec8c8520c099ea5ca81c29d3599d9b7647ce6e07020 |
| SHA512 | 3a5b60fc922a017b337118254ad1dffbd8b1c1ebc3ec54cc80395f5ee713b37a1e1fe62b942d5e500f4e9fd3a49a2eed1528f5cc2d75b491d70cf0aafad135eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc9dcb1de5c8f5055e16558d4df0f2d2 |
| SHA1 | 274876fdb9fc35ac8b0e90b2e5c1bf3bdc621e9b |
| SHA256 | 50b3a71e45fbb314c813c8d0a210c2ee6d6ada7e6c2cffaf1bc3631fca8a0779 |
| SHA512 | 4da73ac4c5021ee985d9b5a95ef1b9777c5cb3e809b0fa6e8dff924af0790cd5e4c25a49f666f31f886ce8d07f22fff10654873df29ccb88936b6b0618ef65ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f5d35779594394f496ee8d554aef259 |
| SHA1 | 8a0e6b76cec27d6b00abd17697e66e70d38e3b4a |
| SHA256 | 0516e63e4e384696cd6af189b4b1a7e936710ae0149fd5775515e819680818a8 |
| SHA512 | bd93bf2c779ea0580307bc3362d918ddc7e23db40ef4c47f6899f523613348511e19bab99e437859f807d77986f2b262e3b5e68567dd7954aeb9d6b0aefa55b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f025a8ecb0c7ca1d51c7d604d52dc14c |
| SHA1 | ac85322e6e7e870480eef544618094d697960ee3 |
| SHA256 | a6700c1d188687ce773a23f582343e9b1c0de13ffde8a5b7ddd562eec2b6eba1 |
| SHA512 | aa0399185e7444eae6a46c45ef22dd151e3756561ef962aab6f3fc94087fd6844915229a342ef9070b9853696dfcb462aa31d2d18168eaeea40d43f2b969ab44 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e8d2ff2a05a9f12fcebce8156039468 |
| SHA1 | 34822eec43f2b35c55346caf1e56c84c2a9033b5 |
| SHA256 | 8e4e4a4c675119872ff6ac8adcdc30d537eeee2df6aa1f26de10d95755408851 |
| SHA512 | b6fedef7780ecc9a123cfe356fcc5a2b804de92c2c9718b1cda607be9130dc2c84ae74db37ffed00d86608e3c5fac17070dfdd91e587d299996a5c81febaaa98 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 968d7ad33f0785b0e907906b44d8a973 |
| SHA1 | f3d420a0c65cd01cf947b720b9c5d7b24fc8b2c0 |
| SHA256 | 0966ad93130f9b10bd3fa19a9c3ab3d40a84b5984ad2b1db6b98b11da2bc2cf5 |
| SHA512 | 7ee19e650e8372d017ef0ee1f62bf572c58f01b0e3e6ad7648e39fbf55d6c09137d3ab0ac6b812cd9044e40bedc440f3f63b0abdde2af89f9b986174ff534e20 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d3b351ad1c3b91b23df53d531e7f7144 |
| SHA1 | ee265784d7036de59aabab64c76988e8a22c68d3 |
| SHA256 | 8aaeaa87d6072637ef6b85308ca0eb9efbfc7b3ae50ddba2521edc6c063d6dee |
| SHA512 | 2a4dd22936468e4ee1f397296ac6c5f39065f9ae896fd7774502dea64cc98ac49d8929aa68754c23a9435931b720819dade1f12c9ca15228fab2f1959322b1b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31dacacb89d5427aa17b327b4b6f30ef |
| SHA1 | 75abdab9d17517c7191e3cf247a81938c3b6f931 |
| SHA256 | ee2034745e5d05336f7a08736dfd1e4253de2653a355d2b73de939402c5a7ee8 |
| SHA512 | db201b72785c0344211454237852d809c4efe99623c7f47231ee6209eb6da9fc163288151c3ee73944cadea94a27614a461e2a0c3716a9bf4b0c3d4d618e56bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DABA17F5E36CBE65640DD2FE24F104E7
| MD5 | c6150925cfea5941ddc7ff2a0a506692 |
| SHA1 | 9e99a48a9960b14926bb7f3b02e22da2b0ab7280 |
| SHA256 | 28689b30e4c306aab53b027b29e36ad6dd1dcf4b953994482ca84bdc1ecac996 |
| SHA512 | b3bd41385d72148e03f453e76a45fcd2111a22eff3c7f1e78e41f6744735444e058144ed68af88654ee62b0f117949f35739daad6ad765b8cde1cff92ed2d00c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DABA17F5E36CBE65640DD2FE24F104E7
| MD5 | 5d0d4ce13ba71d6713a601d279f193be |
| SHA1 | 068dd46a45ab69cff1991e386f54c1fc8ea624d2 |
| SHA256 | f7daf55f9ee91d3b79dd454d17beb091e2844df94b580b7fa8f934332be41a1d |
| SHA512 | c5c24371b7bc735da43f2afa251354de05825a9df30a058c4b874fd640ae93287eb1f2fe05d8d1fe878278aa8e1b01acfd9389105543f24452a9d0c9416770af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | ebc3bcad5ac453da39ff20057e75fbc6 |
| SHA1 | aa3d35e5b2e8158c869b14e147bf9da0f6370c7c |
| SHA256 | b86c5503128de2fc8084d9881b5c294bee04e3a6ce80d72f1d374e9283e444f9 |
| SHA512 | 465f5f302930c8a0414a8d18c4e3ceef7577fe0ad6d7903c7bccc11c0100f888918e7d51ca49d246931f586aea0674e52966063f0a50ad623dac2381c04bd35d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | ec7e9763224718ca381a21d298cc9452 |
| SHA1 | ab4491295bb3d6fd2116454bf8380c171d45dca4 |
| SHA256 | ae4fdc9859e0c1b4b9d9df9b5ad7f2528409b83cf0f933fcce181c3b397b0b12 |
| SHA512 | bf1e110ae759cbc5f5390d1da74c5a1de34cec38d2a6b8f800d89b722527d580c4a982c97950fd824fa98658dce75dfe745cc4b2bd504fd68169d71ae195607b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 9209e68292fe0bc065b00ab00eda1ea4 |
| SHA1 | a8dd76da005241628b57cf33c6cc4600431b0247 |
| SHA256 | 253cd0e419b113b644597bf27d64f6f02bf18a7ff3766ac5d73bad744b5cffec |
| SHA512 | 21b1284c57978df3e7f7c01ac78b8aab746fcb4c7c5926a49d70e02b391b217666acc1c2e994e74ef514039caf1a19c02f73497f9bfdfb13cfe78df9d55145ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 7952ff998c3eb3ea8a60f86f0f1b9066 |
| SHA1 | b8443273548f34a7035cb42d4ff8f7ef131e132d |
| SHA256 | 6c3582ab9c3c1853558af94ad2f0fe2aa179d1c802ebdd70fbb911942b23bc50 |
| SHA512 | 0df11ece1f21518307e73d033c77a2210670db9464681240020cca9f60cd5deca9ddaa859047ad14d6d2963616e5441bd4f9d4afe31dd5d9a2120139d8984220 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 56647949acd64eb79e31f86f4a592b6d |
| SHA1 | 5204e854b2a9eae7efb6748b7e7357581095945e |
| SHA256 | 512e9a863f3400126ab3db071e5d8301daceade3fdf4a512869473b6c595acab |
| SHA512 | f08cf84422dbf5063bdc7da8b0bbbe6810ca6b3fc6230c6bdf2a6df5b6ee5fb7bd21ef0d73d0ad7024c82947a2d366c26e915c5c039d827d7f88085f22d4595f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fd89dc0b48b54fb7e061e62170a1fdea |
| SHA1 | e75b86be900e1e7401794845c2856c445033da7d |
| SHA256 | 38f68a35d2bc4379aac97096a978f3c5f09fd8653f2e1a63270dbbb8dc446994 |
| SHA512 | f056a0cf46c718b20a6baefeadf2369774193628509a213ca806139e31a8d2fd778a812575f22e903d1f7fb90beadc21e67286a6b52f70898adc9fea95719096 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b6cf96a0cf1d473931ee14e5943774eb |
| SHA1 | 217ca6e738017c5e30493ae2ea5d9d822e1255ae |
| SHA256 | 88e0bcade03fc48d389c4623d5dd4b55116fe019908d7df627448f895db00fe6 |
| SHA512 | 6e7e013b71809d8c15006146ad971571964a7f0478856cdbb3d910a5c98f5ec30e46c73d52f39414240fc00871d667756951f752e21e8dd5b1492df9737e0d1f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42169b4117c1556c345a8cd2ac60dcc3 |
| SHA1 | e58ff1e44dfbfcfa025aa13a25cb3001cd6acc08 |
| SHA256 | 05f84e7ab64a9b77c311433915ac12df310e000bd73c72f01824e3a4182db7f8 |
| SHA512 | 8e0bfcea073a1b625d2827bc3e2417ab9b2450c21e463bc70e6d3481c694a0938fe8e20e28049db4ee3730a25506e48e03c33f42c28860a94923a3a36c1fe511 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dab92058616b2b0ff6f821819998820b |
| SHA1 | c9880cd83bf0c4f17bdb86dde01e46e5c4905024 |
| SHA256 | 2a7a58f41c34274e6fac5bf6a87e00f59ec26f1f41591ca208144e53b1f124db |
| SHA512 | 92fa7fbab7980b1ce34cdd49eac898e1577a815c2612df3da373361772da5e419a6df170867f90c27c8dcf0d8f23cf4f61eba54d9f2c0456fc590cdae5a854d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d792c577693f65aeee7a3b728cd1c5c |
| SHA1 | f71499f6142a49f168ec701b4135206a5640bff2 |
| SHA256 | c32b3eb77de9f681a312e253d11767b57ed68271a12f1887488efdee08910892 |
| SHA512 | 955e69a1f386cac7aad73067a28bf29724b676a4f950fd90b7d1ea605f8046a391f290d63d08ef2c9dbf3e37ab4578c23826de824f08a2a4f15bed74e9e7ea6f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2a01e4a443ff345ba95d7a998c1e611c |
| SHA1 | 0ad5947deb45300ea27cac87898b0e56ddf0e84a |
| SHA256 | bde279650909d2e435f92857cfee963287f90020d3d376e0dda751b06b5b92e4 |
| SHA512 | 1661e441a0da6fef000e237ca5192fc7241da74deacadbea01963fb01bec84ca4915660c5d682feabbb8767a8474b6d3e3659752a76b00f6be9932c037895fd5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c5ede74fb6bb0d63c9c95cdcf598277a |
| SHA1 | 7aff1ca83ac0b39139416930b2286429ec2c3895 |
| SHA256 | 5b02ad92d867f36aed5e3b3f72bb4ed1010b3b7950d2d7abe2b58f5631a33761 |
| SHA512 | f855ef432130c90516e04068e47e35d65c7a8936819f430820d2d72958b6418a271db85c6693609986ca9b32c693563df5680bfb7d2990f2aa67d9c3f4bd13fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b62a8b867af0d5523735f9556ea4feca |
| SHA1 | 251fb98f2f10f5d537f391e5e5ec79a5456b6622 |
| SHA256 | 66baffb0112c65024f71a7d9fe0d7efc46d567d248650a3982e73ef4a1e187ab |
| SHA512 | 564bde881bcd2ef37be900628b872d1db38d21dd254885d07f6b079c92cd9584095851932aabeb6ee98fc1090c17bc216ad04981969f15d936c95d929c157709 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8efb9053703273362f358d473f555ce |
| SHA1 | c335d64c5ab505926a9527bdac9d7b6d52afdc8c |
| SHA256 | dd912538320b15de7f31d4233eb634265aaf135abcf7034c0c46457891ebb1c9 |
| SHA512 | c2bf6b911e5eba4e601c2aba21bc921272e339b3725b9811ea550a1712034cdf5e38c129d6239921bdb9a2148af7d659209af0f78fda79628552adae95e58656 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa1e89b7a01a2b9b814c5ce469027c71 |
| SHA1 | 19cd83a533228948414b8ccff76d401c2436760a |
| SHA256 | 58e44d16741fee23b3e86a038cdb5b7476b1b18f81e989848b7a609b7e995400 |
| SHA512 | 8e36282a8c5208a78a5d3d978c5063836036629f63a161d7dedba178c9b231e6c02ba570ff5db332690b5f8467ee24a675da13642ff611a3be42219c21669e99 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 52d38146550bbf813e9690861c49b736 |
| SHA1 | 8de91b450860c75366c81dc5d1727a0665cb0f31 |
| SHA256 | 7ec79095ba5b81f8340145171d2f863cd18166ae50d67e70d98d94677e5b6bb2 |
| SHA512 | cc635aa987a09de0197ecaf333c8069ec0449387733305aa5646fea290c64bd9670ebbb2358494621133376d7b9ce7a5aa630e3254503497c9d245b05e5a1949 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 8d1dca68c156d854ac9941b65358a06a |
| SHA1 | bdc08c33f13d61378426e90d98b84f6cbaa1f620 |
| SHA256 | 6837173daf66141374ff9367ebbf8700d1c8a5ccb7f9ecc73a6c996afdbd2b39 |
| SHA512 | cb094507b11badee57f2432d30ccb61b85ba588660c2ba0be4c2575f054afbf5d982aef8c75feaa1aeea664523a8800e379dd1ea7f4221140d3f778a49ca2095 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee31d31f4e56190eb52ef18d8b21eb8c |
| SHA1 | 6f3aaa372ee60b3d5d2f55343c2e27afbd0e2b1e |
| SHA256 | 8ce8633dc3f72c6fbe9b7d4e18e1dd108942d50a63d14667e056e7a0f7f913a5 |
| SHA512 | 433faa28c0785c9cb06d3b03ceeda3268ef5296efec30690e767433b90c3944e3d9b126a2fa48f77a3d8c925653911a5dc6425b5882ec4e523d425b38b8a06ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7bf02961457a78acbe07191a0fd695ad |
| SHA1 | 1edd732219d893485b585fd5bca485772e1bd1eb |
| SHA256 | 2bf0ac998a75a978a1579b2d42cb16acbaec1e46d6f6e8fd8a1cf7314f382d93 |
| SHA512 | f2f72f2fa2398fc713d303055d7762f941324b3577c6207a37c4f2d98f26ea921e957b56039715e0a63363797c4a4e1960b8c3dc2a8e0a8928f660fefd3ebdbd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e726a49763017b2096aeb7997d92a82 |
| SHA1 | e33010092353601a16d5e44927af48b919c8d364 |
| SHA256 | 20c809d7feadad07793e81d325eb1428259b3a7162c4d4d62ae4aa62e480f9fb |
| SHA512 | fb979b114afc57419bc5c2e0b73f6119652aa5808e0336d8a4411f395f6098bd2e40a0ec8b62813827fc8917ce1860231d7bad5d3632d825e5528e40d5548b16 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 691512dfd1ca1c51c314c3c19a088cde |
| SHA1 | a2e1ad4d6f5192c8c521d460c467c9da893eab33 |
| SHA256 | de2e5a8c566ac860c8868984ae28e1c5c1e210beb292737f8019c6384513c861 |
| SHA512 | 269d954be442864ec0f3962dfa7b3de726dad075a8fbd9e6e9ae97c71104568e07f47b0a7b98284bdb937ea5c8229d50a92088baf6af8abe82e9dccd0fb59dd4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | ed6d93d19a11a0f504fa0823cad9321e |
| SHA1 | 462920ba8d8b2c14b8032385e7ede581758999b3 |
| SHA256 | f48dac15dbd1cc2fd90871fced87fa6ddc7929fa5eee5013160f61217c22e579 |
| SHA512 | f1362681f1135ebadc1763a415a01c432a47bf5bd794528aee3be6a1da1c433f272e14a6601d7845914ad79e2021d75898cba19d0c41ccb902d48072b65ae530 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22223723cf365fb51c0d3a65d61ffce1 |
| SHA1 | fec0eed622972c1ce03c2d7ffcea1f5c8219ed73 |
| SHA256 | ac9c9ab92ecf67ef71a32c83da6aab078b95cb57726e8eb8be9dfe888e155ebf |
| SHA512 | 1b8ab8aac0e6727269df89633d184deb69640e462010c5ae8148037394b235279d69ef069910bcfe81fb3ccaccfa24966f09d218637fbfcd936e6652a8dbc2d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b4a67c99fdce26b2dd53e50315b2fe44 |
| SHA1 | afe0fba47b3d4963c47ccb39a9f8df6fde9b8796 |
| SHA256 | 9da6b843ed8b3544e8064d9c069c2f6470707f7410cf4b25c87d89dd02ddfc99 |
| SHA512 | 5fbe3d08029db887a121cae6b0b44fb28fbe91b5ee3c27d2fbdf4336b6d9ee2d7680c7249b5095b2a48275db328836dc38218926264f8daf69df69d1d57d7cda |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 672482c9fa1997b1ed195b1e4e3ac266 |
| SHA1 | 7dd200fe49d1454ea0016eaf2afa2c6f965cf17f |
| SHA256 | fb7271a7bc88004e57bbe83416ed91b450173f17adcca7a41decf8f6fc03d42b |
| SHA512 | 9ae92492152e63f2d0c30e84a1456f0f2b7630cdc2d8e27a935a530cf82b02cf42fa874c8f5df37d07741c5797a093415aa1f43a06de3ec35c17f3a34d291855 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58814b83413e9271d42c667006358093 |
| SHA1 | f042c75fde2b5f07d6ef049ccd23abd24a5a54d9 |
| SHA256 | 26c89e048893d7b1e53b7794555dd3679e1f43085401739d4c5a0e81517f85ac |
| SHA512 | 93b0ca75543986b7b0e69c44157f394c5c55a247dd065894f6c2795e50b39484b61f12d099d7d7ad03862e0f2e802b114ce791fcb68c0c93763c84e4ca4e2c76 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9060d7beeb52d8187f937d5005160c96 |
| SHA1 | a803d3ea328818e94b0b2280ec06075195f7b719 |
| SHA256 | 055b456429d55c96dfc70de26b1f814b71fbc5d1eccac3022d2c767b3a212d2f |
| SHA512 | 9fad0216093708e0ea70742c072680c981dcd9302f835a493626493048ef21d2dd582eb45cfdd95ab2fc1b486ab54396e97341694b62364f0af21fea3424a307 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fd602d8528336123f0fd3ff67ff99b65 |
| SHA1 | 3af19d7f355df67f9fdb3b1f077d5b94a401a1fb |
| SHA256 | 3bf64e920599af8244da11148b8369097d7c376c44dd1e4df2519906dc9e2eeb |
| SHA512 | 5364958af01763bcf546439e568b149b8c13872e9304f5d9537d65db8e357be5f6ce933d39b402f3b8b47c2f1d664542090e11c1fb92b2b67b1d285eaeb80f4b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a2669131fccc2996eed5e358d488344 |
| SHA1 | 3ff01085a77a1ade5670fa2895c11074643a6e52 |
| SHA256 | 008c4f84a8bd84684cd697d7adb9c4da8461da0cf2e5044a4849b800a5aa9f99 |
| SHA512 | 8128ee51c016a91111e0cbb554c63355a2ad22fa4b932eb9d36593c4ffbf373336056c53088561d33e5c7aaead6b77a7c16fc55f0c46714315ba6a1ecbaeb7f5 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-15 19:05
Reported
2024-12-15 19:08
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
143s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\f555a49fb7ee1929e401072a58e3e21c_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff837e746f8,0x7ff837e74708,0x7ff837e74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,6558560319715412272,9960404514363156045,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,6558560319715412272,9960404514363156045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,6558560319715412272,9960404514363156045,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6558560319715412272,9960404514363156045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6558560319715412272,9960404514363156045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6558560319715412272,9960404514363156045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,6558560319715412272,9960404514363156045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,6558560319715412272,9960404514363156045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6558560319715412272,9960404514363156045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6558560319715412272,9960404514363156045,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6558560319715412272,9960404514363156045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6558560319715412272,9960404514363156045,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,6558560319715412272,9960404514363156045,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2976 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vintagegent.com | udp |
| US | 8.8.8.8:53 | izearanks.com | udp |
| US | 8.8.8.8:53 | d5pfnesb3enry.cloudfront.net | udp |
| US | 8.8.8.8:53 | assets.pinterest.com | udp |
| FR | 18.245.173.128:443 | d5pfnesb3enry.cloudfront.net | tcp |
| GB | 184.26.132.239:445 | assets.pinterest.com | tcp |
| US | 3.19.116.195:80 | vintagegent.com | tcp |
| US | 8.8.8.8:53 | www.hugedomains.com | udp |
| US | 104.26.6.37:443 | www.hugedomains.com | tcp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.49.80.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.173.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.116.19.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.6.26.104.in-addr.arpa | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 3.19.116.195:80 | vintagegent.com | tcp |
| US | 3.19.116.195:80 | vintagegent.com | tcp |
| US | 3.19.116.195:80 | vintagegent.com | tcp |
| US | 3.19.116.195:80 | vintagegent.com | tcp |
| US | 3.19.116.195:80 | vintagegent.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | cafelum.ru | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | app.socialspark.com | udp |
| US | 8.8.8.8:53 | i.imgur.com | udp |
| US | 3.19.116.195:80 | vintagegent.com | tcp |
| US | 199.232.192.193:80 | i.imgur.com | tcp |
| US | 52.204.59.137:80 | app.socialspark.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 3.19.116.195:80 | vintagegent.com | tcp |
| US | 52.204.59.137:80 | app.socialspark.com | tcp |
| US | 3.19.116.195:80 | vintagegent.com | tcp |
| US | 3.19.116.195:80 | vintagegent.com | tcp |
| US | 3.19.116.195:80 | vintagegent.com | tcp |
| US | 8.8.8.8:53 | i1280.photobucket.com | udp |
| US | 199.232.192.193:443 | i.imgur.com | tcp |
| FR | 3.165.113.12:80 | i1280.photobucket.com | tcp |
| US | 3.19.116.195:80 | vintagegent.com | tcp |
| US | 52.204.59.137:443 | app.socialspark.com | tcp |
| FR | 142.250.179.110:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | assets.pinterest.com | udp |
| FR | 3.165.113.12:443 | i1280.photobucket.com | tcp |
| US | 52.204.59.137:443 | app.socialspark.com | tcp |
| GB | 184.26.132.239:139 | assets.pinterest.com | tcp |
| US | 3.19.116.195:80 | vintagegent.com | tcp |
| US | 3.19.116.195:80 | vintagegent.com | tcp |
| US | 3.19.116.195:80 | vintagegent.com | tcp |
| US | 3.19.116.195:80 | vintagegent.com | tcp |
| US | 3.19.116.195:80 | vintagegent.com | tcp |
| US | 3.19.116.195:80 | vintagegent.com | tcp |
| US | 3.19.116.195:80 | vintagegent.com | tcp |
| US | 3.19.116.195:80 | vintagegent.com | tcp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.59.204.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.113.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.192.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.179.250.142.in-addr.arpa | udp |
| US | 3.19.116.195:80 | vintagegent.com | tcp |
| US | 3.19.116.195:80 | vintagegent.com | tcp |
| US | 8.8.8.8:53 | farm4.staticflickr.com | udp |
| FR | 52.84.172.83:80 | farm4.staticflickr.com | tcp |
| US | 8.8.8.8:53 | twitbuttons.com | udp |
| US | 8.8.8.8:53 | stats.topofblogs.com | udp |
| FR | 52.84.172.83:443 | farm4.staticflickr.com | tcp |
| DE | 159.69.42.212:80 | stats.topofblogs.com | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| FR | 3.164.163.87:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 83.172.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.42.69.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.163.164.3.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 36988ca14952e1848e81a959880ea217 |
| SHA1 | a0482ef725657760502c2d1a5abe0bb37aebaadb |
| SHA256 | d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6 |
| SHA512 | d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fab8d8d865e33fe195732aa7dcb91c30 |
| SHA1 | 2637e832f38acc70af3e511f5eba80fbd7461f2c |
| SHA256 | 1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea |
| SHA512 | 39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43 |
\??\pipe\LOCAL\crashpad_3564_EXBTDWVHDQJPNDAB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 52da210f663203ca447d1de7d759605f |
| SHA1 | 24b8d58bff98b09f45deb34c98edf03a1d85d1fe |
| SHA256 | c6193c7b4a7986c1a7118e4c2b4a1997d1e33e48adf191a6c0871f6a46911f37 |
| SHA512 | c3797a88c7c1fd4c79a2bfeafdd1780bf90366db0cbac2f3f464246f80a6042fc3baf5b09bc183b5faf13045b50c75717f672b8d9349a6b9387cda24dcff1c89 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bc81dd6a14143eae1e2c12d3acf02090 |
| SHA1 | 9bbae22811d9f4bfcc58380df2339144609b7ca3 |
| SHA256 | 6cbfc10052104fe46ae3b6c6f49905d8446d7d451abcbf9e73d66882f134d12e |
| SHA512 | a81ddaa06d23bc955cd8aa035f6c9ba8fe8b4ea97578249547d701beafdb74f343a8f4f1aa5e41634d853deb5b0efaa2820a3e466098df2f7926bac714fa97ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 25f11ff60066ad46504d6002603ef32e |
| SHA1 | 39899583ac07d6297829f27d3e628429ed220750 |
| SHA256 | 6007f359a8edea336d6c4b968c5c5ec96de1069960ff5b2ff9c3dc190885de6b |
| SHA512 | 7189b0a2e11012256d797c4cd2f8e13bd5248b974560ae4150738ee29008cbfab0efd79b3b87466d1d2c0ee69c929beb9728852602f89756202b580644ab494e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f922d7cdf75387fddd696d898d34fcb1 |
| SHA1 | 955713b56244be1c0de9ce793ea4322505d5c1d8 |
| SHA256 | a46809bb856a22a8751880fc607daed35ef6d13089a19abcc3ceef1bd8ce2c43 |
| SHA512 | 47dc84f45cb31ba24093db9235f5847dcbb9f3ee5ae6b88a8e6ab89f752b07f69007eddf18630165a731fef4274f1c21999166b2ea48d549b59f40a32e33ccea |