Malware Analysis Report

2025-08-05 16:07

Sample ID 240526-ec8yvaee77
Target 743d7758cb7490a83433f51c79dd32bc_JaffaCakes118
SHA256 9fcca0b7cf2d9d6c35251cf2e74935169a1751b76980f74b59edbe48f9315763
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

9fcca0b7cf2d9d6c35251cf2e74935169a1751b76980f74b59edbe48f9315763

Threat Level: No (potentially) malicious behavior was detected

The file 743d7758cb7490a83433f51c79dd32bc_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-26 03:48

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-26 03:48

Reported

2024-05-26 03:51

Platform

win7-20240508-en

Max time kernel

144s

Max time network

148s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\743d7758cb7490a83433f51c79dd32bc_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E09CFA01-1B12-11EF-A538-5630532AF2EE} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10891" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40c286b71fafda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10891" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000db48769f77d6300e80d4c9108e9a6b9a81393888b741e159a72cf84959a41025000000000e80000000020000200000006d3e1b4440955777763a09c6da03630401b35e4d10fb981a3bce19c6668e464d200000009682a13430442b5f202ba595da4085f993d49f636eb8dd66494cc505defc4f21400000009ae2288ce9533685a1d325b9e0db0f40e173fa401a334c35a1d49f2e45ea6c9426da4e33b02e2b6ce068a253f5e27f6a3c823599fb68ed761cfd3bca25d4ded6 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000003b89402eab3ba087205869f130f6e351bffcac6c9a8cc5daf1ae251fe5ff415d000000000e8000000002000020000000c5573d7944509a2e86726875d8d272f70dd1951e649b4ed1a0bf142e85ac6c8290000000567901280181e64e94cf11df68f048dc9269a1bce260580ad3a6277d68acd37b5beb2e6a9b4741665ba14847ee7f607e13056f2c84f0058ddc6fd1c66df83e2dbee676e2a4762ac37abacb3c1bc53ba43980220a9e48ffbe9eef417b8bc101bfa3b7130a5261e796b6c644e1b8a8154591fbccb4fcebec64fd742428c274e5dc6998dc89ce8a2358d239b0314b79605840000000cd9416f30ae7093c0ac20c03881e30ba51347511e2407b65fa0ad55b71b6470ea41419bbbf8082182ca4489f1bfda098c5698eae158d273dafcc638b16d332d8 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10891" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422857203" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\743d7758cb7490a83433f51c79dd32bc_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2152 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 tour.muzenergo.ru udp
RU 77.222.56.73:80 tour.muzenergo.ru tcp
RU 77.222.56.73:80 tour.muzenergo.ru tcp
RU 77.222.56.73:80 tour.muzenergo.ru tcp
RU 77.222.56.73:80 tour.muzenergo.ru tcp
RU 77.222.56.73:80 tour.muzenergo.ru tcp
RU 77.222.56.73:80 tour.muzenergo.ru tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 static.addtoany.com udp
US 8.8.8.8:53 platform.twitter.com udp
GB 142.250.187.206:443 www.youtube.com tcp
GB 199.232.56.157:443 platform.twitter.com tcp
GB 142.250.187.206:443 www.youtube.com tcp
US 104.22.70.197:80 static.addtoany.com tcp
GB 199.232.56.157:443 platform.twitter.com tcp
US 104.22.70.197:80 static.addtoany.com tcp
US 104.22.70.197:443 static.addtoany.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.152:80 apps.identrust.com tcp
GB 142.250.187.206:443 www.youtube.com tcp
US 8.8.8.8:53 x2.c.lencr.org udp
BE 23.55.97.11:80 x2.c.lencr.org tcp
US 104.22.70.197:443 static.addtoany.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
GB 199.232.56.157:443 platform.twitter.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab17F6.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 deeaac73ba28e6f833e966e3dc617580
SHA1 ac8116df76e8f27001fa42254e031cd60ea2170b
SHA256 1ad381e1b4afeb151bf5dde8527843f5659192624cca7c09a9cfd84783f66393
SHA512 2024c34b00acac07cf5afde5116f0441ab7a39bd2f46b21ad81f305521296225d17e01c186444e600f5be4e0319e090dde947862ed6d6e65ad27e8e99a903e93

C:\Users\Admin\AppData\Local\Temp\Tar1875.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f59d2ca82d7fd5dee94e0b777cbfbe90
SHA1 675dcadc902755e516b5711f9b3f294ac99b6130
SHA256 9a3c57928470492ce93447a97c3332e297529fd7051267957e1f3c622bd88352
SHA512 27c71a47bbaa26fce0024e5f9b3bf6205aa46be882f106ba882fc9ff3c08f7482f00359cdafc4c530c54f25da123dcb70105c253ded38175932942da61fa8cac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e03692c85a8c070c59a0d39eb8ac7649
SHA1 0d4990b5e8b392e78ea3d7e7f864767d22d347f2
SHA256 23573c50c5889e1dc830c6e156db598151c82d68f2e52e50565999aabe121c24
SHA512 799adba48dcf31e4dcfe09adfa002713056cf97ac786e595fc2931c9fc64c0cd88c4368bcbfcc964edac8650610d7e44e912cb04cfb1408ab5732869093a3c27

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f5ac176ec6d3db0dd05067ab36b1c828
SHA1 b8489a43c1db56add078ffa61e6af2c83d043529
SHA256 99c68df114f625f80315510271913dba880d1762c3c89ab41c529cfa3e03eae6
SHA512 cc91fa64b25db2b9c5e341e0e1f43cbdf4753f119092e6ca1658e35f8e6e1828fb91bbea64c5fe153cc44508e8bf8d22b76712d1a06fd897b7f0fe22c153cccb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c2d67e397365de9bbdaeadd7b9ed088e
SHA1 3dad08a647adbbb6994666a33e22dbd80716de13
SHA256 cc58d8d4f52cc5c8cc205f961f99db8feddc6fe324efc43aa466e20d4eb82e95
SHA512 2d640c13c21655c9ba1086fbfa0597eee9fa5f058cef81010a925b0449b9e6c7ce91cc9ffae55e58fcf5e4806fe4c6638072a5056a3a49280ce7311e4d38b259

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 610d9c2769c8f8adf63da22d5462d976
SHA1 9ec795e81d2ec4e8d64a4279344105a865dcc31f
SHA256 6c124fe302029b7bb365ca3b7c69575d468ed0e4b3896f883c6582cfe8d124f7
SHA512 5eee2a6195e7b04be7de08eab78fd63560495321c3acf3ea3001dbf31dc7ffe5bd07a272e301941be8bce1811567ec952a16a4c31fb2536128377a6fcda9cf7f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 883a21765955effa1acbf08714f35a93
SHA1 fb5b7afc44a042d8a20b75063a80d5d74b1c1c97
SHA256 470e877190163c9f942fc30d9cc66e696dcb174e475700db35468f4c6894fd00
SHA512 682d541f097f426595d6345d296b5ba1463b5c2bc4011f17c88bc2bc26df64c1744c9269ebd29f23b57a0b4de2ed4c64c841f3d89023864b7f48f3c42f3ec9ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 467771d8821f7f7c42332ed080a7ff2e
SHA1 e94aafa135fd76a32f3a80caa3173d548a12d1c2
SHA256 62bf546630b31257deb4a87b0b9f3617a83e2a2a96ea11ce7697cf5e90c82f6f
SHA512 743820c6e3470c5fb295370906e64aeadf46b15c155c76d2471b19c105368a519f10afd32d1a94e5faff9c43e1694a02b8abf4ecf415fbb5baee5d94b5c80c2a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7db630993219290c806331aea0226881
SHA1 85b0cd6a02d98b9249fd4f50f7e6d9b490cb6b19
SHA256 48925a98efee0403fc8ec2e852822828bad96a17e70224dad004f3308a0593b4
SHA512 c92110262432c3e23004feb84ec47adc87b51ffd1d8d3d9d862bd966581be31cd2fa9619c5157fdcc675e11aea17d50c29f72de032114a674ea1c2fad727cddf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1bcec359a461c5e1fe6d25132bf85b28
SHA1 5b5fbc6a667632aaa071d5191d9a09f4cb51dd13
SHA256 223a437359134f728d61048c0840968f9e048d282d6d8e944cd3dac5281b6f67
SHA512 83b60e094eb5f237b72c89b6973e6cd49a6c58383b4cbd14aadab65c931ae957f0d8372b7568489a212c1ccaef323ba4f209bafbaf85d7e576dcd6ef6aff73c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 722a21b03d736ec29c5659b0a52f59ab
SHA1 b75c3e5f577367fdcbb0e3128af7d035cc7f6b59
SHA256 73944551affefb2ac9b567772dc651993e480314dfff2054f536fd93851afad9
SHA512 b361c72ccb564ce7144fc30a2d0fa28ecba481565b7c27373e0534a5511b648bad4f130a616ef22ea07d97bcbd9ab90e4e927da70440e871486de72008be5024

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1ORAS6VC\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e3f6e3ccc71b216ca988f12ea9f244f9
SHA1 948ed2997a4a0ecb32c1df0bc15ea75e17768f65
SHA256 b6bbdb787e6f98dbc9b5fd9428a4ce535b19c3bd414dcb8dbd5d6e55a2f5b7fc
SHA512 9f5fc5e84e21a146505c01e2623151078599949294c6d13856fb5f2c8c7b5fb897e2534dcdd7c6cbbccd980cf5092244f50db2079bdaa9b101761dd3af4ba22e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9f295f127c77a7d6f34087a190ed5ff9
SHA1 8fb13c508b0d299cb857a0e458f293cdaa568316
SHA256 3c5e7837dcfe82c4968c04fe90ec6d60e022dd403895736a3ffa0ca39f04fdce
SHA512 79a40e000b2a2bdee9e2f560d3c08a955bad2f61ddea79d737399ad0c00e08e9735fe0139006bef6f8c5ed664c11bb70c280161ae0f9726265ab3e6de4fbae74

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c16f9d23b78c03c079987060bd3356a5
SHA1 845cdabadea7395158aba5f9dc1f731a99cddbf8
SHA256 1bfc1135eef687f554a0db5f11974377a0f65e78c48ff578a9ee0ee896a37b3c
SHA512 f36b6c9051ac22879d296c19642ab572438cf111721d347784c144d236c034c5dfbffdab7e568498a04d1fca370781d9964a209d830cfab7d09847221ecd23f1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 251f9c8316ecad0829c4c3127162a24a
SHA1 e79b3726268ac2f6d5aeaee9578d5222e9e1a03f
SHA256 257489445668ae2e36e25ad3f65f06d12c75f97fe991429da56a8db34262af11
SHA512 b923ac3fcf1194b2d842d6ed8979b0a84ee1e19beee6a05d229fef1c4220f99ebf23d192b1600643730a1aec97bfeff9abc5d2c7513b5b73217396352d62cbff

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1ORAS6VC\www.youtube[1].xml

MD5 ce6bd6178446f4b16802f0e4b592339d
SHA1 429c77dabcd6344e14901d3c5786149ac119c29b
SHA256 1dd672b2a9a1953ef8d29b28c8f31c7630400aa65c552ae490deb59b380d5873
SHA512 f262cee019c2f640a06edcc86c2ca72b1de5406817e4ca3da5a8b1edcf1d108d907ce89bded30960fb076926abd47b90d8e4081ee5e0585716d6c46855e39697

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1ORAS6VC\www.youtube[1].xml

MD5 23e603ff2648e5a172f2876b9191d398
SHA1 365d5a0728a92933557f8f734635877685fbe5dd
SHA256 75357fcee273b518452d76dc10ac66bd3b6d25f30f8a238b5fc86a8f1fda17e6
SHA512 e055c7604fa784262106f09973d07c9f8b3fe721649abc5bf3f2573f84e026bfdcafa01d7af07160347638a4d81bc222ee2770c11c75aebb591cee53c3917b70

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1ORAS6VC\www.youtube[1].xml

MD5 7fe24e69bf8a6d4aaa9de1afc432c3c0
SHA1 beb7f193685fbf6287a04e134a89c75d6fbf3724
SHA256 9601e41b0613eb35050b6e7292317de3c59e83f739770a790b9e581e5ca143f3
SHA512 ffb059d7d8adf63e96ac7ca27b2634decef9167270a645a3bfe85d6c3b05471530d917133ee7ada766cfc6bef49ceb47fdc616a912dbb7f8eef1aeab169761ea

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1ORAS6VC\www.youtube[1].xml

MD5 d6b39f9f9bb33cec47400c3b65ed9317
SHA1 d7c30f8028de9b4a751ee536e514f7a1a785a8f7
SHA256 969349edaebaabb62fe4ef6532f7010b70ec847040d8b60d1b7e7e9d191fc689
SHA512 7e338917d362ded3d0a760d1324fbcede893ae223523902b7b5881861968517eeb332fddb299280a22ef480f29f11ce6c866c9906a04af2d23d0a8b5aa0d6f4d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1ORAS6VC\www.youtube[1].xml

MD5 b7262d45f1029b40432abff9675dbe8b
SHA1 72e42b9ab31940f447f57e901234d59801c27cc5
SHA256 2633ee5666869b42874c69880e8860411129933fedc8dd10941dbe2d21a07083
SHA512 4ba65c1886c6ed372286af41f16d5d9094bf9b054ff000fc83401a45919683f86b65cf818b716fe75e14ba9d8da557159402cfa542b8cb928946c51baa7dd974

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e0f6607ca46eec1a2a27a9e002cad74f
SHA1 8873fcac2e5ea022e8c298658ec142eed86744e8
SHA256 70c5c86d1670fded322fff6a0c3012ac066efbac7ad8289878116938c84f60bd
SHA512 7348056729b6d373b8d559302675454e8c2f1056514e7d9c3301bcda16926eeee0ec13bb57e8eb96eadd2e06f99f712ea69b1e2dfbbfc0a8bee34d8f2002196d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d1e07906809ead3807d2e96d5a82332
SHA1 8fba53c6b4a53d02ecf986dd9cb91e877e98ecdb
SHA256 94d0cf29a7a67cd198b654cf0abf22eba236a6028fdb12f828dad846041fe039
SHA512 c287c5f58ca0ed34019ae4731c685597189e4596373b579ce1787f663ad125b4f934193157f874fb5c7fbffeb035d048045f579f77f8d09c96b47c272266d051

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 828ec764189e36e56d0e963f05ce9c2c
SHA1 7007cecab0c100c349a5dc408ca765302c93ab43
SHA256 915c7a6fa433f59e319805484f5c869ef4691aa5f888dc28d97bcb7753d26c96
SHA512 a4bafe3e5192d97d9ffd044f416afde970375f11e638ee52b9bb2e06a16adb4319f1a315d5d01199caca2a318e66073f9f9124395f5a129e421fb29b98c8811e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dcad2137a42932d2035da474ad871265
SHA1 d2bbee28ebe4db5914a1e468f705e8949eadce72
SHA256 d8bbb0d71e54b89d84010eb5f6447fd61d907dc52d8bf60283fcc9bfaf57d11e
SHA512 9bd7d2457992a5aae5579b9fea55e55f8a9724b3be84eb1366367c72b0e7687c370efcb6c2fb1f8b2ce6d26804f51a8b765ff05f81577c83c2bad1e142ab49ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 62b86cb6307b971558014ca7e48cf163
SHA1 ab3f413ac089995e01330a217227f3fab4b7a6d9
SHA256 96274864d4a81e72c488236611ae35ec05733d18a6fadc61cf1d60e83c91f63d
SHA512 0b65046e6b330040adf2fb99b5e0d0ce5f61dfa6bdc49cb753da0bf8662dd5c142c5035504c36bda35da6df49053ef83ea410bd149274df6fe2bdf5f1fb915d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f72b0945dc16c03aaaf1a62cf57efd0c
SHA1 e1c9053c68ed824ea5fe6c352ca64813c0bcadc7
SHA256 168af7e1090e0cb01131b3c429e92b3f53a12e5c523ec1badd703eb26fee8d7c
SHA512 c34c9a63b9cdd1dd3873fd3356886793bfc961544ea2f45637391ea3c3160f32862076d75cc99ff9f5a4c5c85b235ae121c1c15488b757add1e0b3ab48f17435

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08c63a905c13963c2ac3abf3d15de798
SHA1 fc51eb14712577e1ca855127a43bed7d5bc289db
SHA256 fdfa674097f490852627264b999fd5f0455109e7c5ca53275d5737f09b670eb2
SHA512 8b5094ffd41494a1bbea0ad2f868806cc123969ad25aa67f7c35e0e2b288326757b1fb1928f4be9951b0e9a0ed4344356d095d96feb75fcf87e15e2b2c10ce71

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ab1da8951dad4996e06d6ebf7abb11f5
SHA1 99bfe2bb6c9af756db0e3dc6ff0a6834f17021a4
SHA256 40d675157f2980604d9a0507a06f678197f7a0d6dc8433d9424c8c5f01b371f0
SHA512 a5188b9d7b9fad30c9f2118897b6671fed282513de7449b03e4cd01f902122a204bef5e58b670ffe31b6403eb2c61eda16cb49d7101fa020c6e9e7b5e4c79d0b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 00af34612f2633b6797d0176d2dc565c
SHA1 31bd472107f01eae06611f133a95263e391dc6dc
SHA256 121be37cf743b0d5bb2ce0544027934f175ee91c4f267f039fd9c850262b3608
SHA512 07804e75a5fee4970d0f755d93467a9c02d4ea2482674722d37e8f102c2504e84fc982aae53796a04cd4b6828a00956f49499e6702c2c27cf5e7c88be52ff7ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5623553d14cf90aeba0508ca019add8a
SHA1 8fccbb34215200367b33f1b63385e23ba4dda5bc
SHA256 710412a7780fb93a13aea46a9e026336ac8e22ad8920028f0812b469dcf13f0b
SHA512 86b5ae9009d068c61d8e403ad3322f44227d860680647e81635df8c093f936631002b6fb5dc103e61270ec6ca582ec1758d0a3811133aaefcb21591c6326bfb0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 affe358e605650ebdc98a3fc9c23a7eb
SHA1 d80fb322a97dd920f71aa397d460b42a78897af1
SHA256 7cdb37510433a6582c070e016d28f2af6fabb944cb68222a675ec2d4736ee1c9
SHA512 67301461194e200a149f43f9f79a6013ad528325d3b36dba6e3efa20e8d59cffb8797c41b4d09203c60069d500fcf343efb616238f8e6d7858191164ace368be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 877fbd7ebcb81a11d1788c1dd5d3be2f
SHA1 564780fe3d59193479eb024a875a829febce5e97
SHA256 c845970149a23f92770f9cff65d444ef409ae375022c933d9fb089b8bb5dc64f
SHA512 4560f8937fdca22d07dfa667d4a38006828a5f0b75d338de59aa756de124c6b2902b0ba9d067527a5e68a82ced0270946a156e23cb3a1f3e7b3b0669af364ce4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df12fa008d27a5c91489c4e87b688259
SHA1 f88d75c550f6a878f36a6ece6ff447872ec1f2a5
SHA256 78bba73a40fcc8121c2276d4921fc0e7a245b07de96f51c596c0837a57d2a17a
SHA512 a488a03fd87fca5c4eb039042181049c6f485a498a79a73c7f446fa9c126eee7ac24530fc859b6a75ba6e68d2a69d9ebbe7c990e2d8b9eebe968a098b6909f57

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e3ab4dfe59f6b3690398ed7ba87f398
SHA1 1ecb040e184201fe93736247d6de72fa9cc4d172
SHA256 62aecd36b9800156d812bc8fe6b1be9ca51fceee16569b217a526226960da37b
SHA512 6334150b1d36dedb1a13230546582af19405ff4d970c3701e1b87f2c18485c0a2ad82711bb2d841a9130ba73e927da828b97c0a311c1d42ae4028a9f84c35fc6

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1ORAS6VC\www.youtube[1].xml

MD5 705f31d0523015dac90623dcf8a1ccd4
SHA1 b06496156e9c694db74e7f07fc2136e0547c7187
SHA256 d912549331ac5b8ade44f663cc0d92e612b49cebcf0b5d8bc0969f53ed72a513
SHA512 c985e55c239665ce55e8478e3694662bf9a66ed64f3256758553b83ac9183d6ef8bb802e3c26cde20473fd66d92a074ecdf3f13f3c1aaada0647ed3d12834fd1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fc74552226155cfd0cb758012c3288c2
SHA1 19666c37f9b23c4c4a4787f9533cb4ecf3a66f76
SHA256 e2874f1a7fb8ec9c8606e7ff5eca8b30f5a84c513f8019fb78ad5078b1b65436
SHA512 136e45a65991b12e8c87f8e7f473fe85d13df3bc31a8578953e6063c4db0569cde08cac0c1922c7f52d7adddbbe481281adf0cfff7b2080690171436c3cd7f0a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f38ca8f161b9edff75dabd9255827d92
SHA1 2d7f053e7d075288546b74153e7b531a062ff10a
SHA256 0c20745eb85041240706008182a85052f273c352d41ca06bf9418cf64894dc9b
SHA512 ece23fd7989fe148947e563f98d3fd2684731fd0d18bc5455c914b8beb560be3cd8860b2068a6b4efeaf17ed2000a2d95591b50f7dab9e02d0e4ea04d82f9cd7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 29e5a4cae0466e93827e04516e490766
SHA1 44a64daaae35d9844f590bc285494bf1afa3e81a
SHA256 82f4fa718618c99728c036e5b8cf6300415d10871f808288b38c5033679b2c56
SHA512 6380ff2eaf25821e90492b863a8422e51f7c30dcc2b6b400271c22dacd0ea047094b3af49e92533c386a6abc22f3442d4c5a76094237644d429fd22f39d7f2d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3977d437fe3b65b132c279b2512d8a1e
SHA1 62c73bbee54d6148d67d3b6855eee5396685c4de
SHA256 54de6caa0459bc5c6b30cb9a555a51eaa80c9b4692d3dc16ad08673c90a95338
SHA512 bc0a32349c46ff29c420a3cc4fde1871c8ce605dfb0dc2f972fd39c9447611cf5507bb62ea2759bbd5a7b66f931ed2baf74af761063914799811833658c88556

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 034faa62368585b10b66abe5ccd4b6c0
SHA1 4a6022c09bea20aa39e43d0a479e3e6afbb1130b
SHA256 aa10d065a4aa72ee53e8d2e31f7443691c0c7b2b4726cf043b9d12df6dc1552e
SHA512 e9b13a3c785c911d6fe64d56e77f48400d27588c5fd56478d32f17c5f9de352db7980a33b175a961cab7b1dcd50334d7d4e4f8bfc1f3ce1fdfea2edef135ed92

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74ae8f23135b503fce4f46ebbc2774f5
SHA1 be680903cd702f5e8dd5697c1bf966fa9f75abc1
SHA256 1c4c79cc72176401d45c12862e02d2c6fa0d6ebb04d5e4fdcef917817d22226d
SHA512 6c22b4baad1abcda6aa4b867a34219fa3a114e6dbfa2ddc011f0400bbd7c71b0d60a8156252f996a4f452276e53adb3a2717c4ef7943d4e59294b729d76bd7a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06325d586195876ad80ec11b5f73648b
SHA1 b295e0ff9f0d82ae5be408bd7d879551af1c0e3b
SHA256 5163bed2dcb95455d4c356e81e4e024dfcb9246c11fdbcb29fec869a29b24489
SHA512 bf99084fcfdd6b1f541c390c9775e6a5b2963a6ab609cad60df0688418ae3cea1120f168d42d3cebc187bbf9cd48a1b6d56028699d058025fc24a275e7a5992d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cfccf06bc577f4367aa9ba9d823225f7
SHA1 b8cb259752ef64579428ce7b484025487c646836
SHA256 3d94870569105a30fbc344b4b80fcc5d8fe80542efd2666e01e26d263cab7590
SHA512 87033d37f52170b9282dea6d8f70e69099f6b90a2eafb1c0ac6c70f79485e651ddee4e93a441a7ea7736696b9ad517bd8a47499e51057087df9435031711f9d6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 616429ee35e7da285b9e3bfa42217efc
SHA1 b2d34906dd96afa4d0fc19dc9173fe1a41e1b854
SHA256 a5e8ffa438634df2a68fe57455a1bbb200f4108815b87fa372c3d548d0b08bf5
SHA512 aa963c6e46efda0e5a112a2f9519f669a6c639308fd291877635c044163532c3536d5b51caffd82a6a3ddfd2a9e1c13c13a558ff54e322712472f58dda6fdcce

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-26 03:48

Reported

2024-05-26 03:51

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

141s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\743d7758cb7490a83433f51c79dd32bc_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1848 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 5004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 3636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 3636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1848 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\743d7758cb7490a83433f51c79dd32bc_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdbd8946f8,0x7ffdbd894708,0x7ffdbd894718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,17304384525045098128,4769011546252505555,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,17304384525045098128,4769011546252505555,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,17304384525045098128,4769011546252505555,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17304384525045098128,4769011546252505555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17304384525045098128,4769011546252505555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17304384525045098128,4769011546252505555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17304384525045098128,4769011546252505555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17304384525045098128,4769011546252505555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4312 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,17304384525045098128,4769011546252505555,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,17304384525045098128,4769011546252505555,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17304384525045098128,4769011546252505555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17304384525045098128,4769011546252505555,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17304384525045098128,4769011546252505555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17304384525045098128,4769011546252505555,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,17304384525045098128,4769011546252505555,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2696 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 tour.muzenergo.ru udp
RU 77.222.56.73:80 tour.muzenergo.ru tcp
RU 77.222.56.73:80 tour.muzenergo.ru tcp
RU 77.222.56.73:80 tour.muzenergo.ru tcp
RU 77.222.56.73:80 tour.muzenergo.ru tcp
RU 77.222.56.73:80 tour.muzenergo.ru tcp
RU 77.222.56.73:80 tour.muzenergo.ru tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.187.206:443 www.youtube.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 104.22.70.197:80 static.addtoany.com tcp
US 8.8.8.8:53 platform.twitter.com udp
PL 93.184.220.66:443 platform.twitter.com tcp
US 104.22.70.197:443 static.addtoany.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.206:443 www.youtube.com udp
GB 216.58.201.118:443 i.ytimg.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.152:80 apps.identrust.com tcp
US 8.8.8.8:53 73.56.222.77.in-addr.arpa udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 197.70.22.104.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 66.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 118.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 syndication.twitter.com udp
US 104.244.42.200:443 syndication.twitter.com tcp
US 104.22.70.197:443 static.addtoany.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.178.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
GB 142.250.187.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 152.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 200.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
PL 93.184.220.66:443 platform.twitter.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
N/A 224.0.0.251:5353 udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
GB 142.250.178.2:443 googleads.g.doubleclick.net udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4158365912175436289496136e7912c2
SHA1 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA512 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce4c898f8fc7601e2fbc252fdadb5115
SHA1 01bf06badc5da353e539c7c07527d30dccc55a91
SHA256 bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA512 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

\??\pipe\LOCAL\crashpad_1848_TYEVLNEHZFYWDSNF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dbab3c325afe18134aeb1fd0823e717a
SHA1 476579b601c05bd1fb3f479ba747b96d5e0321e9
SHA256 057beb2d06bcfcff0f9a2e073ba7938be5a24235d683273dc5ec32a874d48ab6
SHA512 5e60f2676971eb41839b40ddbdc286236770cf3cfdc07ddc8f051d14fca30b5651dd7a320013985c92e496e1d86ab567fb0d69a90c084e55e9791b3e27a19f0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\43a4cf4d-e52f-48d1-92dd-d5ad29fa1a9a.tmp

MD5 9f5d60e802e2e1db2f0b9f1e356572e3
SHA1 2f75a7548a5b4a951ec4a6ae55f2de1a156c7e93
SHA256 751d5096b1308f2328e181c7f11203959f28c484c5869358c8c7e2237ae7a270
SHA512 15cc452979f1f642aa46d7b08c08e3dbe726afdf10df369e9d3b68c42c1a4adff77dc5d98eec62350354639763a2ca997f849271a92a98563e2a88bd8b3f64f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 599d0e748a9179c5168e18a8356fa801
SHA1 217773d352d887651f057adc1a73e4e1ef88e5cc
SHA256 a2f11360de116455bf0f801545abd6604ccfebedd321a0d689be165694864b55
SHA512 f50c77df5cee289d0f9c11e669ebdb18403a6f588f320a6c843f850e549cc01b924688864239ea4666fbd66b72e8ae72ba8c10d686735f9ce98ed70596dc6e1a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e42489e3390dc616138238ed127c65b8
SHA1 244a1e73abcb1593e929e7492d2dc659f76e2e6a
SHA256 62e6175c7463d91fa9776b0c822c5f6cee324c1d5e253927c4e2bb3267c8983a
SHA512 d708c019b9733344e796b0c7a239106a5ec672e60c20b81d055868c6b48d5b8288eaa4c79e03014433b8e6ad093b95ee7812d3a8626710e3ca890a04f2a7d0a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f13ce64fc2ec17b52c5abfa135a72e0c
SHA1 b29b4d1d6dd8c8f9ef9706f3b35b080ecde79875
SHA256 513c858f15e9fb34225872e3177d1f8f3ff2b9744f0afeab127378d2017c6626
SHA512 f1ef2beb489ce92bf3884049d759c62022951d5fbb0322fff56d4f386eaa991a054583e4afdb24ea8b08e1a017560b0823710019659c67c26b91884c75a00389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d00a1cc79b041656edc08c643c7e0d66
SHA1 8e5191ea76a4c27e660e43ac05f80978a82b1fa6
SHA256 6461a4f870fc858d3e5bb47608e3b06c46c30b706b487379ca3d0b13c3f65d65
SHA512 8fe045c4a3c55235fd6624a90440e27b2fd8b6538186a727b647b842184034ac721f55a131d315c2317b93e95eb5f088095b355e8a37a27630b069aa3847e5c6