Malware Analysis Report

2024-10-19 11:31

Sample ID 240527-f7t9lshf8w
Target 780f10bf5a5b1bf72effa6bf60d01d65_JaffaCakes118
SHA256 37203a1b937517674ae7c2d11e3479c43a115d5766c21788cc99c2bfe2722cc1
Tags
microsoft phishing
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

37203a1b937517674ae7c2d11e3479c43a115d5766c21788cc99c2bfe2722cc1

Threat Level: Likely benign

The file 780f10bf5a5b1bf72effa6bf60d01d65_JaffaCakes118 was found to be: Likely benign.

Malicious Activity Summary

microsoft phishing

Detected potential entity reuse from brand microsoft.

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-27 05:31

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 05:31

Reported

2024-05-27 05:33

Platform

win7-20240508-en

Max time kernel

117s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000022698254d5b711c852970e0b65f745514301b175a89509f35d4f8cc2fb67036000000000e800000000200002000000007329cd6d7e33076207c2c3d51c73ef1d15ef70e0d9f3a95813c7070ce3eb2b190000000e38c1181bee43c52650d6f383a1e2366191fe61ed8631877d7c3a7c7a321ec4f98c8013176ad3d5ae0780080ee1f2bf3fe664feb21ac0971ba00f3bde46bac91e07e598c588e30248b36182932248cb13299b2c945704c24b80a90bf33765575d3b9379ba70cb006949e9533bd940656e57ff78567e0df6c2cc0e14b0ebca5e59f3279dc1b89c32634c6ea94e6e93365400000001846d3b6f32b6b32801f76887236be0495f0a5baa07c672547e0e9317f5983fff379a13a51d1bbf2ae62df7ad6a2528e2afdebcabcc3d6043ff98491d02f710a C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422949747" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{588EE641-1BEA-11EF-B44D-5A451966104F} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30b49b2ef7afda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000ede0b3e83a4ce63b1cebaa2628663c6e737b231ca7010256e31215f8de8db94e000000000e8000000002000020000000010a25aef795217bf5214f3e1b56e606e24598586b65679ea897de9162f722bb20000000f6597fcbba38e954570dabd4605342c4be416246235f853e25dbfbcef01974ca40000000ffc2f50b897cafca70dda8b7984af5ce7b28fef4ac4b2ce91089246e6d31129171cfb413a9a135f4b67003e37c319e505178af2d8df4e4770365a947dca5fb74 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1712 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 kit.fontawesome.com udp
US 8.8.8.8:53 kit-free.fontawesome.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 secure.aadcdn.microsoftonline-p.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 104.21.51.18:443 kit-free.fontawesome.com tcp
US 104.21.51.18:443 kit-free.fontawesome.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
FR 142.250.201.170:443 ajax.googleapis.com tcp
US 13.107.246.64:443 secure.aadcdn.microsoftonline-p.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 151.101.130.137:443 code.jquery.com tcp
US 172.64.147.188:443 kit.fontawesome.com tcp
US 13.107.246.64:443 secure.aadcdn.microsoftonline-p.com tcp
US 172.64.147.188:443 kit.fontawesome.com tcp
FR 142.250.201.170:80 ajax.googleapis.com tcp
FR 142.250.201.170:443 ajax.googleapis.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 151.101.130.137:443 code.jquery.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.153:80 apps.identrust.com tcp
NL 23.63.101.153:80 apps.identrust.com tcp
US 8.8.8.8:53 x2.c.lencr.org udp
US 8.8.8.8:53 x2.c.lencr.org udp
BE 23.55.97.11:80 x2.c.lencr.org tcp
BE 23.55.97.11:80 x2.c.lencr.org tcp
US 13.107.246.64:443 secure.aadcdn.microsoftonline-p.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 172.64.147.188:443 kit.fontawesome.com tcp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Tar236D.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\Local\Temp\Cab236B.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc3828c242868fd56f67c8f73f2535bb
SHA1 faee8220936b791a0bb23017cce2cf0c24dd2992
SHA256 e638b43acda12d232ac4d813536dc5b5b6c285987953dd4f9ac030ac9436e8a6
SHA512 7094d2623d90eccad28e7a30c909eb6efd58ab0537ba7d9bfb726b69db9a391e9d3897ecad4ef26627173df2535f6f9c54ef64a457d97e5d1ee6e27cc99ef0bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 063c9b2116cf8ea7549726e5c08f55c9
SHA1 8ab07f202744722936f678a74c7958e8f22d0909
SHA256 6c0a78d01b85633b41a2eb67cb108db4567860dcf47379c3350be9fdd380edfa
SHA512 c26c0eec03f6e634b594430fd63f71a81e19b35d935c835525e82cd2abae44bee3228ae793723dd17492f3a72d48a30951c8559aa2de5e881dadc73bb4a47241

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5ce712f72b3f9d6793cdbcec66f0876f
SHA1 6e6b08f982dbc5e8701d00d55a5e19a3de10c590
SHA256 881889a6d7f4959bd25b1b9234a84d4157738eee32658dde966bb998b10add6e
SHA512 f7cea0c6371045dfe9bcc1b2bef10398af42a3db38b399e59277ffdb8c7ffb5e414bca26a9ef6475a93fe902299235a1fdc258aaec14bb28097a1bdcb373fb0b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1d809e6e63ae167708320a7833dcbef9
SHA1 a66196a7c7241f35778f796829fe750d8de3384b
SHA256 17495ea2217b8da4923fa162d3d2e7707ecbbd0fa8c3a53de8adc7fb0f317c81
SHA512 2acee0e1f9b0ffbb241c37d561d094a834d0ea5f887152604b1cc3010654459f6b707c11013913ebdcd0f643b23c99d03ea57eef294d63ffb30369647f848dc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

MD5 59c19ea4d32947b0b86673c8a44dfb4a
SHA1 7214a0c2197856a6c9ae2c3972cb285be8441aeb
SHA256 94eb0f4823371ab6ec5cc67c1784045e9f06f3c2ec3809260d666b85bf71aff7
SHA512 a5050b79a493dfe7d86a89ecd50b195142dcab9fc8dc687c0037193118b562e9cfec4afd2d9ccfc39f68a42d7da810f6cb868eda08c5cd6eca5c3c3ff9cbd67c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

MD5 c5dfb849ca051355ee2dba1ac33eb028
SHA1 d69b561148f01c77c54578c10926df5b856976ad
SHA256 cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b
SHA512 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6b281bb7839a2058164794bd56bc5cd2
SHA1 67ff01239903dfb6078f1d83ceb8ca5137cebfa3
SHA256 650d6b6faf9338aa4275d0d4cc66b15e5f0fe9ba13d99ef46c265536e6a2dff5
SHA512 5e51d17dd4db67ef995084ad99bc45ac0747c5e259181254ea78c73f77e667739f0419a32e675ab00a873c4fe54ee1d188a99bc4a2bfc4de4318635d1edec2ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 af27c59b7983f3cc32f5590e6398f8a2
SHA1 890dc606919c4d9562e1f73b7c08c90538451afa
SHA256 7155623b9e6dd21e7672c30496be2f46edf4d9796c62c4ffbb9a28b0b9885f23
SHA512 3c99bc772555389a254c839ae4274db912ae9d42fcfeffa5788bd6ad32861ca524b53d152402f8b3444db31bc23dc6b286782de85aa615e541827c81bb2d5459

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09257353552b04bc3e2bb158ec5b9dc7
SHA1 b7bae3cff2c389e4537ba9c17ebafa0b6a6d90fa
SHA256 9fc9661ba1a83cb0461a70501d8ae4a3c542a2b826a3c69e7cfc3f988eea8cf3
SHA512 c0e6193908940db6245784204f04372ed53d8da4a36c02c4c3ad879decfbf487c069b73e22557546ea6b0e2b5ec506509b65a877f29743b2879d1e7343629279

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 63b45eeab366a3fe112cce5597ec0c66
SHA1 ac29519dc84dccac766cc8a7f46450442455f586
SHA256 4291226ae1159cc9ef3d17ac0e89ea312bf6bada17405eff3a5be874adcab929
SHA512 dd44e84efb5ed68f01a74694dd683c4cce77a5d1384178eee6062bedb2159ac1be3fb7b0c65113a8b779df392618b32ef19d14ac6e76fc6fc0e1fe9b48ff2f3e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 daeecc74e538a1d4193d6a05e6a0e6ba
SHA1 eaac9fcd61b260c4eaba3cceee82d9b9b3869f21
SHA256 ac2313b1846879e516f42352bb923346742b49d2cfa3c38e82b16f6c017c7285
SHA512 c6d1f3b0ec0f50c5aea9647de54cfd6927c78727a3793fe809121f0c21e819b46abeb2c2046573a50fb933c2e2282e65e173a87a88e1e680decbd0a315a7d06e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ecfdaa941da80670a909a69cc9953421
SHA1 0ce2cfb0b7cbe60e25f11d5c4d6e8965de2f754b
SHA256 9416c9f54ef940c8e4e6b776069e636fccbcd9b969d812b6a33f99420136788a
SHA512 14d2d0e8b073c3547f52e92929a3447603e59eea2ef5f7928909584cf30d727a178bbf110cb929e4fcdf891ec64359a4e247db5422e51dc3bed26d1abcda43b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 62456d2f5054cd159fd285562202b61b
SHA1 d6bd416f06d6cbc318adbe72e6a0f017e6357209
SHA256 fcfc8e788681dded1c23ed9a1cfbaab7ad936d601b2c088a2b2315e4edc4d960
SHA512 42fe78ad39dbd2cc1630b496c81fc1eb52515f49e1c0e10fbc4ae90cc8d6cad63baf600133c399331b5def681483c61e2174eeb6c06ff11ba511600c64308f49

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 07d682fa92cf07349b160f0f3fd96433
SHA1 d987e5a488f027d11f5a7a68d73351f7668a9ee7
SHA256 eb28595dc9e2714141fc52b19a674d94751ac54280672462093a7497d7310bdd
SHA512 11217a8c00d7230b8cfd64a84f9c47c52c43fd7ca5808ebf993cda0a18b5881b8e229ef881e6bb6a9411ba5e7be0cb130544fce8e8ae7caf0b8e94da1293b639

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b633e3f59ff93e2a0d3227577b9eceb1
SHA1 4f20e5f6147d6be5e9dc7eb1440a1c0bf66dfbf1
SHA256 8973f33da903ad7570c96dbefaf6d700472d3e895c2d18c891a83461e71ef265
SHA512 aceb0d72b0934ba29f22f0ae3d2c73102575c387fbb3897a2b73f4feae67bc28d90925a314a13bc14cc46504196f607e1fea139983531d127e55b7dc8bda4afb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f7a12f3d0249998fc831def9cb137f2f
SHA1 6b8b4eef0bcb0fd09ba8c3bb094effb9ee765a49
SHA256 54631bc960d2dd7b640cdc9cae594651696327362f29ace4cc523d0f36bf9ec3
SHA512 19b8010b3ac4c145dce4388e3be4cc3db6ab69057767f0edc8b57cd5225f6e285b6161975d81b5367500aff98cffec5032c31f960db835e60513466e5d8e0be8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 62e069ea18f776de84eef2a8666dda79
SHA1 35d04112c02b5299bf86f8efc782ff49c708d86e
SHA256 b06435087475eaf3a825866ac905141dff9d256f839ace09fd0c6d91c0ec95d8
SHA512 ba8a303fda289b112a97c8982ea28f40246b484a858e835edabb8a30b74170dba4388ba4cb13c1275d0d1fa67107008387542fdb8ed4ee44a85632df23cb050e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f0883a5993f347f75c6b03948b5d067
SHA1 cdb201e347000151a69660d8d45eb7e799dc659d
SHA256 872a711d40fad753c55a47e9cf253a903b20b7cd11de3503e1a3193a215f2c33
SHA512 d15880897a9b067b3c11095724faf22060e70ab92d20493ea6d26c58285afaec2280a5c85626d072ea638280b2d2569ff4ee762d49034cffc565c5f8c58cee8c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 57a0c56044078ba8dc508e23e05dace5
SHA1 f43d09c90cec836c3899495200a2531ae433ced6
SHA256 4a3d3bc0434358e75f506470b670f8e911b5d119a99a494d2c0eecd42f271bfc
SHA512 90b1ee2bcdd8c059cda30fa5ece3f2f273a65381f92b7d21e866d87bee1d095b826ee6015eb4e9abd46306fe9fc0991ceb6f9e5aa5606359d271cd41a62bbee6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fadb5977364412c963cdbdae91da8f01
SHA1 ac2eeecf8c83ef454beb68adcbd0a807381bc852
SHA256 fa27b20f54dbf42a3a9b0c1241329ff4f0a48278f7476d1b50d05c3a439a37f5
SHA512 aaa2b95dfecb20eee354e0ddfd42d6afc4fb8cfcbc3247565bcc5cf0d3b5de0fe74d5a679e34f20fbb5182e7d62fb0bed58d905f6e2cc31a2f90e8d2cf28b46a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2bcaa37846c48c94fa795b92f53cd19d
SHA1 2c855d1b6854e305acb0ca6896514d5fa020a19d
SHA256 9b84a598ace9c16a1ddb6299ae3d8ebfc675821280daa83e1ea6fb1fbfb2bf15
SHA512 7563acb0e7ea1d340778c72e03b19cfae27601d1b8efd68c0b25a7b2ca7cf95262485417be7d6270f854bb6b81d88e8ddc3eab90549e2f0dd703b2124f56dc85

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 986cfe7b6527961938e32a69305ce3a7
SHA1 9668178c62883345a2bac80e2db560aea8acb4ca
SHA256 97e4746c3d8ea713e1a1ffb82b86feb32172ffe29a309759514f70789b6ae6dc
SHA512 283d733a4491405d5396e141a3cdc1f21341f72e8747877f201ad8c44d947e013fed1aba0995f822a399481a162678e666e6fb99449c3692547313e79f793b84

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 abf81391c4e2b2a00f55eefca65021bb
SHA1 9653caffe7b5a41b1d457988d3e86670d19f01a4
SHA256 0460867ee0662bb54a3614cf8ca22f9a6f6e6009b2fa8510613751e0ccdedc6e
SHA512 56c7e885c3e873bbf19d869888671d695b6190b408a81c3e4c51bd77d3001d31dbf68bce5d23fef7735751c28f1edfd8544f62ee851227e6f2c6e0536a52c9e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff9e870802b6f5488f07adbe2f312836
SHA1 dd3fef8754728b7c73342434b6d9909bf51ef1bb
SHA256 61f0958cb068827884e463cee10ee9848bc920e6c725532f5614a568edb45658
SHA512 fb411497cfca4d3f3f2b97cbde0c710a281e1ac0c583bc407fef480dd2144af4f64164620206be47fe6eebb24f4254b3c15aa5e16f1ceea01e35e8b364be2167

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc932412758a48f85d3cbd1bad87b6dc
SHA1 82fdb100f82b9432e18b8b30a48fe9bbd3813f7a
SHA256 f341b60924c2c53224afaab99c9639ec9f0976731a41e06800f2f88169501dd7
SHA512 958cd75a48e2a80f51c41e16f8dcce6749614e6e535987578f54b251605386931e81daf9167580e72fe470a3c31ccb670d4bf56674c7546db461cb520a30be71

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b67268a2b898d6ccf4f07332773b6f5
SHA1 3d1dc8057f8949f84e0ea2c6d47e7933161ff2f0
SHA256 41aef1ac01c4a5f2f1f03bf8fb2b7084e2dcf8e2d016f2479838f3698071cc8a
SHA512 0fc18a18318beea5383596a89e77fe5e1d3be6b2e340586e6eff10313f058476043aba06cac4246d537da15f3fbbb8f476f63d58e743e51269bdb045fc02df79

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 04f9531eee548d5065fccf5afccee426
SHA1 ab0ea71aacf7d710724efd3ff2aeeaef145bc469
SHA256 cd50f6959053917c3254af96b7a338b4aad539a4d72ba1e22505210855436ac2
SHA512 af87c2ee822052b1c7008dcbec3aafd9961b9ccab4c1655f6d7f55f6a4913cd686810c8300b9440917d9ff3500e4d3f0722c2d926d150d5e3db94f070a897516

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 49b7f1a4d8ec2b2275f728af161895e2
SHA1 434a2c5d081ace4d8141f01772db1e5519fb2ac0
SHA256 c32ad5f874ead27e4f99f14b85888226b0a4eef4bcfbc6376249849dafbc966c
SHA512 f98933147709fd308e614b0da986d2e5c6a6ebb23fb9f86a5692c96dcf56ea0d875c8a2c2011e7af680014865c71ac7f23c9d3c424d8a922e3c7baf5dbb62796

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f67398c0ad29d0b5eb81dd5ad8dc93f3
SHA1 007555dfe2f2e712ff1b97edce8297baec4ccc13
SHA256 d5e6cec23fb52b436654f884a454a7bd06a9c790a6251276387535566b7c4123
SHA512 f21c9abd1487680aa77bc54f5a9006875bc472cdc71ddf5df3d2b93cf6ef368312ef25bbd0251e55f00506ee2d8d9fb51919d6a22236befe01d2567617944955

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e9f3f52358e0eac49d78d9413f8ad8a2
SHA1 80e8f41ad3871fbc7fc35f4672606d13ee9b546e
SHA256 7b7e123675098373e9dcd28d89f0a4f98ea19f0140f7e782247fd8a7669a1d9a
SHA512 42ed844db96bdd49f48460baee4960ac581dc7153d54159ae48dd76d6d42ff38d822597ebdea43fd6421140cecc7ee6d0b8dd69e5a0d3fcd57941f540f391453

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e0e16d6556fdf5ba2390238200ab29f
SHA1 7ea59e3090be86e60ff5897ed01c995c6ddaa649
SHA256 4eca7806b29b258941092d26db214729a3b7a96e1585e66a9d471884d0c58e8f
SHA512 d59f2a1b2dc8d311c505bc29e6e0005c0efc2be82a6457a26a43df0b8768b1080a0926ebb3eae08f9ea2c791a191d1681170d68421e0a99bbd9ec5c9ac498dbf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ccd38c4adc8bf2da89eb1cac2bfa5c3c
SHA1 0e71ba256b5b9222e4e3d233ad06aeec40cec652
SHA256 62a6e63aa2dc95dc418fb6a23c91b6949c4ecb907c7858c0c9f68f9e75283dfe
SHA512 5c1b7bbcec2891c97ee017c6c2f35e0f6d8556b7d2fe33e4a3c5a58eb64fc931c0a562176e1f79afd71a30b605cb9514ab903f014d4aab282f39dd656ae3a639

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd1313bec5491a78eedef60eace46ced
SHA1 954a3002193b596680bdbeb012eeba79f5d447c4
SHA256 94708354272caae3f57023a76ba749094f29d028fadb07e2378f58d215f11275
SHA512 603c60034005961c04cda28156bfb151d4e418ee6cc4c027edf4cefca3d6b0abbaa2a71444de34db0a9662db15cea456e744ffebe5eeadf04f3f8282ccfe5536

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 48d7d693be9686dd52bde89d73b403d6
SHA1 f54b0b3e18757131a4cb60ca7fc48f9222e722c8
SHA256 b17174f5f21e2d54f36e63fd419f7d77290294787f10e9329e4f19fc6869d40a
SHA512 7d9c2ed07c8a3cb06d1b9698f66fd43e4247da22d8a1d9c505508e7c5c0e3940f43c3d3152078a7acbf6d17edf384ff53a96a4173fc378f53b1f92b26d473817

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8233b7d1a57988832ce02985ab9610eb
SHA1 af8ad8ab485d33250df8a6d029e76d58777ace17
SHA256 a4406c9ed9c1de078583af3dc8adfde4bbf8e3f7c826ee1f029d34ff57328260
SHA512 bdda4f895bf59e400aa72548d528df5d166d59dfc0640cad1ec7c4f35a102551cbe4a086bc9d0334ed285e9e19cc184e8954b556a962f375f0c52bc31875276c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ed4b0362ab8296fd7deefc0ad466681c
SHA1 8f158fcef04a31933bba51b1a430c9c4aa84dd4c
SHA256 d2229ec8da907ff155c6f705f30ef91eef1d732a22be111d343671ad89ce95bd
SHA512 67c59961466fa5e621cb7cd6ea38751b2767cc55ec173aad95b8ea2883fb8ef830216b0132fe71613760d3d625218a295694dfb8483ad0539deec6e136033767

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1fe6055ea1077d2d75dd5e7ca626e3e
SHA1 dbec38a0b35eec0fcf8e6b9f669321b44095b5de
SHA256 401adf6201907f231424d0b67fb7cf7dff2f94ec30f2b6e083e2fbd58a706dba
SHA512 2b81dbeae2aa6714169f2f8ea442e920c42ca13d0f505f1998e1ca28d25b7b96017379201574dcb7feeba4f8886118927c4239196aeea5ac047ef946dd905ed3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 39aaf09d69e39600a14f0f1ee65d0a75
SHA1 ea429611939f9deb591f05d2b7048c2c186bda24
SHA256 becaf873164f692a6725ef90767552fe22883829e15ec67b054e3be9cf2f4151
SHA512 0ae7634bd86ae2154345b7f6d24f2b373a0a1958e1a302ec4675f1e13a6092a85dae53de5f63d679bfd880be2f4625defbdef95b86790c0b76b4483ea6bace5a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d98e005c3de77faa7dc423e24c105da
SHA1 de55e08f5aefbcca48b5c9b6986dbb32f07a2844
SHA256 5ba523e50e703174716299fe5a7c1684bf32cecdf8286d099637a655baf19112
SHA512 c35944f780297e566e7166f6801ed01b35a7bedaff1b64c825042f48563af1b371eb9d64891371a759fb45c7cf54a7a06307b474e730ff2226bee4a16d71739a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 71177857a2c414aa8dd5bce6f1e27595
SHA1 f551fde8a5f192d2738e286ef105c16a606de22b
SHA256 b5389cd24300831367ff5d579b8caf02ce4011c72b5f64e541f0c93df6c3afc7
SHA512 3cbdcf627d2fdee3fcbf3352fb7115087990db4f845c3c41dc4730e6ad6f9d524137ed962af3e5bcfe5c581bef5cdab5d66d0ecefbb33233bf5e0fd8463465ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f922fc3045ccc5f98ea2d2557800ee5
SHA1 74f2ec0f61c14fc0480300321c68a73c288e9bae
SHA256 bde060cd7d5889490ac0056ee055bb3bd17b1c27d9b3428757f9a82af38fee38
SHA512 f7cdece827a919597335f3e79180d86f2acd009bb74b49c9693b04025c83b526ab82c18cd8286d7396eb47da29b8a68f0b22e5e3f854d35d1ffdc3093184f336

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a8b99dc5984b0bf78d1616eb9bf649d
SHA1 dafce6dbb2c0c345ce63ecfd9f2923efe3d653b6
SHA256 043708224ef70e443cc17f4541a9d4b3313f1303540feb6ba3479d8d38451540
SHA512 ba8141b724210f3cf21f2a143e0712dfabf1ade8039c3882b7975671633fb64e6cc522021b7da4b82f6208d0497e885489340a3150421d2c697ad4837e5c382a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 84b58b27bc3c9fcedc18cc9843b21754
SHA1 57aeb7aa9b67d96c136f30f7e1c6fb3554f0feb3
SHA256 9879c52ad4e29e8fa314556e4d6b548f5fd543148af500f0f03c2effd870f06c
SHA512 84d8e97550c63f5c1e1726db598bcd7e212781f0d60b057f6d69b7dae18df918e60fec1cfa073b1f49d9f4d6a9d79202513082f2e3b1894a766b095596943627

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e5b1b13260636b78e7bef732df937558
SHA1 e4b314799a12980a5bb71225c30385b306dd7891
SHA256 90718490829c2a3ccc8fe805af9ff92d1029f56edffa921db0e1eb515e18b060
SHA512 632fc42ed775d1ab28073e395107190b245d888b4845fb6e6ccfdb08c52e8f23511baac5da13c1a07b8f7c500ff5a6517fcfbd8008ac575aa94c3bf2bfcca9bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9237456e1a1c62e6cd748583521ce02c
SHA1 bf0f3bfca7df7fc2758011387bea72e06535de76
SHA256 ce4f596a61f6d3298ada48b6b1c4c31b6ade625503261d0a5e61a6afaba03406
SHA512 2a5aa0c6391ac7c864667ec4e72cdc6f266407915db12e4fc8a22cb66527c91219804c185e1a988de3eaa2b8d353ddbc0a5b100a6c08bb665e2a6fdf7e1950de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0505a442234569806eb0f76892024d73
SHA1 8cad5f1b5ffb809eecfecf0d503ed6ec440299bc
SHA256 7eb6f21a5078711bbb8de61fc98d71edfb87008c03e2beff95c07716989c8cc9
SHA512 0381a6a96741b0a66b74a192efcfe7e9b6fe26e4d81d3ac2916d1c6cb03c05e580bb49ba9525bf5c9f73273381656327f6b7ff0d8b169c902e86cf1018875b56

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0af861f519f58d3598834eafa9d07cf9
SHA1 73a767137b2b747a770e2ade0ea4b6b052f86d85
SHA256 06f5b5634761c5f6d77b544992ae2fad94868448653a4713419c508790daa186
SHA512 47eaa9234828ea65056ea3f1627e6e9798b8ec4c2caf65e7eb13188788be712aa4637cc16cf00ce3d2594a4732725f6f4a8fc72a002c84fa44a8c49d0218b2a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 169388fc8d09f44d3d5824f51969f978
SHA1 c118c10d3f3db2cb2b445b148c1428bec239594b
SHA256 bd13d928448ad249a9f1b37eaa022ef10d2f000bcf9b153a4604bd2d28b705fc
SHA512 1838499a94eb721e5f8c797c1202c23bdfd7a246fcb07f32819ceadd4a895d108f2273699565c2733a5ed5b35b8535bc58436f721c0402bf3e227eb4e92ee72c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 93dae736fd31549a6d8cbcb3da9e4c5b
SHA1 f524f62ffad86ec6808c079f745dab08cede266e
SHA256 189d862cfde179ebe5f5954a3e85cc74387a059828e9e13930364c4a56598a48
SHA512 1c5d2f9a07bbf6ba937a7255aa7ba99141ab71b6e2925e28abb26952ca0bc55195efb84bbd1b6717833a3e86073259af456805f197f58bf13e2a482304b75c74

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3dfde234a0c1a74bb634a234e11d7563
SHA1 631de501ca6eade42c5911d13734faf27c8e22b8
SHA256 3089b5ebe0c27810a733fa4db00cde838551458c625f73fb1aecc6f185186cef
SHA512 9f42750b6f585377ee8c15b8aceb4930a1ec981a39097ee3365b62168cb2971ff7b0bc67a675f444890a8a6042b2c4c5b362e27d0e710fdfe797a62f9c6f5120

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ef9955078b22f1144449e6fb1669ae96
SHA1 ec8141965cf0a88e412ca6607fe08ccd0ded8db9
SHA256 b126918be71d7bc1d4a647ad4380c00b1768c8fcdf1d53cee6026d641504cec9
SHA512 cf96f8ecaf2f9aeffa715c981f784d4998ab4e09795f095bf5d290b4667dba841b96cdd4c35550a674f254159357349d518f74091607f15bc162f9e398857dbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e7c5f1f0b7ddd4e56b259a2d92eebe4d
SHA1 17eb5b54dac7ae71b6954135e6e499eacb61b428
SHA256 44ba34187e09502f5891d5488bd6b8e8068808f6dc09199ac53167519ebeb2fa
SHA512 39a87d5786286db4206c8450b25e691c72356981d5d8a5399eb5f9c16725f04d59bd6a509e2a64afd1a9a9ea42b9cdc6cf1d68b2602d3ccf80f5a16853bac635

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a5f602d6e5d1f5250b4648557c83d374
SHA1 47951b78c70187e8a0cd496f76c526f5bfc37099
SHA256 6dcd13bf2260f673c0250308be7b95cfb2acd55b6e9567af9157d20b80229380
SHA512 827dabee119ab96a3a0979e30829febdb4a5953ea024c98b67a170da4dd68f4d7505ad99abe5009631f719b06706a0db6addd75d47d84c9c9357f737066879d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a7548b065941a37ebd57527bc69243d
SHA1 45b5f115092dbb421aeacf5dbe2f2354f0ad78c5
SHA256 89202be05351de2fb68c75e7db55f35cc5133d10a1b04c600a4791528a181b4a
SHA512 a1b53afa2e303e554dde889e8dfb17e395e3c1781ef14b8acf747572fb607b08054722c31125cef27bb484f57c96772cc9fd61592252c683ab1e0ed45e37b9e3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db5ad16ea290993ba5ec9d9a00a22971
SHA1 05e3d7f165e9bb19f028ebadf64c19dfa0da3a27
SHA256 e4d5686a37146c709879c936327924975b13eaa39504b23aa2f1885741cbe7c0
SHA512 25fd7f9145afd36daac08e0f7614d47afb84767cb51cd959e6efe85fe6017c22c063c0476ba43c1da886dcadea14777b904dbadfc1200af8e3539faf9738effc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a7bc3e6d1189a80d5047fe0c8a300335
SHA1 106e4562bbe142bc3211c8ff1259f27908770ee9
SHA256 a0af48049f89014f933c13e5b2864ec11c923fec4cddf20d55075250be831a30
SHA512 472bf1586be1f5a2d358d5cfa4eb1c69f62f5ba576af510c907411f09c42f44d1706a915b7319e6809b8b683fb17f12af5bb8b1c0fbaef11993f0fb65ba92c4f

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-27 05:31

Reported

2024-05-27 05:33

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html

Signatures

Detected potential entity reuse from brand microsoft.

phishing microsoft

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2740 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2740 wrote to memory of 5092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff86ae746f8,0x7ff86ae74708,0x7ff86ae74718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,8341918985042530876,2429752700113340428,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1980 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,8341918985042530876,2429752700113340428,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1812 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,8341918985042530876,2429752700113340428,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8341918985042530876,2429752700113340428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8341918985042530876,2429752700113340428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,8341918985042530876,2429752700113340428,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,8341918985042530876,2429752700113340428,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8341918985042530876,2429752700113340428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8341918985042530876,2429752700113340428,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8341918985042530876,2429752700113340428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8341918985042530876,2429752700113340428,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,8341918985042530876,2429752700113340428,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 kit-free.fontawesome.com udp
US 8.8.8.8:53 kit.fontawesome.com udp
FR 142.250.179.74:443 ajax.googleapis.com tcp
FR 142.250.179.74:80 ajax.googleapis.com tcp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
US 151.101.194.137:443 code.jquery.com tcp
US 172.67.218.119:443 kit-free.fontawesome.com tcp
US 172.67.218.119:443 kit-free.fontawesome.com tcp
US 172.64.147.188:443 kit.fontawesome.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.153:80 apps.identrust.com tcp
US 8.8.8.8:53 ka-f.fontawesome.com udp
US 151.101.194.137:443 code.jquery.com tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 172.67.139.119:443 ka-f.fontawesome.com tcp
US 172.67.139.119:443 ka-f.fontawesome.com tcp
FR 142.250.179.74:443 ajax.googleapis.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 secure.aadcdn.microsoftonline-p.com udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 13.107.246.64:443 secure.aadcdn.microsoftonline-p.com tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 137.194.101.151.in-addr.arpa udp
US 8.8.8.8:53 207.10.18.104.in-addr.arpa udp
US 8.8.8.8:53 74.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 188.147.64.172.in-addr.arpa udp
US 8.8.8.8:53 119.218.67.172.in-addr.arpa udp
US 8.8.8.8:53 42.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 153.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 67.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 119.139.67.172.in-addr.arpa udp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
NL 23.62.61.155:443 www.bing.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 155.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 31.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 16.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4158365912175436289496136e7912c2
SHA1 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA512 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

\??\pipe\LOCAL\crashpad_2740_NYAUOEBSBULBNFXB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce4c898f8fc7601e2fbc252fdadb5115
SHA1 01bf06badc5da353e539c7c07527d30dccc55a91
SHA256 bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA512 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0dcc8fc7a5076717ab62ef56346f70a5
SHA1 f7ad7582d8e13227d46ab4d8aaadb5f6a9c6af37
SHA256 944e4c86b672af3bea7ea33c92c217af086b0adce5a6685f41460ad2b481284f
SHA512 0a7904b3d102fcbee1c5d4e0816afd3366d4e3461cb9b9710156f25149c4d8a16a1fea61211de17d0ee195415af8e4b9d1746ca4bbd56ff7947bea1409156b97

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

MD5 5164f6cd5687308a753ca4771f5ec799
SHA1 7e1b077660d5a1b9a44698b40057e6be6ffaa523
SHA256 14e2a05ea6a4bdf5bf1a4d484b85f3c06ca1d1b2cfec60d7eebf3353ef9a6ed7
SHA512 b5475904e6f0abce30ae2f0b8afa088de02668ef66eda7041882a8f703a49359ef5ea44387ef2086f2ef2594f51987f5756b7ea8cc9f7b205963d7209a671aa5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7f308a476182cda25bde6f2e2d101df6
SHA1 fd6a8f11f785d7bbbed1475d1b864dfc8019485c
SHA256 eca81b80319c9ea90a76ac48d6f4a1038c400cfdc1d69772f9869378f734632b
SHA512 b2d0295ee398ee06e045e2fff8a598b1efa6f3aa012b45128bd721a59a1d9137e72f89986d90b14198ba333b36219829b07e2430fe64ef948540c439f068b141

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 824017007822a7750670b2611b67ab82
SHA1 0ebca7305971f83ce8c9c52009ba4f3295891bd0
SHA256 d95d6dc5a1334288fe7a2b68ed2d129ca0d4c528824fb04d32cd7ea340008ac4
SHA512 4b43e2acd0ee3100a2c5dfef33117cf595891a88ed4f258875d2c9b870c06345671988ed290cabc5997b3c2c0a4eabb52a0a304f290e293a410c7edb67a828fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 acc52d88fc3b61660c408e22b17be059
SHA1 332713fe4049f64caad2ed7580f11e07a7bbd518
SHA256 f397426b514a63389ec9ecfd62c8a0cb7b05800eacb78ee6213ef5952c556349
SHA512 7f4b4a3f3982ea121718b96ff5fcac34b6924de56e6c78dd5b1b1c8bdc061fc82e0baf255a234d467ac54f5fa16f81cf7d72e366455731dcca7034a9c38664f7