Malware Analysis Report

2025-08-10 21:37

Sample ID 240529-jlztragc25
Target 7ffcc19548c798225c9c306df9cdedde_JaffaCakes118
SHA256 692c9f9bc064d90dfe64814493ceaf5e2a2d38ea70ed153fa147e4e7ff49ceee
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

692c9f9bc064d90dfe64814493ceaf5e2a2d38ea70ed153fa147e4e7ff49ceee

Threat Level: No (potentially) malicious behavior was detected

The file 7ffcc19548c798225c9c306df9cdedde_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-29 07:46

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-29 07:46

Reported

2024-05-29 07:48

Platform

win7-20231129-en

Max time kernel

126s

Max time network

142s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7ffcc19548c798225c9c306df9cdedde_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423130636" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000090d12d3593757d4189ae63b6a7b54480000000000200000000001066000000010000200000007cc53df563eb02a8cca81c4a3b0639f92b188b228aa3828426db5a6cb5bf4e5f000000000e80000000020000200000005b254da043f89d9b515b550d595eaf7323c1c64b2e4f4283ecd33bf6821d7f2d90000000c0c77c9c178ebfdefb02dbf7851780fd5f9d0829ad9c9023be8e57e7ec0424fdbc90f9f283f8d08e612ed164b65b33ab05c05db23fee8af0c32148f71c311f9221a212cf870729af559420342055c12ef1a3000f6b41c5a02c46d976aa2492bf23aa66a59b92e291688c95756758262b5db54076ccc4e478f742473d7202d11007b5a684e46d5e1c8bf2083790c5a51340000000a7766cfb4a6ec72fa2e1cd6193ce0f705039e24cc59b76d2210f11485d16fe595d89637112719ebe0d50c8b14207c4dd18592fd7c3a7358e717e702b7ddec1b3 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000090d12d3593757d4189ae63b6a7b54480000000000200000000001066000000010000200000009de3b3ce2bc47cf10601033dee73f34feb8a8a3fbef1719913a6d306e1a94d5d000000000e80000000020000200000004d54f47e3b2a1204817f25fc9af3416f2f5be34b416ef3f76af2136a6466aac620000000a68aa8b42492389055b98ed7ae475fba95c1a46baad47aeb1168b8840699fa224000000090933b7e07959787483a73849d972f6aa69fcf3b330472c805fec02b41920746da197cb54c65d72a541fbefec036c28f9fcf25185eaa037ce2bf3d5f9a7a5466 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 002856709cb1da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{82C88961-1D8F-11EF-B69B-6AA5205CD920} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7ffcc19548c798225c9c306df9cdedde_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1908 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 theracesite.com udp
US 8.8.8.8:53 www.seriouswheels.com udp
US 8.8.8.8:53 www.paintrock.net udp
US 8.8.8.8:53 featuredcars.com udp
US 8.8.8.8:53 static.desktopnexus.com udp
US 8.8.8.8:53 www.almv.se udp
US 8.8.8.8:53 www.fiammeblu.it udp
US 8.8.8.8:53 originalgaijin.files.wordpress.com udp
US 8.8.8.8:53 farm3.static.flickr.com udp
US 8.8.8.8:53 www.clublexus.com udp
US 8.8.8.8:53 img365.imageshack.us udp
US 8.8.8.8:53 www.autobelle.it udp
US 8.8.8.8:53 www.cool-wallpapers.biz udp
US 8.8.8.8:53 www.freedesktopwallpapers4u.com udp
US 8.8.8.8:53 cdn2.worldcarfans.co udp
US 8.8.8.8:53 i1.ytimg.com udp
US 8.8.8.8:53 www.v6performance.net udp
US 8.8.8.8:53 img-fotki.yandex.ru udp
US 8.8.8.8:53 gta4onlineguide.com udp
US 8.8.8.8:53 www.modernoffroader.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 65.36.170.43:80 theracesite.com tcp
FR 142.250.179.73:443 resources.blogblog.com tcp
FR 142.250.179.73:443 resources.blogblog.com tcp
US 65.36.170.43:80 theracesite.com tcp
FR 142.250.179.73:443 resources.blogblog.com tcp
FR 142.250.179.73:443 resources.blogblog.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.178.142:443 apis.google.com tcp
US 104.26.12.238:80 static.desktopnexus.com tcp
US 104.26.12.238:80 static.desktopnexus.com tcp
US 192.0.72.29:80 originalgaijin.files.wordpress.com tcp
US 192.0.72.29:80 originalgaijin.files.wordpress.com tcp
US 54.87.208.48:80 featuredcars.com tcp
US 54.87.208.48:80 featuredcars.com tcp
RU 77.88.21.31:80 img-fotki.yandex.ru tcp
RU 77.88.21.31:80 img-fotki.yandex.ru tcp
IT 94.177.223.60:80 www.autobelle.it tcp
IT 94.177.223.60:80 www.autobelle.it tcp
FR 172.217.20.193:80 2.bp.blogspot.com tcp
FR 172.217.20.193:80 2.bp.blogspot.com tcp
FR 142.250.179.73:443 resources.blogblog.com tcp
FR 142.250.179.73:443 resources.blogblog.com tcp
FR 142.250.179.110:80 i1.ytimg.com tcp
US 151.101.1.91:80 www.v6performance.net tcp
FR 142.250.179.110:80 i1.ytimg.com tcp
US 151.101.1.91:80 www.v6performance.net tcp
DK 77.111.240.53:80 www.almv.se tcp
DK 77.111.240.53:80 www.almv.se tcp
FR 142.250.179.73:80 resources.blogblog.com tcp
FR 142.250.179.73:80 resources.blogblog.com tcp
US 96.44.143.42:80 www.modernoffroader.com tcp
US 96.44.143.42:80 www.modernoffroader.com tcp
US 172.67.197.227:80 www.freedesktopwallpapers4u.com tcp
US 172.67.197.227:80 www.freedesktopwallpapers4u.com tcp
US 94.154.116.70:80 www.paintrock.net tcp
US 94.154.116.70:80 www.paintrock.net tcp
DE 52.57.0.234:80 www.fiammeblu.it tcp
DE 52.57.0.234:80 www.fiammeblu.it tcp
US 192.0.72.29:443 originalgaijin.files.wordpress.com tcp
US 192.0.72.29:443 originalgaijin.files.wordpress.com tcp
US 69.163.228.170:80 www.seriouswheels.com tcp
US 69.163.228.170:80 www.seriouswheels.com tcp
US 151.101.1.91:443 www.v6performance.net tcp
US 104.26.12.238:443 static.desktopnexus.com tcp
US 8.8.8.8:53 mrwallpaper.com udp
US 38.99.77.16:80 img365.imageshack.us tcp
US 38.99.77.16:80 img365.imageshack.us tcp
FR 52.222.169.74:443 mrwallpaper.com tcp
FR 52.222.169.74:443 mrwallpaper.com tcp
US 151.101.1.91:443 www.v6performance.net tcp
US 8.8.8.8:53 www.carsession.com udp
FR 52.222.169.74:443 mrwallpaper.com tcp
FR 52.222.169.74:443 mrwallpaper.com tcp
US 65.36.170.43:443 theracesite.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 151.101.1.91:443 www.v6performance.net tcp
HK 154.219.171.210:80 gta4onlineguide.com tcp
HK 154.219.171.210:80 gta4onlineguide.com tcp
US 54.87.208.48:80 www.carsession.com tcp
US 54.87.208.48:80 www.carsession.com tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 cdn2.worldcarfans.co udp
FR 52.222.169.74:443 mrwallpaper.com tcp
FR 52.222.169.74:443 mrwallpaper.com tcp
US 151.101.1.91:443 www.v6performance.net tcp
FR 52.222.169.74:443 mrwallpaper.com tcp
FR 52.222.169.74:443 mrwallpaper.com tcp
US 54.87.208.48:443 www.carsession.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
HK 154.219.171.210:443 gta4onlineguide.com tcp
FR 3.162.42.74:80 farm3.static.flickr.com tcp
FR 3.162.42.74:80 farm3.static.flickr.com tcp
US 104.21.20.103:80 www.clublexus.com tcp
US 104.21.20.103:80 www.clublexus.com tcp
FR 3.162.42.74:443 farm3.static.flickr.com tcp
US 104.21.20.103:443 www.clublexus.com tcp
US 104.21.20.103:443 www.clublexus.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 lostwebtracker.com udp
US 8.8.8.8:53 green-tracker.com udp
NL 23.63.101.170:80 apps.identrust.com tcp
NL 23.63.101.153:80 apps.identrust.com tcp
NL 95.211.75.25:80 lostwebtracker.com tcp
NL 95.211.75.25:80 lostwebtracker.com tcp
FR 35.181.129.203:80 green-tracker.com tcp
FR 35.181.129.203:80 green-tracker.com tcp
US 8.8.8.8:53 x2.c.lencr.org udp
US 8.8.8.8:53 x2.c.lencr.org udp
BE 23.55.97.11:80 x2.c.lencr.org tcp
BE 23.55.97.11:80 x2.c.lencr.org tcp
US 8.8.8.8:53 originalgaijin.wordpress.com udp
FR 142.250.178.142:443 apis.google.com tcp
US 192.0.78.13:443 originalgaijin.wordpress.com tcp
US 192.0.78.13:443 originalgaijin.wordpress.com tcp
FR 142.250.178.142:443 apis.google.com tcp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 accounts.google.com udp
FR 216.58.214.78:80 developers.google.com tcp
FR 216.58.214.78:80 developers.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
FR 216.58.214.78:443 developers.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
FR 142.250.75.227:443 ssl.gstatic.com tcp
FR 142.250.75.227:443 ssl.gstatic.com tcp
US 8.8.8.8:53 www.google.com udp
FR 13.37.38.102:80 green-tracker.com tcp
FR 13.37.38.102:80 green-tracker.com tcp
FR 172.217.20.196:443 www.google.com tcp
FR 172.217.20.196:443 www.google.com tcp
FR 216.58.214.78:443 developers.google.com tcp
IT 94.177.223.60:443 www.autobelle.it tcp
FR 35.181.129.203:80 green-tracker.com tcp
FR 13.37.38.102:80 green-tracker.com tcp
US 69.163.228.170:80 www.seriouswheels.com tcp
US 69.163.228.170:80 www.seriouswheels.com tcp
NL 23.62.61.186:80 www.bing.com tcp
NL 23.62.61.186:80 www.bing.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4A9377E7E528F7E56B69A81C500ABC24

MD5 652487f0eec914cc3ccc4b80aa5f6204
SHA1 c75b76e354bc6fb9d14d847a40ab375036453d6c
SHA256 ccfea0ed6eb891b58fcd937654d7e68c78afdce67b667018dafe0a34183e5789
SHA512 057b09fe242bd0a69163f7f2c753be67652dd92a06de2d189bef12c73a1aa3af003996da6c2187fec4c311c11431eaaa5266966fc41a46b5ee37e93946d8eb65

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24

MD5 3e455215095192e1b75d379fb187298a
SHA1 b1bc968bd4f49d622aa89a81f2150152a41d829c
SHA256 ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99
SHA512 54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd

C:\Users\Admin\AppData\Local\Temp\Cab117E.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar11F0.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 69f1f965b70bf91962f3e0a2f3c4714b
SHA1 81c82381e7e0fd8676de4728ba04376692af0771
SHA256 255387924ea39bab59d4c23c703cc87d56a1bfb8457ebcba81c11c93da5405fb
SHA512 4e32b78ec63f81c177b04c1b61e6dacf0da08b5c33b910bb2ebf2748089d6761b034fc5d974e5e1807b791d6fbabda879afcfd9734687ddf2a46c0f5730dac11

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 9abb30898f616e2ae14edabcbb547dc0
SHA1 cebb6386dbedc38277aeba9519d313fd696fdcc7
SHA256 538eb62dbc1e32e51de452bb623288ec67c8e90cb26f021d76608eda64096070
SHA512 18ef04501e53832c27287ae874118ba1145bc700f782afce1b99b7af863e1a0468a754509a47cf5da5462e0fa754cb9366fed62fba4c7e7a279c4eb4df93c544

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f1e5465b511df967b59d8f9f821dfce
SHA1 8d0420163b6292caf7218bb13880013dc4f83167
SHA256 bafd4d009531d01a1dad2ce26a10d92997bf5d219669b91d59ebec9e18622301
SHA512 1fb133d37b991d20fa6b2c396a110749758be3f3491dfe9888a3e77a4af8c57c2ab21d3bdfeac070023423524988f5de05221526a92f6e32c38684b77e8843a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 27567e4618ea3ce1dfb2ac7bc147a2a2
SHA1 e5165c8662f93a0212ed8040757bb0e4b319368a
SHA256 4c7d3a1cfb26e31c884fcdd0ebaf948b7397fb5bba6fb95e9695d3b0241300c8
SHA512 f41a7ec33aad7c3e6619fbb8527656ab4e024b025900fe9326085f60d93ee4aab883919737c05d1a9f89e61d10ac67509952c02386abd6963835172144974077

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 d43c1329bad510dc7a21a299eb89a411
SHA1 f17efec37552f618e1a73c704b216fa74186ae57
SHA256 22efb0806b0dfddbb7ff76d81b3c2815fa4495de943032bf8212493757eb0eac
SHA512 3943814006ffb4f1483d6f3e58074e08f3882a936885f6fa8157fd01b6c6e4438324dfe8f022ade8588e5d71f635debcb27cdf0280fe325d362c4cac15fd5df2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 9481e0aced19c4b88b83dc184840076c
SHA1 baa68bc81c4f2329e32deb85e50ceb4262131d4c
SHA256 3e3f5790f6001a9e91880e6a85fc09d229678cc91314f99a70b7c2be484cee32
SHA512 6af6bc11ee9f0ff667908b64d8d39c8fb39a1799eefdcff1ce499921783ea946b099e33864b174bd94ad7338974090edfc6175851f1eeea4a741327eca597129

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e35144edd93dc69c142a82ef4ada97b0
SHA1 d2d97c17b6b88a14d068e52194ce17bfbe09d2d1
SHA256 7c5de8fb3172a4f4835acb2585b3643b246f49f778959adec83cadfb076e09a9
SHA512 c17c4b85b6bc3ea25522caec7be2cb6763036b18f8c2d625ba0aa36d7ba27a6d3927fa460561f633da64a9f459e89012173c10a869d70e5ba62515b30541952e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 240fa4b66a854bbc1a48f8dbf4434b09
SHA1 fff105d2fc962759d79211dcd48dd332d7f35a65
SHA256 85c3e54ae2836a24d157fa08f456f3985fa1f6bd8b62b2ed26c9d284fe8d46f3
SHA512 84d0891f4bb24f6cc2059c9111318a1cc59ce78074a0adffe4193977efe3c9ef33faa102728a31658f362ea550f031ea50fb0f241b3273ba729557158061d8a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 b9a6ce2d8d958f97f33e4c90383555b0
SHA1 1dfc439a009c45eb482547d65aeee88675679279
SHA256 35c92a56b5f0f8520f27ee9b8d093c80deeb4f7599dbedfa8619559986db3c03
SHA512 0395ce6722e8663e946c8ab45bf6b28dde3d77c42ce893dd5d9174bb1c2c287b5ec4cb165ab2c606c13b39a72af14ea2d1b63bd3f21b766f8969b6d18db920f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 9ad45ac26b9e8fc1f1cf3391dbe24f8d
SHA1 02b5c80359575f5c2ce053804ef04781acb89f5f
SHA256 8e8ed51bbf6087550ba7309bebb0a9b75bd908ddf5328174dd800acc0fe097d0
SHA512 12e6ec7bd4010fba72b8a984e62ec5606fed886e0c1cf9f34bac33e593409f6dca88e4aa548513154c6d1c5a7ee3b3d645589288f8890bd3b1d98a63c4ae03ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d839f75671c378090e6436b18fb1a98b
SHA1 486c34d05650980420caf8cdc7b4c63f6e558666
SHA256 951cefc0fd508e6dadc659c3e28c89175dfe8dc10466008a1d48cfad2399d8a4
SHA512 f70a70c16fc2ac4fcb6ee3e0ba134ed8efe08d9c22705dd6921004df90bdc6052bdee9bc96214e271c64a161ce248b31cbf03b69fefc2ff83a07f21bed206905

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_02C4C6ED250727F9B08935C0A9565568

MD5 ab717c7b6b80f3c0b144b959aae3d0e4
SHA1 578fb3f595898df0d21f22704fed7e75fa780c65
SHA256 c935ad854ace02c1c74ec48648a46b5b40d8d5877bf44ab8909356e2bfe965af
SHA512 60e579023b4b77f4a652a53e96c1a30968d3a54ed5e92316d18c90603ee7a469a9da544dc55c6d6198c9065ee6b89242e47ee1ad1d9b5785677fd9e2be4c7ff9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2e77ca03f077a0b80d85db9d8c9716ae
SHA1 184cd5927e2c6f812ec5c425fd171025b756c8c7
SHA256 ce58cad56360dfa8fa7d6441fd9c05e6fdc7ab97c6d553987c120f454b081b9a
SHA512 c290fbee88a834dd2f6c4185592af67af08946d606357564bd54fe6a952a777c4e13d9fa368a8af3229bda76da5ca5d5934a519c80332ca27aa0754b23ec941c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9a051ba0df59ad407cb22bb0c45c86e8
SHA1 008fa8976282494f4f313de3fa9803423ba96dfd
SHA256 1034b701d39d55915a1d6f549b384b7a55b9bc510639d45251208717f6da39a8
SHA512 6f9e1d3ca16a210a8e3990102e7e51873fe0b1732d77e01409d02820549241e5449d9a0cf21a6b0e47d5885ca14caada1cb061ae78a8871ffc1abce07b95139c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6ed631b2db2d32d7e454cc371c011c7f
SHA1 d59f4566154c3aa427c6dd553e1c1af30457ed71
SHA256 911378bf8a799311181979cc63b3e255f45a9db7422c8c31a40ef9d6c26050fe
SHA512 dcca8b18c0fef87cc72f9ca0be6643961d5eb9030b0ab99e7c1fe3cd19326106f4edc1c055f0c3395d5b9731ce3167a7b45b87cda8acd7d9e618ed6a534e62ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b78d0904a16aba7e4d992d853f33554
SHA1 8b70b1dcd40d1297c4e914e949373d502a9ca525
SHA256 cc314f29573b1004b5c4c7ce07d28ae464269665bb4d1b9be143ebe3917e650a
SHA512 c39545c670bc4de5282b534cfaae663b02161299df441617794577a0a328f0709bfb9b722a2f0a357c2a97d3f88f057ec9c69eaac6126d18a1862b5a05e4e0bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 45deadac1c3a2fc588d27f43deaf9b94
SHA1 77372b084214db0fae0f76420d4dce9df1f468b2
SHA256 693c777b47c8f9f127011321f5df76b28a0bec4c26e54b2e215c73dab6ee1aca
SHA512 9ff9115fd44d851cffa0e4299bc4adf938005bdf665a8d53ead8663fa0e9ff6dc28ee16f5dbe55246ed32d45272043429ff5857a1e9a9f067b85d855d12f7674

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DQ27WG0Z\plusone[1].js

MD5 fb86282646c76d835cd2e6c49b8625f7
SHA1 d1b33142b0ce10c3e883e4799dcb0a2f9ddaa3d0
SHA256 638374c6c6251af66fe3f5018eb3ff62b47df830a0137afb51e36ac3279d8109
SHA512 07dff3229f08df2d213f24f62a4610f2736b3d1092599b8fc27602330aafbb5bd1cd9039ffee7f76958f4b75796bb75dd7cd483eaa278c9902e712c256a9b7b9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3KQXCTA\cb=gapi[2].js

MD5 4d1bd282f5a3799d4e2880cf69af9269
SHA1 2ede61be138a7beaa7d6214aa278479dce258adb
SHA256 5e075152b65966c0c6fcd3ee7d9f62550981a7bb4ed47611f4286c16e0d79693
SHA512 615556b06959aae4229b228cd023f15526256311b5e06dc3c1b122dcbe1ff2f01863e09f5b86f600bcee885f180b5148e7813fde76d877b3e4a114a73169c349

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb10c1cead2a7cf014e68d4061d18fb9
SHA1 48077428f3d8a594f6ee93f3f70f4b943a1def83
SHA256 4b3d77893ae0638a6bbbbc4dbd2590f28cddfe570bf61cbb045fe39bf19668cf
SHA512 965583e3bf8fc5470ff90b99133302bdbc9395f93c7fcfdcaaf139841154ef67042be90d8baae84622b27d1874d2a14613904993efb6808dd7cd2fdbdc0d4c69

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0cf6d1f37483348d86c2d3e3553524d8
SHA1 33c1b2222713e6e38a4d6fdca14e66c8370353fe
SHA256 bdf1160c0993c7d2587ade76f695e9d17ec5add7ce5b8fc32975a642b372f2ce
SHA512 df8c4d43c455962d762e0a6a0356e93b58cd2d644900dfdcae5fd4b26dc63205117f4b4fb00c6f920737654dd47799f81333a36cc2a4276f6d38afe3c8d315fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1650de1cd65e6f40d7d9349fcbdb86db
SHA1 f2dfe4ae2fbd2e8627295fe2875614c160bb55d9
SHA256 7a3a37e92e59252d4e32baac051926df96a19bdd2ba50eed46649c052d4fd77b
SHA512 f73bec7dc16ea7ec59fc22029813193761ef8a2435cb430c1cf4ca28721b25d2d3aecec3278be4e545edaafd31acdebf23f3beb06a65be7b43c22c13c6dbbaf7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ebb64b770e1e38e409dbda851f9d385c
SHA1 12f587222c1818462b4960d43302b51ab93cf046
SHA256 7cae3e7676846d667dcdb26019346e4115937b899897390666350ca5593254c5
SHA512 596292fa87ab0ffaeab59cf1ff43964ad9fc1af1920bd1d589585c00da84b5269b484fdbcc26bf713eb1665281e2469a20da00dc14f3ef58834737d83db36290

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc3501e07d2a6219a3e3bea286e32611
SHA1 4906c4845f721c2e8953a816f41ee7fab40d81c1
SHA256 112040dcd54ee047a5363522a43896a656a0b8d19bb6afac5140296323a09556
SHA512 8378aa6b6d67ddaa528b6b3104a28a89edf1001ae4660e74158494632187d160126307725b81c8f9e129a8438a70b4b25cdd248210af84ff6c545aa9d2423e20

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b7f1a9b7055b2570ecfdc67c6248cb26
SHA1 c5074034e69a7edc8f99dffb742adc71fa002e20
SHA256 1bc026d69e888cb85b4dbd2251cc0df826224c98ef15ae8f1a8c9800cd8d48b1
SHA512 e3737127d141ae974251bb4599b23291b8ed973cf6a690ba178dc9eaa39b0c84af0b810c01a1de87c6b8c4e195af7f10c58010ecb5dd7075b39db0eec15c83b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 711130da1ff4e3dfd1cc72e4c7a068cf
SHA1 b8ce1381e74840bb0ce8ba404abcebdf7a468aa6
SHA256 37022de0a1abf75cfa0d206596a045f7455f3311c86f38e1006ef7090577c954
SHA512 d602d516ecf02cde85580d652f1f0b7919bbc376a6ddb615c0650bbdbccf8f26f3d8cd2f3399d43bfbcf6087d241428e66b9e91d953980877d55bd25a1e12274

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4391ede9cad047935f034a17cc25cc5d
SHA1 213ef76c8fa1ee171a600b74bafd4f6cbd8e6d73
SHA256 0e40ee20d8b6b730dadc00b3172f0e078555506c3aaeed1b98c327f05be715d4
SHA512 5853e6c405ee38c11ee81cda4459062f8d58845f61ce739f41004643f82cb7830edfebc80ccb340fc98aa976c15f5dffd3e01db0800d18456cb6c59d3ae5d507

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 49f140ab8b65567c1be9d7d89239e43f
SHA1 0101979ce98d7229059ee5f2bf3edffb64346135
SHA256 87c37aab771d6fcc8abc7ff51b25127e0a6c351e2661b0499ab7e17bcc0c04f3
SHA512 190c90afd099328fd86c33cdec3a72754b86d744ffbebaa9f31410faebbb342cdda24b32946543299f5adb3e2f60c307eca9e588d47353a7cc887b301f7c80a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 732e2463ef16adf85cd3791ae320d6ad
SHA1 fc21dad787911de768a3a18d267659a51f2bca89
SHA256 c23a2b225c272e7ba09d7480631920a8ce587d841a90feda80aca7221cef913b
SHA512 42ea5c8f3b1d77ab2c88c6226532ca80ec926bad681fec863943f28eea369631e3137f08ec5d0c8801f512105df000946bb05207a089cfeb8a8e57d1bc506f9b

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DQ27WG0Z\3604799710-postmessagerelay[1].js

MD5 40aaadf2a7451d276b940cddefb2d0ed
SHA1 b2fc8129a4f5e5a0c8cb631218f40a4230444d9e
SHA256 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2
SHA512 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JTTYV33V\rpc_shindig_random[1].js

MD5 23a7ab8d8ba33d255e61be9fc36b1d16
SHA1 042d8431d552c81f4e504644ac88adce7bf2b76f
SHA256 127ffe5850ed564a98f7ac65c81f0d71c163ea45df74f130841f78d4ac5afad5
SHA512 e7c5314731e0b8a54ab1459d7199b36fc25cd0367bc146f5287d3850bd9fe67ba60017d79c97ea8d9a91cd639f2bc2253096ce826277e7088f8abfe6f0534b63

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c91216985e7325e72c38408502cba295
SHA1 dbb1755b35c52051a0469810309fe96bf7d30fc7
SHA256 b66d7d8df6706e474d04d3c6063f4c727c824b74d368ec34a6af6c613ede5974
SHA512 e5de06eebc05472e36e5ac6b463a0cf719db1b1f26b6e5632f23f6992e4ccda16975830c1315ae90c84186921679ae17c59188915e4a3ece0672a81cf276b0b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 539336b116097bf9399662e946867af7
SHA1 67d58d0bc71bcd18d7d3158e88c7bcbc5bf19ea6
SHA256 d287c6391874be91c1304689df98c08597f60fc3d3f38e8e61d0792cea6d9a0a
SHA512 1e6da3789cba390e9109d5676eedfc78240997e283b9d2b54b5ba6823dbf3498b6fb7e91df5e99478d83797dc17e4f3baad09ead4d2e2651decad66660336a60

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 59b945f21ede119bf41f9014ece8c004
SHA1 7a23f6b7cc20506f53eac63d30831d1ce33e79e8
SHA256 bf439c16d94e051c3b9f43459db61624630756899849c612f1b777905579ff14
SHA512 42b401b60953836967599de2b0510111a00c4ccdbb636f2c0e5a86ca9724fa0ee76e56e638e09952880c0b6962d25add1e4def50a23fc922cf6e0f1bc9ee9edd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d731ee281c4df5fa04e49cf91652b50d
SHA1 57d61d087ed16b04080f80aec5098405f82bb53f
SHA256 585b42bfa991f370c26ed823425d33edee86a60d8dd90d5fc730754162f5814d
SHA512 d1f922367086f5315cdd32165baa4b154e7ead42e566f400153b36ce5b70fa8680eacc25db5429a5ccbb7acaf4993f16e091909033422ff6383307cd01238759

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1410f6be73a3fd4a36178ea8e9f4ad9d
SHA1 6cf11f5db2e333580a4e3335f80a401c531d2d91
SHA256 e5dd2992e6fa8cfe3a27796177af997769dab5e670695cbca60179d4623ec8c1
SHA512 508ddc1385be68f24253083b9b16dc11bdafa1b13cf5a26eaee334623df5b4b0f3aa460f9fbd5445379c2723247b9612d6bd443c3bc235180a4478a10a9a4cde

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 11268f03e8729317ff91a0c15e05a00d
SHA1 75246cd56d7ea948b3ab90f32b32d82eb18d25df
SHA256 ec745e864553d141756e0dafc4371d5d5995e24479ae64bfa0b711a8fef07530
SHA512 4707866a7083a11278367d0f871737d9102f8a5aa7aeb0829dccf7732b63a650971436bd2f6c4529d48c17cc8c7b72e636ad57d42c6898fb40e3d958b7176c90

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9cb4e37b353eeeeeb0fcb0dc811219c3
SHA1 bebc4de411dea4e3e0819ad02c6ed1f8ef1b8cc7
SHA256 c3044c7c945e032ea5958256edd7a4aab0f9513c87c019364b05bce2cc3c83ea
SHA512 dcbd39a1a5b6ce9442c84ebd6073993046d8933e551aa7ff32ae51c8cf1dc01776d5838a85c0c020279c283941d5706b0015bdec828b0dced5856feeeba8df7d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 70c301f3fdf2b68b5ba9d2bc8574405c
SHA1 316775c532a08ad91c4f257b3f674580a465851f
SHA256 6811425c4875e03bdc93cdcebaee22ccf61f791baafd5609cf591c7fbb88b256
SHA512 3dde9607dfe8e03317b544c16d66a0d3c284d2de860e116afba32c5a5fab8bbb662e128893059e3a95abb315027d5bcad3ac2fd32834bbae0e539b6a10ffb782

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4e1e67b2a2b41ba02f76688d76b9e743
SHA1 2c1c2572eb4a6cd4f902cca8ad70494e7729dd47
SHA256 8d135242b884efdc6c6cc68bc0a1a4f449f5522204545937340b9a3105eddf24
SHA512 46866ee23d06e872c5a9fa53a26bc789c82f5c879b34efc97373ccbb8a4344f680a05bec87d690c57dd26f17b2af1b70d716a66c21cd52628dcabf85b0c9adf4

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-29 07:46

Reported

2024-05-29 07:48

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

140s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7ffcc19548c798225c9c306df9cdedde_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4828 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 1148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 1148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4828 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7ffcc19548c798225c9c306df9cdedde_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa94c146f8,0x7ffa94c14708,0x7ffa94c14718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,12529451863304015245,8542606636931858914,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,12529451863304015245,8542606636931858914,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,12529451863304015245,8542606636931858914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12529451863304015245,8542606636931858914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12529451863304015245,8542606636931858914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12529451863304015245,8542606636931858914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12529451863304015245,8542606636931858914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12529451863304015245,8542606636931858914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12529451863304015245,8542606636931858914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,12529451863304015245,8542606636931858914,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7076 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,12529451863304015245,8542606636931858914,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7076 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12529451863304015245,8542606636931858914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12529451863304015245,8542606636931858914,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12529451863304015245,8542606636931858914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12529451863304015245,8542606636931858914,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,12529451863304015245,8542606636931858914,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5660 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.blogger.com udp
FR 142.250.179.73:443 www.blogger.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.179.73:443 www.blogger.com udp
US 8.8.8.8:53 lostwebtracker.com udp
US 8.8.8.8:53 green-tracker.com udp
FR 51.44.36.204:80 green-tracker.com tcp
US 8.8.8.8:53 www.paintrock.net udp
US 8.8.8.8:53 theracesite.com udp
US 8.8.8.8:53 www.seriouswheels.com udp
FR 142.250.178.142:443 apis.google.com udp
US 65.36.170.43:80 theracesite.com tcp
US 69.163.228.170:80 www.seriouswheels.com tcp
NL 95.211.75.25:80 lostwebtracker.com tcp
US 8.8.8.8:53 www.freedesktopwallpapers4u.com udp
US 8.8.8.8:53 www.almv.se udp
US 8.8.8.8:53 static.desktopnexus.com udp
US 8.8.8.8:53 featuredcars.com udp
US 8.8.8.8:53 originalgaijin.files.wordpress.com udp
US 8.8.8.8:53 www.fiammeblu.it udp
US 8.8.8.8:53 farm3.static.flickr.com udp
US 172.67.197.227:80 www.freedesktopwallpapers4u.com tcp
FR 3.162.42.74:80 farm3.static.flickr.com tcp
US 8.8.8.8:53 www.clublexus.com udp
DK 77.111.240.53:80 www.almv.se tcp
US 8.8.8.8:53 img365.imageshack.us udp
US 172.67.69.95:80 static.desktopnexus.com tcp
US 94.154.116.70:80 www.paintrock.net tcp
US 54.87.208.48:80 featuredcars.com tcp
US 192.0.72.29:80 originalgaijin.files.wordpress.com tcp
US 192.0.72.29:80 originalgaijin.files.wordpress.com tcp
US 8.8.8.8:53 www.autobelle.it udp
DE 52.57.0.234:80 www.fiammeblu.it tcp
US 172.67.192.85:80 www.clublexus.com tcp
FR 51.44.36.204:80 green-tracker.com tcp
FR 142.250.179.98:445 pagead2.googlesyndication.com tcp
IT 94.177.223.60:80 www.autobelle.it tcp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 69.163.228.170:80 www.seriouswheels.com tcp
FR 3.162.42.74:443 farm3.static.flickr.com tcp
US 172.67.69.95:443 static.desktopnexus.com tcp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 www.cool-wallpapers.biz udp
US 8.8.8.8:53 cdn2.worldcarfans.co udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 73.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 142.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 25.75.211.95.in-addr.arpa udp
US 8.8.8.8:53 227.197.67.172.in-addr.arpa udp
US 8.8.8.8:53 74.42.162.3.in-addr.arpa udp
FR 216.58.214.78:80 developers.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 38.99.77.16:80 img365.imageshack.us tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 192.0.72.29:443 originalgaijin.files.wordpress.com tcp
US 192.0.72.29:443 originalgaijin.files.wordpress.com tcp
US 172.67.192.85:443 www.clublexus.com tcp
US 65.36.170.43:443 theracesite.com tcp
US 8.8.8.8:53 i1.ytimg.com udp
FR 216.58.214.78:443 developers.google.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 www.v6performance.net udp
US 8.8.8.8:53 mrwallpaper.com udp
FR 142.250.179.110:80 i1.ytimg.com tcp
IT 94.177.223.60:443 www.autobelle.it tcp
US 151.101.1.91:80 www.v6performance.net tcp
FR 52.222.169.114:443 mrwallpaper.com tcp
US 8.8.8.8:53 img-fotki.yandex.ru udp
NL 23.63.101.153:80 apps.identrust.com tcp
US 8.8.8.8:53 www.carsession.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
RU 77.88.21.31:80 img-fotki.yandex.ru tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 gta4onlineguide.com udp
US 151.101.1.91:443 www.v6performance.net tcp
US 54.87.208.48:80 www.carsession.com tcp
US 172.67.192.85:443 www.clublexus.com tcp
US 54.87.208.48:443 www.carsession.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 originalgaijin.wordpress.com udp
US 8.8.8.8:53 www.google.com udp
FR 142.250.75.227:443 ssl.gstatic.com tcp
US 192.0.78.12:443 originalgaijin.wordpress.com tcp
US 192.0.78.12:443 originalgaijin.wordpress.com tcp
FR 172.217.20.196:443 www.google.com tcp
HK 154.219.171.210:80 gta4onlineguide.com tcp
US 8.8.8.8:53 resources.blogblog.com udp
FR 142.250.179.73:443 resources.blogblog.com tcp
US 69.163.228.170:80 www.seriouswheels.com tcp
US 8.8.8.8:53 43.170.36.65.in-addr.arpa udp
US 8.8.8.8:53 95.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 53.240.111.77.in-addr.arpa udp
US 8.8.8.8:53 29.72.0.192.in-addr.arpa udp
US 8.8.8.8:53 85.192.67.172.in-addr.arpa udp
US 8.8.8.8:53 234.0.57.52.in-addr.arpa udp
US 8.8.8.8:53 48.208.87.54.in-addr.arpa udp
US 8.8.8.8:53 70.116.154.94.in-addr.arpa udp
US 8.8.8.8:53 60.223.177.94.in-addr.arpa udp
US 8.8.8.8:53 78.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 16.77.99.38.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 110.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 91.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 114.169.222.52.in-addr.arpa udp
US 8.8.8.8:53 153.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 51.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 31.21.88.77.in-addr.arpa udp
US 8.8.8.8:53 227.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 12.78.0.192.in-addr.arpa udp
HK 154.219.171.210:80 gta4onlineguide.com tcp
US 8.8.8.8:53 www.modernoffroader.com udp
US 151.101.1.91:443 www.v6performance.net udp
US 8.8.8.8:53 2.bp.blogspot.com udp
FR 172.217.20.193:80 2.bp.blogspot.com tcp
FR 142.250.179.73:443 resources.blogblog.com udp
US 96.44.143.42:80 www.modernoffroader.com tcp
US 8.8.8.8:53 img1.blogblog.com udp
FR 142.250.179.73:80 img1.blogblog.com tcp
HK 154.219.171.210:443 gta4onlineguide.com tcp
FR 172.217.20.194:139 pagead2.googlesyndication.com tcp
HK 154.219.171.210:443 gta4onlineguide.com tcp
US 8.8.8.8:53 196.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 210.171.219.154.in-addr.arpa udp
US 8.8.8.8:53 193.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 42.143.44.96.in-addr.arpa udp
FR 35.180.146.158:80 green-tracker.com tcp
FR 35.180.146.158:80 green-tracker.com tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.146:443 www.bing.com tcp
US 8.8.8.8:53 146.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
FR 142.250.179.73:445 www.blogger.com tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 eaa3db555ab5bc0cb364826204aad3f0
SHA1 a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256 ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512 e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

\??\pipe\LOCAL\crashpad_4828_ZOZNTOXJDVEPFQPR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4b4f91fa1b362ba5341ecb2836438dea
SHA1 9561f5aabed742404d455da735259a2c6781fa07
SHA256 d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512 fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a8be8f271c17c325f45299d097f151e5
SHA1 b9f522380068ad75a332bc146d1c988fe9f17f22
SHA256 d86ecddbf1700969666445d3da46b6d9ee40185959c3724501d6081e2ed0c4b8
SHA512 2529fb2442c6a8ce0852046c447e54eeb6f4df16e4468d1214ae2be594131a0f6c2157aba559f5538a3c559909af31c0eaef60e9aa8a5ad82d707fcd75060449

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

MD5 df716bb362c133a2b439a441087e483c
SHA1 445b3d3959dac011ba274ff41897946030508fd1
SHA256 a4d57bc504dcf79b109a9bbff1f34a2140cb34838d7e3bb86dfa0dd74ff34f16
SHA512 7c56406a04d989d2bd493b0a88ed8a633683d80d08d0c51ab6fc28d7cce7a4aa073a1d23dd413acf71041a7d9179bc84b91ed83b7142370a9740e3683e1ed2dc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

MD5 67145bb64308f770b5ab372d41e6be20
SHA1 27e287cc137d5f433e9739dc2f44a931f5f03162
SHA256 afd70e6601078b5e5c8de8a20f0a32a5a145c51693a67c9cb1717bc5f454eab1
SHA512 d73a79e9e00648e41022e7c3cb9516d1d47c2e01174443ae4ba83d835e0a0f7ad8fc2606fac17f7e7ee88b0d20f072cd81c7929ee4d50cc8438616b744f24598

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

MD5 118e4c0cf37b19290bd395cf9fabe6d0
SHA1 da61a985681b6126d579b772be9dd73a5acf2d41
SHA256 450ee9444f9123934046d2906866283461131660d69e2a392ad00a137a648c07
SHA512 2d86c71ba374d720904c802ba5e37e869c42ab94089ff700876b0e38de4bbf2f2c69d6ed5c6f5ddd4733f2090e46d1e2867dd38af92324141303c5197afd6129

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

MD5 d4ae187b4574036c2d76b6df8a8c1a30
SHA1 b06f409fa14bab33cbaf4a37811b8740b624d9e5
SHA256 a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7
SHA512 1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2e36f983bdd5143e55bbf2feb75e7ad9
SHA1 e810ae2ac82cf7ce75d84f4e5ee2bc0e1c212051
SHA256 bb7e3a286cf617432da716a56578af0d5cfa4cbb29f5e30022d2bad24daaa51f
SHA512 5c3f8e6eb02436252d2b7f016773d27730d2e81e9c61f6693b627adf3df296122053145075f0ba0287650b3b27d97a2b5e3b75ac9ace88ce058add16df3d99eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e6d297c4d419abde84350f150caa0b64
SHA1 9fd55055096dcfc60b17e9f09544d6144c9e364e
SHA256 6ce44b49abf8976574adedb8d9e06361453efa1518f34ac4c22c98546c2084e6
SHA512 4b007532f61d75fe5051ec904cb601dd0f5c6750ad2f8f9bf22d2d2c53ff74767a71dca26b1f474d0adfbd055cbfc1c65aed33fce952fbdeef568214d27ace16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 14ca7e49e605c56321dfcc31951bc679
SHA1 e12bb357e4bab873f097d2c84e80d0f9aa69f546
SHA256 7c0348a3b5a635f724b9d996f987890540e7c992136f34bb8a5b7596696ea77f
SHA512 d8df564250f8621e7f4277a218de12b992dd5ef745c94b7a57f4b9c12b0799e55387d92b70f481a79768faa8746a9ffbf76dddd4a6c352df6032f385ab35d3d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 5e74c6d871232d6fe5d88711ece1408b
SHA1 1a5d3ac31e833df4c091f14c94a2ecd1c6294875
SHA256 bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105
SHA512 9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2cfe55ca54f4b5a7a974093d08558a31
SHA1 37f129a0bb2840edf6ede5bf5644b091d30bb472
SHA256 a7fa750d2613b629621a40087dbbeebbb5b49dab4b85aa3f351571fe8ead5e33
SHA512 b2d1b89cb825c2f027cb17393f00ba2bf56097b582f1c9b213dda08ee2dcef32f558709b5a4df7183222a4e82ef9d6b64348513d08f0c7f94a725eefad4820c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ef7ab1277379733cc1371768e1d22e50
SHA1 20587d101e3a4415085459de0fc7494c3ad4c646
SHA256 3cc70c46e26a5a77e98313cf545474ac66fbefb162a5a8904cf394a4220fc020
SHA512 6466078de8cd0a70b78a3e14e188d2da0cbae704c67da6c2cff4e149cc42ca902a6ba90d44d50708542fbc17b8d63a7a9de2655523b52f406b9f4d14e4709308

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 704f7c6c793bea40accfc8baba839ff4
SHA1 c8b2de7c4ff196bd775bbdb619dded00c12e271a
SHA256 88b2997f2bb38c5b5691c056864cfa5803b0b9d5943f45717f398c9e00fb40dd
SHA512 155c525491106add964279c0edf6e8df99e23b9b384a12ebfb734183a508849ca21fbb18f248653ae63109c8d8a30779d2589d0602162171e55435882cd47952