Malware Analysis Report

2025-06-16 07:04

Sample ID 240531-sxatface81
Target 877bd3aaf7c6ce9723cf432db3e1539a_JaffaCakes118
SHA256 4811ddc12ceb9ec87221bdd0662ee553a57fb081eed45f509009adfc5ea354c1
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

4811ddc12ceb9ec87221bdd0662ee553a57fb081eed45f509009adfc5ea354c1

Threat Level: No (potentially) malicious behavior was detected

The file 877bd3aaf7c6ce9723cf432db3e1539a_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-31 15:29

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-31 15:29

Reported

2024-05-31 15:32

Platform

win7-20240221-en

Max time kernel

145s

Max time network

150s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\877bd3aaf7c6ce9723cf432db3e1539a_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90ab66776fb3da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9FCB1F81-1F62-11EF-9201-6EAD7206CC74} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000029cb7335d8452145a22ac7a3fa726e7d00000000020000000000106600000001000020000000e88466622a03f15e62b84847ae0ab1ae8ce691ed5122f7e368d8c94a610bd0e0000000000e800000000200002000000072d250f9f80e3bd6528402b8b41a663e1c527d0ad67ed196dc74f098a5980f96200000008c69fa2544bc3bfd0cf3c587365e44efa3a3858f532fb9f7b17edd5956b232d940000000f86a06f61fb3bc6f4eb333bfefce5834303a4a7b64a9c7fbaa5f58d129e7d168e8a8aca5fbe141ceb17084158b3b83af1ccceb44ef531e67eb196dc5cce6b76a C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423331261" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000029cb7335d8452145a22ac7a3fa726e7d000000000200000000001066000000010000200000000c2f1cbb4d5ecc46d13f7f3f7bf095c6ad56bff0de412b5612416fb19a5424e5000000000e8000000002000020000000b7297fb696e058c4b6b70d97019a8253cafce13a68c0e045987be1945dd4218f900000002820ca8402653552b035f05466af20280275d6f18001f9d2ca1bd13b362af7966dae0b076037ad0b6b48cc990ce8e73f7582760cc899c29d3aba5abc3bffc0910168cadf7593f21faef8b90b449b7c1686c3b8b549da89821501ea0a6a472664ffa8a2f0da9017173758327c9ec4f2fbcb8953c54f52accf5d393264790c29c7ff67889320b766cdb3e317107b7c20e140000000716146b4cbdc25f16819619293780196a2da945e092fd423687d2fe39f4ba7f7d0c5ac51969c5a7aece98b8e235fde22182e19f2b13310260ae939eb526d43b8 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\877bd3aaf7c6ce9723cf432db3e1539a_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1524 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.sexuria.to udp
US 8.8.8.8:53 img200.imagetwist.com udp
US 8.8.8.8:53 jdownloader.org udp
DE 116.203.240.177:80 jdownloader.org tcp
US 69.16.230.42:80 www.sexuria.to tcp
NL 185.107.44.80:443 img200.imagetwist.com tcp
NL 185.107.44.80:443 img200.imagetwist.com tcp
DE 116.203.240.177:80 jdownloader.org tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
NL 185.107.44.80:443 img200.imagetwist.com tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
NL 185.107.44.80:443 img200.imagetwist.com tcp
NL 185.107.44.80:443 img200.imagetwist.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 69.16.230.42:80 www.sexuria.to tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
NL 185.107.44.80:443 img200.imagetwist.com tcp
DE 116.203.240.177:443 jdownloader.org tcp
DE 116.203.240.177:443 jdownloader.org tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 8.8.8.8:53 ads2.contentabc.com udp
DE 116.203.240.177:443 jdownloader.org tcp
NL 185.107.44.80:443 img200.imagetwist.com tcp
NL 185.107.44.80:443 img200.imagetwist.com tcp
US 66.254.114.171:443 ads2.contentabc.com tcp
US 66.254.114.171:443 ads2.contentabc.com tcp
US 69.16.230.42:80 www.sexuria.to tcp
DE 116.203.240.177:443 jdownloader.org tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 216.239.38.178:80 www.google-analytics.com tcp
US 216.239.38.178:80 www.google-analytics.com tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
NL 185.107.44.80:443 img200.imagetwist.com tcp
NL 185.107.44.80:443 img200.imagetwist.com tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
NL 185.107.44.80:443 img200.imagetwist.com tcp
NL 185.107.44.80:443 img200.imagetwist.com tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 66.254.114.171:443 ads2.contentabc.com tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 66.254.114.171:443 ads2.contentabc.com tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab6D67.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar6D89.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\Cab6F5D.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar6F60.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e33098953628cbe28c18f0e3dfa9f8ca
SHA1 ed0b027ea0ba8e4d99dd20fad6b50f91a064d2df
SHA256 35204863d64a0b9789eb0ad5ab853fff6f4aa427cc695bfeb5f7c0a271f90fd9
SHA512 8cdae2531f1c17cc96abd08142e595ead5358e6c6d02cd829896df682ba08c875b16e17d3492c694229444c124077e091c831c76bbd252ffe807c77387409166

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aa20155435e6f4cd9990597c7ff88a91
SHA1 39e3d29e3ced0a0aadaccd42e5ab8c27781ccb60
SHA256 2783077b69787d228bfa5ee3c1edaa5d13ce21a57f299c736f3982bb608d7978
SHA512 27db451222cd7c443cd1470ea346539816a15470b4d856bfa953d0d2aea3fe6c829d39122e67e477261457040e7b41e9ca743747a1404be6cbf7a459887ca2d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

MD5 1048573c91abd35b5d120d9f8d34eea2
SHA1 9ae4200172ad8b8d46ce4475f2e284eb86b864e0
SHA256 67e80f302f2cf5ca93c0462d7e79c880d7afc296698d2a5c9ceda51e5d577ff3
SHA512 1cb72389ea41190edd88b31b6975a8fad6f33a8cf9349a4a3163a9109d46d94e902a3eabf1e5739e0a076a6870a6b37f9630f9b96c9adbbaa12cfda93cc87679

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

MD5 d8ccf258f1e7a12df56d59b3ed62ae03
SHA1 efc3df6aa5560209c00bf43a001271343dc31162
SHA256 046f98c5955af4fa041daa6cd505c896b878f578fa24c2273a50a6bda8c8ce4f
SHA512 826468d4982d34628c06bb13efe48019b0d6f5aa540a9ee63fd0f9c31c98f135b192d724afaefcfedbd66eb0c0639326456df52f1ad170668b3f268f34cb6de3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb8938dbe11e0b0860eecd35fc9d2996
SHA1 09f99d3963ef5bd5bd068ab6bcbe269962079211
SHA256 d7e5226c2d91f3f762db28fd3452e1a5e1b2b28bbb3b3e6f47bbcdb3ff71114d
SHA512 106df1d88961628c28f1fb98803984e1f8f36a566260f1b3f6475b74aae7675986cd894323a5dcfc1aed1859c9e0f92b8c7fd349fb1665f4d2238b17a6ab34cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

MD5 8d2ade35cf3c2d6152fc979fe124d4f0
SHA1 a21e0f93bb036dc073d4cd82db245d1e0429c7e4
SHA256 a75823a7eb1ca0aba575367efba9addd1da344b9cbacb24720bc61b29bb2841f
SHA512 4c727978f56c73d309c6dcb195b9777eee2f57eb0560b2a3ca8692d2587f360f4af85b725b435139db2fd6e91b7f0848a4b2ace9ff19cf0be569b124d0fb8000

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ffefa41b294bbdccfe5b12102f3c8efd
SHA1 9e172088f99c642e3013c8c29d223b2ce210d01f
SHA256 89e1df11d05d2a19a6dbbb203d21a4d7d7ba2840844eca7bf7fd13ee538c9f6f
SHA512 278982e2c3e513af6709d3b750c4a1abe8eb570c24d80f1ec4924cbdb2d280af0ebc996c6c01aa756ef6027bb3883be79f552195f75de3b42358bfc157493bae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4CDFD1331FA067A86F509BAEA133CA34

MD5 ba63438412346098badb9173e2cc705b
SHA1 7afc9ed4b523609c5441477c2a8543cd6452807e
SHA256 f808e3eb82fdfa524db65ed70dcd798d1d249ea694f9cf0da630c0d3421a5cce
SHA512 cd068faaef40a3813a386a686262ae58daaa84e0149690e1c9780c21eb2e9fc9e2a334561be772b200e94830fda3842f88a13da829d41ef15653718970c903ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4CDFD1331FA067A86F509BAEA133CA34

MD5 302a6a514528962c7a151909eaf1e143
SHA1 464b26eaed7bf329ed3930f9bc2213ddd1010805
SHA256 d4baf014e264382a3b7ab28701bdfcbd6e551b1369ff2ba2be4ed056c301f3db
SHA512 814467508b75e2979c1c0ad9f5e4b20f85739d9522f3f0d0e62d1df766b90eebb23d8ee7cd105b46077cd8a0e7d06a7803770e76e97198968bf8c9c5cdd21a98

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9ce63e7b869c7891be8874ae16ac9df8
SHA1 68b634413f694c80263c3dbce0e7e912877a3bbe
SHA256 aa89b2779ece23ce9c734b96b207a6f3df1d1b453a81fd522503eaece8201720
SHA512 8b4404433e7beca3e11c26fbfc56e2dbac26340315240a65e7e7a3c823dceac37886fedac9d80b0fb0da5740abd925151d705153af6192802a0096ef1ba0bf3e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M0HR0P6\poj59cuhedqj[1].jpg

MD5 0bc8d04776c8eac2a12568d109162249
SHA1 bf52db1e18d09e8a4d46629a2cc33d73984be441
SHA256 cc3d009865e4980b354ea615270128620d57aaaa243d8593adc8a13a96e4b088
SHA512 2b112160f4a215a552c67eee59671fba3b5380dbefee40106ffb9732383ddc9fcf70b3d204053a3db34f4bb483a1eaffd493567d6ec031b0d856dff40cf12751

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 acd451726ac25b756c59b42c1ca47124
SHA1 6a66a20659a504c81a50a078c8c1d114466306a5
SHA256 8cb362e88298585b49bbb07e7459047bd08d6b70266602c6d2bfb13a6e3edbbe
SHA512 53a667b4543a3e64b404b4ea101e25e48c06b6578f5d1328342add82a624532e6e00bf57f55bcdce798d2ebf90956a8a00f96f389400a63bd58dd983c64a68a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1d041aadd99565b198ed0fe35133cffd
SHA1 345edd2172f4729fed9efe32b31a6a4e120f6304
SHA256 5f46a498acc30a241a2896c60b1e5f1ba569ec7c6fb1a1ed713e4e98ced7b811
SHA512 e942b95b86b6067569a67c85d61e7781680a1477c6cfb96872502f7c078af0f892bceb80d1348bb3fee3306652859c69be113f18fc6035f79b8e206a79a25379

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b93efa412c3e4b3f1a022f53bedc19d6
SHA1 d89e83916bd98aec861c0653b6bb8d963674e1a1
SHA256 1a3686b1edbc8a346b4588aabb3b3e0b4a1c38a7aefc05d3d7a06f31ead4653d
SHA512 8a59424448fc825e849bf12b0c31d11e23b6abfe3e2212997f4040770a39b61d7ff6c4268c649464b14ed627309ce6f2e4d4030aee456a34f6f1779af4948256

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ab709ec92cb8017aad673d9fbf7541a7
SHA1 9f5e78af591fb6ba980312ececc6cb74dc943f55
SHA256 aa9a61b3ddca799d4e824708497035f426dd74ca2fdaa59fab995a966b728b22
SHA512 a4875f211b7d3bbee90a7e931f11cc999bdce9a4d615b822dd2e7c3ab1daa4d7f23402a20d5e3a5971e0c7a4a5be5dc3589d49d804ed94700c66d72204e9d7a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

MD5 969b3e7ee6ba2ebf542724aa7bbfcbb9
SHA1 cdbb612a0faf94c9cb62ed299e3c750ec88cdf5b
SHA256 5bc633f2e1f0f1239d3d4252e3bcf9c736116a744d1cf612c2dfa5a45b201a03
SHA512 56db86f2d7548d99bb66e63ab2d8ab129304be7bc86e78ca58f55270f28f33600c37ff180cc0073053b7c51d365b5b440f986eb40921da76ff0be391b76d76c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 edc736e33219352ed4d158ef3f504a83
SHA1 73819f007a41d2b386ba866e95f55a53a13036ee
SHA256 7ec820f9f69d83bc6d47609a4880f166835198a38bb471c0035ec084ee6d3a6b
SHA512 983f409a45c6d04ade96248af2683a6d52a4099a8c3ec571313e00740d22b7f930f96eeba3055c23e19a97ed4b24331f55c736aa7e84cefe0c4c4cd5f88149ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ce7adcacb14ee65fc87d4d29232dae45
SHA1 5b4b61b55d15195f9a3c6faeaa9a564b70ae83c6
SHA256 9e32a32dda55afb42c8ec9891bfedbc86a0156fbffba8ab58887f09e9a4729c8
SHA512 6b721ad7a591bac7e3eacabb72d3cdd3dcc87b77650b3b4029c5de1d43932c5d3b7959406d1b77247484a030af06e7883fce91eced900d95ea8f69e2cbd321eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 911f1f88ed4f8bad3157ba2abd72636a
SHA1 8d0b2707486ec4d7951133022ec9782e4a1a1051
SHA256 eb937bd290eb9ab2469a40b0655cd53f130a13d06ae71c6a6cdca5e4f8ca397f
SHA512 3b49f74149082eaaed273cd607defad25a8865fc53df585785f1f5641deec9c875c750cbc9d87f07820dc9db18a27059d3bd937d8f6c09ad59918e3c5f03c338

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 32581395a46fa91e4d552921db117ba6
SHA1 047946873f57f4013d995cc46d1c7a0a038b2983
SHA256 bf653dd482bf9f3b8a16fe40e508f2741448c1e0ab33bd11777bc17ad1dafa34
SHA512 9f6132ae5096f03b51edf9b0422bd8e710535c2f472c1edbef15758c49930723c4d4e75b1225e67d0690d6d6c64d941fcb69266b9ed66c8ab9691fafa0491859

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 65f6124522fe4cf1d83a0491fca38745
SHA1 1df86bd295eac0e082f566f65daba184665f7244
SHA256 cb14416934b39363ed1d61f791bb351b2e50de4f690b350eb926222bdf0afda1
SHA512 6400a4504cd489666198f7a052bd06f53a6748228db3973b6aaf3c457b07eee6f89531f451371f94e880aee5904daf8ad03bdc1dc1ba6c5b53b3a2d70a569c37

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 34fe84441f53fd85356e5394df5780bb
SHA1 4c338b322e350e24d5cfd33a247895533d159d6e
SHA256 37b6105ce9abd64612a8c5c7d7fcd326751f1282845291368397490be4dc0c1d
SHA512 8d7ec1fe2c84bd989152557b7a55c8031dac909a03d344b0f448239785c778927a20f716134b7f2c4177dd2cbdcf3b5b4fee1308083c555dbda13ad3d128f250

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c900c2d9e1f1ebbd4c72d1346bb5710
SHA1 0f31b07ade91f5e83d90c568c50df2b5fed474e0
SHA256 59fd9498d807ddc67c52c92edc195382759cf986d143465bb953f10eca6c0e67
SHA512 e29e1cf7a4adce2cec4a3170d0a511a8f4683cbeb488b74412c38080ef1855e9b872d90271661322146e1702b12a0dd4f20bf9d19be0c232f167704c18f52e96

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 477755b39265ef6fbf5d2dcf0382aa18
SHA1 8294c004cc29defcf3ebf9a065c7ff1c742e98ad
SHA256 99303cfbdcc3869739de9a7bc8fd029c7609b52cb4ca89812ea1004bf0cc1d6d
SHA512 b60fe68f0fe1e749c363068c7dcea8b47ec2013cfe6fabe002bde0bd60252fc1c64f732de75a84926a66ea4d9f67821b838285c5127915e4bb459a5e28875f2c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 47206c485817e4c8d722cd55f99bdbf9
SHA1 1d3d430fba7b93778091748ff6aa54ac5cca9e18
SHA256 e8686e7abd8ba9b89ff7ac1e043e56999cbcb3b58e2b0df56623a2fd0ddef379
SHA512 9449bc7cdd5fe8f160721ce299c4fa7401dbb08f64d678b2c1ae926ada0546a78a2c3545fa78364a6c962e5b74f390a9a97b52b218992571d990323234748edd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 56eadcd7518151a43616681f76378dae
SHA1 0a34bd7444c1e33172ce887f8868a4699578e359
SHA256 4f5fa67b2031097a1ed8be3ff4b1389b80682012ac9e6f49de81db3dd4597263
SHA512 6b0097b785979baba3073721fc23030e23a86d432c36c8001cf6dde6e5999c11d75174e1869487cda36c3ebd430e3931afb7ad2be1c5e2c7ee8d45379f1817b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c0c77520ea8746a54947ef5557079c7
SHA1 bec96a0810d514413808fef235f8c7a3144f2f2a
SHA256 12fc592254eea52f2073e0123fddc9191f83cb7187f6a8d1879bc5e801d74e08
SHA512 8c35ba7a607695969514205d29fa9d1f9e82bc488ec4d7f9d8df0eb6c565fbe8848931046e7a19f90659ec321f5d9d43774ec370bb6f39a8972940b75f363530

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e2f23b45a19593e9effa37181dcabaee
SHA1 e69c3b10ac937b3b91b2e5e6216dbb2b5a5419a8
SHA256 c4b6b5a0b6820c5c685d66eb7abe5bbf7caeb1c320bafab2d83e58beec9a83fc
SHA512 c49c6678ca0190a8310b77c2ad7220585658fd1df5e67f6db1df429b33529750b78d899f7d6f352f758462eebe4346b490f3bb9741d28acd5f92a4db9878e9ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b99c9b908b04efd9f81e5ee03f26a396
SHA1 03894dc504984960af8a54cbb4b44570398ee2a5
SHA256 3baae944e0a2de948bde19ee7203d9d172f23f7b36f116f2d467e3bfd0a598f5
SHA512 557e6637b75c84c89187eef65ce8295d5ee738b00af17d326e2a9f200d8e4e04061d4b79b27a58ee1bf557f429fd2351b034896d9aacef74f6ae2d01ac846897

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 859d78e1b02ecd446671a6c9e726a947
SHA1 a7eee0ab0717dfeb11a3e7f1414c967909fbd030
SHA256 15d9cfc51ff7359eb3b3dafa2b4f17ded5a88a3884c47643004a66daca3b3b3e
SHA512 41ebceb4a8344357475fcd8b1f78f2a2e09cb5de92155ae310b7dbceef2e39e507ed9bedffea299b8176eaccef35677604214479db8ca90c8f6994b2a2ce29e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ebeb7ded550fa58ccd8dbf0d97da7e91
SHA1 a02ef2c82a19bbd8816bcd05a1b57de07f4c83cc
SHA256 e5dc84b902c38064b722c9225e44ff9165f53e46406b62a1d9cb398cae49eb82
SHA512 190401ea429f7ac485b0d0bbace71de07fe010547e89c796391c6b60e5eac9b21a1b41e2f768217acbe4d6f244431bceec3fdf24b402adf674e25e8493594756

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 17fe9720e6e3b908596536b8abd77655
SHA1 82721c3f304d590ca186db151b27ab5d723a5fe4
SHA256 b716d91c8e20d8d923d7d3056bb60ddaae645ba263ccf7da76202acf5a779645
SHA512 32c0aa15e6130a52a4cd17c39ae72caf466c671f400bbcf2e51f4a6291e5665ecc046e5b5e8416433185eefe3b517847021ad619eb3ed1c03aea6a2b96d605b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df3d0bbb9476cb5c3bd9480dd0192087
SHA1 00ff59b3761bc7d9803e413a928407f59e6efe38
SHA256 48554eb41736ac6cdc5a8e9714b70fce902068854b4ac2369848dc83125c4e12
SHA512 09dc2b07d47ee45b72b0e6aaa3970155b51fc59c009c89c9ef2736f7abb87050bd3d199be24ca198bb401a105c24105bf83abc2fc6a64dc85dc37d54324e2472

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c36d2eec3da6d8f103242a413220151f
SHA1 cc3f860aed2c95f05a08deae83d142cd6d7221bb
SHA256 7cbabc37b3486144cb524d9bd8179df4df8700de3fa6d5709a270447aab3048e
SHA512 73c1de5100df80780cc9155e02e6e316d8e56e78fd9912cd08687c9b4244be35ec62419072e60ff4eec53786446dbae8bea72d08f1c163f8aaf6ec4be013198a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 623eb7d3b7d6597e3b88c89bf1a68113
SHA1 3b7bfdc347bdba2a71953b9d056e3029ac2d2d2b
SHA256 e392d357e4d13cb0529aae65ca46e4c605112970b986e8438bca393f7d3099ab
SHA512 5aae1957cfc6992df4890c2babe1c5b6ed584f6f1ec27bfb4796730f54b1f3fd53e05fe2777e212562cb2a2475e875906c8fa4609fc5f31c87a1a524ad86c85c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 35ee1937f177fcd402b60ff53b55b858
SHA1 f3533b34c2c3c7d6f0be3084c2ed774c980b6b8b
SHA256 7c09b1aa79ba6d6a0f193f828e77189fee7e489244705a6635f7c4856e17ee5c
SHA512 ae91d10e45a0e9fec832cbe87bce61f67c16ba4d215426be43af68bec180fe3f475497ae4799ff31a67ac382eda812a1c7fed7e5163e9f77abc90c257522d1cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de7ba9e0bb9258b0196a5ff709461481
SHA1 b4be0e78665c95cb3522a29ffeb1588ba7ea70d8
SHA256 df1a06a559171dc3184f4dc254b1c818f18905a650c31ab81b4a056524f05ad5
SHA512 f78ba03ddce5fb1fed7a4cc5e62c635559a2757f2985159ec7b8aa62ad61cd044cdb70e58f8eef9f43c777c9732f6fc3aeddb25331187ee83d3d8855cf16706b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 93bee16afe6c4dea01ed0f3d337a9f3f
SHA1 5d8c09ca63028e805f84f38e3f3e9c9196679862
SHA256 0f7e3d4b79173b62b573ce4327d8218cf96fab395fb93cba78b7381e868a2a5b
SHA512 42664995f6c1abf5eb09fe4cbfa7a5db44234e39ea3b1e9cbf196cb694b7a00370915d9f7c4d2b8b813c2afc9f23389dcc9138aab731ba732c5291b2b276dfc9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c2df52148f51fb14899e847d0c113fc4
SHA1 7d6ed05cb824a97a3edf0f8c5479f8016c206bd1
SHA256 f701235cbaa218931c830b972fbd5ea9edf35ae0035118f87502c295953252e7
SHA512 45d5f2e2093e895557c3818ec1484755ee8db3a90d13007f2a5c9985b66c9dc398e235875269027e4a55e33aa3220379cd9a16b59f199e7a4960a451960daef4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25dc67b424a25fbb38dc072a8a46a309
SHA1 8b0b404e46de1819841ba3e5036da436d7b7ac6a
SHA256 e1f02492b78fe34c775702f70d696a6b442dce0221cd21a9b07316ebd30f3030
SHA512 a2017e365ea37b29cd9c142d932198d0d1035756e444254977a82f54fae81465f3924e29224857c26aeb8272890b9da44d77c209b4b4c65d0209c2c7c651e805

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a3a7b0324c1e15ff239ca699fc5bb60
SHA1 e47c490918dfbbb70be2d7c41f0e700f6d50d816
SHA256 33a2cf19ac1eade591e53b2146a82d7f6151b1c7b38804f14f41296131a758ea
SHA512 e4d8e3872d7698ec5676899a468e125321a07b3b980b555383ef6ed0b13d57c51744f3e407e8272b42e217312734ec06aa30468bba27dfd8ee14078ecd4a1cac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8dbe70c909ffae3d3e308bd3fca490e7
SHA1 1c0712752aba4f6f91bd179dfcec332c40606eff
SHA256 4b9ae753a28d4bb386f6679373ffb0935761eb84d43cc715258aff0d6c91e29f
SHA512 f89d4900155321dc947de426421854e9d4b576f6257637f6429d95cb9b63cc2683cb9f652248d7b19651a4c9f2e3a743c115d5df8e8fcc79c8e0d6a5e76112c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 04da2f0c0827896feedaae9e71b7ea1e
SHA1 30d11650b8dec26a4d994362b199985057d26fac
SHA256 dc2e5fafcabac80c882da836bd7a2b8bffa54b9ad4d77b955863b3d28fc3683a
SHA512 d04340c6a27b7b1b0c6c5fe4919d2dbe67f6a243a128bb1accb0a89534ead4f76ce0fd4e76f1eb46695ecbc917b2c40a7ab44e37a3fc794e5232cd1829b4f0eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1d7e4cfdcdd6a9be58e421a0d9470f65
SHA1 3a76feaa757090e017c5e3c504dea9e0e8cb4348
SHA256 993717c09ced24ad9c96a9b2cb35b314a0beb925db73a1c068199b5802d31ac4
SHA512 54d08e462f88ec3e958c04867eeadf2145c08fa301666bf46b19f45f7df247a2cbcef8fe241588c328782d4ba9aa880cceeef9155fdde84527548b17b284507e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 747a2a459b5ce7151173c00735917735
SHA1 b6f0f96e6fe0f3e9504b21491cb0619cb9bf5eab
SHA256 7ff1101e95bd36683954f3d6921e5486b74a6e6c2c124eaa5e0d5301171a5a72
SHA512 8e1ed4b18e44fc38b470818f019cd29d3ee0b90d7266ef876e2dde7e5142ee3ac069bee2eff95e07f0b25e9a3aec321901eb1352fa63b08a539fa95920591daa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08b395c78b3be4545856676d2cada490
SHA1 b0388ecb0f5704825b1c75bc73088a22827a75d0
SHA256 51cf65f073e36e83135a2152e04c1c17ac664e4422c6a91c9a666dd217fecefb
SHA512 903958fcc88a7e8521b33a8970b7855d3f8a5eb0a36104be99c4654a28d708f578e3fd216553206c7aad56b006727b30280773ece609bda1f83ff2ac5dbcf3a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dd006508862dccfb4e252d28c975575b
SHA1 7812b378733d257686c4ba1e0603ac7927e74f3e
SHA256 bf9d0edb2f497be8fa6121f37b38c40ca952f30d3ff3aff93406340a3bcfa21d
SHA512 663198c154f63e23ed033165c1c85c4ddfefd51575b235262e9a662aa75bf7a90d4f350b5922ae57943e94f14413c5326865ad79955fec6904f5d0766ad09a63

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-31 15:29

Reported

2024-05-31 15:32

Platform

win10v2004-20240508-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\877bd3aaf7c6ce9723cf432db3e1539a_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2964 wrote to memory of 2840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 2840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 2940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 2940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 2940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 2940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 2940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 2940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 2940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 2940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 2940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 2940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 2940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 2940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 2940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 2940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 2940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 2940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 2940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 2940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 2940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2964 wrote to memory of 2940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\877bd3aaf7c6ce9723cf432db3e1539a_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa84ef46f8,0x7ffa84ef4708,0x7ffa84ef4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4116751717572516639,15688106348147426107,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,4116751717572516639,15688106348147426107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,4116751717572516639,15688106348147426107,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4116751717572516639,15688106348147426107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4116751717572516639,15688106348147426107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4116751717572516639,15688106348147426107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,4116751717572516639,15688106348147426107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,4116751717572516639,15688106348147426107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4116751717572516639,15688106348147426107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4116751717572516639,15688106348147426107,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4116751717572516639,15688106348147426107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4116751717572516639,15688106348147426107,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4116751717572516639,15688106348147426107,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2772 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 www.sexuria.to udp
US 8.8.8.8:53 st.chatango.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 208.93.230.16:445 st.chatango.com tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 8.8.8.8:53 ads2.contentabc.com udp
US 66.254.114.171:443 ads2.contentabc.com tcp
US 66.254.114.171:443 ads2.contentabc.com tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 8.8.8.8:53 hw-cdn2.contentabc.com udp
US 8.8.8.8:53 img200.imagetwist.com udp
US 8.8.8.8:53 ht-cdn2.contentabc.com udp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
NL 185.107.44.80:443 img200.imagetwist.com tcp
NL 185.107.44.80:443 img200.imagetwist.com tcp
NL 185.107.44.80:443 img200.imagetwist.com tcp
NL 185.107.44.80:443 img200.imagetwist.com tcp
GB 64.210.156.6:443 ht-cdn2.contentabc.com tcp
US 8.8.8.8:53 hw-cdn2.adtng.com udp
US 69.16.230.42:80 www.sexuria.to tcp
GB 64.210.156.2:443 hw-cdn2.adtng.com tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 33.140.123.92.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 42.230.16.69.in-addr.arpa udp
US 8.8.8.8:53 171.114.254.66.in-addr.arpa udp
US 8.8.8.8:53 6.156.210.64.in-addr.arpa udp
US 8.8.8.8:53 80.44.107.185.in-addr.arpa udp
US 8.8.8.8:53 2.156.210.64.in-addr.arpa udp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
US 208.93.230.18:445 st.chatango.com tcp
US 208.93.230.24:445 st.chatango.com tcp
US 208.93.230.26:445 st.chatango.com tcp
US 208.93.230.28:445 st.chatango.com tcp
US 208.93.230.22:445 st.chatango.com tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 8.8.8.8:53 jdownloader.org udp
FR 5.135.151.225:80 jdownloader.org tcp
US 69.16.230.42:80 www.sexuria.to tcp
FR 5.135.151.225:443 jdownloader.org tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 8.8.8.8:53 225.151.135.5.in-addr.arpa udp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 8.8.8.8:53 st.chatango.com udp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
US 69.16.230.42:80 www.sexuria.to tcp
NL 23.62.61.72:443 www.bing.com tcp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4158365912175436289496136e7912c2
SHA1 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA512 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

\??\pipe\LOCAL\crashpad_2964_LWUVPVVEXHAJAUNW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce4c898f8fc7601e2fbc252fdadb5115
SHA1 01bf06badc5da353e539c7c07527d30dccc55a91
SHA256 bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA512 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 051f906198271d65493612ef74f61d84
SHA1 aa14e639738bd01d4b54845f82ce6dd59782f45e
SHA256 9f03e1221067b4f2559b60625057049e48895d993566071588f285b7f7468384
SHA512 7ccc00eab0017f95ae0ed27c1cb6203c52a90836c053d2f5d22db63589a42e8e777e260c6ca06b79b4dd789a67e9c05c89c457a21935e09497f4e5e92093c6bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7f3d0b27734ed34fe5528fc38f48f375
SHA1 fddedc155114e55e9ef186790b677f9bd7ed7602
SHA256 3612961dd04e3ec85f14e93a436b788a8539201b469d23db050a03285affba8a
SHA512 dc8b6eb5d5af210efddef1342d33a1351a9ba0d28a3a7cb54c4fbbc67f57a53b53ed28dd2dcada173695de6bf5c8ff72774cc4a88498a73f1b9dc1646f588bd4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ee2b06679acc39a56f1d0581a1a8c0ff
SHA1 82160c7552315a153a6c36a8b5ddd6471669915e
SHA256 b4000c334cd741ab2bf735aa44ef48cb301dd4efa4e3220864dff4f08c7dc99d
SHA512 bcff681005992fdf6a4e0a3f90c323bf1a59805786db543e2cc99e1dd29fdc9ba5e0daf01c8f91e0c614e8ebde08f15373fc39c3ca53add41bd65749d5034bf8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a7a62738cf7bda4fe8190a90ed6c372c
SHA1 624a5129c9c9344284176a788b2a4c6015928745
SHA256 7f2861f99d85ce731a662a590ee4c0643b1a76687d286ed50d015d0b5b8d81a1
SHA512 1470c697fdc8a21c8308ba4991d4aad2dbb84ed1b2751b3ad1e4e6e2830a69fa1d2616f7f62db75987c65fc057010d9070f9e1adfd05f799b26a4bceb71283c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c8ce1756a08b0ce2fc0349645644b2a9
SHA1 8854365b4f84dbb74690243da6b96379a8e80df2
SHA256 b535418b5a6a159095fe57ac4f51db0af29daf636bd6c514b7634e37f2e708d8
SHA512 2e0139f153f488e707f429d1e2e62ac63aa4c1a4782ffe007f36430a832bce78cd1d7cbac0dc2c4f1d187e1756baf873da0456094fbef28d472aae1d86cb81a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ca8bbf1f9b0b4f1eb923b3fd8a1a8179
SHA1 4ecbcdc3fe7f85dc14e6599da4d69a58b3f73869
SHA256 6032946eb23595682d51c5fb8c352f2d1916ebfea9581d7fb6fd23aaee0f7500
SHA512 3196b3a5b1ddd042e67cc4b879587bcdff6962b09a55e91595df284b3e71c0a39219e916e6b3d6624409724796e9826667fe6bdad3eb08cd42f98de1a0c94c4c