Malware Analysis Report

2025-04-14 03:35

Sample ID 240612-2yey8atgmh
Target a2d212006718f4d91c05448ff7a9cf29_JaffaCakes118
SHA256 65864d5e2e7cc5470dd004267db6907e572d7a224610bfce659caeb636ac437b
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

65864d5e2e7cc5470dd004267db6907e572d7a224610bfce659caeb636ac437b

Threat Level: No (potentially) malicious behavior was detected

The file a2d212006718f4d91c05448ff7a9cf29_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 22:59

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 22:59

Reported

2024-06-12 23:01

Platform

win7-20240221-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2d212006718f4d91c05448ff7a9cf29_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0d92a371cbdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000081af068c807bff4badfc491c243ca4a500000000020000000000106600000001000020000000e512b03124fdd9cffe6c809c743da78a68432ed1dc8ee919604f033146505709000000000e8000000002000020000000e8b771106f22c405c3cd900cf809f15a058cc615d5037d932df48666aa2e6bc0200000003847aae0ae5166f0092b00cb47e4df9596e74cd1200303f2a0d37079ea2dce354000000067dd5556b9dd878cfcdc95beebf00af2c5c3c0f644d66202f215e69cb190c0f8970f3067f399415e5091e4e8b06afda6fa3587679383ac856680a1899e2267be C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000081af068c807bff4badfc491c243ca4a500000000020000000000106600000001000020000000995c92b52efcaece99b0c689b08f37357d7472f5a73afe20e2fabfd59a495612000000000e8000000002000020000000ffca8bf466781bb87f63f4d5d1e7de18df35eb5ee423567eef065f1202cd1f899000000020106ae195f88b5a3afc1f93ae8d6300affc688d68be1df8104d1fda21d25c7ab3a223e516a5ee2989d2fc440e588ef1520ea11edef79ec1b249886acb3f973c85661d0c960e5e20b641dcec6432c3f546bda3132793549411e682a9d2ac43c7720aa241c1a5095cad03d00ff28fd7fbf023f39313f2800febcea96d78b5eee374205e457746397a3e0005510e1c17d340000000a8e41ce66ec240f85520aa633c0816b0294b88670262cd7636ecefcea55f7d20135b460eebc26826da8daaf637c1230acd2568e1c6e2532a457ea1734ff71a8f C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424395018" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{613842A1-290F-11EF-A293-4AADDC6219DF} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2d212006718f4d91c05448ff7a9cf29_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2172 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 affiliate.zanado.com udp
US 8.8.8.8:53 media.go2speed.org udp
US 8.8.8.8:53 ho.lazada.vn udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 st-n.ads2-adnow.com udp
US 8.8.8.8:53 st-n.ads1-adnow.com udp
US 8.8.8.8:53 9970ad2a56fc8714afba571720bfd7d86f3a8561.googledrive.com udp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 172.217.169.74:80 ajax.googleapis.com tcp
GB 172.217.169.74:80 ajax.googleapis.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.1:443 4.bp.blogspot.com tcp
GB 142.250.180.1:443 4.bp.blogspot.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
DE 142.132.202.70:80 st-n.ads2-adnow.com tcp
DE 142.132.202.70:80 st-n.ads2-adnow.com tcp
FR 52.222.149.103:443 media.go2speed.org tcp
FR 52.222.149.103:443 media.go2speed.org tcp
FR 52.222.149.103:443 media.go2speed.org tcp
GB 142.250.180.1:443 4.bp.blogspot.com tcp
GB 142.250.180.1:443 4.bp.blogspot.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.180.1:443 4.bp.blogspot.com tcp
GB 142.250.180.1:443 4.bp.blogspot.com tcp
IE 52.19.123.128:80 ho.lazada.vn tcp
IE 52.19.123.128:80 ho.lazada.vn tcp
IE 52.19.123.128:80 ho.lazada.vn tcp
NL 93.123.17.254:80 st-n.ads1-adnow.com tcp
NL 93.123.17.254:80 st-n.ads1-adnow.com tcp
GB 172.217.16.225:443 9970ad2a56fc8714afba571720bfd7d86f3a8561.googledrive.com tcp
GB 172.217.16.225:443 9970ad2a56fc8714afba571720bfd7d86f3a8561.googledrive.com tcp
DE 142.132.202.70:443 st-n.ads2-adnow.com tcp
DE 142.132.202.70:443 st-n.ads2-adnow.com tcp
DE 142.132.202.70:443 st-n.ads2-adnow.com tcp
DE 142.132.202.70:443 st-n.ads2-adnow.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:80 www.facebook.com tcp
GB 163.70.147.35:80 www.facebook.com tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 cdn.shareaholic.com udp
FR 99.86.91.124:80 cdn.shareaholic.com tcp
FR 99.86.91.124:80 cdn.shareaholic.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 dtym7iokkjlif.cloudfront.net udp
US 8.8.8.8:53 accounts.google.com udp
FR 13.32.145.57:80 dtym7iokkjlif.cloudfront.net tcp
FR 13.32.145.57:80 dtym7iokkjlif.cloudfront.net tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 216.58.213.3:443 ssl.gstatic.com tcp
GB 216.58.213.3:443 ssl.gstatic.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 e56e8a78c63bf428e8186c359188db32
SHA1 4b93123e24fd5fb6ae6cc24cd34f10edcad3c366
SHA256 923d62615b366a5efb3ecb1eb53d50aa7639815b1d6418fd44f619d810709d59
SHA512 d4d2d26ba9ce9fa36de6f0c34ee296a557fe8ca8258a003fd8df3555f3448cb26e64ab01ed89fb7888e9cc0608d6502192052a1d52d6030f192f6096353c274e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 83ec62ce95706bc3c294154df04d13fd
SHA1 9e800b7742f390096995d19f697237a75b901a0e
SHA256 52061ac7d15c2d77eab7496a0d7dfcc93b9f68ae606b6868077ef3033695b9b2
SHA512 e6601c0dd9140459760836c7b9ed347be133a624b845359f19dcc6d52951254e02bb57de00a9e7296c164319941722eaf7d074dfc5ed968f1ca797be7fede275

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 2d4fea669bb6b82949ccdfb622bd44d8
SHA1 44bdcf5f1122501ce4b96c54ce6634ed663fe27c
SHA256 5773d557b96da4559d36dce50fae4ebe7b5fc22632889a3eb52f11ccdf3176a8
SHA512 aeaa033bacc77f9e40d036660d33b99b927029420f88ef2cd7e2d9bf631c2d0a50ead7291857b8034cd71e8d91bea74cb6b954af936abec23ab3cd2565788acc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 33122646041b666fee32e73a3d18c925
SHA1 76aa1bc0a8dc9e2709481a7bc07495581376c082
SHA256 33e1e95c17d701b3fcd898da2ef3f572cbaae4c36089e89a229176da0cf5f84a
SHA512 0866ac348ea9a7af62e736460e168e3e6f1604dfea1f980b087942c4d84e3f9e8d8bf1712aca598ec1185d47861623c5ee8350515228c45649c2ce8a9eb94fc1

C:\Users\Admin\AppData\Local\Temp\Cab175A.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar176C.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 bbefb6c827b3c26da9122f7b4712aa09
SHA1 fa41331b2258edd1bc04b632674cb8547d8072db
SHA256 ec544988c8a2ce8120b397b73e02eaeb7e36047d46e227e9383c73bf4a7d9d77
SHA512 69d246798dd35bbf04554fec94722c733591ad3bc70b52ce943c655113682691f40e2daa4e999afd1a192a011b898b697e7e53ed009bc4030a12f3955c42c724

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 128c0e7af588d11db3228902c597ef46
SHA1 5e90ec72fae30593bd20dc0bd0b89f6ad189fd86
SHA256 289de985027b20cef4dfc53214616b7ef720e87e78a47ebfd25ba3dfec845991
SHA512 bd8cadc38e63307f1cee0ef6a2513812a7167f7b1fcde1c71293182a34a3b912b7ee460ce137d824ae14370c0ab349f6afff5092ad72533e9b9f9d0c67c3a6e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_B7BAEDF8A66155214D6AA1EDC8BB7778

MD5 5c2c1d5453f5cee04273fc3942bf019a
SHA1 b0c255829f5f9a38f3f3436b2583b3d9d095a121
SHA256 05e995ce05c26f3aa2b542ad7f67854f62d88f22c22efec8a2aee36cf5699ce0
SHA512 450537af84df9f08fb3b074023e6de13d9bfc6f938f7e8caebac637f0ed36acc62280566328d7c3afd0f153522750086be071074588c4c62a60f387906eacbac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_B7BAEDF8A66155214D6AA1EDC8BB7778

MD5 7f171176d84919cffd54ddb4b0c0ec68
SHA1 95545f831fabd9ebfe10a8cdfb8cac343e6ada1b
SHA256 93c3126612de4b4002dc25bcebea1dc7236959e75f4733a41de18f611d1ccebb
SHA512 4b442056e6720202e54924cfa87fe66d73326971b518700668bb48c5e191dabcb0e5d8e45e568edcb1dac306dd844fe94b37c0c57fe6fb89833b6992de17c0af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295

MD5 a4c3e4b3f212ccf9719236eaa8f728be
SHA1 e017a18974a9969ca60ca2499ac54b464d91a2ef
SHA256 0641546fbe6a6bf201d918796cf5efa992632208053037f369a6173cc2afd39a
SHA512 c4c229eec604f4022ab0d439eb8b95bbdbb554d809d4571745957f0da5dc740e4ecb13757273b9dcf9f431a5b1ca40d53a539e2ccfaadbf7c161dba6b8b2734f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar185C.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bd911ec39df67be64061b6cf6a120359
SHA1 503a74fa7ae72f153fb830b98926b534b30baa1d
SHA256 5b4b96c407f3a9974c8fc7b546ba0da5d4d378cddca1a17b8983705c714529fa
SHA512 4c8ae78654af14c018740622cc8990736ea0bbaee8aca9be459fe4ea3e103ca230f88c9c00e3f7cae6b9521c611b46a0e60aa25f44873194b6d7a714bb2d50b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca5190fc21f2b42465dfdff71550f514
SHA1 1607b6200be858c542242e781d27cc110cca75d4
SHA256 dc53f8890cfcceb19b35d7cb9040d4769f57d9b30ebc4f1003c6799f68f2e8dc
SHA512 d848b47ad2608594f56bf5e6523f4da02c43595ce47cf93d8ce2ba042582f7ce99e22ec489573c3ebba223f2fc7f543537baa12c31bb78241c9e01b7e151f4f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 9747005f15e95161947863f294e8885e
SHA1 1da9ee8d4cb6b7a87564c8aa8c55ab6df234c575
SHA256 10303f0e9eeda8d200d8bb145536ea6a3be3093ee1023b4d266dba852c3efbd0
SHA512 1a3519595cdf08458e0c923cd6a2b2a28aa85be43b33b2d4d8509c68acfa9b266fbfb39df52c8c5cd042b850b33673f8c7f4f32fb5454ca95669486ce819ae6f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 51d73456d84d0f554cf1ca777d3a92da
SHA1 5573016bea1c61809fcc1fcec7aee7a269676f3c
SHA256 7cabf3f78ff0e2b40c8f82a2783bb7e69737d1900309f2ee77dd303d806e8f49
SHA512 fd41e0d2fc95d4aaa37b56b323dbb4295810c56609412373feeb5420caf5f61746962d5e890427b0c342e939308e3847f083c8e3854712374334d24b29896725

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1d8ebca9edc9c160674e7a97e25514ad
SHA1 316f2dbb0c0b1cc883cd04681a3522a09052671b
SHA256 2282c38e9074da6d1579515f74b4b06b4da70e40b392760aefdcc1dd4f75767b
SHA512 2e0274041e554c7ff5b1af0e041d5efb104e8ceae38e787189538cbb98619252d3e3e87709d9da9e226ea38c82afa59945f05609c15119695a53336528891146

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5355566d44a740a24334923471d35040
SHA1 0a64a1f567476e9d26c703e975327cecb4616b99
SHA256 28d8afc96a43f14633734654ecd9a6de2a09c77c5d59b2ce965f10a17ec4ce22
SHA512 877c38b521a5875f0542317389df53071dde24d82f365f946de8c71358838884bd2dc6c6b451e49af7d48ff71063196a1f4dbf8d6609c0b6ab95a09e417636bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2160e5031eea3bf79ffa6561af9720cf
SHA1 aebf2b75bbe55c06d3293be3f13ca0f81eed5dde
SHA256 9db8e07ab6f933fe7ff72b9bb5dc4d0fe43a2ca7da2beb7198b4e399dde1fd9b
SHA512 cb86360aae94235a3acd52d56ce9d51ad3db77ba2b4154a58d4ea4b172877f1670bd02507fbbdee48d374acd7e6dfc3dbb995ca5304482fc05284ec6bf9b7ac1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4192d60c4ddd1832910aa18f403071d2
SHA1 26d6b933d6dfda18059ade92779a78103225001a
SHA256 7062a960179dcd07bd9bd8c21c0a092396bad7564b4974f3df06f3d64567865e
SHA512 931e9c2d5d7473d505a117e845934e27a0d7ad9262dc9fc534c544334904e121466a2ffdc2dd908f6b13485cb6f3032940da142644f9fdecaac6bd087233b903

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b5f994c18c49887d11a928b75570a692
SHA1 236c8654b280c9baae0f216e7639d67c9b6e9fc1
SHA256 23ba8da028df1dcd51700996b309d5974ab884a863cb54244c637d56b199c0a8
SHA512 84593485091180df13c7111e72b1bd9a21bf1f932df344b4d2354e13445b25d465ee1c24858ec4ce5855aa73e8b8af130efbc1b1a26fe66b54afc0c6bfa334fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 855b67d0774e037aa6efe2b4d6c865a0
SHA1 3ee16ba4ea3de4db76fce840e5a3a7203e869023
SHA256 5233c6ea3c6d5c3150ded7bbde08f508ef819e8cfcfedbb5712968f0a16282a1
SHA512 80c0537ed3f0b7c162ab3384fb86d8494d65ede5a9ad05a276dc720c47ef6fbbb3e9c4437dbe81919e3e8cda192e20f13de5ee3ae6801bfa4932baba24415a80

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\cb=gapi[1].js

MD5 f9255a0dec7524a9a3e867a9f878a68b
SHA1 813943e6af4a8592f48aeb0d2ab88ead8d3b8c8b
SHA256 d9acfd91940f52506ac7caeffea927d5d1ce0b483471fa771a3d4d78d59fda0d
SHA512 d013be6bfc6bcf6da8e08ed6ff4963f6c60389baa3a33d15db97d081d3239635f48111db65e580937eb1ea9dc3b7fc6b4aecb012daeee3bf99cfebf84748177e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 352b849f6580bad9ee5514fe94b96ee3
SHA1 ea59a1532888ffa66e2c70837e766d1dd7b46563
SHA256 02a0652d2f3e234ce9be9446aca4bda155f8ba38cca90cde133351965c8c849d
SHA512 2401be91776971dc040c579e9046ab08ce64907b67514ac2a1f7fad04cc8ad4d6bf9c49740188becaafc9475eefa8bbe0d2e6efdc1a480e03ce1d265800e3aa1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fed5ab06e3e577ceec4593f78304f07d
SHA1 3abc9a580437d6cb3ea146f1fe2dbd765508de30
SHA256 bab3dfe787a3d7b6c30d4591dba5fbe7356e11f528d25a5d697ef92b6e3b9708
SHA512 6cc0f46795d43372bdddeffe6d81c14f2ed84c9c61a05dc55b5b00c6ad0fcf9a5249ab0e7bcce9238585e3c07afc54ad06b64b75031b5601201e354b112a9b9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 053f9c2ec9f0477c599f2230b43c83d0
SHA1 79f660796eb141647d2e01a262fd26f16fc851f6
SHA256 6645e2b653c038ea2092a0ddbb926d95ec0f493250e7eb7b91150d88c0bb3417
SHA512 d388e8153ec3bc9105ab0ddad7d0ae50f5db7ae4aa7cbc56b55e982f9d4b22c7d7b1407bfa264352626606a56fd323bb5e329d79b709143fd41c015c3a9c045b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df0cdd50cac56f6f40959d631f78ad94
SHA1 e64577e43ca65beb051875b73f74bc9473cea08e
SHA256 2b62076d577c0a059b441dde4cbbf2f5129f820e37fef5e846afa5da740f32a2
SHA512 e73a836f8d9c593162ff03659cbab8179902655c0e678b9215f4cd4482adea327581d6482227838711772c63f80e7978d5b441e658276acba56e0c0520eb7fcc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 89df0cc40fa3196bb9564202fbc2449d
SHA1 2dfce61324fe227233fa65a4322e135502832142
SHA256 5f9f96428e4d210653c8ce475ae50459626e1f5220e0ce93265858cc5d2b162e
SHA512 52d6dd084022b3bdaec095dc7bfef00f90568baf2fb36c4fd53cf0a36916c45f0660e51b376fbe21975aecc0bb6c784b61e655dfb6a7197ebc6afd158a949604

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8947ee592a91a230f71bd77de83c7912
SHA1 ac591e2297864aed6020cebd763d7636a90d6f32
SHA256 7a82ad54eb462b7e54cd75367e21b7ae0549607ef3dbeac4055c661300871b33
SHA512 fa1c6c3949a31a8822821fe2c679d1409f838ef1ba63e554801ff7935257374d5e1a0f11d5413dc7cb7854ad1d6afe7d8566c78373e3221b04432cf1dc07a341

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1179d575bd10df79631e6f112625b6b3
SHA1 7cdc6e6461adcae3392f87350a541c7544e5e936
SHA256 01150120a353226ae6b0172cb60f3e13edc45a65357c02c67a0942d4754244f9
SHA512 fd366fb4bc65fe8c04f0104920afba67d1166e7d126c3b7ac786421f38f6fd9da0ade9bf476623f2348628b139606197579c875e84e0fb09d6be784d43e3f0cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b294c5d695dd2112a53229846d0295cf
SHA1 6f809d5df62c931ab6bc85e0f8fdb7a791dc57da
SHA256 ae71544a7a2087338854e7d724d4ec0d0fe86c120f484568a81a228b0770cef3
SHA512 b1744b7e96ec80e538faef48899b62253b7b6bc86a2618ac03db3c8ae1aea5432351a7906620287ee2d53fe4db05c14f5b0ab3f74e82b2e953e9e23b3b0ee9ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e78e717d8c4912e90b97241a924e0e1e
SHA1 ec4e6d04474723860c3886f8fc4e75ea2f5e3f85
SHA256 219d0ac95b3d65a9bca8a3e63cbf82e2c71ee0fe98517341dbc4e06b83ce5f46
SHA512 2b4448e209fd68d613461c542a5800fb47df83c77604f65fb3359f381cfc186f28f69672f458e77c6f15689c94412f295321e8b55f5d1699f124d20add0dfe26

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0825d662cacfab04308233a50af29989
SHA1 bf5ab438133f2586a3f396443a33a3c4a946f4f9
SHA256 982be72c800ae1e95b2cfc31c05456710030168dc222c541cae33e4195ff7c45
SHA512 a560aa06a88af6282a75acd10de65d5e419ae674b432eac862ebd13d07c92be733cf372dbf9ea45962e38b3da67abe5aa866c7b8c1cc2d0fb67e2003b637aaa7

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NPBB818\3604799710-postmessagerelay[1].js

MD5 40aaadf2a7451d276b940cddefb2d0ed
SHA1 b2fc8129a4f5e5a0c8cb631218f40a4230444d9e
SHA256 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2
SHA512 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\rpc_shindig_random[1].js

MD5 6a90a8e611705b6e5953757cc549ce8c
SHA1 3e7416db7afe4cfdf3980daba308df560b4bede6
SHA256 51fdd911dc05b1208911b0123aed6b542e9d9f04c94d7504c63d89ca259ef679
SHA512 583636571c015af525cddd5b8dc2ac9964aba5a7a9b0acd3908e4aeb4c2ee74cdfaabe49b0aa13d7b142748542426864e91e88e90d7f73bc647f0bfecb0ff7bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a820f254d80ce616706b78bf65290890
SHA1 3479296f7a73c5ac597d7e855daf0fa0b42dbf71
SHA256 9167f7767f01b53571225beb299482fa183fb7f18227286c14929bd1bc2b81c3
SHA512 c27fa6bd8f2f8c832c333b00f2b17fd77fcad1c6cf24f9e85583b55191ba5442645fc49a0d6e7e612adad983263f96a98e8d6857bad39076efd83604631d7eee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b7d79505f01e227ddf3a16fab1f23749
SHA1 a9db9c9cc380470c073e6700d870a8b05604e0fa
SHA256 f2e71669429e20e5c6aa8f7e0ecc4b9fb253f59dfa8178906b0a97ee44cbad13
SHA512 98ec1ea0fcf157fead7ede3b7ce1c2deccce63953afe174e7bdff73b1612bd520d8aa12fde5fa243ffa962b829f0dca4347b9f2db3e002ede54903a015d84525

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 6b43181b011d8172dad70601f1ddee00
SHA1 a45905a34df6c893939ff421877be06c81da5f3a
SHA256 90f6ec1a2a62cc5fd05edb1dd0f9039c23aef49bde9bf55d36712bfea22e0a17
SHA512 5b7b98dca2353f6a1c1069493cfdf182c182b9375c1e771f8da2ab718d2e631428957ed91485cb9def36dbf6d48095fa618fa21bb700071291f5d3d16279afbb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2e534b313e4c5fe30a27c37fedabc6ae
SHA1 263c16e3fd76f8be74d2c38f2723ed276d04d268
SHA256 a4cda258d1b463c5ead5d257bae63a8ca373ba86fcfbc142d0c36ff655e2b003
SHA512 b8b146ae6c4494d6393d0d3bfb38b98da151b0ba4a8131eb3907cd34a0c4eb8dc6a5010ef1b3fe81b73366a40778f6c958e2a863aea518e2eaa74436f5e5244e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4c74d1e633f4d0427f92dcabd57dda36
SHA1 2c2ab032cdee9a1df12b57161dffde30cd023301
SHA256 dd3ebf5c3ceaf4e4a9c0af2c90edc7f74b548f6d81a38f0481ec2bba69dd35be
SHA512 32164abe1b3d9820d5b8815ae449364859ea1a5403efd193dba791d0226cc60ec44c2874c9898bb55894f204d71133eb5fcc8480f228787de7b4e98b5bdb9036

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dd9204fc115c61ffe902afcedc3c39db
SHA1 0802916d9459ed6832610e6bd4a3f49be5977ff3
SHA256 dbe3ab2c174137c734850137b1e8d65417c00e71fd882bc6bebe503a5b4890b3
SHA512 68497d304144453af690c04b33659b24a098c855a529b05ce66b93f3bf338090328db73b9e1f7433e2ef64072234ca29f1cff7b1cf56a05414f63a56f73be8b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 479a99c4a047ba6c844efae523e17144
SHA1 3ef2ef40f57dc243d8879fc88ab4c40d1b875e9a
SHA256 a928ae460a9484c35b64f69b231dde7557980b72fc5e8f2f5bb01bd2f3be0cf0
SHA512 938ec4151a8bdbb9dd8724fc4d0cd4d5a25dc2e3e78e1f61814e7d997cef6f1ea71a63736c119df476be08c5af1638c600cb265b6c987059aa79807173c841aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a3c5f13645787898518c2329235931b
SHA1 4fbef85b21190e89e59ed398ed08240b2d2488b4
SHA256 d96349d4be89d8c257234cb201158df4f3e01fa1b00624a5efba53fd9efece53
SHA512 e4c40533c2b202e3218fed484d81bd5b21303eb8f4c1aa866c726fc7048827b3ce0854506bde55871564a5a503496645cb1575627e2dac10442d6f99e8e3061d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 95b4aead4283eb13ca88a7172aaa6963
SHA1 358318058c423ba2e0a8d060fdabbf16fd880eea
SHA256 282832de1dfb92ecc979af4b880cbd60dfb6012fede77de064348eb6a65bb521
SHA512 de8c0cca9d81a4d0d4bc46ed6d05429a8f815c677c88532f31f234843b763c80895330343efc9a4005ceadff71f97ff716e10fbb341cc7c30be56317c050bbaf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eed28802ec33a231d0f599b7479050a5
SHA1 321ed70afdaa1536af88bb42b2138dbab1687ae4
SHA256 a7f26f2952d542a957e5eeb64e72cbd38f6b545eede1a9c3c6113062b2660906
SHA512 3763dcdbdaf11aafd0ab748c04264c2bc061a08bb5026a733814dd0e502bac855e9217295751342fe6be10aa1f7d04015b7910cabc0b91c30145ada2db973442

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e737825be85694573bfca67a435e4565
SHA1 385c65168e6c1cfbac93f4fc061479a261a641b5
SHA256 df8ec85d406deb586c192d89a873a558082765e00077f42d5d966aa755972783
SHA512 5acdaf2cf7980d6dd046515b6216a8f8b159b23afab7992668cf182d6702245669811e48f942bacdcdb1e28b93c7b3ae585fc96bc341971acedb45ed588ec412

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a59fa2bf91e099f8c6f92c3c1333be6
SHA1 5ace6685790f14887e699321520fb13828597b80
SHA256 495e2f677f9869ade452351a1bc5d2d76be684ba8df0229d4b0746949098ffb9
SHA512 a2033f84762cacc2d243a64961f1209e7d94998076822c12ffe8658997bf5aeb2d9a689ac4e431ce1f2843a7945e3e16fd4c8c3c9e1d6432e09dfdfe59c9cc74

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 22:59

Reported

2024-06-12 23:01

Platform

win10v2004-20240611-en

Max time kernel

146s

Max time network

148s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2d212006718f4d91c05448ff7a9cf29_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4548 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 3800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 2092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 2092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 2772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 2772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 2772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 2772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 2772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 2772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 2772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 2772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 2772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 2772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 2772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 2772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 2772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 2772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 2772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 2772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 2772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 2772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 2772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 2772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2d212006718f4d91c05448ff7a9cf29_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa2f8546f8,0x7ffa2f854708,0x7ffa2f854718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8889098875759236429,17383279423072573045,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,8889098875759236429,17383279423072573045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,8889098875759236429,17383279423072573045,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8889098875759236429,17383279423072573045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8889098875759236429,17383279423072573045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8889098875759236429,17383279423072573045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8889098875759236429,17383279423072573045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8889098875759236429,17383279423072573045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8889098875759236429,17383279423072573045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8889098875759236429,17383279423072573045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8889098875759236429,17383279423072573045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8889098875759236429,17383279423072573045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8889098875759236429,17383279423072573045,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5768 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,8889098875759236429,17383279423072573045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7020 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,8889098875759236429,17383279423072573045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7020 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8889098875759236429,17383279423072573045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8889098875759236429,17383279423072573045,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8889098875759236429,17383279423072573045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8889098875759236429,17383279423072573045,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8889098875759236429,17383279423072573045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 netdna.bootstrapcdn.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 216.58.204.74:80 fonts.googleapis.com tcp
US 104.18.11.207:445 netdna.bootstrapcdn.com tcp
GB 142.250.178.9:443 www.blogger.com tcp
GB 216.58.201.106:80 ajax.googleapis.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 142.250.178.9:443 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 9970ad2a56fc8714afba571720bfd7d86f3a8561.googledrive.com udp
US 8.8.8.8:53 st-n.ads1-adnow.com udp
US 8.8.8.8:53 st-n.ads2-adnow.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 affiliate.zanado.com udp
US 8.8.8.8:53 media.go2speed.org udp
US 8.8.8.8:53 ho.lazada.vn udp
GB 142.250.178.9:443 resources.blogblog.com tcp
DE 142.132.202.70:80 st-n.ads2-adnow.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 172.217.16.225:443 9970ad2a56fc8714afba571720bfd7d86f3a8561.googledrive.com tcp
FR 52.222.149.41:443 media.go2speed.org tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 93.123.11.62:80 st-n.ads1-adnow.com tcp
IE 52.16.67.239:80 ho.lazada.vn tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
DE 142.132.202.70:443 st-n.ads2-adnow.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
GB 142.250.180.1:443 4.bp.blogspot.com tcp
GB 142.250.180.1:443 4.bp.blogspot.com tcp
GB 142.250.180.1:443 4.bp.blogspot.com tcp
FR 52.222.149.41:443 media.go2speed.org tcp
GB 142.250.180.1:443 4.bp.blogspot.com tcp
FR 52.222.149.41:443 media.go2speed.org tcp
IE 52.16.67.239:80 ho.lazada.vn tcp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 9.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 62.11.123.93.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 41.149.222.52.in-addr.arpa udp
US 8.8.8.8:53 70.202.132.142.in-addr.arpa udp
US 8.8.8.8:53 239.67.16.52.in-addr.arpa udp
US 8.8.8.8:53 38.201.222.52.in-addr.arpa udp
US 104.18.10.207:445 netdna.bootstrapcdn.com tcp
US 8.8.8.8:53 netdna.bootstrapcdn.com udp
US 104.18.11.207:139 netdna.bootstrapcdn.com tcp
BE 2.17.107.203:80 tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
BE 88.221.83.249:443 www.bing.com tcp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 9.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 249.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:80 www.facebook.com tcp
US 8.8.8.8:53 affiliate.zanado.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 172.217.16.225:443 9970ad2a56fc8714afba571720bfd7d86f3a8561.googledrive.com udp
US 8.8.8.8:53 cdn.shareaholic.com udp
GB 163.70.151.21:445 connect.facebook.net tcp
FR 99.86.91.14:80 cdn.shareaholic.com tcp
GB 142.250.200.14:443 apis.google.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 dtym7iokkjlif.cloudfront.net udp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 14.91.86.99.in-addr.arpa udp
GB 216.58.213.14:80 www.google-analytics.com tcp
FR 13.32.145.57:80 dtym7iokkjlif.cloudfront.net tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 216.58.213.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 57.145.32.13.in-addr.arpa udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
GB 163.70.151.21:139 connect.facebook.net tcp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 a11ybar.com udp
US 172.67.136.238:445 a11ybar.com tcp
US 104.21.56.218:445 a11ybar.com tcp
US 8.8.8.8:53 a11ybar.com udp
US 8.8.8.8:53 c1.popads.net udp
GB 195.181.164.19:445 c1.popads.net tcp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
GB 89.187.167.3:445 c1.popads.net tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 c1.popads.net udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 n.ads1-adnow.com udp
DE 31.172.81.226:445 n.ads1-adnow.com tcp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 n.ads1-adnow.com udp
US 8.8.8.8:53 dsms0mj1bbhn4.cloudfront.net udp
FR 99.86.91.14:445 dsms0mj1bbhn4.cloudfront.net tcp
US 8.8.8.8:53 dsms0mj1bbhn4.cloudfront.net udp
FR 99.86.91.53:445 dsms0mj1bbhn4.cloudfront.net tcp
FR 99.86.91.124:445 dsms0mj1bbhn4.cloudfront.net tcp
FR 99.86.91.16:445 dsms0mj1bbhn4.cloudfront.net tcp
FR 99.86.91.124:139 dsms0mj1bbhn4.cloudfront.net tcp
US 8.8.8.8:53 28.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 c2.popads.net udp
US 8.8.8.8:53 motngaymotphimweb.blogspot.com udp
GB 142.250.200.1:80 motngaymotphimweb.blogspot.com tcp
US 8.8.8.8:53 1.200.250.142.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4819fbc4513c82d92618f50a379ee232
SHA1 ab618827ff269655283bf771fc957c8798ab51ee
SHA256 05e479e8ec96b7505e01e5ec757ccfe35cb73cd46b27ff4746dce90d43d9237c
SHA512 bc24fb972d04b55505101300e268f91b11e5833f1a18e925b5ded7e758b5e3e08bee1aa8f3a0b65514d6df981d0cbfa8798344db7f2a3675307df8de12ae475b

\??\pipe\LOCAL\crashpad_4548_PAJOGIHMFRIREKMN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 257c0005d0c4d0bb282cb470925e4376
SHA1 f9b8efb511ed64292568977c9f2ec255509e8f7d
SHA256 8185c36aaacfc71e42f94fad8e198fe7fb2d868398ceabb89261cae94341cb22
SHA512 2f3e8f352ed3ef88e8c28650390f93f98c92174d268330b886f3ebd1ba0163999051298ee12a054606b4986005452a241c6864cd292e69492d79c37d500556f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bed5a73ef8263d6862c40d9cb39716bf
SHA1 e7bc4b3b80d71c3decfdd8a8ab5e0e4d8454b7a5
SHA256 e5bd39aee34d08559a0ae8849c91ccbbf76ccde75de8660461bff29364c8159e
SHA512 cd13b046e19b0d84beb6f4ffb19b530aa8bd7b0beff65f2266c90204d574d9144dee494ff0d7dcb20c9c784c81e76a060cad0232c132ac11779c4526e2d1f716

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7052ad3421343ac0c8564f7c06d3aea8
SHA1 aaa6530182bf0f9f8f6e1b004f54587c1055bca8
SHA256 3a7e214b8fdee3b418a874621d989d89a205df77bce71c9b4f61823a919092d4
SHA512 6400941630bc2ce5da9e80b6f5c00492df6ef87ea4ce7a02ead7bf3ea6edfbb5c9d687ae9b41e9a6ed3d27aac08ac9180668426677a122fa93630ade462e3c86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d9cd5e3d1d58dd7e30c7042dd5060312
SHA1 534d80d061670db57aaeb62b7b4bec90c8f8d6cf
SHA256 6172eda5e8ed1b281efde6d09b915c5ab9b1d68ed39e90f5789285680ff85545
SHA512 7677d336524f1cde27379aef8db4b94e66fca1ce009cd9fab17c995a7940138a644a23281eaf43dc7f993c0d25cf72c740d91d6f795cc5ef07caa81a20e1b704

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 95cd1581c30a5c26f698a8210bcab430
SHA1 5e8e551a47dd682ec51a7d6808fe8e0f2af39e86
SHA256 d58162c5ae5e18fc06604c285e024c01686093d70994dc93b4ae9d85b4c3f7b9
SHA512 e49403df10177053634c431203a91d26df5dfb23cbbb88847459ecdf4b6107040d0944a3e84ee6bb26cb4e8017a35c8c31b658387cd1b6938ba4cb9f59606ece

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 e1c71f7c04be834f5587230db2ad24b3
SHA1 f3bab9cb99d9f343bf7ed3981aaa7450515d2424
SHA256 9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899
SHA512 205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d0f393d64b40cd8f593e0610158f48d7
SHA1 ebad3a7398f555b954a0ae1f7367b0477ff796c6
SHA256 d3edfd5f92a3e20e5efbb31312042c8d43d5a831e4c76aa81f3f14cc3dbea670
SHA512 e1286d1f18820ec338137733cd0f4cad37cea5eead529c387325beb9f2dcea223335b6219c404fc63bf23463cd301b9559ae2cc40670a57ae20b6146721ffe79

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 eed3a05d3ff425224970939aced23b74
SHA1 e2bb6886a03b6b6f181f40fb4e10c9e220825c6b
SHA256 075e7e3e4141c9a89f871d2050e7774052ee93493460982f441bdc51d0071d3d
SHA512 7b8d36a6c21c2e278e2515e62f3c033e20466a9a3879ecdbffcbaad90e7dbc7c9cd35b602a5127672238767f3da9af3f61b8e3121ef81966e0725995802da88e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 95d7fa8d1b0901aa5b6dd5eaf9ffba48
SHA1 3760c926456daf1e5c7b93139df0088424873929
SHA256 173a3131ed367de351cb03dddd8e1ed101b288b4401fc50c6723e81c4101e622
SHA512 a09c229c419a0164a85b40966ce97eceb156d8e51202adbc6aa92e8365e9e2d1ff0c480239d45a3509b94da64fdfe34bab44534633f533860d35dff5b17aba38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 91b214b80bad826a1daf7f0c67d2b7fc
SHA1 ad602495b9ce70da3cfe62b54103f378679bbe47
SHA256 25034b7a4a6463b86e713b630d286e555acfaa624283024ec8312d27e785f6ce
SHA512 b0484931e0dd438806d0580992c25778527e983967f7cb7ee756378dec5d64f803600d988ddf850884578a02c9cb18f33a2432c0f770b627b8f2bdf04c1f6deb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8bad172d9c67fab620da3422e3f1aedf
SHA1 6cbaf1032a26923be680617aa8f62c222fec594d
SHA256 293c1b4d01b5d648291605994d5cbd1f087ab4b173ef160cb78e80c550e7208b
SHA512 79a1b0cf1b628592a2edd4191a82d46b55e01ce12f8e82c60a79315299e8c51c185459efc50469a53bdcce569fbf15809af1d29ba1ab9efc4a304a52f3cde44e