Malware Analysis Report

2025-04-14 04:41

Sample ID 240612-3qhktawakb
Target a2fb1ce96fd246122ff1ac5eccb6b173_JaffaCakes118
SHA256 f0695b9596a35a6265734aa87ad6fb12184be35cc3f2270b938ad447292e066a
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

f0695b9596a35a6265734aa87ad6fb12184be35cc3f2270b938ad447292e066a

Threat Level: No (potentially) malicious behavior was detected

The file a2fb1ce96fd246122ff1ac5eccb6b173_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 23:42

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 23:42

Reported

2024-06-12 23:45

Platform

win7-20240221-en

Max time kernel

141s

Max time network

141s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2fb1ce96fd246122ff1ac5eccb6b173_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424397648" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004754c02dc5de7143975c2afb8606bcd00000000002000000000010660000000100002000000072ef19e4cb105a6f7046c219a004882a0641f4c8bad0eebe189b3edaf1cb8ac2000000000e80000000020000200000008fc57edf3e44f427b76e5127e31a7f248dff2227803e95c6d80a415478e11ca6900000002e82ed9072b1a26443e6957cd96f7503e6d1bb1a46b0c93f174794dbe42bad6749e0a2f93d622768d45980f59c026a4abc901cb9eda02c91e82f32768efc50fe727ca9f5aa487bbc7171d931761de28c674bf67e65b3890f11a47ab916c853da24b8c806f89cc3ac63b0c244152ed4376932eedb002fca3911c77aa16b4f538e5effede6c3b9e87b98aaf4b0d29c46d4400000002c965c091e54b6d4848ca54c489dcdd170c8767ce94da5c9d04bc674b302a1f9ee047fd8b7d2ed9af22d50027662ddb4a25f6bb21b1d0779527026f6d0652073 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{80C580F1-2915-11EF-A5A1-E299A69EE862} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004754c02dc5de7143975c2afb8606bcd00000000002000000000010660000000100002000000057f05fca345d8f82f688eeda1bf3fa800ae9dffc3344f0e4b8b612f2a1ec987c000000000e80000000020000200000001c76c025692d5b016f6713caa26cd623aa3e13bf5019ece4833dfd65cdee7f7320000000ca434b7673d5f67acccda54cb6298c042b8a8dcb490d62cb0bba8ad51b32a070400000002a922f28c7e6b06db2ff05b3c97117a00d973864206a1dfe54d87df84132b8c9cce637602d1c2ef9fd5151cafcaef72069e63e0daf1356c1fe94197d1dbf1c57 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10f1865722bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2fb1ce96fd246122ff1ac5eccb6b173_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2112 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www8.9anime.ru udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 defpush.com udp
BE 104.68.81.91:443 s7.addthis.com tcp
GB 142.250.187.196:443 www.google.com tcp
BE 104.68.81.91:443 s7.addthis.com tcp
NL 139.45.197.251:443 defpush.com tcp
GB 142.250.187.196:443 www.google.com tcp
NL 139.45.197.251:443 defpush.com tcp
GB 142.250.187.234:443 ajax.googleapis.com tcp
GB 142.250.187.234:443 ajax.googleapis.com tcp
DE 185.53.178.52:443 www8.9anime.ru tcp
DE 185.53.178.52:443 www8.9anime.ru tcp
DE 185.53.178.52:443 www8.9anime.ru tcp
DE 185.53.178.52:443 www8.9anime.ru tcp
US 8.8.8.8:53 e5.o.lencr.org udp
US 8.8.8.8:53 e5.o.lencr.org udp
BE 23.14.90.91:80 e5.o.lencr.org tcp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 zap.buzz udp
GB 199.232.56.157:443 platform.twitter.com tcp
GB 199.232.56.157:443 platform.twitter.com tcp
GB 163.70.151.21:443 connect.facebook.net tcp
GB 163.70.151.21:443 connect.facebook.net tcp
US 172.67.213.33:443 zap.buzz tcp
US 172.67.213.33:443 zap.buzz tcp
US 172.67.213.33:443 zap.buzz tcp
US 8.8.8.8:53 xml.revrtb.net udp
US 174.137.133.16:443 xml.revrtb.net tcp
US 174.137.133.16:443 xml.revrtb.net tcp
US 8.8.8.8:53 www.bbsaving.com udp
US 69.10.39.162:80 www.bbsaving.com tcp
US 69.10.39.162:80 www.bbsaving.com tcp
US 8.8.8.8:53 bbsaving.com udp
US 69.10.39.162:80 bbsaving.com tcp
US 69.10.39.162:80 bbsaving.com tcp
GB 199.232.56.157:443 platform.twitter.com tcp
US 174.137.133.16:443 xml.revrtb.net tcp
US 174.137.133.16:443 xml.revrtb.net tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 ebe537541f49202c8e4cf07ace4b24ab
SHA1 cac9f0496ca48743930b00115f5bf3f57d3ca624
SHA256 eab7da3e5c54dc7d1732286bd33d63f266254097396e0cb239d70b8c530a197e
SHA512 b9f7074e8269e5ddefad3747642bffe96f072970c396c5b408b14d94c49a3202d1356d3bfb329c159383a1971da0311c7da0465bdcbebe2f766b399ccf3201a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 e56e8a78c63bf428e8186c359188db32
SHA1 4b93123e24fd5fb6ae6cc24cd34f10edcad3c366
SHA256 923d62615b366a5efb3ecb1eb53d50aa7639815b1d6418fd44f619d810709d59
SHA512 d4d2d26ba9ce9fa36de6f0c34ee296a557fe8ca8258a003fd8df3555f3448cb26e64ab01ed89fb7888e9cc0608d6502192052a1d52d6030f192f6096353c274e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Temp\Cab1538.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd520d6865a3ef73434453db4342496e
SHA1 bc1b0abd9df8860e9f70563b93211a5257efa4b3
SHA256 16874ed0fbe2455eeaee30e5efd6d207390de97e893bc71b15fab3b2d90f3425
SHA512 d1310653dd59da183470e57ff4a71f1ce097702496db8551f53c38462dafa1d0b7552a1617093935d1e0d51c2fc8ce6db1369589c6f3d677394d47a39a267697

C:\Users\Admin\AppData\Local\Temp\Tar154A.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar164E.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8668d69886313ca7ae2c69dbc01e4fe3
SHA1 6e70145e6edcf22f921dd0b5a38433bc294a4ec3
SHA256 18a38f3d728217f89de0d8203b621324c9d14605bcba02d2e693a27262e99fdf
SHA512 39093bea4cd8dcb85745a5e4a8facbf4ceb380039519e2db863809b8f7fbc1d0b0313d307569c5a9090b73f2a159b4c04e46f230f9dcafcf70866f1e61735ee2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3cd6bb2e3bdb89da4f65eb31fa90a875
SHA1 6c7ada3d81bd6615adaba40a33d9d319eec2b245
SHA256 bcea05c4efbbf1584d9ed6a7925812adb84b8c998bc131ca904b9003ba39781f
SHA512 93fb2c9167abd679de055652ac89f741c82108c03250166271ecf5872326e889b4b74acb4a9069915d2b449152f4b981c414e0453d2a880d3f9c7c422829ee75

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 411a3a4343bfb28fcde2abc6ac6422d2
SHA1 87bd6cbc844c690d74fa7d8eb06141622c8ff5b4
SHA256 4645522f6940bd9c9e288f1113396c39271521f20ac2d2707ce2b02ef21f0a37
SHA512 f0f4991e74a2bbcfbff9ac9541e7f38d7d8916bbf09549f37250a4ec722481c0cd7530f67c2fc0dfe5bcbc479f4ce0be1c8b9dacb843ef4fa0d098a9b9541b4b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0dd31064364f22ca1ea72509ce4d26ee
SHA1 e6fb4307620b876dd51343ee5c24fd645bbd3db4
SHA256 0a98b35a0e77f149e91a46383d1afa423ef295fe1b52615439d4db495058e173
SHA512 47c1ad03269f675443359b5c05a98b2b63cfb7303ab29f07e0031c942f6b9db644fc3a650ddeb86f250d96e16b3a4a3d2e9befa00d33b3572eeb7d6253ec06f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b0983581f4ce1ea2325394c59a57739d
SHA1 f13fb0a88438e8f3f99a588da15a706ee76f6a12
SHA256 ccf5db8c81f5b7d7d1babe8db2ba78ee7952e8fbe3f2292fbc87154a14bae5e5
SHA512 77d4bf9bfb60f2f2a81e6dfbeaef4d13a3c966a83c650095d1ac328c9ab9e22a666a30eadbe44b580b29e4c6744f6191c1cd351639cb4baaf42a0b6bf082419e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6ce99e86f554f01a48f822175a973c90
SHA1 8b25e329839d880f0a1c30e13a579d4d2b9e9b09
SHA256 e78f526fb73921e0995ded99114faead74c0cc3ac40d0f2e1c5f25d965cb9f01
SHA512 d71742bc92c3bab0e9a50eb4b7d12f024a38373407e4d60553532e25e7343871dd17b8f87de5f27a5feb337af9cafc9fb797d2fd9112f9c58d830be094ee1296

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 40d645c17f1f30a030f84c1db3730f36
SHA1 32be5e5f18b6b1a421ae5fbddbdb5fad4dd26411
SHA256 f98548f8b18edf9f8c47b1bd04d2b4c5beb937ed68c7d8790fb78063f7a3dafb
SHA512 e68adbed4fa5cf11d4f1da2b7af81bc38f3992d8de1a3f28f9bc1b580ebdd2974bbdb1613f479d9b65cf1b0a30a5c55cf8c516cd3240205501de8be99c7d71ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d72cc3999b8abb2f9a51c49e6a8b8002
SHA1 5b6606e0836f127e667a1cea6b289ff578db3ab6
SHA256 a096e0b3da373015c6ce31bfd7f649136fcd45074bd13a2c0c91cffcb1c07fc3
SHA512 58e58b2cddbbb52f03d902bb3bd14f1c2bbba3b553ba064360b1ab50f385fc514964ae037baac7e2c57e8c8556ed5fa83bd3ae217f0b551988f2ebe923bdb0e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 89d18defcfc73763b881db13b6263c93
SHA1 5aa8cdf6ac26ba9f371643fffd15677b1dc568a4
SHA256 f67e482e95e6fed77632e6442dc96be3f108972698a36c28eac1a66a4d25112e
SHA512 320bd579b37f37f03388a02bfdb79a48fedf18a830bd9a2965836a8dd1f71c47dee85f41306b8f5c92b78de7636e459c2ccbf3168ed9e593dec80a06e5036fbc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ea502ee41bc816c2fcebad036d18b9b1
SHA1 90078f1515ad299f792470915d3eb16855ecd5ff
SHA256 7b74b7262bffad25cb9c048bd2d305ac678f43bf0caa4e23f81f1c455f9591e2
SHA512 326014d71622db98a91cc06ef1260619ac90ec573494a26e4d0f618e0dade45f1405945f5d639729637ca8f1e498349a7447b354736d0e879792bb535479ffee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 85f43f0aecb76bc676033063e6ff8e31
SHA1 b967042f5f23fc4f6451322715c6851f88b781c5
SHA256 eb2980e471895efdc1c6326bf83a613b8d19ae3d1433fee2aed66ad8e73eb973
SHA512 430dda962b8e585c27153d6b767080073759406cc8ac5605a1d8cae2fa8f20df380701de9c45746d522cde42089641a05252c1361acbaa50ce584863d1e1c58a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a6c211ccb1d30b069d04b5f6cec4528
SHA1 421a32338252fe1f8ff0c16d8e71321fc2f03979
SHA256 dd4e6dd3078ac283d2420f4c0a512bc1b971ee69c5e9d64befaa2e44e80c80b0
SHA512 d41bac5373b0091f6f3b1745ea99c0afbe89a42ee27729614668bc1c5593b9022d27c664274eb33e01967b1cb6c9ce3f388e65be6f9fb69499c68c31542cfb97

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a3eb33e3d3a1127a4eaae12b8244eebf
SHA1 c5fe62bf2faa1ff84ccd2224eef2f161b04b9a01
SHA256 438a353776cfa3d0771b8f48de5dbee43a28a1961cfac6bc83a72655808ee161
SHA512 fa8bba40e30b1c7e04cfed8865a043e739069fa154ed4dfb5a1b470ab04cbeef7c6e964cce16049daece7dbf88a9fb4a7f283ad189da8cc09b6b5d81f241a893

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c2dc50f1a306696869c4a412873990d
SHA1 0c6e3103abae2ec6c8bc9d3f4642100dc987a510
SHA256 c756a0e5b3a2cc91b8a0920117a1221c8f5ae0279e846718c757cae4a79be755
SHA512 f2a66b05c0510cbdcaeb79758b7d3e3a9d0c127b0e585e7ef8753bd27b9f2fa3f160cc1fcfa0378d1747b970aabaa992d919303411d82a1a6c01de28f68960fb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 561d75559631900527f5d83b76b93971
SHA1 dbf5a42df601975ec4e8f46bafa68b0330d08c1d
SHA256 e870c66cbd8722cc5a90c46c508998a3f8cf95c69df2542689cbfb56c183e9db
SHA512 fa26dd8d894370ed24a1e89eea85649c943c6dc7dcb605f371a9d66bb990253b643c3fb3f9ee6a9c02c3ff0c2e1f47b30237736afc2bbaf8e0ae77a77dfa2ea8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f8689d08376819b8fc61ff39f92d7cf
SHA1 8d7473f2b1b52f5230671d830f734e3567c096e7
SHA256 1c9f3d9b886ff97f1c1a49118b6598fd720c8860942cd40760fec93882d74604
SHA512 da928f4a7e3255ed67697b4b14452359a382e93ed5df49c1c3968cba2f55c41dccca2bb1e914ee86b5d4534cb9badb0e1c1c52aea941d917234c8847774dd0b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 159cf30aa0ed9f9a3583a51ec19101a3
SHA1 bab9bab5224058da7326b0e717594c1a83fa79ff
SHA256 f9510e2751e91a3aac9e2f98a4ed24d61c20ef3757e184738d07955cf48d5ed6
SHA512 3a0985bf8888604814a4a3f59680c83f0c47fd7d312c10df1e2f4e2856107b4b8298b07433b6ea7fa154f62ab1337ed2990bbc723cc69267c2f4172bc69ba6e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 772c29bb9ec0ba71b5a68c0a2ebe4dfc
SHA1 5e99202ebd6fc2d2ade05deadda3ba4b3f7c347d
SHA256 79d2f1c07fd6d37bc36d44546a29fa0c226af2e83f9069555cd4c7d615c9bf6d
SHA512 cda0ac4059002cbc97efee9ed599b64ca889436e9b6971cbd1aec08b5acb2efd44dee6212e68cc7c4abdd7a7493e0c0c67181f0af1707fe01350f330dbd24ac3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe7a08dec27dd889edb49a430b477e7f
SHA1 91a6ebef2cb4eb392588fef23bd9fe5c44797592
SHA256 e705d3474ab88023afa2ff35295dae2922101e9a652292b8cd6295e05db752ce
SHA512 1c48d5230ad7a86fcda23939b555e2079924ac811ce9f3a9713edfb16f0e06f4d3fc437f89c857ea10b5969af34b8439a281ecc77d685d73151f3c58ae571bbc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 66311ba86176ecc0490cd9065bf9ef8d
SHA1 d54bcaa62839cf02468d731457b059b6450d94fd
SHA256 d70b9f82b44f0d45ce34fbea2dacf421713ab0df0185fb53fab80f1c7ebabbf2
SHA512 75fe53d84bdd1c2c04c04d914de5fed49dc2e7096901a933c4b1102e0ecc2da932453a15ca6ed7e65f12def13220fc78d25f0d1ce817d57d21db85f2cb5de317

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3388c160cf0a264fca86a84202d33db8
SHA1 43595b7e4d45a330f03a1344c85805c0323f25ed
SHA256 3969ef3b4b0d1bfa96ab03e75a4b4352b128d3b947fc40c9d695e0eca29badb4
SHA512 bf6f6c336932aaa08663819976fe67b91ada139f6ba9c7f4e08fb23f02adc0608652c432d8c233f6f6cbccbbf50d6de8c863ba5bcc47d2ca88e2df658dc03fe2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d5a0cf1824940af55922791f7cbaeeec
SHA1 77050aad0aa036ade158bd4204c8e85da56af6c6
SHA256 7d179f364ed7ea29388d2d00238c630c3a50909a9053976bd645b569dd4aa2a3
SHA512 05d11a190a8e236c53ac773756a032bb41cd77f19cbcad0debea606d77a5e59139972ae1b311cceb7dc87024904f35db728abd8d1535b2d877c576089a310da2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c1b556bf386fcb5a31c06fd594e7ea14
SHA1 baf452a58198783f0ea8a399b74345765f0ee3e1
SHA256 9216ea94e4b9c7e5c9c5d9a40becb755006d2aa58c7f31f06a0089a2031df5a3
SHA512 aead8c18e067d01b098ec6fb31cc761f1af10609ff13e2114935ae4acad449e925f4f37656cce759cb726600cef83cccdf6ef796c460e52d1d71c2415185bb64

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 35e6d59a4e79c40405a70f0597971858
SHA1 2c3a058d79f26a1a5c8f2085d5d77a3980f32891
SHA256 0ce80c2b8fcf0906c7c5ddb4ed9be83c3a54f570bcead06836b9863640fd670d
SHA512 813a96879d003d7641d87731210ea3f2f8ad907fc7384b56ad2e3c0320921883412324822df7f037a3378d5e0da1a3f010c6faed2ef35bb57b5b84113755790c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 46c8b82c187ab5f67531618cdd6b7a7f
SHA1 a2ccf0abc8c830b683f2919da0f7e0613d4825b5
SHA256 9c4ff56cb43e8f9bd6efe5c08067746b992992014a7b0fd6212b9ac55a73028f
SHA512 679e828ecf0883f6ab0ce7eff7d94812052cc69122f9beb94abbd0baa5909f8533bf9b6b2d291808710729cd19bc9da9dc27b4c2e06f5b8aa5c2b573cac08b11

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b006f7bfd05c1e2cdaa688170955800
SHA1 2c7356dd4a359d24af9a6891c24b31517cc52a1d
SHA256 dbb15992a116a857d564d1b2dff28f16befaaeb87520148f6670788aefa378cd
SHA512 59556e0e3ba077f776a21eb216731e8c8ea64a750ab69a8dd344b1d58915b16800027276cf605675ccebe965795f21218698f2dbe4dd49b233343c5cfd0fd5eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 73655279b9ac95efabbb96272bf511f8
SHA1 ac9016b842538575096d70fc615064e864071737
SHA256 ef5e74abbd47b11d127252796b3512d715caaf6dc82f9e39a856c1736e736e12
SHA512 aafe2be42669a413fc0e42e5ae9f65e6b99b4938f12bbfe83b0916a5d9e4906ca6f7fe68e855c5b9c3365a38a7c0b93dabbca5be2559c882f71aa1f187518ef0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3a7be4af13ce72e8105aa8ea3a4f8f26
SHA1 e1aa9b478c263403eb9d43568400e5bc46485c1f
SHA256 6aaf4215733a0601498d5977c58170ba9cc1fe891e050fbd6ef0e09814f2a8c6
SHA512 6e4e667b80526badc3ecf3afbae57244e92a1104a937b6db5362f9cdf2f945d5c77bffd18eb37f7cd907e12ff342a40fa3f3fd4d3c3e89d8276e4cd2e427274b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a69c6516ca3db59a1eaa8f7ab3f72645
SHA1 264a2f718fbf81bf62b91802478c13b09cc5cf70
SHA256 675c10dc4405937bf0abb2301b13d62f66b24a0aaad282907bd29445e28319f6
SHA512 de3ca1dcd36166624ff1a6312d73fd33c57cbf05977b87c8a38f811e53ec5245d4f11b3000b08c545cba5571622a55e695db062817eae94371dfa5d4309ec5a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1d780c98a373bf13697e2801fe5dd0cc
SHA1 1dc1bab3ff446c7b825e33e874101f341e7e3e9b
SHA256 63eeda08ff802a0468e06092e690b545c03e52bd7ea3dcbaf2f300f30545769e
SHA512 f79436c03a8b25cbf13aeebeae187a4e0fd179f5d8bd34c208d05083a06a0757d86fffbe7c012102d4019d62e8bba3e4dbec45dfe8185de80b6207ef8e06601b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a7983ae7be97b5ffaec1dd4c2c95c324
SHA1 c769695e6961104172ba346a78a4925d9fa25a74
SHA256 38812acf3a5f5353187895cf52f530c1721c418ee213857b960bd8e76a225728
SHA512 96da1435acdce5a9d857aabda85fe8212e5be3ce93ecf34d96aac0b4df8abe659df520e0336c51604fa979cae7cc79d00d176bbb10a680bb349104d0c5ef767c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b2c9677e187ca4108c35bf92b44853aa
SHA1 e60c9d6f984204b3f4d24a955a36297c00ccf28d
SHA256 a6a47fe0505698e82dc196f380077b455aa7149f703447663f2aafb0cf468c40
SHA512 305137e78cdcbb291361bf59a745da9e9600b8862d38bb3e0f3322f5e2e89e411d894621929c7ae4eeabd97ad1c285c0606f12d9667fc05d7cf4373651252c8d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c4bcb3f5fa0f1b2a71cb62f3afa90672
SHA1 59e40833a6b8624d558e4a4cfad434a1a4119106
SHA256 13ac6afff98e55b9c014d31bb02e5b01737ba91714376ce8a271e55947900cd7
SHA512 d59decb29fb503d4a4279d0461a1267c32ee243d2f39b85f56221654af60a4d081bf6b6c75c8885372b509c2ce5cf19d3f2bbab62a9e284a29d5e00b8b445432

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 534a13e413b46b1517440c54be6fcac7
SHA1 17d8e892d211dd5137f67115c0f411f2ec201a7d
SHA256 8d908f6559470570d0ed8c5b30df084cb4a8332895d6e8be9a43882cf18d073a
SHA512 79da2716933485011d4c61e0002e7f5491df55f53362893bdc42956e3bf87d90af498a8babbc30d2df30910f2d76c9a8db19828b1e7d64bee76e30a6cba48227

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d3231d2d00c859fb32ce9c0e4c098d22
SHA1 35f7125c8f799725f4df3bb16261540cd7187c1c
SHA256 589abdbef0f69284cbccff17d8995373879a52e437f10c7e3acbf1fc385f234c
SHA512 8e7f57b222a051f3e77ac76ee2cd85507b6743600ff8d2cabf4940f7078a30db9a33fa6694c1fbb45da21b7b9402b9958624cd05e11c08281b3b2918d510a242

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e78533d0632366848c6db545d9d8b46b
SHA1 0deca12c0a9c5018750e52e513485e8ce20b1dcd
SHA256 143672703cd5eca562396ea31ff5ad3da925c869be993a4325f9850462e93eda
SHA512 7a3433d54f031da6189ca0fc4bc4e52c7821b3a63ccf9a4c12c3c8b552091afd956a179e74ca0190dc7c71008dc084a5a6eb9a847a5f5af0e366e195ab9c73c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 2c37fefaa8c6bfcc6a836385c4b46ae9
SHA1 2cec620415d0b6369032b7dcd6975be4ce591720
SHA256 47adf46d96e402b60eb936880da3ab819665322a0267f6f924d6fd7f42ff0911
SHA512 735087e511e49210c9f09dcb3218cd474cde8427c9ad6e3cf0adba3ebf1a725021ad5093b683734c619948883e41e517d1626f2583ddb66ffcc0224685bb28ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3a09d8a728e0c6a1b5f773e48b771ce9
SHA1 73898e1347eb40e18ef24c636eb424f82aeaace5
SHA256 f6574c6e88987f66039a5712c23f1f61e7b4b0277d7377d574b72818aae6c7f8
SHA512 f28c16e62b56697fa3c6b5537f882ee8c756eb8a72237b45d356f6ebf6122f9bbb5eba65943985364047225ef4bcc0658f4cef5e42de1b6f2eb1306724b0c855

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 55fac2dd0459a51296b6b2141225ddea
SHA1 5656c749941d8dc52ba471406aea0ba4c0d39081
SHA256 6102ce3e985023469de131ae39d713f3f215f07f0631c74502eefecd30f37377
SHA512 391ea522e29c4eef90a6b0a61179394c9a5df1382f122d56eece6f884cf2834238f7a42f68ba3dd7dfd84029f17acc6dd417e5680ae010e540c7e1cfe6bccc47

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be852c1d6e229497edda825633f3aece
SHA1 d4731536e59a67e0cb971ed66063192969a64c30
SHA256 38cd2ff6de72e731835300cf721c2b631151a08b074c0e4e344228fe485c721a
SHA512 fba64c01a2eb53c3b4de6e7be65468c4779ead4bf3bb4d87782d873d688056def05323ae66d4f9126b159f5da24a3b59b2197bad21323b2a0059e55b53e1d382

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1285a30c3b55ee4580b11bcfcc23968
SHA1 6e3f05359b176021d706496a613f15afc24ddd66
SHA256 0aa8123f6ae1d2ae18b74965426a26ebf4706662c70844097b0fcc42908f0ca9
SHA512 cdf9eed2cebf27d5d85ea87d1cc7bd2294956094a776c3da723a7e2a553392ae8c402da3e68137203cbcf3df53754b9cf6c16a5d576fbcc32f03bc8f82e4234b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b9357d584a611977ffd0ad6783ab776e
SHA1 550d9d1027cada668a5a9caacb6c56dc5d5463a6
SHA256 b6e56312686227710789595bcc04ebbb5f17636d558079e2136105f73448db08
SHA512 378086e76256bff6bc7bd394732328b771172bab2245d2db9845073c702c3877a08fbe1ee9578cda2d1d672e0d2836ba96230bac92f19372930aa4466459a76b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 9bd9581d61905e0445855216785134c7
SHA1 4f4c9982737026392c740fd44e3f2bdce01e14db
SHA256 f3e5a41f1a1f0f8826cc5a71dcf8b555899c22a72f86bdfc3de0b0dfc8ef595e
SHA512 8ee7c7606c223122bdc59d295a36c7122576454e25065e5a8148a8995a8c7d2c6b56c562a4c4708be431db4f43d7f94de95ab532c84fa4e53f92fa7cdff80587

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5525e9a0da11e439dea15452b7cbfc45
SHA1 769fda02c88bc2f50051cbe0235b0c065c82c59f
SHA256 efcbd194e89364199ea2ac476fc058c1f119310e76513e7a7028fb168f0d7186
SHA512 0aaa2463b01194de8f7065bd3357c8a5c61452476ea75590096d36fcc357ce25033b8176f49d0ff0ba1233c473449eec51d8f48d97265c291514cdcbe6ed2025

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 af70392921530be98d69436db28eb506
SHA1 d9804ab041de58cdb2f1ddfd421b707a5827cce7
SHA256 8102fbc0dc714bc4440fc6911746a3b8be8e00633402aac8481d652dec43ffb3
SHA512 f6192be76cf68e0067f2efbc7127f8b69ba44c8b1b76c1d68f3bd597516da2bb8a3a11ccbce9feb8d6dccc46ddc177b7a29e1c3e04bf610b52c529929cc8bcfc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b8339e17457bddf503c8fda84de16807
SHA1 1fdfd01b41361098e32a77ad98d0edcb576a1c91
SHA256 ee27946ca3533cd806c5a8f399df72b0b4b7030dd3bd7549b32ab300bb2c7a78
SHA512 15c81dfa61d0cfbbf2287854138451134b44c6d66c350781a3f4f1b64d5f491cb97b97dd8d159588a3be2ec3eca1ccad9f0d3f457d7a9e9d1ea2d004596beff0

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 23:42

Reported

2024-06-12 23:45

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

131s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2fb1ce96fd246122ff1ac5eccb6b173_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4088 wrote to memory of 3132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 3132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 4696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 4696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 3384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 3384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 3384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 3384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 3384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 3384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 3384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 3384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 3384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 3384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 3384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 3384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 3384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 3384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 3384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 3384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 3384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 3384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 3384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 3384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2fb1ce96fd246122ff1ac5eccb6b173_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9cc9c46f8,0x7ff9cc9c4708,0x7ff9cc9c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,7834810517584140170,8756046961070063351,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,7834810517584140170,8756046961070063351,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,7834810517584140170,8756046961070063351,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7834810517584140170,8756046961070063351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7834810517584140170,8756046961070063351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7834810517584140170,8756046961070063351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,7834810517584140170,8756046961070063351,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,7834810517584140170,8756046961070063351,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7834810517584140170,8756046961070063351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7834810517584140170,8756046961070063351,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7834810517584140170,8756046961070063351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7834810517584140170,8756046961070063351,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,7834810517584140170,8756046961070063351,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www8.9anime.ru udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www8.9anime.ru udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 defpush.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 eaa3db555ab5bc0cb364826204aad3f0
SHA1 a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256 ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512 e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

\??\pipe\LOCAL\crashpad_4088_KZVVYJXUAMWGCDPQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4b4f91fa1b362ba5341ecb2836438dea
SHA1 9561f5aabed742404d455da735259a2c6781fa07
SHA256 d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512 fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b922fddc8d6feeed478e8665f8d59266
SHA1 87a05785467590baf05f3dc93c55957397ef0a55
SHA256 caaf20b57294911d32806cdda5acb407856cd75cf77048ce6ecb6b2cc21d935a
SHA512 686c30bbcb05b76d2fe20219e5db9bea4aebd89c0c5335cc01d34dcb8891a535b30595b5fe844beae9b634e2c37c18e1e6efb0e088cb4d4c3f3463332f0616a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3889e66d5259c96907e6cbb34fd0d61a
SHA1 db5aaa4e02432336436b08cf2c0b20bae7a7a17c
SHA256 8df6a12b4a0ed152156a86250126ff6a385b46e213b69eda5e3b405d6e2c810d
SHA512 3113e0af00114e4fb934cf262e0c4e0f2c44d3bc8d1b5a1811e359253e294c884efd97140f1a9de17f6afc5cec2f7070759847743d2ed0b86a386cc67fd6e0af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7a6661751f5de8bb4d8875179611c734
SHA1 842ae727f4feee7cd8dfdc80cddc82b3876a1085
SHA256 09e56e9873aebb4055af80d1b37c26ad33521b3c12043361409112b087f7d354
SHA512 49d44a333b19b5f4bfe136e49c0820926660532bb585bd1c405e19457e84f2797a698c95511d01b8e23f1be557a5853a556102de26720138d7dfceaa5815dccd