Malware Analysis Report

2025-01-18 02:06

Sample ID 240613-jhmd9azbrb
Target a477c45cfbcc9c81cf0a962513d96ed2_JaffaCakes118
SHA256 0474a859b36343cdf9bb188d1a126a30587e3402f8089e3de8916060c5805d18
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

0474a859b36343cdf9bb188d1a126a30587e3402f8089e3de8916060c5805d18

Threat Level: No (potentially) malicious behavior was detected

The file a477c45cfbcc9c81cf0a962513d96ed2_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 07:40

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 07:40

Reported

2024-06-13 07:42

Platform

win7-20240611-en

Max time kernel

144s

Max time network

149s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a477c45cfbcc9c81cf0a962513d96ed2_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426288" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000e0584a39cc267effb608e7ad4cd8085c8dee92d58bcb42ff05c858758f86f1f4000000000e80000000020000200000002de81ab7b81cd68cec73b6dc7f1021dcbc74e86a4b71f854daa553ab05104cfb2000000055b23ff26cf7418a93f6e89bbf8ef754263e304ee7c49387715e1c678729782f4000000095a58be7f9eb41cbdef86fa14cd7ab0d11b1cf2bd04037fcb6b1e4f289b1fb56f19e21b44cd181f759c3b6eeb2498fd6276a49c694cc4b853b5c334870d4e363 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2EC12731-2958-11EF-9BF5-F6C75F509EE4} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000002b76941b4fb2f1ec02348408ff32113304cc2562d17711ba4b0e0a8c51178623000000000e8000000002000020000000e1f3fc407e63e42726a8547c60e8cadca8ec8217c0f023f267f11c60a6877015900000001d0c09671da1dd50304d23f00476613ab18a336d511b92c3c625c9e38fecaf76ffe7487b27a4d7a2df57bca3d10ef4172042d1d81ddb9e5ddaa043db9998fb777c15857c5babe045a5d9df5c68dff48d3f06f4c6e56fdd4570cf003db7b48da02025f1cf37dcaba6f45c0bb27bee232119c79c28e0ae900cf74b98790f8689690936cec792a853096c7d860ccadb94ca400000002798ae17580debad670e222f335e1f2f40baa45cef369c2a774f441b783f0c69908af36b6d7287cefbea27a9d9c5d5f819abfec86b051a5ec88147a527d02a73 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0a1380e65bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a477c45cfbcc9c81cf0a962513d96ed2_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1968 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 accutech.ae udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.196:443 www.google.com tcp
NL 160.153.128.27:80 accutech.ae tcp
NL 160.153.128.27:80 accutech.ae tcp
NL 160.153.128.27:80 accutech.ae tcp
NL 160.153.128.27:80 accutech.ae tcp
NL 160.153.128.27:80 accutech.ae tcp
NL 160.153.128.27:80 accutech.ae tcp
US 8.8.8.8:53 www.accutech.ae udp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
NL 160.153.128.27:80 www.accutech.ae tcp
NL 160.153.128.27:80 www.accutech.ae tcp
US 8.8.8.8:53 embed.tawk.to udp
US 104.21.7.106:443 embed.tawk.to tcp
US 104.21.7.106:443 embed.tawk.to tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
US 104.21.7.106:443 embed.tawk.to tcp
US 104.21.7.106:443 embed.tawk.to tcp
US 104.21.7.106:443 embed.tawk.to tcp
US 104.21.7.106:443 embed.tawk.to tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab697F.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar6992.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b723f124f209ec8a055504a22b1014af
SHA1 4e01283ac38f50a592dac2ffe6d865e84e923b19
SHA256 c0ddd8e2b6a76d32a159dbacf431109221f152439ea264b8c096ce00c6b02e88
SHA512 5387d76771eef8733f598ff2ea5afd25b8c9d610f890b27b7049db5f10c8f496236803cd100f77fe4832d1046110830a46a0b192a4ec1e5e7e1b5c00c1f38063

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f8a1f592355e0fb0e04e11a01e55644b
SHA1 7ba429ec2253558c519f234474105457f4c85e5f
SHA256 d9f4916c380e90aba6621a92dfc40227d3339eb730e4e8eb0459cd493383537f
SHA512 127642788dd700c1549f68152b333891878b379610fa93bdefe8f668555c59f8598126076489b6eec57d84620f1f557f58a38962f2f5c963fd80b895261dd912

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f112efcc532f850445800e47bfbe47d8
SHA1 ef4d86cdbc26318fb56e29fa326426df82282c0a
SHA256 315be4391b15e194b228396d08cca352f0af8fd0196e40a16db5728cb0086fbe
SHA512 9a6977b7faad804d596fe6abe656c535f7e10a7077f3c922f26197f78e6454e60af3e32b289bc1788f126088aafdca4db2ca878917c5f4e9076defcf20aa6d19

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 260c800ab5b135e8c0dcce353e5c8d4c
SHA1 a6040f55d55d6c6160c055d0853d9d0c3afb0a4f
SHA256 961bd2913cc5a089ab2cca5dab381439bebb666ca9ea0e9de068e0115b252be0
SHA512 b0211765db3bd428400d653b33fc588a0ed9f667f036a921d21e158b45f9f5cf3a9cc3550e569552e997c9a826d526426b9a134090ab14840f25ce298ea97b1c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c4f12f3078abbcbac5d1198c8ecb43b
SHA1 9cdf89732add1f68f9e4658a4dcbec844ca2e9f3
SHA256 9f362cca2f2baed5ef87b08be2f00ee902ebca894ce98601a100dd212b407e4f
SHA512 f8725414e94a3e1b2436b33f7f2f6696f6654cafbf32fb5f58a9f0ab8e4e7b249e715947cf4058f5051c639c0e047aeef4a641766b8e004b9ceda88ec358635d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4076e1dd2e79b42aaf4d4e7040b96b39
SHA1 051556fcb09ca5260c4caf6117d4760eae2080c0
SHA256 d7739451b27a17748dd384639258bc5b7edebcd1bf209825ce023fddf2d28267
SHA512 3d6726709e8f36d38f0b8c8c9c87e118ff1a3a3a52475fad6c0f0543de687473043971a1b1604ba7d0e052038e800d84f823b3b7f37938af99bec0baa9899edb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9efe4ab8ffa777cc64f959c4b0006f9e
SHA1 521c24006aa95aa1e1c9ba189f77680b1c24fde1
SHA256 0fa9f6cc525ed6ad2b7db665d8f6313c29cc18aeaf15968604f2a264072f250a
SHA512 3a0abd37c1a8a4fa8a8acf9b5cd29c9ca575e712c4e41f7412fbaad1d456f610519b5c0433f0ebd2600679afa5c88257864396e5b3da79fda06dc6d259702b88

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a3561672ee72fd3b2b73b1d973ac3a36
SHA1 19bfe58a49d4523641efc458f1c463e9ca56f449
SHA256 6d64c0ee501bfa4f2a7f4ca322731c342fa35e1821bfb1664aa4081fd0e4dbbf
SHA512 f52b71e9b36678e5beab5838fad2b507d444072c047157f3fc784245a07c27e02486fb00de873df4d34a45de4f09710bfdc24dd4af30ae7bc43019b880cda3b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e5e8ed393fc49aa9763277f1c510d99
SHA1 9975761198b62b24e253132a3900ca1d52991273
SHA256 9f0d7a776459ff08857d6bb4f18e6a803dee967a021ec83a0f330dd841549443
SHA512 ee25a78ca789757034b769df532fda68add9024602480920913252299c69bc0352895cdd4e226fba905138bc0886c0d21e4eb2c6fa6482d17528ea24200aaca2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d031360592b3af4f1de42bc82c44deb5
SHA1 b2d73b983cc6706f748f8377c3bc13d0fd858a86
SHA256 7564ba5baad504a77a5ea06c6562ccab81b5d6a9f1849065157e60390cf3f1fa
SHA512 e7cd104a0f3db843c65560ab3e11588242a340054cfa84977922e87ed5ca5c23f0bb94e149a8972f9eb7c1821245720c7707a28ce2cf2cc5a99b973367292622

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ad23aa45da9f7641d0c42c5758e95d39
SHA1 c48e6f557cd525b2fccb663b2505d536eb85e07d
SHA256 467c414f04fa294f954b03c93b68a20174d5488f3a3392d62b729e8b2b328809
SHA512 566811817a4d4660731ca2339a66ea0e30cd2d84d335564c52b91662ec2fbbb729c58c5d089e5258457ab868d68a8f43187522a80bfa46976916399371aaffff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 528fa5159faf746a6207fc6905e3d912
SHA1 29b51c90e765cfdf4fae5711d30e05e7652b14a3
SHA256 df3a14a81328a8304be66a7e33eba053020a7572dac85ab986e31556c65ad9b1
SHA512 86922294eec49ccdb9988fe22098f084638a28a6e091955d95f98e6eec4229fad8b9642bdc1f7764b58368acc3d5e1f74fcba9763fbc34177e91905d3862b4c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 028cd78c0922bb556af04342c76d84d1
SHA1 980417de74f6a4d52acb849f0407358968b30fed
SHA256 3f6ffe973f8746e03b4b25a6497d30410ea0df7908782e2d94717e16821c5d62
SHA512 20c1340877dbd33e42ec6e43acfb7eaa0c0eb9ed6a730dba9d89a7a6813d3412a43725daa105d95e83ec489413b5639957263409e11d376370f119063d53b346

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 10ae7aede5682f41f92d3cc3692484f2
SHA1 fc4db827ed2c0092e8520a6665cd46fc930b5fe5
SHA256 bf3f7bfadb5784acdc6d95c682fe79973c407832cfe0fb57d3eeec27238ee8f1
SHA512 5631c253d4998923a03e8e0baafa197fcd238969f0203d5a3c4df3ab538af457f269b596f4f477d7f0c03fc675b09efa6c88677c3629da3d5d04a0632a64330a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4619bb43e54d96886edc19bb46825d93
SHA1 805260e8c02030f831fc8c3f6999c9397a6ce566
SHA256 05acd78516a8b31d6401cd4035487933f2ba76a0633dfd1b96c16fd324c01d36
SHA512 d47a7411b622d79b4974304ff7ad2f99ba3a89bd9e5c6021e34a234977df0e7cc8be2caafedf6af4d4af0775bc912aed858d214a6191805c1c205eb459c94e06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f4e43bd04427d46be3525c7431058618
SHA1 80d94a2cc234b03dbf1d48ff871659c5cb1c85b6
SHA256 3ef8dc6bbd1cc3135aa9e0a1b8f9f5ff69b7d51ff630b9f409615e5cab7bcac6
SHA512 fe3ff8305d5b9972beb8dbbce78c547b933bde3ea4870f3800f2c4e421dc5c7e15759a5b4e145f0eee10d0eecabe94e307e0a30dca49499c4308cd39cc00e974

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c3a22e1bb7d73c1ecce601c7a13922b
SHA1 78ac9498ac4e87475fd5539b8613ca91b3384900
SHA256 ea6ea54426999beec40730e8c0272c2f8fb314fc06023d56cc75c4cbd6af6028
SHA512 80e8c5a762761eb65681c0bfc5bd19282b657e01f797fcc1607ac5fa741b312b23770c5806b53663ac1ab78381c5fe703be1cab3f8be32f9fec7cd48331a043f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3d7ee49899904f5e74c6a9b7df94b578
SHA1 c7fd69a800051b299a367048c78ae9b74c270ed3
SHA256 0d645485df069aa3faefbfa2056b46e1f93312bceb080a904b45107eecb834a6
SHA512 cb1df91652709db8d4fa01abb8b9bd28c2d3ee76f899bcceebc5ca9af42f431989798e5d9bc8fe9acc5e10e075289cc65f8dd3f269966d561423e4c0b97e4822

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c4b42340abd9a4db8db0c7a4c192a882
SHA1 e12bc33b1f213e03d8519702bd56a3b253edb695
SHA256 d06e8709d7cefba592e03810c2f7a7f6a8f4908162fdcccef54f2d96cf6394dd
SHA512 089f41822b90bb4f7dd3efc9cf6edb039ed662d6988a166a8bbf8f62c506e4771d68ba890b5591dc7b7dec66a9f6fc0dd1a4910b62b42c70f83bb09f5ab03f64

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c9d3e274de24f4f4441ba7a1ea42df6
SHA1 bfb1ffea18db4ebce84111a7cc4c49c676cc69cc
SHA256 580e0ed92e8a34dba10d394abadb32c15f0f7a4d18f7837a74e6ed54b52c8f07
SHA512 df7fa466c5701198f3e47ce9814ae17a2730cf4ae01a168599290f3cf9714288553811811fa4f5b79d21c006bb62ee0f6d7823c6eebbdecda454a6ec9205fc26

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 654b51785e5a7f35dc102d38f697d8e3
SHA1 293b97c472c259b26323a3e158a0700565c7c48f
SHA256 6923ecd363b2da2880d0bdab4310db503b46d57dcea09edf0e5e2e37c87faa71
SHA512 c6dfa77c0bb2bea98114440f9efd7bd777effe6442d3a767af044eaf1d5605a3f92fc5a529ddf70a2b1c5722e2320aacf578612bcd6719cac5de0e4ec1250174

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 769288552abd3a129b865e87869d2ea2
SHA1 4419337f0b60a2a8839c8ae623ef2d1e86ec8324
SHA256 1927c7bcbfeb353efd7f1e93f8d5e02483f9a4b02247e754812d02fbd17c35ef
SHA512 07a9ca5bf6c067de740f91dc55f4b8c40629028a603ef44e9fdff66361284af9fae8557012b24b31ec9d6a654dba452373c35aab6f22249e992b0bd9dc8c3121

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ea703d427743cbffd85113fa35d5a81
SHA1 7a1ce2f0b731319668c01d225995b30516884cdf
SHA256 5436218956b394f2c97b353b335d57507b1750dc7cdb4e348b5dce1461882d18
SHA512 590ad1b9f8cb948673d70bb1811a3ba9b09302ecfd45d14844dacccfc7f5dcac477c603f480f7b44c9ba02b6f17ffc6f1abed3d81cf7eaf94ff97e706e801edf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0e4f1b3be4fcef650ab92bf2cf0aa9ce
SHA1 2655a288b66772fdfa5f6633fe373265aa235f0d
SHA256 3af2fedeec81c373719d7c4b53b42f95b823227d3d7a7a4403f301303726a12b
SHA512 b7de22a694c28c86d382652ce6c40fcc4b617ae2c0499aa80490bead7e1b08e0b7f69747e8e8634f1a15aaeefc0caaebb4762d2e5a8dd17bfa63a37b409adabb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6d162555102862f0615d910b8bf88d3
SHA1 032e886aec91d963a8adb2ef8392a58419678699
SHA256 67b6aa2464148b5fdaf44a4d6560bde0769fbebb3888fc3344cca0368b07fc8a
SHA512 371f5e30b87e18268d684af931d008410b161f76dd6a6f0bc3ff36331f0cbdcb9dd36e27e0c7988ea0593fa5f2cb1ca33f90f2f606db34091a4d3806e23e0731

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 12ab3fe555b02c18d9bf652f7243a8a8
SHA1 693a11873e15b7f7ef485c2aa935897762ec67ba
SHA256 309ee830e5292a699903ed2dcd2a75222a39dd04eea7435b0344f252e9c3030b
SHA512 66d12b430160dae5f92c813f6fea9663eed31da1072bdfe53b9b7ba014e48d4806038ad41f5a0abd5d54a614ca4c2b5ad9c8077f12b49369cb0e89e36f26b017

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 98eaf8bc5a52c99b9bea9a81cdac0eaa
SHA1 661f038e25c3a8fe92ca38d3ae091f6732db2a40
SHA256 5d881d4601715b34b8f247c04c54382b6a3d93f877758afd93f4d8e3488347b1
SHA512 05d010a873b20f9bccc9bc435d9e0af9b3fee1ef9c4078f73130a98823d95a65272dab383f57cdcffc58766402a962bfed7a8c39813c44f7263f28965e203bf1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c16510efa15f69ce2d9634ba35413ab7
SHA1 7b6b061d23428ed660cea94b9815e75e9cfea801
SHA256 fb84ef20a95a58e7674c7750ae5495409e4ad007d3b0c0bc6e89bc09e339a339
SHA512 7644a720483e768cc116fcb916ee7ac7e19378f2d6a49d5a4624da92871ab6282f314f5cfad7ad82d7d98a4909097dafb2efa9a9fb0b437b8bba463a63cfab5e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9187f456a13638293a1eb82a84bd5b98
SHA1 ba4a9fce093f87a24bc22785f3bdd47e8aa1ee20
SHA256 624f661f869624917ea6688cc6dd6946202b49ac3a99b074314600b57c0d54ce
SHA512 aa82aa62ff806445a7f21fbc07a7051fd28c82ae9668bbcbe354831a14f0952674ab255154b903a7046741706784357c1a0334ec7d2d93a729a9cba9fece96e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8595632eb24bafadc3a0a3f5bc2f1b0b
SHA1 bc2516734df3e1681b2de71eb9ddf79199a635eb
SHA256 88d5f5c36dc5c922b43147ed4bc7ee7d33f065924fa8f753f7325328e3359358
SHA512 d4a40adee42170c07d19b32bdb34018ee1287ae57b13f2403483a6b37c402fb1e85ec9e98adae5c07770887a1a76a873b582cb33e473720a968a1b7b269a396a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1dd53f91ca8ed1f6a6f2f6c05db05bcc
SHA1 1fbc72413f999c6624e3f243654b087cc8e37527
SHA256 cb7a79f3184c580803ca1f695c66cb0e01cafe1547b35cf1676c6176d3b7b5b9
SHA512 db741e05e500be95a787f7cef00356838ecfac9d5b7f8e0ba4fa3caf13015b0aafe7a4bee09ee02074d953c763d07727143396426e3746ab4ea2b9da9de90345

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 143a6b8db754580c21ce4934d06a4e69
SHA1 161544a996d3d5574095f76a9efc6e3c69494cd5
SHA256 9be57b17364ca08f4404eb6589c6f9687c435212efe2c99985b6210f63fcb796
SHA512 0e7d74c71c2c26f5e0a0fca15b6f7d711b3b15146dada2846c6af0a107991273c2e5d0ecb63d351a6a88e878943b97fa35802266fcd623222845ec6b6cbb365c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0bf326dd9248e0f32b1b0fcc3054abd7
SHA1 b4d01b1a273e0ee0cd3426486fd8aa49f2c12fb2
SHA256 550749e4e96501562ddc7ce070d40a3438d1947ab0991a446af0fa6ccb5d00ee
SHA512 6617876e217f8cfc46b0a55dccbf93ef88e70b4dd5f8b73939fce177e76b775580886dde7dece8ff64294614344dc495f55d2fd75add2b30c595eebedf42253c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4af4f061aac59d60690fed8123f723e1
SHA1 dc28cd82a006f695d6192a938384564a2de6954b
SHA256 9810d9dc8f08cad6f21fb54a6c57f22792e393093049887a3b7278b6b992eaed
SHA512 544764b9fe54f0a1c09137840df38d168e5fbef856129c76f4a1b9497e124a627d06a6c5a5c16bb1738151b7bcebad5d0e784a2f3153f9d7948c737f8a0f3d3a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8385757a25751d4160d5888be13a7b4d
SHA1 0999166027ad5742df79a2aa5ed5ca6d91ae95c6
SHA256 cdc5c836f0c3cd4b7592099d8bee9eaa89fbf4ee554293dd2e1de34234c1c0ff
SHA512 8f081ec12a5cc82ec56b41b66fbb5bb14f45d716480a3a0e4b85851432d724e0f7832472afa56db88031626236f0e78dbaeab176b7bb87f145a577bd0b93d3f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e8f237338430a163f8d62bc3a567315
SHA1 0f56632c2ca019e11581b0cca173099884505854
SHA256 9e7a26479bdbec3b17b41a34b17ff8b16f5fc39459758f16ed60834db1c6641c
SHA512 327e5207607c7911b6003395f5875fc7302eeb73482b3da9d0572de70a02cd2078f0c282a41d893fcec7c2162dccdcf3aaadc44c89373d5647d478d3e01afbb3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4058c2aae578df8782ac2c3127ef0bdc
SHA1 999b3ab1292c29fad648d9140a330fe7749c3eb0
SHA256 cbed1ba462ec43e9fdac698c00f54f061c0c9a3ad6450c468beff8f52a590a75
SHA512 2a948910b0dcb5be205177c239157cfc3e1c5bdeb649cdb0c6992d3d9044f72527c037b2a21137ce506924116f3d9a523e423e6b79f4d000cf2fe637ae1481e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b6b4db891fcf89137aa50f59ea37974
SHA1 a998b3390e7716038ab51acba3a7925ac6f05077
SHA256 2675e45679cf701562acce88f4536b12ca5c49aad6b726cae34d825c40752cb5
SHA512 f6feb2e813636e7be652ca38adaf8453943bb8f48c0ffe3174585b6115a0b74db7d518655e914465d6569db8c1d697e3088ff7b3c2975fdd7d700bdfbeced930

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fdcdadbdb53c2c9bf8a60000673e2128
SHA1 996bf38595e005acc0e847ee12673899f25252e9
SHA256 4d2ad5303e9a59aa03ebf599904f0ca85530482b1e4958319e5892d3dd7797bb
SHA512 bba6a26cb4cdddaeaeccc8f20c10780f3851932801ed53eedc8d21f8a09df6a19755b061b2facd8436580ac2fd6dd9284e4ba9a7fc01153fc934498659aad3a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c918890b23d43082a9a58e8cf3ce6976
SHA1 8f1ef051dc86a2e862b0f7dce4857f974bfee18a
SHA256 bf62f196d661d1e7b15cb078d4a9de7cd80ffe10ad0c17745a65574a3a78c066
SHA512 7cb32176f5f9651c09a8a461de071780483f595c6d6b8259580ca146338970bfeb28fd3d154ef98ed02d47aa3229adad41616b3daec3c1f550bcf72f7d775263

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09e090efef298471d0bdc15919fee54e
SHA1 a7f18d226939b8ef5f20625fec7a8fee85c10d23
SHA256 d93878ed0af077042ba49605dd5b5fee10d36bdafd36197445eb54d30e87a55b
SHA512 0f8172626e91bdd76752ffc3fb1fe02eb7ac43e89f001c6753a6dde6575efe4680a2565eacefe364e09726545d36df87f4969f79a47cc5e2dec9f6cd052c959d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a61317d3ab696ce471c4c4a06a5da9c7
SHA1 01f53b994e1f083d693942713f75c759ad516920
SHA256 ca690e0b6c4d0254cac762dd94bc10826f3983de56a73f8ac664e6828c8d4e10
SHA512 14d9862cc8daa15be63f5c0ef7a73e657cb8c4562ff8d88ccd14c8d4b7fd9fe970d5c161859d49493dbce9466691566ae8fb3c3cf65a5804ffc97e0e99ee8649

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a3c58c9b87bf38d621127079e0431887
SHA1 289644ab8506f20466762c0d8e045bd57047e41e
SHA256 2527c71aa9e36ae6b1ead2eb1d4863f893b8f576bad1db14aebccaffff881e04
SHA512 36531c4d48efd8b00bf92ce3bea69a6508964bf68207fb536bf3daed754ec1ae58c534a5fc2f923ebd3ae0fd91ccd29b14635c060766997e4049eba47532a42b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8637f0b77fb16919034a1981c9ab682e
SHA1 b7d208b1ca09bfdfc1efc2b44d850a53abf07cfe
SHA256 25c83e2def4ff67adffe7a4730daef7d408cd19d669d5019ae326f1028904341
SHA512 c659d3268a06157c1604b0751600114030f5f8833596a110a1b66e95f5d8505a96632a90bb857c2d35761c1e11381b5d4a6728d62ffb383177f049039d5069ca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c04e9902fde2dd9e5f84f15def592f51
SHA1 ccb000122939fe83f0332566360119e5a7f10985
SHA256 53615341eedb789e4e80971757d95e2079c2a25c8bff84a3d36ed59c7ada0572
SHA512 04d6af246e99434c8d6f10be7f0cefe262ccc7abaa1a24b036a0964d1c61327829adb154d096b5c3c7038efe00c4c7a7e5905c0fa3cccae2105da8df1e1bed59

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 18ac804f9cbbfe95b363326bf9cec5a0
SHA1 40807f5d84565b80c999eceea6f2c3bcabbd275d
SHA256 8ecf14dffd0c609b2edbed727fcd3de4150ca558e08adcc8cb3be08b32f41506
SHA512 088336f1c6b277ba1631458fdab4958cd6049506029686a99fb1f66285712c99f6e08c28d3f880a8fcb06cf317203730b7560310c30de7fe5b5bf4a9fa3b795f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 100522fc524551152e403cbeedbfe11f
SHA1 6aa5b15531f1b9b4eb7a153b5f5ce9d1a4d67a10
SHA256 0abbe096350859f2b540acf13033e12c166835d1dd248511223d8a8b464376be
SHA512 d40e76add08c2d3c10b1a19d5fc68d1936c5371d0dfd521c0337df2a8b4e938819e51862ece0947e6af95ca86eb965882b0998bb7b8823f8970da08ef7fc4f70

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e55e3f604cb43413308597221624a2fb
SHA1 6de08a23cdc5f92f86df33a5229cccca6943a487
SHA256 5634f52e287b09bd60174911b7893b3b6a7a515899cb3d317de3d64589076798
SHA512 f11aa308246ff80cd1c215d9452810d6fc71c44bb5288e0df93b61c3fa8c8d3d7bbdbcbc75820a5bcedc5d560af3778ed8dad48bae6bec1d3180a77f2bb8d8be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a246105ed85e90e8ea34c0b4658454c8
SHA1 9bd40707723f37d8975f4692fd064ec331f41981
SHA256 2a859a46bfa670bf16e78a28a22dd1bf788c4664cf9faead3e548e30732a0408
SHA512 068eab0bf1395f90c5271c38c0fe32968a8e81218604899a7f87270062967e95380fe9ed6721ef58255b21f65fa8a0ab5fe41562a5db04a1e2299f3b54b3f90a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5c0424ad672bf209bfabc306bfa48f58
SHA1 3b6cf3d7d99259fc1ad44365083cda836be10c7b
SHA256 4a980483d598632ce733222d0715214f6148cd318c1cc28bd0165882c7d17283
SHA512 2de500b7f00d8bf3e9a9d923fd3db38fb2bf1886e53e6f611436d72ca268c9e35a3fe96a8c08c838b09576bac5fc52afbd92068d0c1fe49048b44e04f84deb3c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ae889629aebb78de26bca57656e68a44
SHA1 6925b3c05de56ea1ce79cab34902188c0b8d9b65
SHA256 c7992753ed59f4fa7b13c9c4e2d304307e31c65e8bb3f7e9279373c6e4324500
SHA512 b46d6259cec46bfcf80adcb0677223df8721a54543daf609551ec4063de80090f4e12a08832762bde859d07009bfeb2978b91f5842b98cebc2d3b8db30dd0742

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 902517f5da502cf0390177ae8fbded43
SHA1 febba36e3f651d07eb24ed8f0bd7daf4842e9069
SHA256 873d8df30d22c72ebd668dd0eda7d5f0bcd87238440ca28cc756d59742ad3520
SHA512 d9387a0da4c3dcad961025d21079008c04b658aba3b831be93192f6348dd721c67bd1fc9191b4e39d05490e302dfa68631c79665265ba6805552fe8fe66a25ca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 12dc76e0308a3f3127a511c4244eb800
SHA1 604ae5571dcca954e12be7710520167966334423
SHA256 d302095896e2edbf4fabb2cd6df8b48fda32b339fac5f24570b889c8f758b798
SHA512 289d9dd0ddc619f19ae6a6f3898ac439eecd2205c56f09ec65d4c9ae7ee290eb5a17de5325748b70ab52f0c68505a5965b0c7f0ab62cc3bb0ed3dc6bfa667d7f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 91b67ce47f03b19255d466db7938d4d9
SHA1 1f44c9db862fc7d7b48838c706be09e746129aed
SHA256 a8a6aa96fb3b05eb655b1ce0c446c24bd53d5d336f1c651d9ab20007a1108d2b
SHA512 5dd86e3fadda4d4f130fb0cf41f85bc9967721956a73a142cf3b0595656988d558db57e7ee027c582c171057ef92392cc0685e783ffa9ab275c24196044a7d5e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ae3427cd4630423e6e13616cd60826a6
SHA1 fb5b5ba9d86cd1a35db46ca804b504f575b67b07
SHA256 235f17040f3f013f37facf055f4c7594c1c5f86595b5c303cc67fdadfb2765c0
SHA512 0c4b65d12c7402da89f467c9036018b59b9a354443887aade8a371e71dedf246dedf355a82eb496b0e7b3cd55696d7dca7ef78ce36745247b1071c94ff7c0f21

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ed871f6443afa67a11433e29d1cfe9a6
SHA1 5b1cc84c806700f45227b4ddf36d820f3ae1a263
SHA256 5c0795b11accf98a2831d6987d38b19121debb05a1dbd6ed00c838aefbf5228f
SHA512 e0c6dc19a38c68d6cd3b17aa2d47161f62574d171748c50c063bad2e54edb46598f80e70a923c8eb6d55ce94f4f8fb3df9bc6b364f76f0a401f128b2306105c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4120af600456ab23ef24337d7cf5453d
SHA1 27ccac0e39220007e591dbdad436f3f7effa0896
SHA256 ae6f90a07f70ea02a3312c011d36b6e2fca4e085a3e80198c828571fa34c1870
SHA512 6c51efc7f9016001d01a990d6889faa0bd5ecad05b47179061aab783fa4463b9378fa41a3a93d235d816ea06ec20d0f768200c45c7792f02ba1ce80b53e37d1d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 16adcbfde271a8306f630a3757bde7ad
SHA1 0ccb0839b74de9929ce4437cc6d131ad7f4c6cee
SHA256 4980054c7f583ed58304486f747b5bf914d1852e558613c0ab9c6dc18a01d5b4
SHA512 1d000856de2e0f6a3ea692c7ced1eb9773a8d018f5be2742951d02aed73147d1b82abf2a46cd9349ca9aba52ce35a44be6cd4e20cfdbcc4d88bc05d281408b3d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e47cb47915654fd2747dc1904e8cce4c
SHA1 885d4879e2c3cf3bd51cb5787e2f5edddb3ff3b5
SHA256 87fad0b3c0140a2f08601157dee31d5e9654382fc14bb460f6e5b597293349b4
SHA512 8c96858f3ddf8f51cf6b3c864db9ba629e8f8318d202bca5c7e1f31e759a1d5139ebb47d93c6463647b93bf0c62e8f004156e572d0cc1927b5c803713f3b8530

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 10e1f98dd89d24a7dcab8f1438cdd7f9
SHA1 c9ee2dd025e839e92484e7eb7945d2176aae63e8
SHA256 e0fe591b568b754bf07ac60a3f509d7b4be353108fcdd8c0cf78ad0c28302fc7
SHA512 76b8a4a5ce037e5d078b8f5c8ad49fd090cbb7f048b75e5c4b9bca8f87fcb36d6d18a6ce92a45bc5544560af8e44bcd5f01e69030abaad840ce5ff200dadd622

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c365f4aff63edfe5928e20fcf75f6e0
SHA1 bb819a23e2b03172623569999b7a380cf85c73ce
SHA256 e1995f822ae830a2e3a08f2614a80e9428134e5972e0789ab0f6cf69fff7382a
SHA512 789cd0f847979dce0989d44e1c002631337115872036a50e7ab7f831d984b90b5f6a736637785195232290e6430028c478437a10814183aacda0b964f18a1a0c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec4eb4a5d47f1b1b208789ad03061e61
SHA1 cfa1fc85083695feb917920d901f8e076f9787a0
SHA256 6e1ff9f48a5ef9c7d7096353164b655a760874f3822f06f968a848c322776a4c
SHA512 a6b5dfa4c0c8f1d6fc7f94322add742d3bf7fdd57d8ea010f65a2f09fee7ea52572cc33032f090f4c2e1d45ddd8cb736f7f77680c385a1ed0fbd94d229b3535d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3080d9e9b148fd95ad3a5e561549d063
SHA1 7a33b74e79fb779e1f509ba27f24c452241642b6
SHA256 a7fae1b3199820b8c573bb4e575d4acceee38f71c4ff789038dfa23399203892
SHA512 624a770020499d943d3edaae86fe87b8c53e310dbbe10ed4fe3cf094f6c050664ce689793a45e464d9d95fc73911d69cdbc07fa982d8d259672cbbd33b2f91cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8def76705f85c15772b59c86bf81aa50
SHA1 3beb0b81037d3b1ad745d0afac95331519a21ae8
SHA256 d7f9e926193ec843258498d58ae9402fa9411ad9eba754d7c73f4932493e7779
SHA512 f78f3a47d78f7989d1e529fd3fea4f1f74efb4e568a9fe866ff864d0a8573b29d20693fdfc807f1f674b9d3f76dcabd3808e88138e755c2b8661e4b3900c1ece

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88a036222129b66011b9ce133f7389b9
SHA1 7adebd10d5725c102f00af3642e3e61be51b04d4
SHA256 e6de032553de282498ce54eacedbea1bedef32f438fa87b870c683f8b0ed475b
SHA512 9708794d172920a5a015ab4ff173f7b28c83a32c3738c5cdc5589f541c21465a8bf9e083c24654283f91aea99c1b5d34f302a7f57c0aa1e6239d03b44717746b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d487fa73487f6f52c6e9c8079eb7d36b
SHA1 9b2986bd8cc42632a0d3f0b20e2f3dbb1b6e0e43
SHA256 95e174ce0e473f00cbd16d5ff3d6bc91cacc05cc0d1e0188f402d25fcdfb5d95
SHA512 b94c304ccaf7a9999ad721b82ce97f9bbc4848c418a8d55ea7815eb875589ae7c7db79912089bd937b654b16c9c14ee02a2fadf5c2c6ba51e39b8ba7ceb0cbd7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dad8f8a8acb124a788ca5424f8cbee4b
SHA1 8ec7e56c965e048fb98c9ed6c0874718aecf356f
SHA256 61dd1e4b6758bc560833da3e207f84ef304ace04eec360acb43e1aeda73c3223
SHA512 b1e77cd87512d1a358d0720961de20c9c1d1419eb4fb82e5472f3c0315769817d83d393ee51701b195173f1846b4a7d87b9df10d3c3070ec57271da95a5b25d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 97a66c79497ba13a27f5fa08934f9594
SHA1 f1c242c3d4ccddf3bf257cd7f55359a3d5cbcc30
SHA256 bd9d0139381fd2f07c11adce5590fa0bb44483d49212bc1a0adedbe619a69dc4
SHA512 6f315893e45f40124b8754d9d9f516364984b78388b9f265ec0d24c951fcfffb322d38c6959c26c4a6feb1b129bd946dd2c6a2c57415ececf61e03859a33e6f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a45d3fc12793e4a89a90056b70e47110
SHA1 37abbf42625e8bdbfda5289b0cd579dd72484572
SHA256 38fc6e856e980dbf768e0f4b169d55621600abb3e0ff1ffbd3fb9eb93fceb199
SHA512 5d9604108dc96f7f00731ca03769cfc4d153a0f3db7891c0cdd8255318ab68b95f9b301ff9b2236e7f31415adf95bc616a7ca9fab207eb46452853a2b7063d80

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 203f386307c9d7fab005298ee3f3973b
SHA1 23863dce6579533791fd991870cd1e20b2faf789
SHA256 760755d166bf61ce8ce13c6b1b61b099884d3d6becc0767d67126eca1d4a8d21
SHA512 6a0ea60f6a3820acdd70623751f2ebbb332d49bf80f1d0c09905039509a0af38b798fee45a4e78f4a7c0e4f86e09a4de4fd20d5cb254e1db1b35d066c1d727a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4518f7575c0b1393fe5f226e524d1a6b
SHA1 e0f3336b5848b473aa79478050852aec9bde2706
SHA256 89cb2a722c88cf67532d7e38b52fa205106c60d5772ff0b67f71f8aef6e81e7d
SHA512 f89231d66b401056759494440af86c97eddc41eec890688a127e049d03699446da246976725e6c08ab8acbe9dc8b31633a017ba0f56be226516cab7a982f9ef9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 89495a6380c1c272cc4be54ed565a6cb
SHA1 969b3197bc9421a1495ecaf4e574e82ec67d2517
SHA256 1ae0d6c5dcecc5f9b03b529d77000a7704c5da5df8019f2d202aee563841e68d
SHA512 1acb6bd427c35e684f9cbbf21adb91c40a43a4f7883e9c1087b60a04e7fc79440cfe06381955adc1dc9f812a92b3eb2169dbb210816e08b243c07069090e9753

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 690018f8a75d7ffcaf9b0693350b999c
SHA1 0bbed3436f57a99886d41e60ef58d9bf876fd112
SHA256 40e4b954c11aaec04028b166fcd3785b3fb7c604bb048cac148775ab72e069ea
SHA512 a09be9fca8f69556fe5cffe0cbb87015cc997d73e84efc0dc121895aa0e51ec6b461a96f17b8711eee2a39773e88f9e60861875a5e6c129546414e795a13a507

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cf4867dce1ceddf3b7457eaf44657e7d
SHA1 99c7c19796185f391dd806997fa935b41073cf98
SHA256 14ce514af18471eb6d82a4e7dc35596456641256ea97d52d9e6d871f3b346ed9
SHA512 614dfa7a379821f35d98df39ee23a5baf71140e6c8374e1c095a3e017e2fd1adb9ea8b208b8f93d8b38ce75f6d79a44052b30a675a6d51fda75e99eff9863125

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3dd764b3a6696245ee2e0de744475552
SHA1 e5144dc61204941410a359236b54e8524c9920b1
SHA256 4860cefaa850835274a9a1038a179fe67661a2317a71de3f8a083f5339f84afa
SHA512 7c6de3758fcfe5f405790120ab1ec16dbda89be88b84a268095e83b2074939c07dd5b82f36f390814a895fef83424c805e4abaf3bfe64fdef857861726641dbe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e55f3fa0f1963a2608f480d91e4c2a55
SHA1 eb6eb97e80a1b400f6c3f263c496be33f603e949
SHA256 ef329f49fa5ae2302f615662d4d68e5cfb800a88964d3ca05da330dbb6cef9ba
SHA512 03d2cd7d53cba8c9d19d7c4ce5962686f20043a72c8e47e114596dcf0b8333ee4aa33154478a6356646b564c32cca024426bee28689c29aa19be2b2fec768282

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 793d36b8192a765b98a112d9e0c3c925
SHA1 67ef221bf1e11cce6a24709c43df9f4d32593c34
SHA256 dcef4257a2de0fa99ab65ef900df77a3531d48ad3628113e7fd5a914e6165ac5
SHA512 90858493250ef0f3e4db549ac474481f9b4593235ee7eadff7c5e2645dd065f06de1a0d41ce9c4e59efc8984962c8c005492072d6587aac1b03112635064d68b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dcc14ae7f7cb4744ea7c697df853be2c
SHA1 c525fa623234ada115ba2f451de0772cdf7dd98c
SHA256 c9960b261362799e7e3be1e29c298b7ea088a99030470af4bffe67368ca318da
SHA512 4c519b2b1882ce9676545f4da52dc8aa5b7f96dcbf9f8577ed1889c01e7728b504ebc0a0f96109eabc4db1e1aa2d479dcb70c1600fdf35e0dab03827ee5883fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 62eefb6e584dace18a52ff2c2f26fa64
SHA1 c6155db5cc054e1a67538f0eeb8bc42071e0bbfb
SHA256 f410bff1f5bc9a49ef19fcff3aada98c0bc1adcd0a70ca1f2ff58033b00be5f1
SHA512 057c145d1582f5ff6f856fe055c787d01be942bf7a02cef2300bff7ef2d702054cb17d055227b62c44a07b4c1cc0e9b75e1d8bfffa74ecc182980ace502c056a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c09faab123686cfb04246edb7f93dac1
SHA1 885c2808b3c985bd9fa89e184eeac2dd93b5e7bb
SHA256 76d4828e05331e998101f6e0de10fb70f4eac4ce59590e1ac5c831f3464ba703
SHA512 e53d77cf9911a20ffd7233cfbbf7d97bb6457b1691ebf2891b49c13e86880516255ec3f9692ecb1d1e4951d1a6fe0a2c17a6ae7075aaf7c6767d810248dae880

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 07ff4a95957c587abbe8bc223f691518
SHA1 977f7d4f4dafcc1f8503a9ab3c5984e9ebba2440
SHA256 5f0dc6732b760f973e66b19993786aa025975eae4d5038853b15b628c4a4a3ca
SHA512 55942148929665b04dc9e52b26d48b991158547dfceeaed8b7de1180b7921c35fbb3636f180b30ac8fda94ebc8d00ac5b598fa6e9b1cd5945b079be61f8bd1ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d203b55fec10569a3bf140c54a642764
SHA1 c611749393ab675d4b3a6dd79dfef17ca4b52097
SHA256 439db1a3c7ad42cbcdf8b790e8a26585684feba6ff8f19b6f70414921ff19086
SHA512 81575d917ab94d1115cccf2b890f9c4e4c9ff2b2caecc4f0e73ea30adfd7af2f71870dbd5c8a3966cd188e1e89dca48db012614b0ef7896e7c60a10525035085

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 404543f4c9ed2a2e3753da6e39bd1467
SHA1 241b6a6501b6f77079e9272974faf7333c025eb5
SHA256 730d343aacbd4893095172b87edfed1a515abf9272c7e5084304040cc1ed7ff7
SHA512 d75f18627e55f4972a6c0e57ab0e28417c55db583fb762529e9939ec8bcc54b7b3faf1efde200038833b3da4c64a540ca2759ddc1ad37fc4a930c9d18b54c692

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1cfcdd493b842a2e9879501a37141d17
SHA1 4d2a4cb640918d28c8752cdb72097b7b72a19319
SHA256 6099e0a9eab7378ee04d16dfbb123884cb566ffc34efafad64d9adbf9f495643
SHA512 0b5d108deea1583d61e8a838ddeb0d702d527947f6e975276fcda88f69ec11847cf14e7142083045c921b70a61cc871ef1da9045c6d634aaf8ee6cb9e71f82d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a45c970603bf676a63d18e2543410bd5
SHA1 2eaa2e06aaa50f6a0eb110751376702405fcf788
SHA256 59534352598c2f64d01bc69107dbfa97a673e5b7a4cf45eb682f4ca0debbc979
SHA512 3caa8a6f833f4211f2756b3c438b384882c998f784d1242c1bf332dcd16a47118b5871b8d5357c1c3d5c390bd96210b8dfd465ec50d8440b994cc0e0aeda6903

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d53662f524b541666574d7ddda80da08
SHA1 7ac40d01ae2dfbdc81300bed0d8b071333459bf5
SHA256 c4e8d5ce5e3e3f58b1caeb24b861cbfd2e61d62013a74c2dd659eaa34b764438
SHA512 d8e91c1ad6e975f9d838b98e72152b56985b6d19c665b1c59020d02757366b11b844d82a0adbaf3d6e5b472168107e2e10a85f87b51a79bd926c03d1874a0aa8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b63784c74a63651a80c6692d0cbbbc45
SHA1 73de6aca96983561a5e2ced11eb60911df5b63a6
SHA256 74a8713e97c11ff2fcdcaedc816017b8fb8a5f2536342fb2e743dcc8c88f138c
SHA512 e4b933a27741651e792e09532dde9ed74e01c94c6ef91b224807fe97b347c37ac8bc9cd0e8cb325395ce63a03f1b4055b3d52ea00d1b011aacec83c373f9dec3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0aba432229698e34c6af1d58e673cfd1
SHA1 03ef3170badc90f2f5eda80d01543df9ab814a99
SHA256 1177a4cd9189aaa7bf8177076e21a04c0288b707934a0411eef548931acd8f03
SHA512 4c724e87a3c9e25bb723d75d888e8b99f0cab95d7d623fd774e53b51b4930255d3781fc6d531f38d52e7be43a32a749444ec66fd7f5c9aea2e8a2c1980c79ccb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 34dc1433f0918a0303cd3df0a9c07ad3
SHA1 8114c8a80526592bd2f03b3597421a84911765a2
SHA256 fbb031129b83d88aaacc89070c672a3ec5ee17348d39b7e6ef758e517905bbe0
SHA512 9a13d6cf273e0e10b9cb1c4553fa06594dc38a74c356773bae0a7ecbd02ae185977ddc530d6e918277caf2b4fd3f614f03db8e754c7e4dea8a49cdea9c5e6592

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3484df8f8ef00891144c1f7d75888f19
SHA1 0153356b2c2c65d9cc44b60e88e5934f568b663d
SHA256 21417ba6a1abe41d58c01f7282819394174ecf06f698b9b950626a63d25a5469
SHA512 18b1558d13c89ecca1c7ccab5f17ff3931d0ce22cf88cfd8dd1516657dcb442d53bd7ff8092138f59443e7ba5bc64964aebe12dea2da3f7ee6716db0ff4316aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 948cc2b66b7ed25870d9db318899550c
SHA1 68f7711569d1f70b7a67897bdc1dbf1ad2851cf4
SHA256 b4cd4d6579113e639fd65be4e1339690642d48dda1f549cc223b8255eb253004
SHA512 5b7b055270fbb104ca5e981e35f391cc8c98dfab99668f82f6e8ddfaf254e009b07c7f06b3a62469697c0752f527e153c445477b4245624f1d735518fc67974b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36d1d1d245c8acf372233f4ca631d6f0
SHA1 af8d0ae3a433db60bea205e62d20012b628e494e
SHA256 c1a7f93474df9a6add6930f1683f00180a98b5af35e21bc109507dc252db5f6f
SHA512 cef349b802ebb5fef45be291a63088e57715acf48f776002d574c20cbee082469900f2844306935be29cd021f5cf2ca90f63c96d99f147e1affb6d4853792cae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 68d204a9d5063d458a3f209552b04b60
SHA1 7bcf2c7dfe13fc95451aa2d032aa7e685184d789
SHA256 9ec8ddd1375a1d85c4e33f1609e954f434c349c4678b7673ad995df094350c78
SHA512 42eb2be26a3906b69ee4cc3560d8879e21ce0e4d805a7f522a8b7301e0c693704f3ddd314ce4321e8be58ab750ec959b88e0a091ef88461859ab1bff127ba0e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6ea1294921ff45d20a65afaa91e9bb2a
SHA1 a4ea52fee87d4e3540d1660eed55f70511549089
SHA256 66559503bbd44a478740bca71d65d26421f05d0bf55a25896e353ed4e858db71
SHA512 57981e2e376af51d5c493e6c6e82c7174c0a07c14ce6df6fc319e37314395aca24880ee4ce4875ff384bb6177e1c3e32403e2b6b6e4346c192e268a3973f7e17

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cdae69385c984c970cde90578b21fd3d
SHA1 1c04b400fbe97819af19d830938e5b0701bdecfc
SHA256 57e984090420834bbc29e4997abcdde7fcba40c851beb830880120d068d70c8a
SHA512 51106c949c488d600c7aeefdf9ea3db8b56d2e6a8adc228ec19f5284554796ecbd850076c26397d5904c148882ba45834bb9a85abbd5b16c27f077cb53e063c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4aa6b856a869227d4fb72762cb891da6
SHA1 1342b26ba8c1eb40b9452c1949a3dd08a3600f4f
SHA256 875793c6b89860026f8c3e0824229cbc85cb30ed6eee2204d52cc2e930a52250
SHA512 b0e3cc34ed76f13f62faa40c96d99ba0da2663e5227ea73a4bb598f2f7e2840f509435f9336f7703c17fdd957c2de0e3039034f40794041c4f8f20984abdd91f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff7dae5996b570c84f40a487d666c375
SHA1 2607a754b98a607758fdf80b7f6e660154de5824
SHA256 a6715372abbce0203eaf6991ef67fb9bf8e6bafd888b03edf57aa1cf5fe12d0d
SHA512 98345ec553686dfb1df6d2015c845676494043d86e3ee9117fba944d6f86fd1786a4a75a33da156f44ec6f9ec002a6705814241dcd427746257b81c4004654cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b8b193506b711c639e1a399928b412c1
SHA1 f4e950c45e0568c811544b1249d723fb575dc9ad
SHA256 7d32432a4c0ad5a1bcd3393797d60381450a91f80dab444f28c1181fac0d9efe
SHA512 ca9a2cfe8de8c361df3e176bdc52a3abd2a951ad1c3a07b4c446613066ac2df3e704108dbd2179ee431693ffb771eb3e69f5c0a857347aac9fbcc9d3b6e776cf

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8DU897P\recaptcha__en[1].js

MD5 38e25c4634858aaf2fc6125b7a8a1205
SHA1 ee075d53e8668a2267610b05df51416d1912de63
SHA256 3be69375a428a615caa7c5307c15298a41a4f272c77ff19051a462462d1af5a3
SHA512 ec8cca0137d29dc8eaa217a6d923a8c49c89a6bf9bca01748f09a2d4cb8d7863b7393f15eaf096591933373fdc96ca6fff0f1097e7505e5a699738a61498c066

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0fc70d3450cfef4f64db64605acd9497
SHA1 265a9c743353cb03365fe2e9066c07be12188db4
SHA256 4ed2fa758a79a4c294f81eea9ab6bae683b8e2b34f725c3c5dc16ebf78c4eaa4
SHA512 0367d88a98d0dacc807ab119cb099ed0480ed39a98b9e54d67c9f2edfaf417492c86c7dc6ba2760a4afec3ce24750e9f7b478f780ca568f6558dfccc5d23d946

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d2d3b3523f0843c8b577215b90d5da8
SHA1 ea1ade33546ed01713d6b4da7db4c5cd1bfb4d8d
SHA256 afcc9e21274f433f62b8d2aaa631142a8ad6370fdcbe7037524d9caa4c87fe27
SHA512 b12dc3043d599008322e879e9bd2ea30cb8faf52bb6d155952e303ed09204130892627b8726ef28bafd27a277f9e902e994ee3d6b4803d02d5384785a84c9660

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 26139d9645e27f5e962df5a5a2b3e145
SHA1 7b09c1c7cd009a8a42bd7b92dd17c2f8c3ee6787
SHA256 28647a9a54b72d406086a15aef0b76be541a0a3726e056180a0d5d8082c76221
SHA512 3657f5d239bbf4b261e40487e8ad18648f8d7c1eb0c607d3c6169178e82860be3852d61a5fb0444dda08b962122c1d8c758aea09305735f6f2b4d157cf60380e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7d2d08669d032551c815b17022058bae
SHA1 d6f5497a3125341072286fdd7fd9d6e0ae5986d5
SHA256 e74f8bd8ea5a834fcf30ca0bb68120634a4b51c15821c883e72586e90dedd35f
SHA512 d73a4c91233bb59d7b31fc0fa81dc72d6b1cc552d4570f14c88115a34522e273c0f23dfb4d3467b2be42e2a5f350b0c825ebf5c48843cc3863a4a761e26b420b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a8f707e108db77cbe6dd9857c31293f
SHA1 26d0740ba4f2e68e62b4c2f70016b6480ff393b7
SHA256 15cfc1833d84e07ddb5dc0f6feef65d6edb3e7c85420c5743a36c489983300d8
SHA512 e81a657e42c1ee175ff90fb240ee922d80dc40aef46b2ae7ef17071b363746664025679458227b68b665a68cb7e46751d6e0e0447f2be4d07a851f961fb2999c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 00d7d1c3b26173141641d1b2a4cc12fa
SHA1 75fd9ca2e2f2d0fec3f3c22d907a1ff58a41ad69
SHA256 24a995c0ad3e3c4be607bc97d8bebbd7939c37ae20867edb34eb134b1679656d
SHA512 5292a18e9c47c12e4a58121411d2835779b0789a06e6889deab4888701da87c6a40b88694f72cd6ba9d8138e8bd2c64b5c599a0aaa6b5b36bf45356d49231c9b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb300f5ba240414690f7d9d6d3558664
SHA1 b4852458c59bf199daaf001b6d436f3fd7ab18e4
SHA256 971ee2d19dbe6bc5c7441e4229fb47f76ebb034dd16360d33511db61bc0ef492
SHA512 1b1b58d7ba7850bd6483fca53b40160b724488821fb3e65f633e1eb056a826a91a589b7499c1c0c683d9fa0c526d6ad1fe8c30483061ea3832f03e270f8c7957

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 219c90a3abf2af38fa7e2955f91c2f2f
SHA1 79ab398aa7d646ae2d803277456c8b006f3740d6
SHA256 6ffed6afe82ee3e93febf930336ade1d2064b0446faf52767e72d2bd9a9dc842
SHA512 fd1231cf721fd92e8577616868a20552d14cda6d1828f4e767071033bb3669c55f760ef21034ca98aa9efa14706b7451fc293293cf92422fec83ed791bec8753

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 50e28fe3a84e88804153bfd15502d286
SHA1 244a114672e31e3ff478d9de0c8da28b37ba15de
SHA256 1486ad7b0b8e8122c44a769faf02c2b38e7ad3b5b1b08f8ba4121530f1e888bc
SHA512 8b335f35e7c1d2faa4b3dbd87ef74e0413ac9a5c38c5343551e4354dfb130694084d60255e7c1f3876170626d32a917c9b28c7b619d9a2d14e95068bbb5541eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ae157956caf40689128c3763d2bb2d35
SHA1 99deee9221be5b7f62b649db97bcab0cbea89fd5
SHA256 b670dba58868841be85f6965fc5ca2b74d37ef040cbf302d0cec788a6b2094f0
SHA512 f8a7fddb8fa14348ebca765ad3e7cfa367f815b6bb88f0bd9ab83d64d7232b35e36bd63b52e22f88dbf92ccea0edae178bed12b81717d47cdd0502dbf3075f3c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 abebce45ab8580428c86f0eec6c1d9fe
SHA1 03785ad9676c1e896509c45ea1f1517f62f9dc1a
SHA256 9f83075f28af922998ee1b7fa5b2db3cf914fc320f95739db7ef6074fe8f5ee9
SHA512 dfaf12a6de2bfe24fa0a730a2f26ffcf6ea713ab66b04f718d9365b003861975916923b487392a3617c0ec1dc8783792d450d17805b960beda54569a77f95e90

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a166b590060e32305ba2e3b4be58ecd0
SHA1 c1efb578edf64e2ef5869f3a351a6089aeb2755c
SHA256 ea1cc60f359492f2bb692e7817680939d29a20b9f891eed7bc8c9bfc9eeaf528
SHA512 f6b41a173f30d097ec4309e1204973b0c2acdc4a17fbc5ad49f679f32507b895dca2b8f5472f01981c697201ba1732c5325098d131dacffd5537b039d77245b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2fcc23ce7d55783429331851cbac6b50
SHA1 751f740d30b15e5bb57e9b4098911d5f7ab67b6f
SHA256 593bbd7546722e58e3026dab3b1b61c940bcc9c670f9e018b077d285632b2499
SHA512 4d77f2e847c9d62dde3b904ade2bdb935d0ce8219067a7b59157d42d4b97c710af7183635e169aac43b806ec2b5b9c34cd682bd8fc0e9ed6fc333c6b5f7dd82c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 04a045c627d9d84676e50753f15d09f4
SHA1 c65f90816ecf086718088601aa63047939a3e54b
SHA256 8b7d1ba43496a49a5e4bd439c26f35a2df129a7aac847d911829553aa7b17929
SHA512 aa8a09945abb1e552086de95bfc7354c845e0886f4dc81a0b3f790ebd032c163c174b9d5614245d45d1c515749a4a6c57a58dd5dfccec809405ccb2cc575ff1d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 12356fdeb72f093aaae5af053ab71de6
SHA1 b3503c763322ab9143c6928de055cd389fdeeb2d
SHA256 e449c858f823e1f33ad71f73dd1f6f3ee79dac1b35df9f771f543f60452db72c
SHA512 fbd531071875e346ab537b0f6b4695f53abeb40c35b5c2bb5c9e8756de3b4190ded4402c40bd92a7e1c2ae9db06abb74436bf78bcd016aa3c68367d68dcb0dae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f5733804bb437573844ea7f9de8f1254
SHA1 3adf2a5a11bd3c66c7d8a93d807324367d3e04b3
SHA256 724b3f721867c7480e50fb6f174cb14782c25f2183670a2077a2376720aee745
SHA512 a8f753cfc37108827e02f242dd19bb1613c5c91409621104a483d73306ee4667a3d1fe0dfe54d11b97c09f77b3df0cc97a58e7e8ff7db54d293637906a50ebb2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 75c47956f6c7564f17d283ab91c03567
SHA1 831f393bc629a915df64cdf6b16e746f0b215aff
SHA256 64628f101d55cf559daa322983a1d10a3e96e0bc304a2113274bf76dc1df887b
SHA512 051ba1a9a7ce4f1ff7997ca6fc0def3afa56afd64f618da73c5d292abb27c967fbb48d10f4b237f256bfa06d52aa385d2e5dbb4fef5da28795c4267c7a1fbcb6

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 07:40

Reported

2024-06-13 07:42

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

149s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a477c45cfbcc9c81cf0a962513d96ed2_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1912 wrote to memory of 2648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 2648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 1824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1912 wrote to memory of 4488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a477c45cfbcc9c81cf0a962513d96ed2_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff928b546f8,0x7ff928b54708,0x7ff928b54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,17776240894963890601,8576076088173365425,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,17776240894963890601,8576076088173365425,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,17776240894963890601,8576076088173365425,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,17776240894963890601,8576076088173365425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,17776240894963890601,8576076088173365425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,17776240894963890601,8576076088173365425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,17776240894963890601,8576076088173365425,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,17776240894963890601,8576076088173365425,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,17776240894963890601,8576076088173365425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,17776240894963890601,8576076088173365425,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,17776240894963890601,8576076088173365425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,17776240894963890601,8576076088173365425,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,17776240894963890601,8576076088173365425,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5856 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 accutech.ae udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
NL 160.153.128.27:80 accutech.ae tcp
NL 160.153.128.27:80 accutech.ae tcp
NL 160.153.128.27:80 accutech.ae tcp
NL 160.153.128.27:80 accutech.ae tcp
NL 160.153.128.27:80 accutech.ae tcp
NL 160.153.128.27:80 accutech.ae tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
US 8.8.8.8:53 www.accutech.ae udp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
NL 160.153.128.27:443 www.accutech.ae tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 23.242.123.52.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 27.128.153.160.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 45.19.74.20.in-addr.arpa udp
US 8.8.8.8:53 embed.tawk.to udp
US 8.8.8.8:53 g.bing.com udp
US 172.67.130.30:443 embed.tawk.to tcp
US 204.79.197.237:443 g.bing.com tcp
GB 142.250.187.196:443 www.google.com udp
BE 88.221.83.234:443 www.bing.com tcp
US 8.8.8.8:53 30.130.67.172.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 234.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 va.tawk.to udp
US 104.21.7.106:443 va.tawk.to tcp
US 172.67.130.30:443 va.tawk.to tcp
US 8.8.8.8:53 vsa4.tawk.to udp
US 172.67.130.30:443 vsa4.tawk.to tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 106.7.21.104.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 172.67.130.30:443 vsa4.tawk.to tcp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 133.2.101.151.in-addr.arpa udp
US 172.67.130.30:443 vsa4.tawk.to tcp
US 8.8.8.8:53 vsa101.tawk.to udp
US 104.21.7.106:443 vsa101.tawk.to tcp
US 8.8.8.8:53 vsa15.tawk.to udp
US 172.67.130.30:443 vsa15.tawk.to tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c39b3aa574c0c938c80eb263bb450311
SHA1 f4d11275b63f4f906be7a55ec6ca050c62c18c88
SHA256 66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c
SHA512 eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

\??\pipe\LOCAL\crashpad_1912_LRZAMHZBRWCYLVIY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 dabfafd78687947a9de64dd5b776d25f
SHA1 16084c74980dbad713f9d332091985808b436dea
SHA256 c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201
SHA512 dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f7634a39-9356-46fe-b8df-d934d8fe1a7f.tmp

MD5 b933a701b0f25fb31230ee08bd5d99e0
SHA1 e49b12887e9aeee870fdf04d2d361deeecccb3c3
SHA256 5fc048a367ad3f6fef07e4829848808018c3e86360abd87d2594a048c7a568a9
SHA512 0eafbb8e2c5962f16418c66e825d8d6c9a0b14fb904c1ac330b643f68142070cf4e119bd92fc2f413f5ad716b363a9962f5c19a20d2cd6d1605a823afc63248c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 edc32ff386add8c26bc9752eeab0eaa4
SHA1 4af11a3a901d136b9f25c8bc5820389f37a8ed4b
SHA256 6dbe77fa34e53167f328bfd2246a15fb860a14d83eaf1c018c78141bb9fde20c
SHA512 a48012dc97769caf07b909e7c4b152188fffc1371f8931aedfa0ede381c11ddaf36ba8c18dbe48faed6b0026f1b84d93d29265e8a16227bb035b1b6b3ca7e1ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bd2c7bbdd4c83d51a1bca5d92a15438b
SHA1 23222115ea149507d73a8aa696f4712dea1dd82a
SHA256 37c300ed2f5c15362e366b1d7508b914e82dd45e4ffe9f70e2b45bc518464d27
SHA512 19f2e279ef25d26925285a611c885eb438a7143e998bde63cee05597e1255c8e5cb1c45559d6fa38337cb498579d2036ee540134dc049f92f0608b56c14cdb70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 51584f072ba1a04b4b96d31ffcb26fb7
SHA1 84e79efc32ddcafbac9054f5b01c370f916c8dac
SHA256 f72655e25fa5b604a47f6c8c968adf521052c345721ac8f965a93f956abc3e82
SHA512 00bc9fb1fbf76293db903b3d181ecff1c13eb37985b53db4403a2153adeeff8c0eea81cc8a800c5c32fc2ab9a7a1f752479266a5180d5369435882df3308eae5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 26e0b3084ee9b2003fde3c6ea45be2a1
SHA1 7df2eed8ce8be2e0eac843a6d9a97f821ae027dd
SHA256 00bd6d8462c92e5367dd00171371ecf1fa4af636334ddfb480e2b0e5ccf7aca6
SHA512 7c5ec9e3a9e48d6e7dc86c0270393934d75f7a668d3d76fe40b0cfb865222d42c6eb8b3d94cebe03ac7f7403a767240328002b99ce1f907a37ceb7757141a7c8