Malware Analysis Report

2025-01-18 01:26

Sample ID 240613-kf9mfavepl
Target a4a6e8986f0a1940a8d887a16364074c_JaffaCakes118
SHA256 7cb8128c789a3ad962015388eb00661290a22381a8f7a88c9bddea8b821e6966
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

7cb8128c789a3ad962015388eb00661290a22381a8f7a88c9bddea8b821e6966

Threat Level: No (potentially) malicious behavior was detected

The file a4a6e8986f0a1940a8d887a16364074c_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 08:33

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 08:33

Reported

2024-06-13 08:36

Platform

win7-20240221-en

Max time kernel

136s

Max time network

136s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4a6e8986f0a1940a8d887a16364074c_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424429494" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000052df561750b4b6479c044904cc3eaf7e00000000020000000000106600000001000020000000b52fdcac58661f3b31e641d4605742d8d98134f678c06a418d97c2330c60b2f2000000000e8000000002000020000000940078ab30252e8b2e8f08d2462aff941a091cf4be79b5abcc30174f2794fb9290000000dee2870571ef0d60544efb02a55dd1db302c1a53790dd18c6fe53993c084ae33c77154bbddbeee87daffde40a953f551ac03f6c485eba6fc0e1b6ef1e8c07f591244e382d95cbe799dec55624e5efc10625af6eed2ba0fbfb4ac536c4b33fe8e236e1910dcbbe384b8139aacb95e2c54090b737ca9fccc5a77ab654f7215363b1b886fb717dcceab901f518a08c743984000000003f5282ad5a0c17fb69ddc0ed8885ecab7260a344f1ee53695309352ea72e32620bbd6487953d3aaf7344ccd367d937b2282d6b7be6c2cbf92487fa1183833e2 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000052df561750b4b6479c044904cc3eaf7e00000000020000000000106600000001000020000000948e82bc9d0719b9e92d4f450f1b6ddbf61b7036c29b0c21beb10f2317a1c3e3000000000e8000000002000020000000d91986466c60a7ac32def4152da6d239a5d40deba0feaf8ddc5dfd00248b7c8820000000c5400657fc2b869c3cd7c869e179945dfbca128d9d14578b7c4d21b4112f39b240000000144cdbbe36a7ff7fcefe20a27b7768b0e3e4d3f4a226544c90b798f4c771d3e6508b47cd699d2a73e35aa92f73f68f76761c2e73a1b87a6e2ef854dcced66d9b C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A67F9DE1-295F-11EF-BAF4-4AADDC6219DF} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7031cbb96cbdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4a6e8986f0a1940a8d887a16364074c_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2856 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 gninethree.com udp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 gninethree.files.wordpress.com udp
US 8.8.8.8:53 www.statcounter.com udp
US 8.8.8.8:53 passets-cdn.pinterest.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 blogchicks.com.au udp
US 8.8.8.8:53 coinhive.com udp
US 8.8.8.8:53 s0.wp.com udp
US 8.8.8.8:53 static.foodgawker.com udp
US 8.8.8.8:53 s.gravatar.com udp
US 8.8.8.8:53 stats.wp.com udp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com tcp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com tcp
US 192.0.72.26:443 gninethree.files.wordpress.com tcp
US 192.0.72.26:80 gninethree.files.wordpress.com tcp
US 192.0.72.26:443 gninethree.files.wordpress.com tcp
US 192.0.72.26:80 gninethree.files.wordpress.com tcp
US 192.0.72.26:443 gninethree.files.wordpress.com tcp
US 192.0.72.26:443 gninethree.files.wordpress.com tcp
US 104.20.94.138:80 www.statcounter.com tcp
US 104.20.94.138:80 www.statcounter.com tcp
US 192.0.77.32:80 s0.wp.com tcp
US 192.0.77.32:80 s0.wp.com tcp
US 192.0.76.3:80 stats.wp.com tcp
US 192.0.76.3:80 stats.wp.com tcp
US 172.67.165.117:443 coinhive.com tcp
US 172.67.165.117:443 coinhive.com tcp
GB 199.232.56.84:80 passets-cdn.pinterest.com tcp
GB 199.232.56.84:80 passets-cdn.pinterest.com tcp
US 192.0.73.2:80 s.gravatar.com tcp
US 192.0.73.2:80 s.gravatar.com tcp
FR 52.222.149.113:80 static.foodgawker.com tcp
FR 52.222.149.113:80 static.foodgawker.com tcp
US 192.0.72.26:443 gninethree.files.wordpress.com tcp
US 192.0.72.26:443 gninethree.files.wordpress.com tcp
US 192.0.73.2:443 s.gravatar.com tcp
AU 203.143.89.81:80 blogchicks.com.au tcp
AU 203.143.89.81:80 blogchicks.com.au tcp
US 192.0.72.26:443 gninethree.files.wordpress.com tcp
US 192.0.72.26:443 gninethree.files.wordpress.com tcp
US 8.8.8.8:53 gninethree.com udp
US 8.8.8.8:53 gninethree.com udp
US 8.8.8.8:53 gninethree.com udp
US 8.8.8.8:53 gninethree.com udp
US 8.8.8.8:53 gninethree.com udp
US 8.8.8.8:53 gninethree.com udp
US 8.8.8.8:53 gninethree.com udp
US 8.8.8.8:53 gninethree.com udp
US 8.8.8.8:53 gninethree.com udp
US 8.8.8.8:53 gninethree.com udp
US 8.8.8.8:53 gninethree.com udp
US 8.8.8.8:53 gninethree.com udp
US 8.8.8.8:53 gninethree.com udp
US 8.8.8.8:53 gninethree.com udp
US 8.8.8.8:53 gninethree.com udp
US 8.8.8.8:53 gninethree.com udp
US 8.8.8.8:53 gninethree.com udp
US 8.8.8.8:53 gninethree.com udp
US 8.8.8.8:53 gninethree.com udp
US 8.8.8.8:53 gninethree.com udp
US 8.8.8.8:53 gninethree.com udp
US 8.8.8.8:53 gninethree.com udp
US 8.8.8.8:53 gninethree.com udp
US 8.8.8.8:53 c.statcounter.com udp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com tcp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com tcp
US 104.20.95.138:443 c.statcounter.com tcp
US 104.20.95.138:443 c.statcounter.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 104.20.95.138:443 c.statcounter.com tcp
US 104.20.95.138:443 c.statcounter.com tcp
US 8.8.8.8:53 gninethree.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 gninethree.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 gninethree.com udp
US 8.8.8.8:53 gninethree.com udp
US 8.8.8.8:53 gninethree.com udp
US 8.8.8.8:53 gninethree.com udp
US 8.8.8.8:53 gninethree.com udp
US 8.8.8.8:53 gninethree.com udp
US 8.8.8.8:53 gninethree.com udp
US 8.8.8.8:53 gninethree.com udp
US 8.8.8.8:53 gninethree.com udp
US 8.8.8.8:53 gninethree.com udp
US 8.8.8.8:53 gninethree.com udp
US 8.8.8.8:53 gninethree.com udp
US 8.8.8.8:53 gninethree.com udp
US 8.8.8.8:53 gninethree.com udp

Files

C:\Users\Admin\AppData\Local\Temp\Cab27AE.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar27B1.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 fbaa190e00055a1d6813be7664819796
SHA1 cc0eaaccdf9d8cb5ac81ab2e95beefed07454ad8
SHA256 890dbf1fd33beca1ec66247800ba76d686379f8b10f91e7f49a53ef95a6b9997
SHA512 391e4168bb42a497b69923721901cf958456a2491b0acc6cdb1605fdaccd4280210ba44b41f16375b51a272ec48352aca40b613fd4647297bfa5da00411bf956

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2710ca6c1d42e20db17891068fc89df9
SHA1 1b8c7f1af111114e30524a9d6ebafef10ebd9ed6
SHA256 7a90cd5b9d41d399179bd6bc75d97814f2329d333245eeab34d14610645fc4bc
SHA512 8bb4a1afb042426a662dbd40d3af18ac88c24d2033c9e3a29562cd4dc45153aa404f6553261fb93bd8bbbb7811d0e7b8893d28ac824195f895e1b15ed195c221

C:\Users\Admin\AppData\Local\Temp\Cab28FC.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar2902.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 86ff81aecae5662eda2dd76464763991
SHA1 7502cf7081f4246ea02f572748321adca61683d7
SHA256 088849e01a686333ea9328e15f62921c8e4c2173b372a2b71139cc81de671aa9
SHA512 375911cba7f35336a36bc3d14f1c2eb8c2249aef20d228c2e4305adc3fd88b6a368b42266c690daf6fba3638546b44acc041e43c0c38de7ca83df24b94c8b425

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 90395e5fb5a530e35c0fdceb7eda59d8
SHA1 be39bd09f8178c1dae1e85d0dbe9b932e9638e33
SHA256 8f45610100bf7ef70a20c32d679478f9b465c1732eab2dc64cbb8da02621fa21
SHA512 eadf693268d73daf71044858f5dbf0e04acc404f89f005cacbe9f4940de9b61e7aedd5cd7c4c86be0eba5d4ede07227c3a02bb5b0db68223802c15bec4e547c8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f7cc27b70039743aaf09f607621f8ab9
SHA1 74dee145c6b338db58e34acc7cca0342d86f4b4a
SHA256 728bef5b6504e6d514ffea5d048af4be929d57238c7ae58093bcb6e4b044cab4
SHA512 1e6dfafea4a5549dcc2d5945e8d92e3466105b9e0cc92d464e51a8a1295e89b1f218c209a26f5c559a57afd5bda9972570c965d671138154d8e250297fda6d00

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 983f8828f48cdee4bacf38b128af8801
SHA1 e2f683e14eeda7b4ca74f1f27ee5f0c50a1750f9
SHA256 443f8c92d681fa7eaeb2d64644c4599a856c9af40dd28108fc20d3f19427b079
SHA512 616cf79fa8dc9a35b6c0200131acbfcf9c8a7e1045c978c8513a1892ce9af077275e5821ff46e8f16293d23b50f1b3912340789c697fc19cdf2db1bd7af91fb4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

MD5 2c7ecdbbb063ea5981f2aabe7fcf9ac2
SHA1 5c92e25fa96ac7eb2d432563ce62be6a11dbd232
SHA256 a6420b0e8db153c246988af7382bb94364fe491631d88ca68f800e83750489c4
SHA512 8d7258ae557ce5f5fb98fa4da2f55036df3ebe308392f656a1bc21cf09f0d335ada0b44503fb523b16e8067bc7803f7e20e5e05bdfcc9b4ef970e763975b8c93

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

MD5 3ba8c969da3df075b4e93b4da6d528ce
SHA1 c900c29fb77972c760c2452c52f4b4bfe8b1bc0c
SHA256 de44085c09d55f14e50a4ca37322eed0e612156c9c40ff461e135988d2155c1b
SHA512 40a5d14c9968db51c21e9973aa40d0ff2e39f60f6e02a04347503dab169ad7467fb38b2cc4d79283061f876eb4de2fdf8937b369b119c4738ad770a8901bfd29

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

MD5 5fbbd11da1447361d95430e07018c9c3
SHA1 23934454aa9c6076fe25696a8223c63ff258f496
SHA256 9018fa7df4d8c5ac5f77c69f1a33e696bbc91e2d44a64d3b81274c510242b2ff
SHA512 c3d1b0ed8493b07dbb496c8369c34011c9cd46c8020f9a693aa807baa5e375a09c0d633f14f05212d2e6ac7c4802e69bc13c186eb95086e0220a26a5523f4b7f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

MD5 41a0556b20be53d6f0f6268b6563abbc
SHA1 7ecdc442605a5ea093fd15bc9ce2488c36d632ec
SHA256 300a1a004ecc98ab7836c9bbdda0a499e86db1ec0045caa41b6f97e756410b4e
SHA512 936febdc188332c4b17f1ae9f5408f1117fdff4835e5ecfb1c8316c8e665f1216979f541e03059261123f0d407143ef3e6c5892f10d2c9545cf597ca238c9886

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\counter[1].js

MD5 b5af8efecbad3bca820a36e59dde6817
SHA1 59995d077486017c84d475206eba1d5e909800b1
SHA256 a6b293451a19dfb0f68649e5ceabac93b2d4155e64fe7f3e3af21a19984e2368
SHA512 aac377f6094dc0411b8ef94a08174d12cbb25f6d6279e10ffb325d5215c40d7b61617186a03db7084d827e7310dc38e2bd8d67cf591e6fb0a46f8191d715de7b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 122ace73ec9d072cbe9d5435c6d36257
SHA1 1b0fa724ea56a8e7e080f00055e565a4ac4b5446
SHA256 bf9433c76620d22aa3cf9b27e17940d946a53519884a5c3bb3b781b6f7f37752
SHA512 b23ccdf3b9fd51a40bb0a7b2b4f4981de029c5a6b425a88409d7e02501c33115f13e26d8e340410cc28d35bd08d4fc513e5328fdbb76af8297a8f0e81f7fc012

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 23b172cbe22d90eaa482942ccae68b3c
SHA1 9379a3389c5099cfa246177b6d44a910f132bda1
SHA256 0d5eda997a171371ccb284df549f28db14d6bcda7785b3678fb664e18a518ed5
SHA512 a14b4a194126d9113ae6d98ddf67ef583f09ad11b683ac047f2ae37f69005312d1facccfe88da56f3ca2ab9f20e129c46b18d0d096526c37d1415b74575cb942

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 60fd21f10786a51dc4cfdecb9145db92
SHA1 89d36f50a2f3401d1c4b17c59b4faa7d05cefa6a
SHA256 3d2a756b4217edd6b3941087a78df23c784e3aeb48ad289dfc25dd173a978234
SHA512 50d06baa8955dcb96189fa380bdef5a494f3dc7b519b3970875c9008483b3891a7b563f3516cadf5397679f7b05a04033a2762ada47f34fd59304125c1bf8593

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bd1a63afab0019724e0279683070afc0
SHA1 064d2c3df53dc2767ad5b4e81686e5a8816fae4b
SHA256 ed1ff1d0ebfe5bc4f615bbdcf23c2ad4ed5c05f5581a2b6dbdcc83b916981de3
SHA512 70834260f8cff111a214e8f8f11bb62f57344798df0e6b6affc9144ca0373d701f2519cb4e8ba218750a31cdc912eaedd4709443c91b4da30e818745794de31e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 448c0497e39e66fde56293943e652739
SHA1 f780ea1bc677a3e7a1ee4c8f27d60c63451fa8c8
SHA256 efa8a4da365a236b2af3c18d1d793d08a9e5bb9be66d164ab1823ae6eed37752
SHA512 83c4a64a4657c5196026dcb64bd203517a7fd041d93f7407e08d7c04a187832be25a5d93f36942fb6a4b6f4b10e56213732c2ca88cfa03feeb19ea86e296523a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5111770907fe8c65dd5a4387c2537b6d
SHA1 5462f4b541ea32bd0281d18a624941528ac04f7c
SHA256 d10c7c7bf9df2379ae3c7caefeb636dfa3025f99e765bb567bd9ef0125593668
SHA512 ffc5648b4cbe2f8242b65e663821fb4a4731834d159094c1f43b26cfbd966e09cf1f104be1fd685a5aece7a524b5590f496acced74b1afa3f29483b0919fa9af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d0fcb45b7f0da5b8c90cface3042120f
SHA1 82d9fdba310323ec5f1986ecd292b2cb7ee6e37a
SHA256 3418d6d020a945caedaeb936b9d3ddda20869f1c897f2df653997ddbb3a541b3
SHA512 30b93ddcdb9d1992e76be2b44a2daa582844b4041c52574c667eda1fcffc2a8717305c2239652ff25ea0b9f9b7094f4901618528d6a119e91e506169f0f9acdc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a98f9410031c4b8302838fe2b75fae22
SHA1 8524389569061badaf0c59e7d74bf70f42b8d07a
SHA256 9610c7650ed83a66fae53d5b535d170982ad59c750007fe118f5996b30e73b36
SHA512 8220528920955dc9dd78d33eee224486900ae8d1271c655ee2c6d59a4dae0be209dff9c235ed97c54a0ac90f534d1a6395af25388cf2b7f110f462a8d84aceaa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0e21f2d8d47eee8cbe1b6886d70d3c61
SHA1 67ec8edfb4e9637490838ad93a52dfba726dedcb
SHA256 5c98bdb4b167bcecdc0ecc6583a57b2679652002de31cfcda9b38d741ac588b8
SHA512 b4fbbd3fc7f6b8d01176595263776a9ee4d3c36938671e25e148ad6170545b1f0d4a4b541a193912533cfc5ed0262b36f5a5598b2cd79d9e463a0e20e16e4592

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1fc9976a4bb72afa2e449e633c7133b9
SHA1 848adc5f29064cbc6bf52240df53509c5432f473
SHA256 12266c34d5f1846613f1d6239b6f312f84a466816769e15dda19f0417c7b4a41
SHA512 79c2c9d733ea90d3c08e4099f89b8f4f339d5221cb0cbab904fd65942b7a2007416fae560efa5ca6a66a7514f2c33b6f23b8f6010eec424465def2e42d13042a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 604a96585cd080232b363e5b68a6ce70
SHA1 5f0dd2cf5ecb8c25f710451a90b9b98b460737e5
SHA256 2eb669c5b9c58491ad42f12cde0f37a1bdd2a0ef044524c5eeb7574e3851b5ab
SHA512 47b1d56dea80c6ffdd647173b1b60a0c919e47272ff295f773751945af0bb79f65a0c1f53d98738cd86a20091d1480b2c2a85cd0704e3ee19873a89d46583017

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7d050b62b305f4db52601f69fae904b9
SHA1 a694ef978b706cf8d0ea78ac781689faaedc4f33
SHA256 d1112b4184b61fc33356323363caeb0d12475197d064fa388f1ed02df360133e
SHA512 fc7dacc79ae606d0789b23d191777dc13480b47a8b2a0cd483346bc72ffcfe6071ce38f7c52d4a8f5a438a9fc51f0d20afa05be46667ca95dfe2c27114e86fe4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e548edbb0500f8967cd975e114521ff6
SHA1 350e3d0141e75bca3e78bca1aa7bf22619f33b5f
SHA256 d1ef592f24d27f1c9074e5f26fba5161bfb9f2432312450ac067dde1b38db040
SHA512 759655b1c08de10bac6417b8fe29c16891ad8d63e2f55efabfc2471b4f0f6949ce93149344369a8faf566eeb5fba2e5872f744ef77362bf0048807b7ffb0c3da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 208d3ac361156b3d242b01c15fb775b8
SHA1 6d16504819501d4cead844c8f6c13f374d601c1a
SHA256 0a5f53b5f398bd737e9e90c250dd25cb652863caba42995d59d6fb59c3550775
SHA512 48c4e3af19bb5564e6bd25e28e5f4e16fc54b1bfe1b21ced35552bc41944c2076ff87734a38c9ca43600bac7a51670ccb57aa51310b69e5f71a97eb92b2c35a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 564827e4cb11fb468c1a5fb6dc9a833b
SHA1 6b5f1faf75d9b0f0d0763c9a772f097dd204a6b8
SHA256 31890b077b780446413b06d8dd7df4469706ef09027a246ed6b56b65329e9e1e
SHA512 2a9ed524aaddc4d07d25ec4bed9c0b82a8b08c077d702b5229c15a559cc387c4a1a6629126aa2b4968f13603f03a55f51600760a75a1cb94f7decb4ed0dbd884

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bcd6dbfb3212203608d2debfd143039d
SHA1 c89d3c05232cc0ed42f004186cff83ebc3a9f086
SHA256 c8b8f4209feede10445326c1ea603bf4f7a30f98a5e91d1d1f2fffb07bde71c8
SHA512 bb097ccf38bec3e558dd4ba01a6dc7af359cdcb56ed03be82df4e63cc99bb77b792c2ec2a558ace386d94c7d44e1c962e39acea558f226ef1b61b83ea2f6c536

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4edc4a4ac0c6c1535d522880bfca41f5
SHA1 e06ad5d5cdcb79df9d3478f931698ec7ff0464a2
SHA256 15627b75206f78e802abfc2a177e15471f38f72f11a229c9191df20c03e45e41
SHA512 2e04161a3b8dc66249cd0e547187edb7a64b76a47a1d6e985caee4ddbf13160d65627fbcccf57741af90f332f7e138dcc5e3c1692dc2dfc726fbb3633e5b24a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3786d295aeae4670b2834658815a6a6e
SHA1 809c960eca4c9207afb2dd21f627fdb29ad747dd
SHA256 e94a624e2f23e2c717bc86d9a79683f1041f2b339cca8b1582ec8473a3a17902
SHA512 3db5c08d1ecc57b6fe9a4f0482bf285db7ebaa7a2b5e4528a228433ce4e5df6c94a189451d7e5b27a7ed20da5ce76b444949188b54a440a07b923d02aae2c9f1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 46294c0517cf4538f406fad01cc7412e
SHA1 69dfad565fc147201a42feede88a9763a861e907
SHA256 52f27ac2e651f54511b1b7c073a51166adf6b41859602c0382ebb6312d567b2f
SHA512 df624c414c0b1ae11b81c89d8180966b294581eb4ca0aabe3aaddfd3f48d17b2e45e7c793fe13233d46db7241489ae024c193a3303bfeb86603f5c9695ff84e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3664c5cd37428473cb9d8daee860ab76
SHA1 c4273b6695be71ad05a9f7d4aa77b19edac46973
SHA256 35fd5e4895a95c48c5ab7fd97845ed460b23161a0ecc2d805dfe1c90069f0b97
SHA512 d6c83cfa92307a9cf4069ff57717b279efd09a5dfa19483923cbe44a91cc3efb4e307ffaa058d519a6a1df3f9334220c96263583694cb945c757605c94c7394e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b86025282349f16abb4b4b5d99d8fd3a
SHA1 d693c48084e3e6999c060095e42ac43d81cf2d7a
SHA256 0d185a7cbba06c220d637b460eb51b91232737ad3f4ba09b76569cbfcd5b8c6a
SHA512 efe7f881aba307cefda111d3246ca5231e274bdec16f5143523564a08c38dbcb887b05abf1101779a16076bdd992acb4e7eddb002ef0331205860bf73750ec4c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 a6e55ac773adbf2c2635d0f3ac5ab07e
SHA1 68b8ae5228d3799f5bdbfda8f064673d2333b6be
SHA256 9649e755e4d7b9e6444ecb743c90b65206287f8e08164578f8a8e3bac33bcf9f
SHA512 d942368149534f257dfd9fb4821ee33f559698034c96dc536579a2a67a142634e30d484bdc7b6901337fcacb99c1ad712c3a44223d65358e09d9f909c17e00a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 83165a42227f6c9062b9af412fa34858
SHA1 fa8182dc910f362bd0c5d5ecdedfcddf06c4d57a
SHA256 0740b3c927b30fd6329256a4a91ce8887972d25f292a63bb9c235441b9f42168
SHA512 b7ea3bd32a21d2fb0c2f5b0f6440c1e319f906b11b8649b0122676b2a64113ec1978e3d0975fd466c2882b0063364ffdeee54aa6a30ee251b72a3e41427e58dd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d2137c33c15d8976d5e6646079164592
SHA1 b425259a8e4aa0ebffedfeba0df949551d43c46d
SHA256 0bfcd026a495b8ef5afe62a78963506d2a03c399bc2278fdd3e296ec1d408510
SHA512 f9937e6266eb4a937bf73e95ab1368a8cd81bd60b58e64666c5666fb0a0893d38b3356c3e3fed1eaaf893c72b0e9648a2dccef9b4c40ab86a80843c95297235f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 93a6edfc532f5e770d12ae359912ce4c
SHA1 b1d97ce2a9c8263e2de0871c5340fbb6aa1a4437
SHA256 5cf46da291a1885a2bf05e4ebfd7116c0e222feffca7f8e85865ccca5895e588
SHA512 9ec33e2a85d9c76d482411108d11a14f8481e87c0cf72c0ca8942957023d32459deb7a27c6b07b5674661dc460469c6eb05ec43b1d49078b7ce109b3cdc27dd1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 77d01b3fb256207becf797510c8ec94c
SHA1 d25ae0378448c5e8915cfd2117fbd0a8bdfbc68f
SHA256 a613367a048af5b7707b821ec6d9d2bb1776c55f6ada53ee0132bf1ebe3adba1
SHA512 5c93f82e35c67216c6e031f1bc689d03b8e5227de0714f7aad6749d4c0d59b02aadb2ff38b5328afef9a2b93700455668c7a96580bd56c6b8847067d0c388c9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 33e66837b64c9c157643490d1cbf8b77
SHA1 4fca97014775414234d874a8341d3468a0ccded2
SHA256 fb557a8c973669e04e3c2b2a5d8d5817bb1276e8017859c1471e5d7cc60587ae
SHA512 e30c8c97889d27b91e638ccd12959c6e546ebd3c37f71123fee52924e32847a894e027a2872e69be185f3c000192a73607c570bf839a68cf589aa8e298644843

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b63806dd6873ea081959e06b0025d6a
SHA1 2df42eda17cd6c54fa807ccf6b1c8e9d7f955a8a
SHA256 93bb9e66441650041b82357e2f33158d11bc296dc9c521f5e66ffc02873358a1
SHA512 66572de8ff6886cdc37dbe355d61cc23a4c0ef438db62180e24467c1a026102fa090a8fc61f17d12ff77e62e8e7c05c91a54a6b873cc5ffd8fb88aa0b031ef19

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e7f1ca8dfec1e3dca3f2cf8faeb57f3e
SHA1 5262456e1c4c517f5a381e6ca48841851ef5d951
SHA256 f06e966bd47259690de7346a8d0bff6f650528616b9d6c5c6d59aab760870caa
SHA512 a019430ff831f01bc22bec5f7a1356c6a9a625dc786850c5fd8be3b68e321982df7ea772c90c3145bd51a328314ee282ffb28e1f975c4a2a70c10f42dca20713

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 93bf4b798a9c5806edf7a2df29ae9ebd
SHA1 81996b187fb5c749ba9d846f8d37c42762150562
SHA256 011bf876818528a00ba89f7018386ac9eafa033fb58f89d03435914441e1b709
SHA512 bf8ff271bfaa90223dd0a40ffde29c76f0c0204a744b447d4d645ffb2fd3a533e85449214b1f9176c3b38d14a51c12bdb2db52bf7b08249f8c6fde7af3349233

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e386f5ef0e8a0083d90240dad74b8f93
SHA1 02f1309fc4e86fd71060741e98b25770c539ff24
SHA256 093513042f0c8bc8e199a22fe5cbf38396e7672ce181384f8fff0e82efa554ed
SHA512 7fb03603b25191fbb59eebda2175536dca4a6494a144a297fba10e9e5612b8f24aed78c622bd30d0cdbb9fc003bfe83d0d068a30fc8080b94c2853d05f474da5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a73a54e1d547123d94cca161c7ef1fc
SHA1 2b5f01bff052306b438bb2d60c82ffff8387bd2a
SHA256 f3fa4c26c45c6b2a4c2703ec5e97fd5767894f2c106d1d02ab52402284c5df33
SHA512 06db2828b84a128e36497f5ac6ef483dda9d8cdac03c1a7ebdfdee0d4b222eebafe17354f6e8d508c58ba1e4edb3197d2b861c07e761c318bec1495a7f1b43b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd58f4b3fedceb7f9f8a723f4626beb1
SHA1 f33005e72f88e315967ebdcb466d0e74d5308714
SHA256 5dc0ec616e9fa9a767fa37b7d0194d05f651a8513bd3d6bbee07bbb93d7eb7e8
SHA512 46f5d33fb66cd479a7556f712d3f4f474d43d71fd2343e05fca4cfec071d8583d965d62fa2ee825275f45f296c4652a5a539fc9b89f33e5e1ded8e29d2f9c432

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a52190e5c950832a54d6686382cd429e
SHA1 f94794e2addcb5bda235706232dc39ed0f61e0d6
SHA256 d147163d7f84dbf621d6943d8f731d60d1555b2e85ce54c11a14ddf51baa9460
SHA512 b3901c09854fdba872f104e99674f44594b2946c3ade7763042374df3c97cb180bfe1cc2381bf37c17bb11e60f54a14a8d2321f0275d6b42fb45ca43223d47a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0682c530cbc86b51ffadf8fab47acd54
SHA1 b579464821b0fa97236a94e6170333634c3e7037
SHA256 e71e0d6ddf330853d4e4692ca879e8d75febbb10ddeb8420679d18f457de43e5
SHA512 26bef49c696365908e3605d7bdf8896b9c2ad0310a0097334dac75ece4b8039bbaca0e5f1cddae366e8cebfdd3b4b79b45452d96ee3e501449f277d579fedf91

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ed9e1d9d57c9681e2308c5e8ca6b1aed
SHA1 429f76c735383f80bc1dcfd8eaf527896f871120
SHA256 b92bfee8ef081c7fbf9df165d0419bce401f6f676380ef45c4e9cfd3e92872ca
SHA512 81ac5ceea105786d7ac8521831b1ffec92b1eebbd9f9a53e152abe8fa56292d9b993af9b597953858e1c89730f5ea7ea5e1e37a11386490bc700b13fb29882ff

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 08:33

Reported

2024-06-13 08:36

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

124s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4a6e8986f0a1940a8d887a16364074c_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4752 wrote to memory of 3752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 3752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 3732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 3732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 3732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 3732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 3732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 3732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 3732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 3732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 3732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 3732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 3732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 3732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 3732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 3732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 3732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 3732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 3732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 3732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 3732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 3732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 3732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 3732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 3732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 3732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 3732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 3732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 3732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 3732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 3732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 3732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 3732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 3732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 3732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 3732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 3732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 3732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 3732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 3732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 3732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 3732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 1064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 4656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 4656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 4656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 4656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 4656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 4656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 4656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 4656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 4656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 4656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 4656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 4656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 4656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 4656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 4656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 4656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 4656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 4656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 4656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 4656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4a6e8986f0a1940a8d887a16364074c_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe676e46f8,0x7ffe676e4708,0x7ffe676e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,18336597632432188441,5357807084643835939,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,18336597632432188441,5357807084643835939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,18336597632432188441,5357807084643835939,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18336597632432188441,5357807084643835939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18336597632432188441,5357807084643835939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,18336597632432188441,5357807084643835939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,18336597632432188441,5357807084643835939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18336597632432188441,5357807084643835939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18336597632432188441,5357807084643835939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18336597632432188441,5357807084643835939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18336597632432188441,5357807084643835939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,18336597632432188441,5357807084643835939,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4480 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 gninethree.com udp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 gninethree.com udp
US 8.8.8.8:53 gninethree.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4158365912175436289496136e7912c2
SHA1 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA512 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

\??\pipe\LOCAL\crashpad_4752_PGXOZMKGSJSPXFWV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce4c898f8fc7601e2fbc252fdadb5115
SHA1 01bf06badc5da353e539c7c07527d30dccc55a91
SHA256 bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA512 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fafd0274a9feca8f763f142d0ad5fe25
SHA1 f5e1d77317c4216fe35293517e2c8a7bc3ac24d1
SHA256 292cecda87732ae6da982ad69ce996331c9f07167c92f94eaf1db74dad8fd728
SHA512 1bbd923f1a4c07cddbe4072ecb3ae6b707c3b6195460949b77d7750b184b7ad6ffed4e829743e3ef52da117dde92fddeb0da34fb7770c41be3e3f7340552addf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\c5043f9b-5973-4274-8d57-6a9ca9345c5a.tmp

MD5 18ee5cb1ea7d7a7e6fca96c675b81fc2
SHA1 d30c9a8396ba2186ca40224b2d9b3fdecccc3dad
SHA256 3042628680d81457880674e372c4c008c3ef5378544916791938b01270e66d7d
SHA512 0f5d8b7eb3ba3401a8459e329bc06f6e42d66e9ea1c23cf6c80a8ad4500cb41535989de4fca9f8d36e977a212307f5f03a916bdd136ff55442ce54ec06865f45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 00319582fa8f0b3ce7e74b2c7e04f43b
SHA1 79bbe1244dd321c8485a953b6590df692eaa252f
SHA256 8bcd1eb46f3984e4152b6f26c67830bc49aa4e07f74828fd9b2d21240fabf8c2
SHA512 62beaa02e3fdcad6f095d15c07a9dae9237ae0b2286da7ad4cf4eb6e3c752d3e6de402ab8e1c23e72bb15419a76f5357471f5f5c189b713c56f32539203823c3