Malware Analysis Report

2025-01-22 13:03

Sample ID 240626-f8m7pazhrr
Target 10e35c0d1275ee4c043a052b93402580_JaffaCakes118
SHA256 450f7c7db954790d1b9ca5739a939daeebfcb04c75719b955d2afb7ed088754d
Tags
vmprotect
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

450f7c7db954790d1b9ca5739a939daeebfcb04c75719b955d2afb7ed088754d

Threat Level: Shows suspicious behavior

The file 10e35c0d1275ee4c043a052b93402580_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

vmprotect

VMProtect packed file

Unsigned PE

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-26 05:32

Signatures

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-26 05:32

Reported

2024-06-26 05:35

Platform

win7-20240419-en

Max time kernel

148s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\10e35c0d1275ee4c043a052b93402580_JaffaCakes118.exe"

Signatures

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000d43e659c049e024721409768ff45fcb43b8291d60f59690844a53a7fdea99270000000000e800000000200002000000086ce9c74de4e2eb6fe1f3b261d62428ca461d1f77d109b64f10c7fa7f40d77ec9000000080e382ec150fce17b93c7ac72d0105e0611cc6665ebb53255fa40030b02e79b12ca46ac262d46974a8409f249e903069cb62ce33ce9229f242ae998bb9de102ff0875765979d8f8c8f5d9a2c5a3bcbe5bdc88e1c09bd65f2fe238499bec6caab72539e0f9a7b6fb9225e3c656da214b4c3e2e1ad390d631bba685e1e52396297bd364ad5b49ad7e455fa62b5d55cb60a40000000c808033fc1785999ea7e13d499547188bf8a80686aa7f2b24c1f02efd81eabd7795847df40d477d9a55b8a4affbe65e4579d77ca822136f5ccedeb5c8679e556 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{83DB7931-337D-11EF-85C1-E69D59618A5A} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425541831" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\10e35c0d1275ee4c043a052b93402580_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000f49114e8bf65999bb2351013a87ea9b937bc18203f02a8093c499daa7ff9a2dd000000000e8000000002000020000000d41ed02dada5bfce09034055f7815303c47c5161e0d8cb1fb3b2e24003af90df2000000032f1d6f3515caeb5b874097a10da10420252a54ee487a03d66bb969a8ae96c9e400000004ae956e8e465710a03751958efd4d5376216e59aad9eacc88d738ebf9922db57f4b599eb84eff9311b71a86093f1604c058cd400ca8ddb4bad00b15f889409da C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a07ef85a8ac7da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\10e35c0d1275ee4c043a052b93402580_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\10e35c0d1275ee4c043a052b93402580_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://www.tt336.com/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2088 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.tt336.com udp
US 8.8.8.8:53 www.tt338.com udp
US 8.8.8.8:53 www.tt336.com udp
US 8.8.8.8:53 www.tt336.com udp
US 52.86.6.113:80 www.tt336.com tcp
US 3.19.116.195:80 www.tt336.com tcp
US 3.19.116.195:80 www.tt336.com tcp
US 8.8.8.8:53 www.hugedomains.com udp
US 104.26.6.37:443 www.hugedomains.com tcp
US 104.26.6.37:443 www.hugedomains.com tcp
US 104.26.6.37:443 www.hugedomains.com tcp
US 8.8.8.8:53 static.hugedomains.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 static.hugedomains.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 104.26.7.37:443 static.hugedomains.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 104.26.7.37:443 static.hugedomains.com tcp
US 104.26.7.37:443 static.hugedomains.com tcp
US 104.26.7.37:443 static.hugedomains.com tcp
US 104.26.7.37:443 static.hugedomains.com tcp
US 104.26.7.37:443 static.hugedomains.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 104.26.7.37:443 static.hugedomains.com tcp
US 104.26.7.37:443 static.hugedomains.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.200.3:80 c.pki.goog tcp
GB 142.250.200.3:80 c.pki.goog tcp
GB 142.250.200.3:80 c.pki.goog tcp
GB 142.250.200.3:80 c.pki.goog tcp
GB 142.250.200.3:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.200.3:80 o.pki.goog tcp
GB 142.250.200.3:80 o.pki.goog tcp
GB 142.250.200.3:80 o.pki.goog tcp
GB 142.250.200.3:80 o.pki.goog tcp
GB 142.250.200.3:80 o.pki.goog tcp
GB 142.250.200.3:80 o.pki.goog tcp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 use.typekit.net udp
NL 2.18.121.151:443 use.typekit.net tcp
NL 2.18.121.151:443 use.typekit.net tcp
NL 2.18.121.151:443 use.typekit.net tcp
US 8.8.8.8:53 secure.statcounter.com udp
US 104.20.95.138:443 secure.statcounter.com tcp
US 104.20.95.138:443 secure.statcounter.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
BE 64.233.166.157:443 stats.g.doubleclick.net tcp
BE 64.233.166.157:443 stats.g.doubleclick.net tcp
US 104.20.95.138:443 secure.statcounter.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
NL 2.18.121.151:443 use.typekit.net tcp
NL 2.18.121.151:443 use.typekit.net tcp
NL 2.18.121.151:443 use.typekit.net tcp
US 8.8.8.8:53 p.typekit.net udp
NL 2.18.121.214:443 p.typekit.net tcp
NL 2.18.121.214:443 p.typekit.net tcp
US 8.8.8.8:53 www.microsoft.com udp
NL 2.18.121.214:443 p.typekit.net tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

memory/2116-0-0x0000000000400000-0x0000000000A5D000-memory.dmp

memory/2116-1-0x0000000000400000-0x0000000000A5D000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 61112eb9c4f3b7632ca3a2c01abd61c3
SHA1 585fbd936765bcda85ad299a4d3df9f7f13b7ffc
SHA256 eba0a14355909b1b0b198041968067faa1254d94f1bf201a80acd832fb355c99
SHA512 5e3f663ef226245f2710fb384e250d898ab2b8852ebc5fa227b317c8c344854b42996ec567d8a7646ab0a6875c11d5b98880cbf959b69fd4b5a88ee27074acd4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

MD5 0dca30a3033ddb1d7fa2ab547f002146
SHA1 80949cac1c1bc3b4024ad7e362a51f4a73a2d7ab
SHA256 83a7c6a6f3aa6848ed8e514a3ec97411eb79be1d4a5d9dff8a4204c9b05c10c8
SHA512 1ee38fe4b7281c288fc251768248a1bbec9402e8dc2ab49b2cc2471fe6e6ef89a9074b4abb321cbf82bdca0a46ea119469439e06c1a6d9725c541ae319beec19

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ffd54d1e2cf61dc11307ada4f46366c2
SHA1 4847489295cba90dc88ff20927cf658f616fff7d
SHA256 a348e68208e6b54655269b6b31fb22d575547e197580c209375508854580f6ec
SHA512 b8ce6b4651c53131b4e553437d4feed03edf8768b17843b00575ec2155c8dd38936c12ffa5a5dcee9b849cf559c7e6a3e1458a224a2ce149f3ff50b7b4cece63

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

MD5 8202a1cd02e7d69597995cabbe881a12
SHA1 8858d9d934b7aa9330ee73de6c476acf19929ff6
SHA256 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5
SHA512 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 ec5647cef1cbb7ebb961026e777b2300
SHA1 4405fd9f248e459b662fa3a2cd7d9699b931a0ab
SHA256 ae8532859d10f1fa9685cbbf9e821b518cd64679e9105e8905af84e230228c11
SHA512 9caa9198230171bdf1dc7a5a50e5a3e2e173766089fb5bcd51141101a9dae72531c5dbe520fa6fa6fe01d205dc0b4d270ca5c58befa483c42fc98d2a319cdf40

C:\Users\Admin\AppData\Local\Temp\Cab19B8.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\PGFS46XL.txt

MD5 f06a4410e077532bcfbf04271d0c76b6
SHA1 78605b067f3c7fb3ab431916271c351277560e8c
SHA256 6c28abb5946242e9bb41d29fd96273bbae2cdec44271fb7d12070adcc1357a94
SHA512 d301ec4587f73942afd887c6083aa3f4d18e585819690c54ed160ce2b4f195d6b74822f52cc331eff85ba80e3acd28fca914f0f01b1d9f72732795817a0dddf5

C:\Users\Admin\AppData\Local\Temp\Tar1B31.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

MD5 c5dfb849ca051355ee2dba1ac33eb028
SHA1 d69b561148f01c77c54578c10926df5b856976ad
SHA256 cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b
SHA512 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

MD5 5fe46b6a55c82a7b4ac2911e8989fd6c
SHA1 626605b3382f50f27024d77fad4a18ba36bb878f
SHA256 67a7d431c616d4bffe3d1c5e2747193d958f3cf07b99d2d2b48db27ca67597fd
SHA512 518982ef6311db60bb43fa3f15784ed6a47f0fa6c223dd34e611e0da7645678b538aa4cf6c7daec122c2daa444f20a75c009ebc3d8bc0eaccb5019c73ccad295

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 b28191a7d75e6d5e641121fba93bfe6d
SHA1 3033640bbbe378e37c3c544d10f1bedbfe80076c
SHA256 11b9adbe337ffcd245840f8ac3b9be09105caf4ea0ea3eb31096d6d837e8683d
SHA512 6df62c5ed00e758e485f60e0da4b39c5f46a17f2310871d70d81d483dc1161489bfc126738808b171807f57111d12874952e523fbf5d98a36d4f139373ce849b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 8d1040b12a663ca4ec7277cfc1ce44f0
SHA1 b27fd6bbde79ebdaee158211a71493e21838756b
SHA256 3086094d4198a5bbd12938b0d2d5f696c4dfc77e1eae820added346a59aa8727
SHA512 610c72970856ef7a316152253f7025ac11635078f1aea7b84641715813792374d2447b1002f1967d62b24073ee291b3e4f3da777b71216a30488a5d7b6103ac1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4FA45AE1010E09657982D8D28B3BD38E_C9A4EE50DBC832CFBC131D902FC90F41

MD5 351dd57eb197af846968719bcdbf4f4c
SHA1 a6d7fe3e9e42d6b48f10e9a6dbdcf8e220868d5c
SHA256 ff5d23328ffc441eb4e1a809a2768d5f0f7130f907879fc43afdafd818ad8010
SHA512 efa08ec0c443dd16d298712c75e571f5cde6543f2e7e4e391ac5a74bed7d66cdd05e1c3077a544375f4d477e8cd0fcd7426879017a4c7ed09b44c9a23c370d7f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4FA45AE1010E09657982D8D28B3BD38E_C9A4EE50DBC832CFBC131D902FC90F41

MD5 2a50d94aed434ad3ced10fd0aea5879e
SHA1 4431859f6072ad6f9a8b715ad2e9f6e2f7fb6b80
SHA256 0ee9ed08d0160b87d2cee63a8caa74bd32bd6fc5eeb0a75b5437b95a4bf260b1
SHA512 5b79474560ae2eab1104ad084858d4d17a8342a742d84cbb6e8bb72f554509abdeecebd5cf82dc3e4baf6655b14a1ad31c9eb1736f162a4a1f9ba2698f7ffcec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_30FD2782DEFD8E396CC8E371B3BFEFE8

MD5 7a34121b7a92a9e062f4e709f13f8b98
SHA1 25b4ccdbc0d704ebf9bb3431b802351c8972ea42
SHA256 202e7b7f1f53ee443237523ebd121e992de10e45cdb303c5ce432d25bee3dc3f
SHA512 8da09991022f0e0c412ba67ea840fc5902d6ddd0d5297eb58dffc2feb979fa2dc6fced01d8c48fb3fb1cd8aa2b17b9e15be953b98b853b724a72d0709bccc08a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_30FD2782DEFD8E396CC8E371B3BFEFE8

MD5 f80a62e328f6fc61a666ceb295c1f20c
SHA1 4037ae7a6b71d5337f790330d7b72a6c9c141617
SHA256 3b531a769b125da5c68dccc25c088341ce7e2735902a86bd3e5a9366f9b10ffe
SHA512 600fa06407edf2a8673349ccdd0673a2ee8acb6d4928ebb46d1094e37cbbf9668566c23e4e6633c9e44598ee0dbc47e96437c3797b4d78c3000a0ce4fbec01fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_30FD2782DEFD8E396CC8E371B3BFEFE8

MD5 4372a543340554e608423200c68f5cef
SHA1 c969066443ee342c38594bed8f3fa6693887e72d
SHA256 ee93c287f6d746752cff984d1f7bed9e6301a1fae34de00c47f9a3ccc2c3907f
SHA512 5a368fed06acabe63e8e79ae9d8914defa2449e323aee33706cbf95bcc7b4abd02a71b736a0fdea123deae37f6d7d267cdc0623d77bd72b47b1029e4378a4a6f

C:\Users\Admin\AppData\Local\Temp\Cab1BB1.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar1BC6.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9ea386c2ef3e2056aba308d3832cc825
SHA1 01538e59d5ab02f8ebf238bc866097e727b5a831
SHA256 3e2214897ecd547d72a6927fe17639f6fdb60cb8d8d0d2c7a25b65a8384799a4
SHA512 a21d9b0dba25d9aaef898c417b78def092af907c42f95f4571c3733670352b199f24d05309d374a86074c9a2cdad3837bd706d3c3463b4b646c4c613c93f2835

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bb79559a20e021e185b8625c53b03374
SHA1 1030f6a9ad06bdfb50900ceea7361156619f9c09
SHA256 39078549e85c06a7a92452c04928dbcb861f2f1e07887f4d23c642c25a835481
SHA512 3c954d62d02a5b397568b2f425fa83dd001ddb223cdcdbd637887c75d2ff50dccf27bca36d5ec992806170f7a1f2b4e8dcaf92eff0abb606a7e1ab8007880ee2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e965be16e6a1c61f556c423f67e30458
SHA1 983275b998474fa6b2dbb81d48a78d09b0557144
SHA256 e0fd81488717c2d01195134f7e4e256d8ea2ea89e0b4f3a39b424371193c21af
SHA512 c971ff53c59370531d8f6d124190000fa90bf6e65abdccb9db772b0da83fe7527acbb4fd64e6fd65d75410a7204b45b607f1b7a8850182450ae5a6ad96dbbf08

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 93f58a962509b00b40ebf46fe2389aa8
SHA1 09eef3b14e6d5f801cff23142959d9e5e5ef065a
SHA256 727f51e4c47cf7d511fb7cde294def16257482ba52422fff84bbf0845dc33e60
SHA512 4f75d5a5f9e840f4f87f658869fcc7a6e0a9b816da2788d4a2915c43110478d36f8d99d081be031da0dbfdfad5a00a6ac49bf604db4b546ef7d33e1fac906bc3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f37845aeab1124ffa264b2b7a5ce457b
SHA1 d3766f07aa7618637c05ea55a3a5e344bab72605
SHA256 0926ede60add27c5b7c0d4bb5e9388d93fb548d9bad3b9295afb424963eaecec
SHA512 fad4d9b4145651134d2a3d2f5d6b34161f3ea7e4d09e2281110242b7586eb48543ef0bd1a3763deff7366847007c206cb88d165e23c4316b7e00d01341e8378c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1bc9107d85cf095c29bbb5c2716244e3
SHA1 2a2e0b3715b56f8169708fa347a92d49ec53308c
SHA256 20907d1bbda42818e9e88290684a5caf0e2af6a128d5c98fdcf43981d046e6fa
SHA512 9616d2367e63c99fe56daea2c73a36fa4786604adf8a648089334ce618192a55b58a55437fe59fa4eee7c49033ebff73d972931ce8adb99f270204401e7b27bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 94b70d5443d039c2342cb53af480ea1a
SHA1 a88615fef8ad6312d43f273eed71b3cd4822589e
SHA256 200c547acf812115405c70c3e21ab33791d41e2dd1373f16b7f176e0cd4f4397
SHA512 a83e89d8003d582668bbe6ef0d1fc3a67b6f036b328ee1bcc18e953fb61420087862b92fefe781d53651918b71bd790651ea73dccff350d82e4446ac885e9a39

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 291e70821ce148bbebddc3b7cc59868f
SHA1 016fee57917dfb6c60f3c5baca6acdb4cdee88b9
SHA256 f4736dab2a47c531ce2b17094c994d72617ce8f90ca6b5fba23261fca61f6be3
SHA512 1ad252b62d8456996f984851dd01f29f698d4bf6be86fc66cfbcdc709ab421db3f03b313e1aa5c789c3deca0242a07616525b4bdb93b098295b253f0e10d9e60

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 494a044a60fac3c4f8501c8c9ac7b1d9
SHA1 a94cd3f5d76cf8ce4d0bfed020b05177a6968102
SHA256 08a4c9131f2849637694eb2184214862ae2dfd289ec05eeed0a0926f776c2660
SHA512 b708d31c65ea78de5a060e7f0882d9ff9500cf514a5ad7a02d55cc1a1328f85db64fd1723f6d764648226dae12daf4bd83140e98b2281bf877f78577bdb63858

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7bc36cac0b62e52b6620ff0ccc8bafa4
SHA1 acded499f14bb5b377fe36a4a095cbb6ec3f9d6a
SHA256 58bfdfb05e43e9b50b7be6ef48793113431860dcec26f44ec9353d8bc00841ba
SHA512 30ecab41bcea0b60859a5c9c5be557cee019e8820b9f2d50406064f5137dc979c2687cb0e1cc0eaf98bff41f17d8124a9b5ab3feccd8cccc3bab45344b08dc00

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 59b9a8a617fa12fd360b1b0525efa66a
SHA1 87d09f8ab41480a0f8dda6c4832fe76712f0b148
SHA256 e875acf28c55898f23d95fc4cf654ec0f4b673cb41ca91b8618f5efa2b406c8c
SHA512 8cd64e3327f1be280acc2e97b05063de1a2315b14f5e8776ac1107b9a30f272e88d14c817a12f4e4486c386de623bd59a1b5f953c2bb9a6caf3639615410b0f1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bd37ae5f5b42a9089603770b9e756aa3
SHA1 36f6407eb7f7b0b5a7b543b2fc81aa6bb65ac5c8
SHA256 2f304c39be438a277613b218212ed1f72139eb23e6516e044394e502d19f3222
SHA512 36fcc4010a68c370df9ebc8b067df9d92d36697b705355d97c8dc7346958ddc114da5d1ab9913e84df666a818126b173bcaefe5265cfd3fa9da987522b31ad2b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 53e16e3cf0452594f98fbc00a30e9c13
SHA1 900a54a3033ac117383cbc0198884a11115a17db
SHA256 a4f6a5ef915fa8c55429b041769f48a234719c7982c906af1ac6147dc16aa5b6
SHA512 e7022fbdea39b880f84dc3f15c65962c3785677fb9b48bf40b1c3bc0461a043a960b6aea3c1db6f39f9b8bce180d1ef2de8401f2a3a54719ae2d3330a023a10a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9dc769ccceb4fc6106413b6c7c0059c6
SHA1 2f0b56379a884b4fe1555d9ada2a0ff940b46f1b
SHA256 3e36511898a2d08accc09632878096e3677b357136998530cf1b2cffe7c023c6
SHA512 bc50ea62d2a0d670e1ed78eb317706d93ca53dd44cc712af1364a0e0582a65984b63318dd2abdca49720d8646711519639836a8bc16107c6fc95bd45a909679d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 78a01e804d435225a3b21876721eebb1
SHA1 a08472ed5bf1ee3f3e65d4b9502b0bcfe73d4ec7
SHA256 bef33dc937f358908222bffe34e9f205c59dce459629a8c9812dced8430ed81f
SHA512 ba6d20ca242802513eaab7f60d28e8a60e74b88b44350f48b2df8c7dec023588cf478775ffacb1ddd511832867f74530c9acf7a08d686c72bdc94c740ad5c2d6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 55ea46bd61b573e940e4702f411c151e
SHA1 4881edfdcb2e0cf318d123c57a0a3bf950ea94ff
SHA256 3583663ebfb13020b3e0f15e318e2dfec2a065c9d942e05e663f86a9d04315a2
SHA512 0ea9bc08ba35055a73b18490686a81f6f55422ecd2687b744f4946e907598b8b897e06e76c6aba5ddbfe05d41842f6a1efdfc5d6807d58ef5c8b77d22374b773

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe50a372523203c32a2c28d718135183
SHA1 e94ad9522828ecac077936e8dd17f3c1028dd01c
SHA256 cc951e943b897275b9b668a54722e436b05ff4f98fce20de9adb04bb792fe9da
SHA512 2f9fcf05fbc8b48992935786bb288a7ae4b9eca563ab68f78fdc807b90857a7fcb3da8771ff50c20f096156c607930c3f66bbb284a8c97624b967c0967e070e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 333557446b0d1cc9c8f1c525fd46144d
SHA1 d74a91def2adbebeafe400cb81e44fcffb71cf30
SHA256 1ce1da95eb94dc24bb9a73a8d2f04119fb0d07648901b8af0b6bcca5c51963a3
SHA512 acff68d20e4a72742a61559a9fbff8f7f4a69fd5febd82728d5c6674389cc07bd282d643cabfb1b0167b068283d3c16aa14d96f1eb649d097fb46d4b975be964

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e855fb090c6c7385c5e52890202410e
SHA1 b0f66c90b31d193d6a5a6784f903295d27d0da97
SHA256 1671a1c4609ab697998665ac4722df168336d20bbfc00de9ab0c5302f11a1e65
SHA512 4fbc27ac9bd68348c317b8e1897bc4c373ec8bfa786f021aad9d3cf73d16fd17ecda0e982a162de84a2d5968c52e1c5c0c505a444d9b1bf68e7128a63a237318

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5cc05d2137d12fbcffbc8136fa4cc0e5
SHA1 d3156db2c55a7eea0df41b10dfaa41451959c179
SHA256 00a51e88a37d2442cc3ffcd3817218bcab39555d589c64ae8d7224a4ca045972
SHA512 db13b3e0761b94589e9fb803800dcfbbc2264b0701a59590804ba35bcd6457f0d0ea23cc5af665bc1e5a05ec149fc0f8b852437d58f1a3e21758b5c94d4370d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9f3a1d8b42d7dda9c675f0b7aa297302
SHA1 a60aa115ba2d5593e1dc8c82b916849c7798b2a4
SHA256 41b0e6e2a653f1cd87713e18c5c3bea3df2e05efea412a1fbef14c545f9555cb
SHA512 6a151b45429a7acb6d096d51101946a6f7af75ed49cf4fcddf14fcdaba836e33b4db8bd76398f3ac11d27587587b397ab732a1ca8c8623ee1143a72c2d09b806

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c2da865a33c621809be396286889625b
SHA1 1187232b32fe25c20bc9453d87f7be94cc7830c7
SHA256 dc9056af81b237da79e1ced976034cd62afb684f48d36aef85ccb3a8ab7a2e08
SHA512 d3819fb80c17934972b0e0f9a3cc5be314ac9fcae4870fe74c42217586b63eea57c41985823724e1207892400e21d50325b0f9fb99817129d8822afc73eb9b8a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b6fe7ac0ddc235190d24c40486553f84
SHA1 02fb6aa8ba854d36b771459d11ba453bb940d883
SHA256 7ba61da09afee73a8dd86ddbf8ed40ae6041fe5a281457532b5bebca4659a8c1
SHA512 914198cf2f21c629e5317ebbffc8212e1fc78910180285f56f62a955f708c0c12ec7e684f767fe8202dcc7a6d71f18f0c91b27a9d7a7f5e57b488a391ce01c7a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 764a900f34096c8fd367cb53e34e3546
SHA1 f7d08ae2897f02bfa180d9d373f6ad31dd3f7db1
SHA256 d53e65b833dd9ea63ad633306dd9e5b7743f836d6182937be18458cf866beee0
SHA512 caa92fa3ca5c7249bcd4de22e29b57d3ac93230ce1ee14dc88143204331b36fb975c22d10b4f5ceb337ae57848f1c987b90d1911dfb64bc2dc3176662109f7b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ebf6036f92652d0d941c2ef846110588
SHA1 c8b0d0cbc513a6eecba58b7bc2424def79389030
SHA256 186dbe5582dd247716252abcff5b794990c91650ed1005057e17cc85378cf3fe
SHA512 68e1cab233620156c1bbeb7d41d8127f5d40e300afa5be3e08e0dbd5c7414fd5fb0b33cf4a103a5b8c06aa38f6a5add9bc788fa60d10387ad76c59a61619a72b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6dd92d90feaab51ec06113ba3c0ca194
SHA1 a4c42a4167af9a4b7ea4d15d21ad87ce083db6f4
SHA256 09e9393c860730cc9df3904cff103532ba679641ad42e82dc2c01d5dc2d8e37c
SHA512 b41aff06d3cf6b847106af72f4f6fb16767fa02b4d1cd7747c5f41e4d94f42f5a9a6c7f8386d44078558ad5adff1e74236bfd69acc7435e40561649a9a1fcb25

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 042a36945cf059fd8f49ca46fac2df37
SHA1 8644610d73322a8e54d4982dbca0f5790e3987fa
SHA256 be47ba121058a7001b68453ca9051534a30939fd80b9185418304a4bd781d091
SHA512 549d11d1fe67d3a2a6f0fe8d1aa3e2eaa77d54d3fe81f3ac2be676d75ec51c53c1ed96ae2a4fe42337d7cfd6b522733065d7edc674d498e32fd63588a79fafca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f789e5e0010197e4c2798531a52b110
SHA1 8e1a3558aaba02c8d7e857169ab0dc99dda96772
SHA256 c507ca1ec063148d60b2770334730579f83401d253a5b44c75bec50890b636c5
SHA512 2bc51559a3e479f7f926eb7d9d631a365f1e788fb870fa16f897c6fe344f8c4df05464b3ac15671cbe1611600f07c78020bcc9fe2973e05ce8084688b5dd10b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bfcd2d1feb5a60c0d2d2cfae119a3f54
SHA1 5dfff0c1b7ba5a362ae1482fca8d86128212ec4f
SHA256 1fa9224b811afc6d62ee4e498b408a3717020aa5b573d0f62824761cdef43500
SHA512 7e14687aaebc6c057ea08330fb773933dd3ba6b2fb1d02752a848580d7933a6e1bb3fdbe18972a6fce1de0549b4df2871c15aba2cd9b553eca3d9b78d3d19274

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 50986a975e1c6e6279c949ec13702e49
SHA1 c506498d62474f91d26d09e0270c6ee19b7c319a
SHA256 b55fd3831a39852f70c723e6d721ce6c377403b9ca7a44498f50713bd6925a88
SHA512 9dbb78cfba29dd7f19621f5b77b041703880095b9cf2bcd5137787ebec982f585c95844deda219a71a2aabf620e37b00411644b24519bf9888b3fff0b58a3859

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\recaptcha__en[1].js

MD5 1bb4ebd5a1126f7287c58e242a7188e2
SHA1 f06c98f9b76c942631ca4ced196b6ccff5aae339
SHA256 4b20abde9f7eb27dc344dbbb35f59aba01e4cc70262c07c260beadef9072f25e
SHA512 b51fe40ab04c98c21b1f233cb335f5d1ce2f496a2b07544025e5a89c171413ed1755bd5d9900ea43f0495fce190d4607b6d53c3d8078ebfaaecefa97471c8abe

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\favicon[1].ico

MD5 0106d4fd24f36c561cf3e33bea3973e4
SHA1 84572f2157c0ac8bacc38b563069b223f93cb23c
SHA256 5a6c5f7923c7b5ba984f3c4b79b5c3005f3c2f1347a84a6a7b3c16ffbf11777d
SHA512 57b77c5d345eca415257e708a52a96e71d3ddf4a781c1f60e8ba175ea0c60b1d74749cd3fa2e33f56642ce42b7221f16491cf666dc4e795ecc6d1fbfdb54ab98

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\wi962z5\imagestore.dat

MD5 f5dcb61f1c926a107cccc3c40d3f1318
SHA1 bd75a4128b8901e87723fd2121377796457b02d8
SHA256 f4d71beac1c733a239bcf160576f5be6c245b6685d04b99fd0583cd6df5960ec
SHA512 f0300f1b56d97ce88b5a14852ad1b2e75ae794b6c5dba361443689cb90a41859a8b1136d91be8e09a70122268a039d6245124ae4f7b0895b8c8afae069d6779a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 074caf92a24429ab6f6e4e2a40ca80c2
SHA1 7cd767354b830f5dca4cd1f9fcfd3c11c04fa879
SHA256 f423d03bee03b332b81c368d6e88c4740579fac291edefa2e949cb73634a7fd0
SHA512 3517dda1bd158c85551cbd53943fb8218f088eb2c68a0dde278f46d0892ed1ba966c97515c59943fd65022e8befd17e21734ebefde3d3419c94d941707e175f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d46d2a2f27347964d3c57a44e2ce346
SHA1 b1c812de6f98549a483d3c67c1f26e3ceb4d0edc
SHA256 ab0d798c7c502ab9296364667c9e5f16f962638f1709db0054bcd234dfc41b9e
SHA512 84d09c3e5997bf9572d382aa0a12b6b455322563fb2fd57fa3b88ea07c8d9ba8c17eeef0cf5ad8693c14278d23b69946e0c66526d63a0f52b99cced9c687ab56

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a33dada33c061c9abbff1e3bb73c4077
SHA1 530a5a9c0b6dfaf927a4a1f808f146acb14b8b5f
SHA256 0efa734948400dc5faf32f0370033e2a408bc3e4c8463b7cb2096b18c309ca7c
SHA512 4c44e8fd77a6c99f02de74171dd61a3f17b16882160014d01e750921ab7d82e1c1c34af9115f3945c6ba40a6172fb3a2f686a5b6a3de35ec37e97b5ac6f8b60e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4bbed6016b9e0de294fa9652a9c06c6b
SHA1 9521e211b90ac0b53b628d5f9e5833fb677073d5
SHA256 796aa3f31f86b6a701456342585caae33d91ea8577d17c2e97ee0d60dfb0004a
SHA512 ce064d0c308b10da81352130c1d40928ebef62bbcd008f122a6c147dfe984d00fd43f65a413cc162b51911b4a9d6faa5e6bd2e6ecc6483306891b7aeed6c904b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OV51DDG5\styles__ltr[1].css

MD5 4adccf70587477c74e2fcd636e4ec895
SHA1 af63034901c98e2d93faa7737f9c8f52e302d88b
SHA256 0e04cd9eec042868e190cbdabf2f8f0c7172dcc54ab87eb616eca14258307b4d
SHA512 d3f071c0a0aa7f2d3b8e584c67d4a1adf1a9a99595cffc204bf43b99f5b19c4b98cec8b31e65a46c01509fc7af8787bd7839299a683d028e388fdc4ded678cb3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 89ad5351ed476203ba1393b66cb151a1
SHA1 ca07059ccad705e6557657a5324fc87e194047ab
SHA256 24838486191e0d3f655a10bfdb36b402e980e90eebf115812a88a2e99eff957c
SHA512 190d36aac3007797d20632056b91b360e196c793fed9cd3195542515766cce1f7f6ce36d895091b7c62f7fd3f67b6c2e725b20be8986b204411931087b7fadc2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bb97607f2ef64420c1690300c2768a59
SHA1 5d7bdb26f58c59d4960c5aa9df4cb3e0c25a6c47
SHA256 2587443d5956cd805c188ed9d818c11f7f1d10cca25c941bfce5fa64bc1641ad
SHA512 1faec496b08e5a3f9b9a8e35b32b3cbbb109af8da514d35cd05db6af80b35a80e16106a0991705f0cfd92dde326dc4187dbc05423727345c3f4826fe64c8d405

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd0bef45c35f1db78928e70f91de24ae
SHA1 1bc7dd66dba9fd51c54120074cb409269cab6bfc
SHA256 f5e86850194443dd7ca5ca6a6a8b31946c0f4f69d3b54a706e3ddb254ce9cf3e
SHA512 9936d4eac36ac661e9c0f7b82f65286ced8eec0bacc395d23fbdc305811ce83e1fe2f0b9da6c79d32a934ee5e1ac953969be14b8e21fed43eb8b13e2a7dcf45f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6aa9bd03a0e034158e2067e425a5991
SHA1 936f35a81ceb4074c2c8f5f2a1f84cd36e75e399
SHA256 370b7216e21b56f56451ec0c69ed03e52d1bf18bbd02e3c955858f4e0e58ed48
SHA512 c357785639219e9279d8ab7a2757ad913ba08eb64701fab77dc3bc4683fd36ca66708f87e81bb564b4c5615072e978e56f4977cb2159db223261da62d24cb036

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e78c46cc02d3ed9274337d517d0952d3
SHA1 bb914c303804bd1b978f9d621d87008c4f6d2e46
SHA256 0706687c2b6c29cfe206a2f54cf937b234adf6bd9e38e7a6360a1169f16c4f17
SHA512 b48aaa90a6c1a82520ba2775e1a2ed7942923b368a4238f2ad74f02c5e5d48a06ec47e9e8ea58aa68d27cffc2233c08cbbb9a4dcc3a9b1599a3e709b332767a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fc9784655ee9f0eba16b4f04d2e833b4
SHA1 4e1d83d5a64b29b23cd800f37b2a3ed814c7d30d
SHA256 42996a67a4a83002b18f8ed6de95e39f6b24e8a307301bf754bfa7d7352a5e0d
SHA512 36408e25e7461a26c5be7fecaf88381efcaf430ade7feaaf4e6714ff298fa4c8a4953480ab6f700c37bce5f23b5affeb30ca85b1b8314ea06924fa4d3801b98c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e43a6488d51edde698f2c0d91b83ab5f
SHA1 10a9bbb48ff9dec0542c3ab15e7abe209af50d71
SHA256 e97387c6119c18c73509473ecbad37bbf270d3ee88ce5cd0ed9256061903dcd4
SHA512 857a0ec5449da89703188ce06ea600820a4aed681eb78bc52b3a45a79c4b32007e651b41ff26b34f0c2d13f55c27faeeb4021e8c21ba8c52531a2a178fa3c29c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f5feac20becf5d98efe551a49788b0cf
SHA1 b0cd04cd72ae6a0d3bdfee9848708564998dba8c
SHA256 ea4bfe0ffd1c203f6685a9c5475ef472ad8566f324e1e3282aa71e3765eb3fca
SHA512 7fc376074c4d4c06d51fe42750ac04ea049e1a76932ed3844608c85df2acf14b6268b496ea4baf0a98437bd484fcb6680d22bef334fdc4051b93609a4ead9ce1

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7CXNA3\reboot.min[1].css

MD5 51b8b71098eeed2c55a4534e48579a16
SHA1 2ec1922d2bfaf67bf3ffabe43a11e3bf481dc5d7
SHA256 bd78e3bcc569d029e7c709144e4038dede4d92a143e77bc46e4f15913769758b
SHA512 2597223e603e095bf405998aacd8585f85e66de8d992a9078951dd85f462217305e215b4828188bf7840368d8116ed8fb5d95f3bfab00240b4a8ddab71ac760d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7CXNA3\css[1].css

MD5 1e7cca7a1b89ea2980669f4adb65becd
SHA1 62da7767f3bb769a9b31e400df446a4698e4db63
SHA256 598ad75d6e2e244b759b3f376b510f0ba560b77cc74f48351dcf2abdb7df474f
SHA512 206b90eab94f9ce7260ec624ec9a8afd70bba96d4dc5d8a545a29cd73e55832196e509523da1123c2279eb4cb63fef429e28a3438a268dd3fabd1fd949caf1c4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7CXNA3\style[1].css

MD5 65760e3b3b198746b7e73e4de28efea1
SHA1 1d1a2cce09b28cffc89378b0a60cbb1aa8a08c4f
SHA256 10e40ea3a2ad69c08d13e194cf13eb4a28a093c939758a17a6a775ef603ac4fc
SHA512 fbcb91f26b7bd874d6a6a3b1d4d6f7277ded091cdae5706c285b4d5d17446a1bf58572c224af38393ce49b310a51d5c5d60711c7094e5d32abbaaf10d1107e1b

memory/2116-2590-0x0000000000400000-0x0000000000A5D000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 74387d5c6fe60d0c8a0bce93fe0859bd
SHA1 a01089210c4481319c160ec909210f708f9f82d7
SHA256 568853ba1f350c6e83ed6e93cd6a4f34e060663608650dd9c19b2401b8e377f3
SHA512 0aa513334557847a90665a58f6822de6f4874331a149d5f4e67b18063d4c8ded82f5996fde310d84a039421c91253222ba8f87c1cf84edb9a68acb38ce3fdddf

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OV51DDG5\responsive[1].css

MD5 4998fe22f90eacce5aa2ec3b3b37bd81
SHA1 f871e53836d5049ef2dafa26c3e20acab38a9155
SHA256 93fcbfca018780a8af6e48a2c4cd6f7ad314730440236c787d581e2cef1ab8f8
SHA512 822158dac2694341f6cf5c8f14f017ac877c00143194d3cd0a67ffd4d97f9bf8f2305e33b99fa12f62eee53ba18029541c0601ea5496ff50279d1200cfa03232

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\api[1].js

MD5 832e6993cda3469c6a40da72268663ac
SHA1 4650b1e5c601a454d3fd746276fff4cd3dbd54aa
SHA256 0ef1e5d700fb1691e5faa92a14f8a755c8dd4a92ec9b1a2310ad769b225cf46f
SHA512 6aefa1b28c697c81239e47ff57b3b61cc67bdbf820b7eac99f924db2b5093b7d03a029accd7dce42d517bde32cec9f6540082f7557b72bdc3c8da27095d68b80

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\js[2].js

MD5 07667e4934097fcc97cc63e14452467e
SHA1 14f01f4340e277e9b744c9146513adfec59b04c5
SHA256 d0030cccbc90e6a17583acc989ee7beaad29dba9c4ba2ba3f764c5ea5526ff60
SHA512 2b3203562ee4b92906e90a155775904c0d5cec10a8df1c12f93f4946e8034269f7bec87eb81bdb0693491969e4be948411f46e1f941763cea1a9d5537616cae5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e37a6fa5b3f3a1a9076f1e7a0b685c5
SHA1 35ab56b7ceb963232ce20fab1fb03a72d6aad9a6
SHA256 7c4d506d62e4f12c32748f0c6afc85a3515d12555d92900f48749299b5f56996
SHA512 19020787adb12559a35d40096d0187631d3552a3536a3718c3d5826e265379b8389e300ea7fc144210bf36184736b3f7e8b615c882f51959b58ca134144e83c0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f1739e1fdd7de33abe4110a5c8b11896
SHA1 12a4567011a6ce0062ad0b5d35417defe9e2a297
SHA256 e6880343bce742e7e50d13f000e70fef3e81acb696ec99bc626c408e1778b07d
SHA512 027a49671352ddb5e023f9bee598913ce28098382232f710ab9f09ee76168d8a0aa3940c456b9985c5e4b0596fb57a186364ee64738bed0fd9c8771028ae424e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c80ba4704d87cf2b64a2f193f0cc0f46
SHA1 8172f5df0677c01d997cc6739b272f5b7be5b295
SHA256 dca042ade98967c4b70f76805f028dbd605781696c729eebd1e6e3d90c49faa8
SHA512 76cb7ad877d310e62984d074f106941662628966dbbd3d69802d78a1ece79f115b0e17383551e992282b84944335aabfa6275011e6a1d784120be37507eca94b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c2c5e083dc50f9c15b6bd005bf62dfd1
SHA1 c82e9964bb310bd73209203cd34ff08f18d58601
SHA256 5afba1d0c2101e6f87cd27eb12142f7bb180b4a3edc4365eee6aba62ccb39eb9
SHA512 ada6b7b263c1062807d5db5b0811a8323f3aede8c49e44d9a238be9804f46d0d809d97e8231a35f9349a1dd143e32ec91bf132ae01d4f40ca5d7c39d907df6f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f946e40e6712c72c82dac27ebd89bf08
SHA1 b6e6fff6efa6733a64d40184e781f01c3779466c
SHA256 ef8c4abf1a78576abbe137cbbf96a78ac9f9686acd568f08b48f9a66fe320cdb
SHA512 44a8596ee44d4d4fbd630b8e8c80468314219aed6442c1c95fe98d100c18b74a420a419390afd2ada980d9f0457156566d61b2fa7f618c75840b05ae6244bc45

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e1d2d5df961a18085110e846b59a161a
SHA1 b46df7a848650e8834d611bd5fbccd0d60306e62
SHA256 8cf06b2052cf1a16949325cd95e2d2bc74edc9e54c0f2fc30f2fa381154fd639
SHA512 825dbecc3f8c6dbad1dbfe32ac02d968177dedf1b798676c4e05777b817f8cb358951b88fbcbd29756c61baaddac1f90b45b0d21c6f5836430724568fcc72b1f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 649a083c9da136417f7de059f1e247b1
SHA1 9f60121beaf905badd67bdafec7589538112937d
SHA256 0a61ffca9288b3eed1bd042ffc1b8b3ed5d9bdd5b2ad639734b2f95d33143db1
SHA512 88535d9549e3af2c4ee2f73b8f59756d4dbb22f4cb6bbb73108fb48b7886411b55b44023cb014be00d6d0d74cb93e4d8b7ce5be6ed357e667dd6948a37c3bc22

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 52afc422d507fab3939296d05f880442
SHA1 3fb33c70eac681ab583bb4bc48e0abc9f78540c9
SHA256 391a784c78d42792e0e773b4c8d900e6195460bfb135437df1e936d11a1d688a
SHA512 5be2a0cb65d62314ae18ae379a7f5d5ac20b9cf6dd5d4f1acd87d76ec04fa7acd974f1be6bd3bd00d3f897d220bbe0ba9dc641e5a7481ec27881eaafb8bcaa3c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d1165e15523d20090f4c516a03ec57a4
SHA1 4bd6182329571c8188c944e4470c42d97d5d7ab8
SHA256 cf1332b102c5715ca3db7f319d57e7bb5c891343852801a7eaa1f05dbc2d9268
SHA512 11dbe92c12d5de1596cda52b0e64d33df6326a3cee700e7f419b67c2be3c7a5d856bdc0d1c0b3621973a808f7d50b48dc3e7210ca7bdbcfd01a72d007c988571

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 41a44fd9a96815d68945ca79ed51b11a
SHA1 60c0e5f1141c876fa453b9d337007d211094c1c9
SHA256 85ba403ddf303626c488e96cf1c75ddb2a8e903d53b8fe49fc362a6572a594d9
SHA512 41e5c01e0c37b2b031b6b0f49890d5e511ee6b5089b076cb7cc3069e6317d22a7ce3efe8cea6e423aa0365c767dcf4d9cfb3a84521380afb59cc8ace9029f1d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a356e105c8ae6a9daac96f17b5329be0
SHA1 3b217e59bee3f5686ffa78a6db5e032e7516bd03
SHA256 02d1fe2b95ccb0731fd5d84bff16f2160a93302948d46cb240f547408bf92077
SHA512 19efbe35d74d7fd92eaa7bd1decc5ec585a6bc0a7a1085862fe378b443f814ee2ee932e01a7a4f7c2c6384d994caeaf18e01af07786022867c6274ddfdfbbe94

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b15abae2b545bcba16389f99d236aacf
SHA1 e7ce758402d327d1bb3bbd24059defc96a6c6485
SHA256 af17baceaf571a1d285426514342fffb123b68088584095b3bcaac59be1de6c1
SHA512 5eb0103dd8ef51a4db55893bec16204c4a9cdeb04189e7f7199b33f12a1ac4127cf84369f504c90f942af0e76ab9a3afc76a4ad109a50132e27ad24e3ea942e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0577f858660a7c41d45835bac93ca67b
SHA1 3231b76df4ba4b97fc6938415ec8d0a843939c84
SHA256 422871b9e2519ea5f424beea41993e4e19d8d31672aa682a3f314d12096f9c82
SHA512 47e98885c7ab40efd071a3ffb98619abd924335cf203a4c98fb5d57b7f11b2fafbcca5d13b5727f05ff3e57bf3ab1de96aaace22793f7e6946f145c5e7d2ac3b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5ceff735aeb5fe2be2700f7bb28de2f4
SHA1 6c5f6bfb51ea458b8ebdf86123ba9c0e1df5a95d
SHA256 a277edcaec5805a19a382d877407cf2909c7bfa794fcc21fd9cb6a49f4cb8b94
SHA512 defca97e0ed717c81cf7e0edbbfd85857f00fdbb0125113c271c2cc55dd3a21a48f0400c0a8f8fad11a3c1bc1f9e2bad7e0314ee71c558572286d20f38d28466

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-26 05:32

Reported

2024-06-26 05:35

Platform

win10v2004-20240508-en

Max time kernel

146s

Max time network

139s

Command Line

"C:\Users\Admin\AppData\Local\Temp\10e35c0d1275ee4c043a052b93402580_JaffaCakes118.exe"

Signatures

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4196 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\10e35c0d1275ee4c043a052b93402580_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4196 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\10e35c0d1275ee4c043a052b93402580_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 5100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 5100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1940 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\10e35c0d1275ee4c043a052b93402580_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\10e35c0d1275ee4c043a052b93402580_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.tt336.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8a3e246f8,0x7ff8a3e24708,0x7ff8a3e24718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,14089568424159159090,17316556453427992534,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,14089568424159159090,17316556453427992534,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,14089568424159159090,17316556453427992534,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,14089568424159159090,17316556453427992534,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,14089568424159159090,17316556453427992534,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,14089568424159159090,17316556453427992534,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,14089568424159159090,17316556453427992534,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,14089568424159159090,17316556453427992534,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,14089568424159159090,17316556453427992534,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,14089568424159159090,17316556453427992534,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,14089568424159159090,17316556453427992534,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,14089568424159159090,17316556453427992534,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,14089568424159159090,17316556453427992534,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5080 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.tt336.com udp
US 8.8.8.8:53 www.tt338.com udp
US 3.18.7.81:80 www.tt336.com tcp
US 8.8.8.8:53 www.hugedomains.com udp
US 104.26.7.37:443 www.hugedomains.com tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 99.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 81.7.18.3.in-addr.arpa udp
US 8.8.8.8:53 www.tt336.com udp
US 3.19.116.195:80 www.tt336.com tcp
US 3.19.116.195:80 www.tt336.com tcp
US 8.8.8.8:53 www.hugedomains.com udp
US 172.67.70.191:443 www.hugedomains.com tcp
US 8.8.8.8:53 37.7.26.104.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 195.116.19.3.in-addr.arpa udp
US 8.8.8.8:53 191.70.67.172.in-addr.arpa udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 100.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

memory/4196-0-0x0000000000400000-0x0000000000A5D000-memory.dmp

memory/4196-1-0x0000000000400000-0x0000000000A5D000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 439b5e04ca18c7fb02cf406e6eb24167
SHA1 e0c5bb6216903934726e3570b7d63295b9d28987
SHA256 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512 d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

\??\pipe\LOCAL\crashpad_1940_XJSBXBWUXFAQEEUQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a8e767fd33edd97d306efb6905f93252
SHA1 a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256 c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA512 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b4b91e7c696386612e98be384ee7bb47
SHA1 4b530d205778a3f9c4f900d96ad445964d195001
SHA256 d8633ef0c350c1321996994b0ecadb60ceddcae220d3871445cc368f9520fa68
SHA512 b60d473ec9d2bd15663a0b8bb59822a3fa5747d1d8d6a3843c4f8e677452cc0eefd91feeb87cd61edfda6d655d02106bae09e85a9366da3d78fa224867248999

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

MD5 8202a1cd02e7d69597995cabbe881a12
SHA1 8858d9d934b7aa9330ee73de6c476acf19929ff6
SHA256 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5
SHA512 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

MD5 2a970981e1bb850c8772c9636ab20e75
SHA1 0a972ef06fd1dfa13107791266435ee7e7a691d0
SHA256 2869ed04aae87ceb8563b042aabaa2ae33cdd3e54af8cdef6941fb118b7f8311
SHA512 7a8535f2522f525e299fe3d8de45620612a7fe3ca15cdb9fe39b6c28e8e7ef90d992ea9a897a5f8141e94c26fd1bebae37303e2a699320eb24a50e122073b070

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 ec5647cef1cbb7ebb961026e777b2300
SHA1 4405fd9f248e459b662fa3a2cd7d9699b931a0ab
SHA256 ae8532859d10f1fa9685cbbf9e821b518cd64679e9105e8905af84e230228c11
SHA512 9caa9198230171bdf1dc7a5a50e5a3e2e173766089fb5bcd51141101a9dae72531c5dbe520fa6fa6fe01d205dc0b4d270ca5c58befa483c42fc98d2a319cdf40

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 7ddfc529576584ebef0c0189081dcada
SHA1 1a3449a01cc97349b8415ee0f45fc894a365ef04
SHA256 4686156a4c878c93415a024d0affb6fe9cce1d3efb93aec269d3468d0cc0c564
SHA512 1ff9b767b23f6d53cce0139201611120e1966ace9b3feaf5bf5e56468bf7a2fd0f3437661b80c29c0433ed1bed97ec1c572ef503599aa8d063ccad211cc7da16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ab3663f5a45d75c46706f06d4becf1cd
SHA1 92854a64ff86dce28304f8eb58033210dbb73674
SHA256 f2f95577f6549fccd3efef3cd0e41916d92b2bc3dd0c594fc9329b8d6f297965
SHA512 c7d71013274a994fd3588f4053114c64e169955a86a51de57a2ad1f76970babe9d0832cf3b93aff8396c5e32af980519dbcf820e05f26b1da7c1a051c1fb8a28

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a66a32e8d15f425303774ea83d51bbf7
SHA1 c5a50bff0f4e15cc14cb856d82ff8b05a848ee67
SHA256 cdb899f90f695e283e730fa2d22c292ac461da2fe051fb29aceb96dd937c44c8
SHA512 f94195e78569e41d7674dc23ba34daef8a7c61b30e14d9328416edbf99279d6aeb776622b94445a82e37094397dce3982b4f8bad928a002dd68f75d41693a36a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 125d5f034c587f255f1f1c0b640b0c37
SHA1 3a63ef64a96db7d0c5b5f9bcde29d412df30cd72
SHA256 70fad13a2ce8088b0fd1e9060c0bce48bdd49c325858448bbf147b2094e239e2
SHA512 b12d30bacd150731cd708400917876dba711c35055ced2dc648c93d44c050b3c6756021541e8091a5144498cd5b071eb25ef1687932f1d9e6fc3d3ad0013c4b1

memory/4196-96-0x0000000000400000-0x0000000000A5D000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d26abf168dacbe2dea5fca1f96afb6aa
SHA1 ec804ccac46ddeb35917f48769261c4d1ad50aeb
SHA256 e2c5ca0dd2d56603bbdb77ad15e72f24fa70139bcc6c2f02d571c64ca529485e
SHA512 f3d4813ff66e49abcfb2b15e2c0c8ef48b536fbcc77e68eaaa1acfbe1f49f6992fb4d013e711dd89bded050920b308f0df365cf7fdcc4ffa76c18889ab056578