Malware Analysis Report

2025-08-10 21:27

Sample ID 240525-aygdhagg28
Target 704e31d1c1598454fdc72e7628a98de0_JaffaCakes118
SHA256 fe25c31e001e56cdfa6984069a21575c137bd019b0be6b139230bf2ad4b2d2f7
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

fe25c31e001e56cdfa6984069a21575c137bd019b0be6b139230bf2ad4b2d2f7

Threat Level: No (potentially) malicious behavior was detected

The file 704e31d1c1598454fdc72e7628a98de0_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-25 00:37

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-25 00:37

Reported

2024-05-25 00:39

Platform

win7-20240215-en

Max time kernel

134s

Max time network

129s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\704e31d1c1598454fdc72e7628a98de0_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "3678" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "13267" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "19984" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 8036bbe03baeda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8273" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "13267" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8155" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3590" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "32760" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "22980" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "22986" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "19984" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "13267" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8161" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8273" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "22986" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "22980" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "22898" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "19984" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8365" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "22898" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "29579" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8365" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422759291" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E7E355A1-1A2E-11EF-A339-D22A4FF6EED8} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "3590" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8155" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8273" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3678" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8365" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\704e31d1c1598454fdc72e7628a98de0_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2488 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 konthaiusa.com udp
US 8.8.8.8:53 www.konthaiusa.com udp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:80 www.facebook.com tcp
GB 163.70.147.35:80 www.facebook.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 fe0.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 674eea23317dbe46466410a69968553a
SHA1 c0ce24a330de3259422311bbd95781f09493c35c
SHA256 8bf4be0a2387addca8a3a2f9ff1753e2be67ce61c2128fcddc55793e14ba209d
SHA512 28769a44c6ffe441cad1cebb6ea6c3e7dd31d59a27687760a9dc2c29f246d9be66c8eee0f72e439880e7ed950e458da3c14d56036acfb9086272b60c94a11a5a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 0a69636e90fac23f11ade6b27bb233b6
SHA1 3324fef49e190f7eab4fc5cc84a4ca63f5478b15
SHA256 a23b0489fd6b1662f932883a83a32b69666766565fc349303d94465520f67d5d
SHA512 82a20a4f1468bfd744b161d16034b37040a782c00f4f13b26214e9f596bdaae82b0c6605f195b5b6e17908d40021818062021a132e626ff271e0d329d25432b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 3634129dbff988cfc9c9532758192888
SHA1 b5ffa7aae28ffe862f24f302a15889eb9934bba5
SHA256 7cccc1f912a08544bc01f9b813c2ab300536244659dadb4897407bc95a63a194
SHA512 cd1e1c6c04c40b5542d462842aca71608a3399b7168a1ff2c5f347a6220061738f73a84494cc9a7c09b4f52c3a0603ff82742013071dc7f36bb0e8922f8602c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 38d518da64fb87e5ccba83e8cce310c9
SHA1 dd2c4375b5c81cff9b3b3c06eb814304fe148335
SHA256 ad3e94866603a5ae134f3d06f7fcf8c3fecb9fb1ad2409c3e50221a862c13680
SHA512 2c72552c6a39fe0bfe1601fd139bc214be7ca370ac9dfb7f0ce1b1b58555f90d64860a5b71acd8c70414a6831a80dfc119775e35defd8db8b57fec61af9640f3

C:\Users\Admin\AppData\Local\Temp\TarF416.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_242CEA72AD255CEF17D8B88AD3038326

MD5 f36c738f34e87183abdf87e4f56879ac
SHA1 780d5b923af7ed1b77b4a9dcb412969e2789ed01
SHA256 6961433b2ae2038324c4419e918f7f80cd6d208b7b3cc0804bb9c47c7482c789
SHA512 93f96c80a9812b0af437d1f637d79f9d4a9c57a6cdd45f5a86779c9f334118786461a49b5f256798ff8824b06e16567467877cfa8bf1189dc84aa6c577d4e98e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_242CEA72AD255CEF17D8B88AD3038326

MD5 cd8a67d6a2eb4d0f97ef1075b0c3ba43
SHA1 e0997ea0d00f2434511ad1370972be81a5749ca6
SHA256 e8edc4a72d592868f360244558d16c6e2bd660c0ac6995bda7aa6e21bc07d598
SHA512 0e2c31698e509e3e9d2ae5f11d1d36117c98f5554d27144db6479575fb48e9ce6495089d3a939840219caa9d8bc3929ea43b2bdc50f434105e08e12dff2fb05d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\673IEUYT\www-embed-player[1].js

MD5 01ffe52cedfac91db631afb50ec0406d
SHA1 6c46d6f85c315d1b5a0f7207ffc9c11f51e91509
SHA256 5e7aa90ed8daf375a49334177305eaa26fd800a2a580efe1da3388ad51b094d7
SHA512 0f3b013d65a6bf7acbc350c0a664fbc4549d388599a9442a6a7e0efc5bbd33da5dadd8f4d0c63b0ca10c0ef891265a2921e370563ce92acc1d0b977423b67af4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\673IEUYT\base[1].js

MD5 1a07b3637d035852c1bf496244e02e5d
SHA1 5499d5010793c37998d7109f7ada060bb53f9516
SHA256 489c5db1fe048e9e5d4deb643c382c2baee253283ec1c55f5e62b12c746e0e64
SHA512 954c45573703c72322a3821d7d910bad40b20a18f5530bdc5d7389a7c5d5ff33f7a0a6815d9c59300b5441ed6b127fc238897e3a586b73c4d583257e2ac265e4

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3QIP1Z35\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOWQLMJV\KFOmCnqEu92Fr1Mu4mxM[1].woff

MD5 bafb105baeb22d965c70fe52ba6b49d9
SHA1 934014cc9bbe5883542be756b3146c05844b254f
SHA256 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed
SHA512 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\902LKC6A\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

MD5 de8b7431b74642e830af4d4f4b513ec9
SHA1 f549f1fe8a0b86ef3fbdcb8d508440aff84c385c
SHA256 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a
SHA512 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3QIP1Z35\www.youtube[1].xml

MD5 ccad21a9ed0e462c46df621c8bcde876
SHA1 48e2fc01c1e1d1ebbd522beb8bac2e214e9eb2de
SHA256 a7d9c6cb1c099061c2608249ded685929936cebef75e2d6ba9d7169e0daa3d3b
SHA512 d825a69c109516e56cd3a0e3c26b45996525838a0f9f1b2cab03fb8ffa6815e91660e738431cdf4b1ae255b2c81da188d2c47412aadeb84b623f05187bafc50b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\902LKC6A\ad_status[1].js

MD5 1fa71744db23d0f8df9cce6719defcb7
SHA1 e4be9b7136697942a036f97cf26ebaf703ad2067
SHA256 eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
SHA512 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3QIP1Z35\www.youtube[1].xml

MD5 ce3bb0573545fbcac021603c8d008915
SHA1 f82b89dec5caaeb3f0dc41561c0ce94e57e763d6
SHA256 616fa28a5a1316f6b2c109757042c611db0cc1d751c61c2b061c534a0cbe2a47
SHA512 c37ee08bc14f9524ceb21160f870b995c870ad1319989dfbc6c9e65c6ffbf674cc4aacdc008ffa5f82e16b7758bec2318d80d453156094adde5dbee82e2b9176

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\902LKC6A\embed[2].js

MD5 0691a0284541e31b0d8584e2e7f4a29c
SHA1 895b5df3472fd5da3110852f954d8146232032a2
SHA256 7053def58737c584b633c9efae1848ca99fa6130c1843b16fb72de9a656c8c04
SHA512 1173cb0e0da40bc1c0929618e565f277c7f3d97d11d33398cf309ec4f9b6be94dd474b816ce136e380bf55e10bee6edf9fd2711edbcbe36a9be8169c1193025d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3QIP1Z35\www.youtube[1].xml

MD5 020d16202c1de74dba9beff7ba3fe345
SHA1 5f9a3538e8620b08e26f43ec4e27d8fe652515e2
SHA256 a861683b5c0924efd95f36676ffd3a350ee7b59b623ae104a2cf67037c21618a
SHA512 70aa8eb11d2e16d1b220a7d6ca890b28b44f1b579eab813925b2bf2944226e7a6587b34021b5e72cded2a7d924d34e176863b78dd28d6cded4b205b34da5f63f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3QIP1Z35\www.youtube[1].xml

MD5 d4dc8b705f14e1f20c349c791022a281
SHA1 c16fde02ff743ca7289d597077f7a738243e6e1c
SHA256 45238d6090982aaa005be7fe1b9095e11cf50beb7ec3f3ca3456137ab59b0095
SHA512 717c08ac941d78b93a5b28297fea43524824da59169ba488a381d74015ae808c51f0dd1ee901e92bcf9254859170b9c59b5ad898f3a3b3de3cdc88751eacaa4b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IFGNZ1XG\KDM4tbexTy7L6ViUxRbTVOhzwZZy5j5sRXjuf1Qud1k[1].js

MD5 215576c3a2e6d84c673d322c5fa4c24b
SHA1 e00b5716845fc039c273859fd364fc126d638017
SHA256 283338b5b7b14f2ecbe95894c516d354e873c19672e63e6c4578ee7f542e7759
SHA512 f925fcef7f84897c4a4e919465933772a4bce71c35c6221c182193300481fed7b2e5b6af9c25a75f9a6ff85d5355fbba5f57cbef7ffeef5742e7401bd52f243a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3QIP1Z35\www.youtube[1].xml

MD5 7b99b15911e202ac6afbc72301fafeb0
SHA1 55ba1d4750ff82f352ea566919698f729baafd4a
SHA256 c03fb9d509c283492433846615191c50db7ef05cb9d7ff2ed8a8725534e26690
SHA512 dd18d0170164f4de578d9dcf7ef174f8054b4b700339a1847d563bed219b8a7042847613898a76102c54061f4a9fcea712ae646931a384ca6c5bc0d85ddc7840

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\902LKC6A\remote[1].js

MD5 726c06bff935911bf2f43e457d035828
SHA1 f9a821e5ca156280ba5a91509f11dbc1e9ff8943
SHA256 171672855bf7bd4519d5a3ab040611a698d62815b4048bd57b9de8feedbb3843
SHA512 1db6edf8aaef0f20fc8fa61574472a483d55fbd7c20f181ef63410f76cc33505d267c3b811146d2f214d66a0b40b0c72ab407fdfe89006cfe3496897df9b6860

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3QIP1Z35\www.youtube[1].xml

MD5 d61038df9204422d55ec4a3c7eade565
SHA1 3d114685d9ca780039208c62ff41bf8ad7428f70
SHA256 a20bc6b3eb5f72d3e03c083e86162303ce74d89ee4e2cbf7d5941c190cd9217f
SHA512 cc9c8973b2ba36215d4d5746d9ba46558a91c11ac76a5c36ef16b53b20068d985fca99b99b8004629b766e74168bcaf07542fdeec9375e756d15eb4d781b2d3f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3QIP1Z35\www.youtube[1].xml

MD5 106670c28e6c70ae25825b80d1ae132c
SHA1 995f5655b519444bc0d987fb3deb3376d573cb83
SHA256 1a90516c1b255641552ccdfbb201ffc9605683808a2151c2c2d5c8cbdae140c5
SHA512 4a21e211e349c5c87aaed53032bbcbe925a1ae1411d6022e6eb7b527b372c96f0cf2c7051c17de7ba30bf2695a1a68054770cc4d8ad37951a845125fe74d3a9b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3QIP1Z35\www.youtube[1].xml

MD5 7b8b7dde5a24e9b111c4929039720545
SHA1 d7f0feaf216e52ef6b136f3b9dbfc5cf08e90674
SHA256 f0b166b689b02d0519b1db25ba3ad860dcaa7a79a3f553f015138254827d0fb1
SHA512 dfbc1ccbf27a1ff3d32bc326154ae14002ad9add9ebdbccd4f2b2991e0509430f260fea8110bcf35ebb79bc9d03a3bfe0562febb31c8a89af9d6dc97929ba4c3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3QIP1Z35\www.youtube[1].xml

MD5 d416453a2c326ced2aab4b0e670fed2d
SHA1 98faad73522321fa5b4109e76b5823f20c5bf334
SHA256 4e4e7f29ad88f56911077b445b97a3e973028207f817fe5d2b09953d49d03320
SHA512 ed73f7dec73300b7ecd57d059d326a82660c72abfffa14146d40d8c87cb3c2375e35abefa3beb02d2feab304576aa287d6004da02a09552c2588da2baa02d540

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3QIP1Z35\www.youtube[1].xml

MD5 a9d8dbfcf1f48cc240a9a4803bef21d2
SHA1 68d8d9719d0a7f48b20afee8c8b32bf51c81b699
SHA256 a80321388bcd6b4e3dee00341b6ce6730021766adb44e5ea3fc5c313c1690bba
SHA512 68d20dc01dd085af6f6d43c8028a55f378a9be7fd215b98119a4d816e5d5315ed08b9eb42b152da996a3c6ca476abcf608dbd34a8b5ca25f932f58245f27a7d5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3QIP1Z35\www.youtube[1].xml

MD5 9bd3781944fcbc49f24276ed2a0a3aaf
SHA1 4bcbf8e3eed3440ac9006a411f2a3255102dbc87
SHA256 ef30ecdb2a00eecfa37967dbb1683e9fcba70a88bf330b7a2bbdc3956c2fdc42
SHA512 66839ccd123da0a25d1ca7d1a7da77779d09679b2644a7d650b450c1c3a94a7808ac14645d5952b99e6438d2b2b5f13e3abe5bb8133b4f37c22170853386eddc

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3QIP1Z35\www.youtube[1].xml

MD5 1d228a0057628fbf559bb4aca60f661d
SHA1 27a3848d2ff05fd573231e4dd8a6c9e1a74d0811
SHA256 ea6645d102d58513c186f292e24d1505189cd11ba3dc5e11c27359cd2d137bae
SHA512 a8714e7ece1295410ff80281452527dc5ce00ac6eee5cc9f3a68bab784c82253f4ea496150d04d3ab231f264c06b34fac9db6c851130e2d0cc67bdd0f8a7c6c2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3QIP1Z35\www.youtube[1].xml

MD5 059684f8af403a49c5df9cb33cf0ba2c
SHA1 4574b4d57f165c5ac8a2fcba61c977ac6c900627
SHA256 be75d76d7996f90c39738b40b47d253702fcbfb7b41b7128d2e5a959b189fb68
SHA512 0cad587cd39044f5cea7302c9af456790415751c7412c8429351bafe07323c817a3918d13766c8e5d292b82bcbf40864057b84401092cac04deaf8fc97c78815

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3QIP1Z35\www.youtube[1].xml

MD5 fe332ad2ed0373b43eaa675cabd1f86f
SHA1 d009e8214873ef217cba90422e96b799405868f6
SHA256 9d97a03fd332af6af3dbb096ffbca59100b6c9d754e9855478cc7479901c03e2
SHA512 76aa4914f04b2a5f40ae1be6a5687e98f91bb4293ef74edcc0df583f01edd3404eadbf79bfb678e1882a1fd6971061ee2d73033faa930f4eebd9e891cba096d0

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3QIP1Z35\www.youtube[1].xml

MD5 bbe1531bee15f01582ac8f9888dd3111
SHA1 f5648eb68335b3b759d4ace4c563e18481983b17
SHA256 700ec8296a0919210c6f451573bc8bb877e206e2234bb03d07f623bb7e262edf
SHA512 42e82f7f7823e611c5f51c131af79185bb29060b263aee5899566e6818b97009dbd42dead17e8b14e90e88ead898bd9c3fb7b42c093fcede68f983e087323d74

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3QIP1Z35\www.youtube[1].xml

MD5 f4a7925169ed8d5813c515ec363641a5
SHA1 f26d450f987fdcb76e0c0f814b4f2bb5f8cad48b
SHA256 d5807240a90fcf790b17bba7e98d7f8768e18fda6544dcd7abd0bfc3eb71a51c
SHA512 6e83d44e80c38c90adacff83d794afce65e82ab22c107db62ea36d95ff4f5474e930428f12098ce93cdc28fbf219b50da942edefa8e31c8ddd145652b6946c07

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3QIP1Z35\www.youtube[1].xml

MD5 dc33180af2af6e2e8fed4f00369baa9f
SHA1 eb19ca74aa5847a34ccd8669d1841f3c523b7ea1
SHA256 8e429d4c83f522ff07c439dd57287ecef66f20c1939fb1107d0e0848f91428de
SHA512 fe1bc5aab146a484ff3a15cc96e0f0ad1f95b9d27e5731ca51aa7cf7c51b6ebf90cfb70e3cfeee76a0440bbdcb8ecd64ee8c3fb044efef3039d1917ff8940a3b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3QIP1Z35\www.youtube[1].xml

MD5 429b4e8d934a297e60563a015f7ca151
SHA1 b659f0527e606909992a6f0e2f37072b770be8fc
SHA256 974f34cf7e868799d920b607a0cb06896a5375d40d82332cd32f96d79d757133
SHA512 6e713b619cc5cc9fdd4d8e9adda13aff54a35da6176e5a4487243279d081b6d1bd522488923572c280ae964ee3a167ac5532830f18262678cdca1da5e1f7d4bb

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3QIP1Z35\www.youtube[1].xml

MD5 923e0275f893c6f790eb9f6a14efa58e
SHA1 795f332ff2b41e2c787eff41f993ddf82c83cc0a
SHA256 fcc80084bd87c4318fe5e7156830e9d575e773719d6f1680b9fb08d0fc9675dd
SHA512 282ea828b3f2f8d28b6d904fa0518e68236d560380a3ea986a907bcbbe1cc1e0cdfecb54afa67c41e5b0f9de6286e614dab8087081466d67be99355b5a358a6d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 33a873dfb0dade687b2137de82bdab1b
SHA1 86927e1c29cde313f1b4727f340b882230fd0ec3
SHA256 ac684f7e9d012033f1a76799b8753eabf398365fc8946d2faa1ef8c247a03ea8
SHA512 57b998bed188bc06f559f4de4a28f401aa1a1ed11175960e62610598db4ed00d5f17f1627a9062cc53a90ffd9c1005cc9f698f52f023c5e8c6f5c52c6dd607a2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6adf21fa9f9c4653d15363465122b8a6
SHA1 72cfbf6a4cb5b611097187287b575b40ff48013b
SHA256 ae9de24786168235cb4771579c523eaf7b5085e5b27d039f568f0f559e8ac780
SHA512 de2be68e511133f1ea5e095e8327887ae0843f1679b877f0395964854929af908e18cb96887c0fe9199fe908564c756c60e65f8dce4fa89ce4ca00cb7b86f9eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 18403637bd48dd2266f42028162960d4
SHA1 8b697d97093f6d9c819d5d1448096d0dde8a2c40
SHA256 846d5de3b899a91ec1e02d65c018c5b153a4d4057c29cc9325ec17230baccb0f
SHA512 51b33ad37e83052cc60c4c079d6dea7e14d009a9e1707f3a89b9cec0e53793c0a3ea71881ab834720937e707b9cc4eb30417f3775fd652825c603562792e65d9

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3QIP1Z35\www.youtube[1].xml

MD5 7420042c11b20922a53f2c892061005d
SHA1 02e39280617267149213c92ec428de765b36f49d
SHA256 41a729977471e8b57c8227533a3e91795635122878473004a41588d054012e08
SHA512 4a9f61bfe1b3dd81944eed43fdc6bda1f760814027949819d9fee97ad9a348a9b27cde37ecfa9af9764a30588dbb426711a7356f5708a7342f3991b5e97738e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b20a57f3cea1632baab273001d35556
SHA1 fd0b18697bc85f66709b0105c4e1b2360222cb93
SHA256 9ae4cff0f956ffa155282a3b9304b0ab4b2040d39ea341f782eeaf0224213318
SHA512 84ba63631c257e7dc3c033b7b53eee497382555e3975375cd50b7f9573ecb7c14cb646d939f8d8281bb0d08cf92e691301d89b42f9c4cfba564f5796c88f9eb2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a305edd130d8662cd177bc7efb5a81b3
SHA1 8c076f1acdbb8a2ff7acfefa1043ffe8bb36ef1a
SHA256 aa75180aa1ea3c21a16c329a8f05355c67f91f253f878de5de5e1482bbd9c1b5
SHA512 14f38889fc7f4c167fcd5206d3c593fd6340db9544863ef9fba83985de229bce5fdaf213bb91ae972beb50fe7ab3514d0be0d36488984bd5d57406f7a40f05af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 27a34fe2b3a40edf65c78cbac7f76af7
SHA1 7b9264987385d0620c993cb85bd6467d50b029d2
SHA256 3f5f2d44024e5fdce60fb3abb969ff14bd4e5d7707da4a35e7fb06bfe2204a60
SHA512 2696054c853df27a44d675b07a79098337f1eb614c2fe851b5c823a94ef59a4b2eaa2e2b4f147724a6d70a57a2dbe37943ae75f9d44ff0fd6d763e6be950af2d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a99bb15a88515bb79ad20ec10bd7de5c
SHA1 15b09378a440a6cd0cca96ad62913be917a2af3f
SHA256 152aaf7465dd7f3416afc3597187188345764bf39d6f94f28af8b57116ea4f54
SHA512 648475a16b69233066b46a173158556098a15e5cf941efaf3f3cff8f97bb28a46547a9c6b421356268078bad8b3ea729a626d83d32f6ed308c1b5b9cd58fb929

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5dd2ce17fcff774e7e099d0ce59ec2c2
SHA1 5e1ccdd15fb51a879c377c45885072f479bc531c
SHA256 2d60a07a0aa836f738860bdb6016875f9a3588b40d10100880f9ba69271725ac
SHA512 b612aadcabb61b7d51e83376f42f4fb2775b8dd1ffc8d83ac271b2c1612c24b00a15fffcc4418406811c17ed714ad77bf84f9c41823885c4f71a7e300b54db8f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cea393424a393d801dc100514405c6c9
SHA1 90cc73e882cc187150ef2592f517764f781be71b
SHA256 5f20982203072c2ecfca186d88edef2112d708b0cfef3aeb273f815248e471b0
SHA512 8a5cf7053cd8786066bc15ad40bfce1be4a1da45f3341bf8048f4de081effa12d76803e4807d9670080436ebd55669845821d587fbbac269e8fe8a85d7dba14e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3QIP1Z35\www.youtube[1].xml

MD5 b5314e663fe705e4dfdc245f89e17ba4
SHA1 a588396e9de1dcc5a8b9824e114025421f20819b
SHA256 62854f153669b313bfc6782d399331b8be64ba65a168d9cfbda6b78df37abb76
SHA512 b0145889942292ba47080d0a3effdd8cd20c7970ee2c16ef3cf3f22482c9c3da21bb5cc15e28b0b6cde92fb4e8574bf5c32c4d01396a04ba997031edc9db0f0f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3QIP1Z35\www.youtube[1].xml

MD5 4e794892b49885cdcff71e7e3fb417e5
SHA1 3b539e177e7ff2e845496e281fe82bb5cde90e57
SHA256 0a0f01b4fa88413baaeed7eb254cf5c2b3ebc3fd2a5e992e7700993003ed9511
SHA512 758cc5c8af0f9689ccaa72cf464f56517390c64fa04417d0ebf1dbe789a447a25968c533b7a4a96432e2d01e68c0d166737bbc8727b86dbfe8651d583f2f780b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d5ac66459b827f649d8db3c656222f5a
SHA1 66b80ab6a3c3d8a3a92aed656748e83757f53fc7
SHA256 709f3a3d62f42f763f4837b67d4ac1670fcadfffb936087955b37d625e00bf79
SHA512 0d4ca481f0154c33862457b4ffa96e65030fb349bd8fbfd81ed0c549cd167a08277a1d122fe2791278758ae4c3e1762e36c551058180487657065aed7840f700

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3QIP1Z35\www.youtube[1].xml

MD5 8f196c0c3a51875175cf1dbe6b84b856
SHA1 fd2e10153e075137d0424f92d6ff1cde42d918f1
SHA256 672cf67a6af20f3a30e042d1e18b044a768c46bb1a75fab44c0bda29017e9579
SHA512 77ec7f5b65caf7f3ce98d04b51df0c972f0f72b33c155297d92f7cb25dbf8e96b66beb5a24f9a8fe2482462a0aa6335f4eae099b6c04f70b8049b5d8148f5f9f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f18dab35a6dae15490bba7dc25b13b6b
SHA1 8ab4a6d7aa704315597a1a9f9a876e5fb60eddd2
SHA256 e15af3a93b1a960ec158fdd1c99063f783b6b7804847f04b72b3461c428f5f40
SHA512 5f1825f1431ef77cf41b50540eac02ed5c5e458d30a1a4e1fbfef8d5a3ba94e523b760f8986b006922668ce665142d02953a98de90e2eae48a22e5348c3e249c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e85a2cd802fb1a1268535ed0ab8c5de7
SHA1 9ffd80e59642a38daf9eb5bc0c33622cab153d67
SHA256 a75cf8049443b723a0009968a0a4564a6792c8be93a89727acaa6844d089d50f
SHA512 cc122efa1438816e5a12aa3e70e545ceeab8fbf564bffbad5b8bc25084f80c06557ec4bd6b305d9f3153485d0658839d690b30fd78e4fff6619aa7a03efa1a65

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c60de3c0a32a8a2bfbb30cdff4741fe
SHA1 a1b12da72b76d246609acd043ba862afa63355f2
SHA256 90111cc2ab8a884259561ffcdaed2485df52db2d087b6be31c425d35723f7a32
SHA512 598a52df52b2355a5bce41ad1cc0f81137c898952e16602070697fdf07203985df4728fc3fcfff4e138709a5de1f01d94b480ecc3fb858f39382756cd1822550

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 791dab201e718bd18f8879446026755e
SHA1 ccbe4f53a94f282340f69e8c1ffa9153bf46c636
SHA256 965cb4dcb87bb792bd5fb6aa42d257d042e9337482cb0c0fd99e6b0b48da0fcd
SHA512 22e7240e36b9491ff7bf78368fd28c042d43dba0b36b38c99578188b300eea5ef2e79b87f76122af17ba396a6904ed770dc73597441f1ccabbba7424a0e9d721

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a9486d65bb1d268cafea7a8a411d329
SHA1 f12f18d35be837e5ee5a7e9eccf3c53a33ca5ebb
SHA256 4fbba7240902c494dc779fe56109364adec79e814c5f73fad0539fb788012d9d
SHA512 7388af939670dd9ca4fc75c7e4856b25c5be87a5808b261e3c7698955a9e46c91caf86cb2ba6a8d8d8edb381a418f1d36347372b3e7c420969c4540dc75534b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a501b47ceed360de5c732b761be604ee
SHA1 8659ec492e843985b765e8ee809b293ac9232388
SHA256 e767b1d2ecd6bcf6a69939458e78fe9a2bab344cd815d091ea73e811e72ed5e7
SHA512 f300354644036f272adf2ca08fb092c2caa6147ea6455585a0a764bfe0a2333375fdfbc090eb7d07e821c7abdf38fbda46eb20a73ccd2c1c439181c486cd78cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 54dfe8266066e305fee6375fe2f510bc
SHA1 0679c29370b34f8aba3e905634244fb804510db2
SHA256 5205e254a72d6e918df193e48a7a015955dfbeb73940dfd41780f876eefbf6db
SHA512 2781e3b805d6d0b03c8f6aecf700a70faa2a39edc5c9fd53322f49424ea678f8712e8a144f015f6df904b0879f47fdb0a5b591a772343370a20b32b5d0ea3c01

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f64a1db441b68a91a57309ebbaa7137f
SHA1 1b1d903a528cd718074b6c23dccd4852f03125ea
SHA256 8db77180f31c956843f5726845ee17432faf3fd0ababd914a81cea1416714551
SHA512 dbc0a42d51e08c90cd5bf4a57e062cd35c539116d93da6d4fc58c686031edbcf822f1ea389a391af13dafc3b6e8b0324d7aee9fe793764b9c6c95d4a0bf3fe66

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c46f3054f0f3f3728237c7846b43d74
SHA1 854d2aa8c0e84803b80848e1927b9731181fe888
SHA256 9006c4c90e52fc7ea19bd73125f96d960c1810655c164b282595a6600a2a50c4
SHA512 0d905dfa58695ae5f69cb1f754c87f7616d1bfebc6655f65acdee1b9371a75534a35cb120d0fa1a8e7a7672d13345e972eed180c5365ab47d382b49b2a502a09

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b0918f08c6e44558839c9eb122e61e67
SHA1 bb1ed412775d0105e95905105b72aab70ac62a6b
SHA256 9d73fa2ff5d9f36f47abd9e876ad2482d81cd297dd09a821aee127535401b1a5
SHA512 782a8f5fbcada2c6d2b051c604371e06edf131b7ac7c2716c128e6abcdfafab75a5f6ca8820e6238785656892e2456d0cdce238bb16065aebb09a912dcddb3e2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3QIP1Z35\www.youtube[1].xml

MD5 dbe3d7b18bcc3861b946db462a52140b
SHA1 e3291b2367e76845d527b6c7df41c6513d875970
SHA256 dba369c7e05600f650483534c41a1fa1fd07f99af80899d75e09c85d56995cc6
SHA512 a1ed26509238ff8a0270b5c1c820f984aade1af33ca332e5e782223a80e4de7e4c59d5d4055b8c4a878357310d479cfad1e05a3313876828af655cfd26cd71a8

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3QIP1Z35\www.youtube[1].xml

MD5 6017b02c1da7e289839588955131bae6
SHA1 6cfb026b6ac0e0190f823532e55cc6f821fad6b5
SHA256 d1bbc46994f4557f3186990792e9a76be07d49393fb464a8a6efd9a2870a47a5
SHA512 50ab3af8390e1977d1fb529ca693b938a265be6d9af74746a002da7a57c632f4aaeafc099c877aa3cb0a3443f3463dd62dfd3a426e51c71ff703cc0f975ddf6e

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-25 00:37

Reported

2024-05-25 00:39

Platform

win10v2004-20240426-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\704e31d1c1598454fdc72e7628a98de0_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1372 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 1136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2296 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2296 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\704e31d1c1598454fdc72e7628a98de0_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff2ca46f8,0x7ffff2ca4708,0x7ffff2ca4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,15671019518755182035,4041062903566567396,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2292 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,15671019518755182035,4041062903566567396,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,15671019518755182035,4041062903566567396,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15671019518755182035,4041062903566567396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15671019518755182035,4041062903566567396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15671019518755182035,4041062903566567396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15671019518755182035,4041062903566567396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15671019518755182035,4041062903566567396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15671019518755182035,4041062903566567396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,15671019518755182035,4041062903566567396,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5792 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,15671019518755182035,4041062903566567396,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5792 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15671019518755182035,4041062903566567396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15671019518755182035,4041062903566567396,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15671019518755182035,4041062903566567396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15671019518755182035,4041062903566567396,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,15671019518755182035,4041062903566567396,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 konthaiusa.com udp
GB 216.58.204.74:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.konthaiusa.com udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
GB 216.58.204.74:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 216.58.212.238:80 www.youtube.com tcp
GB 157.240.221.35:80 www.facebook.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com udp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
GB 216.58.212.246:443 i.ytimg.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 246.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 g.bing.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com tcp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 170.253.116.51.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4dc6fc5e708279a3310fe55d9c44743d
SHA1 a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256 a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA512 5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

\??\pipe\LOCAL\crashpad_1372_HOSHFPWQOBCRZZWM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c9c4c494f8fba32d95ba2125f00586a3
SHA1 8a600205528aef7953144f1cf6f7a5115e3611de
SHA256 a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA512 9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5817110185d17adf8d1a41f4b3d1523c
SHA1 4ede8bbb887fb693f69ccd650835566a5b6f833a
SHA256 dccbd4a2a8f7d469eb96e72f82009735a6ddd5daa4db8ca339fce5cc93b925f2
SHA512 dec6da50dfbe9542ab43b76f4d7ea06f6192d271ed1827e0a9e4c34f128c5fc99efbaa39c0aa029c7e73009262ccec1b335119f41fe3f8d9ff8f3789db1d45b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1c45cfcaa64e77eb02e2c76ec2fb818a
SHA1 f497c33546592052d068b8457a8032617e147bcb
SHA256 6588124999eff20dc241dcc81b4701163cb6684be19d127f76b1da81a66b52c4
SHA512 57dcd506621df5d7435cb3bcbcb449a3aac96eea1c77fd7e36e798d7e08f7477cabae547ad20b446563032b4a7b88fd95718f01f83e9741449757ecf381d10bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d8964f7fd5bd19d18f57582b2d17a7e6
SHA1 12797db059784353cc12b178e28dba31c0e4b25b
SHA256 a82f93e5e41c5b05e554f8a235ecee9bda0a8a102c0ef9c43e345c05b037d91c
SHA512 d0bba4ac9bcf82f64a9353b7bfc31750255208578cc157278164858290c82e1f8c5f8bf59e2ba699c6a16d3fc456d4023bbaf9102ebfa71ead1ee1729aaabba1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

MD5 f756b24529d1fc1097d5368479c5af41
SHA1 f3923ebeaf5e8456ac94ad03e0cf04aa14ae6cb1
SHA256 0028793213fb002848469ae10a0b7231322c75a8b4639da2af50c0f3d5373be0
SHA512 ebe9f5ff818416b3bf921415ab58961d0d8896637f82b242c7030783e4ceea5e91e3b2a8868fd4f9f0441ef2be91e2715de83998d7117527f2c2bba30e4326bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5bd4a492f54a9ff41212df26c3f05dd1
SHA1 aa2a66d9335cb6064822c92691a6e9d358c54c98
SHA256 a5b66aaa108c8be80cf7e706decaa3dadc172e071b516bf2ee09c4b7d250cb31
SHA512 bb103a16350c1c4bac9a2be8f355616fdd9c34fcc1ab1c63369a590b81d83d4aec4207fc5424cdde8c379572d51ef4b9b518c8bc9808af970ed0030ee74a45e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b07acb9cbb92cbe1d87d13726e771559
SHA1 e87415e2962ed91a872f95f5d9b68402b656ec2f
SHA256 b6c219951983ca0a628e2ea552d09da61a04d295f49bb3974065bc6a9b9478db
SHA512 af7f964f02ed6431a8f38ef451aca9862ca1367f76e2aeea6377c4cf1b904425a17dc46834ec9a9faaaec305f98b76a5b66664f14202919fd919fab555e986c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 676d955870fdc58d28c950a611456d07
SHA1 1d438f454f8e8e8ad29619a9d85b0531cf4cca55
SHA256 32f35d47cbaf4b8daad479f9cac727dc15a68bcb26e56b40f41a6b8c54cd3fbe
SHA512 ae2f0d71bfddf9789955029813a8401774b848bcf851c008e6bc744056d07a049d77ed61e54ebca837cc1704d28fc807550f045995a28cc7f801bd01975068fa