Malware Analysis Report

2025-08-10 21:32

Sample ID 240529-ktq29ahc6s
Target 802b8dd6e6e997e2777c6893bd8e132b_JaffaCakes118
SHA256 cad0af5a011d2f384f439ef55628ea079a444cda82bef3aa0803ec121f5d7544
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

cad0af5a011d2f384f439ef55628ea079a444cda82bef3aa0803ec121f5d7544

Threat Level: No (potentially) malicious behavior was detected

The file 802b8dd6e6e997e2777c6893bd8e132b_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-29 08:53

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-29 08:53

Reported

2024-05-29 08:56

Platform

win7-20240508-en

Max time kernel

133s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\802b8dd6e6e997e2777c6893bd8e132b_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8434" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8644" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10206" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "13291" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "13203" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "19821" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e93610000000002000000000010660000000100002000000000477f9acdbb00e83b2f01d43a55f80cab2f72a7fd858e0f3ecd12c2cd81d1ec000000000e8000000002000020000000a4f740f2c740b55e617e5a70564996c763246731a1a4186480351c4b39c4ff349000000048d3d8498211d47790e10333a736b855a5b093fc066c0e4b355e81a03b07d0398da7d5f753a153a75f36c675c02cba35442dade895fc9cbaff7d2f1eb48be8f8689ea96260fca33c6b1ecccfd2963416fa15c26cace3d2be29470326a31a24bb6b5dca3207aff1f3704cea9fc6f57cec2078a83611aa910cab387dfe4d599dd282cd35ec6b87cdfc276f2c0eabdb005140000000e47dc93b0327478a7de42ecfb9c2f1dc6c6a82476005d003bd7f4b074fb52c702f7b10a9122e16635b290dc421ec5d54b78454577d91c000bd58d756c1f9433c C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10206" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8552" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3576" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "13203" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8644" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "3570" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "13285" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10124" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8440" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "13291" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F87E3D41-1D98-11EF-8B04-EAF6CDD7B231} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8440" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "19192" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "22900" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8434" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3488" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "19192" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60b809f0a5b1da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "3576" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10212" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "3488" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "13285" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "13291" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "19821" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\802b8dd6e6e997e2777c6893bd8e132b_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2368 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 konthaiusa.com udp
US 8.8.8.8:53 www.konthaiusa.com udp
FR 216.58.215.42:80 fonts.googleapis.com tcp
FR 216.58.215.42:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
FR 142.250.179.78:80 www.youtube.com tcp
FR 142.250.179.78:80 www.youtube.com tcp
FR 142.250.179.78:80 www.youtube.com tcp
FR 142.250.179.78:80 www.youtube.com tcp
FR 142.250.179.78:80 www.youtube.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
FR 142.250.179.78:443 www.youtube.com tcp
FR 142.250.179.78:443 www.youtube.com tcp
FR 142.250.179.78:443 www.youtube.com tcp
FR 142.250.179.78:443 www.youtube.com tcp
FR 142.250.179.78:443 www.youtube.com tcp
FR 142.250.179.78:443 www.youtube.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
FR 216.58.215.34:443 googleads.g.doubleclick.net tcp
FR 216.58.215.34:443 googleads.g.doubleclick.net tcp
FR 142.250.75.230:443 static.doubleclick.net tcp
FR 142.250.75.230:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
FR 142.250.179.106:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.196:443 www.google.com tcp
FR 172.217.20.196:443 www.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
FR 142.250.179.118:443 i.ytimg.com tcp
FR 142.250.179.118:443 i.ytimg.com tcp
FR 216.58.215.34:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 yt3.ggpht.com udp
FR 172.217.20.193:443 yt3.ggpht.com tcp
FR 172.217.20.193:443 yt3.ggpht.com tcp
FR 216.58.215.34:443 googleads.g.doubleclick.net tcp
FR 216.58.215.34:443 googleads.g.doubleclick.net tcp
FR 216.58.215.34:443 googleads.g.doubleclick.net tcp
FR 142.250.75.238:80 www.google-analytics.com tcp
FR 142.250.75.238:80 www.google-analytics.com tcp
FR 142.250.179.106:443 jnn-pa.googleapis.com tcp
FR 142.250.179.106:443 jnn-pa.googleapis.com tcp
FR 142.250.179.106:443 jnn-pa.googleapis.com tcp
FR 142.250.179.106:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 fe0.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab179.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 b9a6ce2d8d958f97f33e4c90383555b0
SHA1 1dfc439a009c45eb482547d65aeee88675679279
SHA256 35c92a56b5f0f8520f27ee9b8d093c80deeb4f7599dbedfa8619559986db3c03
SHA512 0395ce6722e8663e946c8ab45bf6b28dde3d77c42ce893dd5d9174bb1c2c287b5ec4cb165ab2c606c13b39a72af14ea2d1b63bd3f21b766f8969b6d18db920f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 22bb46c2323daea13afd56bb25a8f80c
SHA1 2636c8990499a0f420af1a0a3b39136c0bb11d9e
SHA256 dc2c685fdac113ce141e7c3c7f6106c850e2feafb00b165cd9da9887db4fcd2b
SHA512 a31d9550aaf44a8edacfb1f8ea74681b070f845ea799810dbcb87e4c0c6062be722729d18f1c9b7dfb25400090cb09d3d51c2f61a9b79b607553d2bdecbf0400

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 866a8f06573859744489d66eb928befd
SHA1 c181b9b67c1b4ffde30765781362dde45166106c
SHA256 4f42821a021acef06d8b860d1cd1186cc99131c278f5af44be6b103e2f5b87cf
SHA512 4f71e64d59fedcac5ba5f48f8883ae1c6e0a1ef1b19b03f4a5ae540123cf6488a39ec1238b4ef239620045de34c2bedb41ed29e400faac4a13cf8b38b06e293a

C:\Users\Admin\AppData\Local\Temp\Tar24B.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_242CEA72AD255CEF17D8B88AD3038326

MD5 dfc05cdf715974400bae758edc2b356d
SHA1 c18157ead3ecbc63588104ed23c7ab02cefcfd82
SHA256 994c79481c4e59b134c5f1abaa6e8f97e7b0f3b2a61d0d8a1162b329dcf388f8
SHA512 6c3d079e6a5d50a4f87014b58bc557e0c74fb7e1728086fbcfc64391588c0add1bd66dceb0b091873074bd983a3f9e9ebf8fc13de752de3153fe54e5e3ea6d35

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_242CEA72AD255CEF17D8B88AD3038326

MD5 7f79b8ca25f36b112c85e37957a9fe4b
SHA1 11d58e0e9bf12dfb700a1d564800ecb8589b36a1
SHA256 2a2577b3b67a5d3ff3cea62e935de9647711af16c2a9dab7691aafc61b2b49cf
SHA512 8611c4776feff8c682d68c961e693c371ee3ba1c592fe2f4a331bff17a008ec38ac9be910abbf2e8d8851e7a68527ccd46b4a33e7966bcf4f666b7ea3c612b0e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNCIS1YI\www-player[2].css

MD5 6e076abc1095221e4e3e21dbd9d1db4f
SHA1 e908cc0f7829aea16b42d8fec6aad567c41f587d
SHA256 c7e69ec7e436426c5edb45bb5fdd943623f987ecfdb86413528b596e5b0888e9
SHA512 3ceb46ea8e5d5abca4a1a053f20b38ac6d6c9ee60594da54122f4ff09422495261dc9356d0ed0c240ba44324c37bde120a90655b2ea40556280df674ab44fe2a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNCIS1YI\www-embed-player[2].js

MD5 01ffe52cedfac91db631afb50ec0406d
SHA1 6c46d6f85c315d1b5a0f7207ffc9c11f51e91509
SHA256 5e7aa90ed8daf375a49334177305eaa26fd800a2a580efe1da3388ad51b094d7
SHA512 0f3b013d65a6bf7acbc350c0a664fbc4549d388599a9442a6a7e0efc5bbd33da5dadd8f4d0c63b0ca10c0ef891265a2921e370563ce92acc1d0b977423b67af4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNCIS1YI\base[1].js

MD5 1a07b3637d035852c1bf496244e02e5d
SHA1 5499d5010793c37998d7109f7ada060bb53f9516
SHA256 489c5db1fe048e9e5d4deb643c382c2baee253283ec1c55f5e62b12c746e0e64
SHA512 954c45573703c72322a3821d7d910bad40b20a18f5530bdc5d7389a7c5d5ff33f7a0a6815d9c59300b5441ed6b127fc238897e3a586b73c4d583257e2ac265e4

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MQ4WBP9J\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTL9DZJ3\KFOmCnqEu92Fr1Mu4mxM[1].woff

MD5 bafb105baeb22d965c70fe52ba6b49d9
SHA1 934014cc9bbe5883542be756b3146c05844b254f
SHA256 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed
SHA512 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8SD872Q\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

MD5 de8b7431b74642e830af4d4f4b513ec9
SHA1 f549f1fe8a0b86ef3fbdcb8d508440aff84c385c
SHA256 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a
SHA512 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MQ4WBP9J\www.youtube[1].xml

MD5 652603032f1282b34688cadbfee32b7f
SHA1 87df5e548487fe4b4c64edf050cdfa2e0df669df
SHA256 2908c50c04dcc7eb8a7796a7998853daef811b367d24edb8eaffc60fd10b6386
SHA512 ccc9c8152f57d1371f466921efb68d0b9693769a43105eefb0804d756691af9fa0ddd86b8a3ab8730b0c1c042af4854229ba45967d6512afb74c088a807ed638

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNCIS1YI\ad_status[1].js

MD5 1fa71744db23d0f8df9cce6719defcb7
SHA1 e4be9b7136697942a036f97cf26ebaf703ad2067
SHA256 eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
SHA512 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTL9DZJ3\nOQ6CFFsFLFHJQRrU97H8zc3BH-Y1IdUHHiQ5lkOGko[1].js

MD5 869ac18715dead8f7d2166bc029113a6
SHA1 1ef11f05c6068103cbebd8c835b5f18a5eeb4002
SHA256 9ce43a08516c14b14725046b53dec7f33737047f98d487541c7890e6590e1a4a
SHA512 c3b71aaadd710e2137c3866d8aeaab6ad1ea34a44c5d77e01034242d256f7a1256d8379a186075c969aacada840283997915a6597d846e2eef530b9d797d219e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MQ4WBP9J\www.youtube[1].xml

MD5 49af10324514d9a8f9966be485fb1d7f
SHA1 606a30c438d10abb13177405888f2ccf7074c155
SHA256 239e8911a643f15e87a726db5c295dcc0717ccf7441fd85d306878d0a6b91385
SHA512 942beffb765a61a27b8d3660142b4c2e5b699766f1c6bc779796016e3aa292fbd9e5d5c41fc1a2d84a930d7e07acb50668f38e8ae9296dafb530422e5787fe0a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MQ4WBP9J\www.youtube[1].xml

MD5 a4903f85c94a867d064ef814bb2a26ff
SHA1 3e25ba1811290197a157303408624c474921780c
SHA256 90172bb9ebd1738ac0e3f298042643300ae5ac4b0be88c4f12770085ee2c5ff5
SHA512 33ea7da99256ae53c71ec151989fc5b51d0265f5b5da7f9c645967ff776be311b73cd01e2cb335c792974e1085a6f7c6372c4d41093f89dd38ab3167df91f989

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTL9DZJ3\embed[2].js

MD5 0691a0284541e31b0d8584e2e7f4a29c
SHA1 895b5df3472fd5da3110852f954d8146232032a2
SHA256 7053def58737c584b633c9efae1848ca99fa6130c1843b16fb72de9a656c8c04
SHA512 1173cb0e0da40bc1c0929618e565f277c7f3d97d11d33398cf309ec4f9b6be94dd474b816ce136e380bf55e10bee6edf9fd2711edbcbe36a9be8169c1193025d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MQ4WBP9J\www.youtube[1].xml

MD5 4d2621834898c7971cc36c3227e9f740
SHA1 d26d44813add678e1d559609a7decd03a288f3ac
SHA256 6ea6fd3414d851a1ded93e4d4bef3681461ad571a2cb75894065aae4d0f1744e
SHA512 85df1e2db65f8eba05793510f5f03f137d1b790a57aba391c5a4ff75c446dfb68aa89370b1c9cc101039006b90776546596a2a120a4a5910dde6dea0741bd267

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MQ4WBP9J\www.youtube[1].xml

MD5 7aef0cae3eda5c898f07cebc458b82de
SHA1 f10fa375c198906688ff919cbdec1f03f628f8f7
SHA256 5eb13027cd958c8e7ae37824002ca6df94e0687dcc78c261c89d623adfd456fc
SHA512 bb9c5c9473ce1e6887fcece18d0924f4d36b69a9a78840553d8f7bc1a6d75fe0917abac3ec9790822396d6090ba915db835f83486a0e3604744c6abdc863d228

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MQ4WBP9J\www.youtube[1].xml

MD5 dde249ce7f22848649f105494724a7b2
SHA1 d23149dc7491211c390f0903d6ffde96844aba26
SHA256 a72b2c263ec70e444e455dc0f141ac7f29977e43c616ed2a7348bb2eedb4cd00
SHA512 ad2313a0d4c777fb9e4142794da9da0613efaac1cbe1bf4befd882320c996b528135151319a690a20828e98ac23ed4daa0eada9624c5ccb10fede4032f8933ec

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MQ4WBP9J\www.youtube[1].xml

MD5 e6f61e2d20555a9024ecf13b0aea6f7b
SHA1 0f751fad31961dad0cd881692173ad3269295087
SHA256 cbf7cba046d470a0271afee437b2765be5e1f78a0881c0062f34ab54f7c31672
SHA512 13935277810db31fdd6c9cdd5a4b237a41a97edda1ebca2278721b77587f9652b2ec088fb8cf8395d946dc347f3b084333fc688ef203273ec0793ce756518fd2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MQ4WBP9J\www.youtube[1].xml

MD5 50c5e08a31c98a2c3d0c8f318058c38a
SHA1 0aa10c04fa1de84c74fe1b74993d0e79a0c4b60b
SHA256 799d809cb7bc745510d7ad2defc3d1666465a09a63eff2277d5237095d8bbb0b
SHA512 658b706510c674d6cff607f1a4c4aec19f8cd3e41cab49c6ceae1b519048c82039b3be9a23c536636012b7fdf846b8c8736abbc88fb3f87bc0f0319d13043a62

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MQ4WBP9J\www.youtube[1].xml

MD5 dc164caf5bfd42ab7b6f7e6aca3be4f9
SHA1 a3aba4cf670c52840e7f1571f1017fe4f70fe74a
SHA256 a4d07a1e423b8fd81b12e17a3571c7860d6dc2e7d8b8a471166336414f50f7ea
SHA512 2df6ea0c5bf1d627d9ac3d5e67b02c68a0406d2c3ab1836bf5818c5a1e1e53affab1e65ffbda91980059f78769ec6cd7d3f2c70745fe6a538a857c9ca3ea172d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MQ4WBP9J\www.youtube[1].xml

MD5 90062a2693571461ad34d2674fedb9ed
SHA1 b7a149e38db5c96077c078a0e9527070d54c432b
SHA256 bbe46835a3f40dbdee92c975011e2fb3d40c8b4218ab66b2d43835fa9825ff81
SHA512 5c45ec6aa03e3df17532b670ea1f4bd0cdf8ca4933d47b19998a408672cf13232467d956f18697d171b774f76d47f6eed37cbbda52bf8cee34a0efc38b133577

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MQ4WBP9J\www.youtube[1].xml

MD5 76594b6d9f1a7f103fa6a001bf860f66
SHA1 180fbbf753857ccb4465854e4f0032548882faeb
SHA256 582e5e7581e7e7e12ae7dad204fe5c26012a49e79da94bcc59a9c50337ddbbf2
SHA512 5f26563b6639c27376f43958a5d73c9e87a719d569bbdb669aaa593b7a480c0c3b12e6df63683789ed99ea8af5f4017005f750b0b6d73e3ba22f7a2159d03dd8

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MQ4WBP9J\www.youtube[1].xml

MD5 a90b98abfa1a56294259bac4129d3cdb
SHA1 c201a60b7cd506fd9bbb38ab5d4f72a10cd57806
SHA256 a2a02785c00e71b64e2d8f912a2c10bc62892faee3f935d53c1f823cf6589b19
SHA512 ad3c6f9d3ea2f96248bf1d1e61b4761ead510cdc95d83b356710ea05904e30d4cb2bbc9c819a84504d65da9f8ab367f839008ace6cf4d4ffa88cd64cdb217554

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MQ4WBP9J\www.youtube[1].xml

MD5 11a6b8094dd71e396d572182ce159337
SHA1 5a734fd25c3c11ecd4ff84554381b3df1e55fe43
SHA256 23b6ffa7ba216d9274ea20998c6412d10475c305cd59afdcc2b50c3e0867b9dc
SHA512 fa5823b523de85b91029593ed34bf88c3cab657ea79940fcc2934bb71a47e2a64c4d853515149ec2f64d0ca7f07a5e084c6dd9c48a350a01b704e8c58b906eae

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MQ4WBP9J\www.youtube[1].xml

MD5 03e55c4d6fe8d8a66c89c2316a118a66
SHA1 840082d2936a0b03a06c49eff44e286c79b1adb3
SHA256 812beb789757a2ae2e773c11db3036c32a9e978690ace997e49284ff38732392
SHA512 82c16a8f67032a019627aa06b3315d47a48c0a86fc971aeee2996e3e89df35284380a5082398a10b7dcd9b230d0360ca31ccda9c336f1e5d7d27ca3f00af22d5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MQ4WBP9J\www.youtube[1].xml

MD5 17e039bbe4bb5320152c7dc9c047c64a
SHA1 6ec644ee614e2a6095af38a0be9eb96ac952440b
SHA256 8df327836abb87adbfc73c53e44a54e5c484a55777b30edfbab7bc462b3a0921
SHA512 fa763424017dee711782a1c3ac6617f54d48da6ea921e8fcb8cb598476d6cadb7d6aa9891950675b43e48c7d4d1e822dea7091ae7657ba106d8b183f2a6655d9

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MQ4WBP9J\www.youtube[1].xml

MD5 2fa93ce4163a225b5879cd957b85f733
SHA1 24bdc6d6e69f405f694fee5f0fb259a65590fc2f
SHA256 92ec8d1884aa9f9abbedf38dc087ffebb674fb06e223b9cefa42abb1328612e7
SHA512 2704c3327eed6e4fc5b56671471b1d6a697f0b4ad633648018c55cd90a2e16cf2099121cda896defc3ec782d6a990f159f92cd054cd861c35b92327c50d92465

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MQ4WBP9J\www.youtube[1].xml

MD5 27170d6ae3c80fc2341ccea2fc26d295
SHA1 23f3f554671493220aa4e4b9019371b1156ac6c7
SHA256 31490a3d388003ce69d75246250d3c38945568032957904b5184614229e30c46
SHA512 ec87a908e219c05a96f6b64c206cebb7b184c2205f104d73644ae3db0c73ed6e833ebeecf10046ef46d4c8d942d19001d86cee8c6775ba89f14d4605cb2613ad

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MQ4WBP9J\www.youtube[1].xml

MD5 1c4f84c9953d4e5a668cb1fce47eb870
SHA1 f1ca8eff43858869bcddd83e66529ce28a23174a
SHA256 dbdc9d6f249ce4613c556b6484403e772491f0f5ed2ea9bfd407bc1223573c36
SHA512 ef2103f048be0b7d801ce9731b03cbcc040b2479bc16af45aff95b246621cc6792b76c711c7fc59bc2c6d8c9fb28041b7fac4e50e91b61ac038fb5e74f29981f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MQ4WBP9J\www.youtube[1].xml

MD5 00e95c2d6b767651789fc7345079fb9a
SHA1 b005e7f68e3e2bef8ac696005e8030c8facf59e8
SHA256 5cd8d9c80ae1d2c54a701189b0d38454d5942ad53f76d239fb9339bd4c272dda
SHA512 ac1ed7396d89fa2b66d0c45a6cba52abc9778a3d4b734155f4859e43050dd32db818b1fe6b1d35640cb5748e8016a1ee12f6de52745f9c381e63ade036252ce1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ae383532954d7b1ea039b66a5700a409
SHA1 ab9351c88ad5489d081317db728dba4fae68807c
SHA256 5169eed60aa42c9094a3d05b4a51cf17efd04d1485b4f1b88d95e48b05f575d2
SHA512 b21681188bb4abf5ed93e4913e603d427be17bd43f6aa6a54f58496b4bda4b1383bd95ddf4ff72556ade56b622b052619869c3dc28ae2ceee646d6a5ac1e04b0

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MQ4WBP9J\www.youtube[1].xml

MD5 7835ea00be778dab2a82eed0ed3c4461
SHA1 7dafb9e9719798d985b23ed09a7e4ee3fbcdf69f
SHA256 325b4f0dc393f4a73e9b5b1b2bd3ecf7951959dc8bf653dad2b48ec36fd62000
SHA512 df8b83c182ac6a1e37d3f54004a0f89ec10bda654ae3e4db1d91e84ea11bbac323bafbdcfc5b582d3d88e6bb33196735cba1eb401d15201f5c5942a1558ed112

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1afadbbddcd9cb40f720fc22da1c2068
SHA1 276a9c28a724698779f2c09490ccb105b6a5ed0a
SHA256 97a7dde06e5d95a06c48341d917f16ad348d99234c9cc3fa86c55fcd972aadc8
SHA512 0468adc7989980303856201bd99b057325b0cc2bd042b51d30800e89d4730d0f091ca976c8a6d53716e3b3efdbb6ec923c07f14e99750a6ba12b2b3cd8ff809e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d0da12ccb4773a35197568622f5c0a7
SHA1 486d359be7466dd7e3336ecadb96122c8b1d8fea
SHA256 ff1edf7054b9ad6f38253210aec48547684cb77cc32dff4bad6b198fc73cfeda
SHA512 b9509a73048b8374ad65eadc006133fcaae9580c54664a20cabb31a02907f83a90816dd4cc46c822f67420f32dbc9c4f0b0553d0e0aef582650515f49b28b2c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 202195631951a3df4149affbecfeeb9b
SHA1 744bbfeb70d956eaa0dc2499c1eff9b8fc96b00c
SHA256 07019f9cbed3e2ea5246ea1cdf0757738d502f02bce30d708081bf1a6b93df4c
SHA512 1b692b3999d34c69caf3dcfe95d66718bc06cce81320a54721ab08666d3b0cfef0b79cc79bad7672fb42fbd44fa5fd14231edfad97540b306ba570007d55dede

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 321e5334be2060ab6d0ce64f7e833e43
SHA1 264cfd5b886bc732eec8c37a637a08749a7ac8b9
SHA256 3b0093ab5a412bb04e9e6dba3cc44eca55409d44780cfc044fe222d138d41662
SHA512 5912505b788829bcd5586c938a385033e5a147ab1fa9cd51ef2bb9c6e788cd4f3887d4338b31f89403eb5594db9654488eb324bec36b3ac787acdffe526acb60

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1bd6d856190866c1e0aa1bd2cab48180
SHA1 b63af8a134ad195e6ceaa2d41382283b187e642e
SHA256 c5cba9b063cc586fe2f46a417ed7cb9227a70b56dd370a6287efb4265d514c3c
SHA512 c9e0ae23301e3f81acfebacbb378bc87909c8e23f9ea2955bf8616b3aa90591c07318966e2041ed62352b6288702d16bc35c24ffe98e533a787d0b4e6b2bfab4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c1d3fbcdf776d0cdb752803686644808
SHA1 0ce79e33d5f7fe46081d011cc51a6cac156b19f7
SHA256 bfc9c1ecd52860dd55ce7a78c33c97c4b086a2088e7b283bff8e2f0c16e1cdaf
SHA512 2acaf6d1939cf1ff6c2b54fb12445af6681569b53b702c65fa49dd4291b052ee024b706ea0a981d044f717cd9b5b28e47d68675e135129b2adca89cd76752175

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 46ca0afda871b65577d3803b5203079f
SHA1 09fde78d04dd34c87eb75e0dfbf3952ba6e69d86
SHA256 72a606e692ca93a1ad261cc3a7d86a2b5dc7ebd774836d7604aca5245f0f1499
SHA512 100683eb3c2b738d83dfce1adbe21cc45baface485bb8f340990fcd2e0b1caefde683aac71f8180a3e6ebd9dfefc0fbd2f6e4172003829a7ee046d319900418c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 097d35e0ecb828a2550c93071ee69c74
SHA1 5147701182dd28ac2e321357b683297ff419d1dd
SHA256 fa6b563edb73cc6a62bd5209e19c0e1a899779beafbf6261dbbfd7c18d377bc4
SHA512 c8fff85b972138247c13172723ccb792e8d00ea6b9ab44cd1d3c5af9053ef6e61bac74ce4464bdbf3a51cd8431d3a5d6e99cbcfd2ef4510e0215ed338be86250

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ae951aba0e69db921a97bd1055df2362
SHA1 c8e6e0d815d943cf7fc5733543eadcf9f488fc1c
SHA256 006dd5fd6eef821afb59853b1bd7d376aac04b3f2e17a036acd8458a29e9d548
SHA512 2fd0298ed6a587767325adac48013b681c258b47c350055e5835d0e4bea0988c9c9d49242d4faaebf2b045a6e133a822817f1b61de0cd060ef9e9cec84ac9c32

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 83c701e6f3c53bdf6e7ca27d963a3232
SHA1 b8b218c2e10ce43dc63668a25ce31f43f0b175b7
SHA256 46f78cf59e45d60fb538169af66aa70d117bf3f0ce47b47ad74a178806177d9a
SHA512 3eade500a159503a01b8960ef034e7ddbb8b68a43caf317db9fce3d297b3e891e7012c2fc048417ba38b256b7e8504f8c61affc34300967603da29c717ef4cb1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e41741213d30c28d9d9890e7fc1201bf
SHA1 0cb0b56f02128344aafb865857d35c7ec67c1dc8
SHA256 6d4e8546b38b3fc814372ba84d483444e78dc51164343f56807451755ee7bbd2
SHA512 48cb445a5dbce03021e983d131ad9759919cd9b1cea5978e4e3c9a0a90c54651c4064688fffdc77d9e4dfefda9f010f77a948f0ac7d415c001c4af6842148a1f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8bd80abbe7bcea27b9e1c5ef9b03d29b
SHA1 9805750c57993b3bb52618562f1f204ee3154773
SHA256 3db2068f2f06be9d34da2c3a51b9549149cbe67b40aba0ea0bb3a41386305a07
SHA512 898c9eb7c528dba62d4b73809c8c117e369bde90dac735772fc140c5c17d72197c9ee6e573c4a1399b40be34c6b15335724d57d8997602ed54a72b3da82512ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8655c3b6cdbe363a3ee54f82544c97d6
SHA1 3f330394f41c374370bd78d3d19294804a6fe101
SHA256 321c91480772d7b1835e61dde17f26895bbac39ea0534c4a6d3e07dd1605a2f6
SHA512 4909f4c6142b867d6ea8f082fc3fb1d4cfe2f98f9bffd2fa658b2da042ccb5f30094ba7ef5c40534e311cc51c2a68cdf4bdd745bd288a2bf0322c06b5be2fecd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0706f77e1e8fcf2aefe42d0e5a378055
SHA1 46e241f2df884decd6bb5adf227d25e7673fb3e7
SHA256 ab2aa6b0c0e39a215ad978c0fc364cc17cb492523edc643a565e765d006d54a7
SHA512 76eba229fc204629c10651f862f5c8399b0141f9b758a84f89f5116acfd04070ed8b90ce4fd9678d25ced53fc8c61158115268cccf7b608504093a96ccfc907d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5a2d98bf213491dc2cdabab0ad8beb27
SHA1 033cfefed13f4dcbc8bf9d3db36b6ee931af22a8
SHA256 b73ec64fb0a9edae878aceb0242b6a8e41bea38a1ad58eb732bf253305cee801
SHA512 fdbaebc2a3cc083f6176ddebaba91b11c1528dd139e1d4500c445fcc56dc00d6d140b2c541f31fd9280cad27da40d3cbeed2fe3df5035d373eb3429c944f6dbf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 883a8eb9a25814858e576eb6558fe3f7
SHA1 dbef9ab43f130c90ad21f6143af70088dcc59040
SHA256 a22dd3ec598cceda8e9f81488834b968cb0598ae9be9f4a3d86fa8e72db9bd5b
SHA512 ca382d2725d9b39f828042d957a7a56b595614b19e4143f22e7db4067064190a0a0b2fce3749113de2b6c26cb91ed79cbdfb3a818e93a5a0fad330581880f1f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d96c1fcfb2ca967eab1006cd469d4c19
SHA1 824ffce97bad6da248542e5e5e0201d55b12137d
SHA256 6fb6f90d09f00926a03af60efba1ae085eb3a9faa0facfea319b5a89dbeff066
SHA512 c9a92ef196ae9ea064619aaf2bcbf92db95f182291ce74e9f38079c852a9dcd3ed2bf3e81227f5139a2e7ba345a09c883e6b3c8ef4964ba43e8383923d28c317

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 10122401063ce22a984640fbc7db97e8
SHA1 871f9ce586e8b4b0d05190442c6fe3eddc348bfd
SHA256 551a61ceaad845d77494cf39b19f5f6cbd11686e9885f34659ec6517d8332d6e
SHA512 96c423dd3a4991e0f16dd9cba265ee24300dce0760a3f137b92fc7aa1aa642b0552e84f6bd6e34d449c8ffbdaa9bc8839899d00ca36b234602e8ac13a5f2d267

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff8a8c26d2c19f9579c16ac8b8968607
SHA1 2515e80f3bb8b81183d1eacd5a4a760b1f7d5b89
SHA256 77520d4bdb32d93a650e34646fd413fcf28649889a0c0d93509c66690fb99c2e
SHA512 5095b9a53a374f355ba3d8cae759c989b3771bc425617cbf50c9cf09eb6aff01802033a954a6870a1aacaabef63ee2bbbb962862f202e7c30801a36125197e4e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 40cbd64c3c29a83f3e3044b8763c21b2
SHA1 953ad31c8f1a774b9fbc1e0959e44c738fec7a1e
SHA256 3ae56782c2da4a9ca3b4d2306e44507f9cea5889d3e553887bf8bebc296193a5
SHA512 ee30cb7a54700ea2d7f1f0b76d4a3e7ae1305fd3abf64d06cf799b296933605d92d1a9dc9edf2c5f7f1e93b54f1049b40dc929261404c9fe70e868e0689d0abd

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MQ4WBP9J\www.youtube[1].xml

MD5 60a6dca92589737f865c13114ac59aaf
SHA1 b610222dea1b0b06dd3d47b277d4004eb1d258f2
SHA256 118b1ee0ca52fb739449681d93d3fc3049110e70dd0ea8137cccf04cd529299e
SHA512 0a466a2237246eb1545d3a03105fb8493cc76429c83ffbaaf13fbf03d814001783749c045ee5d3fb42d57d83c697897d7027b9c52cb5f2db60bb0c4c61cbc260

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MQ4WBP9J\www.youtube[1].xml

MD5 209a89ee734b9f9ec54b4f51c8864409
SHA1 8058f8499639e5d33403664d74e679fe0fceef33
SHA256 da8c2127aed8285ecfdcea3680f448caf6897cb2a17daafc510eeedbc4dcb200
SHA512 860d236f5b203fb649e275686bf96c08c8dcaf98af1ff4b6747ad8bf3e5153ad50756baf4134720325f0f811968fc6a9f9949d9742f36fd62bdb3bee0c4a7611

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MQ4WBP9J\www.youtube[1].xml

MD5 0679469645a2831c7c13b3d99e2455cb
SHA1 a96c624904f294a1c1929b554e3c16491029b3b1
SHA256 36addb668cd5d904a0ba6de065c25a8643b6872675903bcb1c5725e1b3c4f9d7
SHA512 e8ab9f7fb96348610f082e4d277fecfbf58c074eb9d84272d5c2596ddd1e8c723b87830e5470f14b70bd7ca0ef08511167acee5efef516f80b90d0a61f773639

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-29 08:53

Reported

2024-05-29 08:56

Platform

win10v2004-20240426-en

Max time kernel

148s

Max time network

155s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\802b8dd6e6e997e2777c6893bd8e132b_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2544 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 4388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2544 wrote to memory of 368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\802b8dd6e6e997e2777c6893bd8e132b_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f93d46f8,0x7ff8f93d4708,0x7ff8f93d4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,238882194391809160,1500767230577984166,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,238882194391809160,1500767230577984166,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,238882194391809160,1500767230577984166,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,238882194391809160,1500767230577984166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,238882194391809160,1500767230577984166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,238882194391809160,1500767230577984166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,238882194391809160,1500767230577984166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,238882194391809160,1500767230577984166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,238882194391809160,1500767230577984166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,238882194391809160,1500767230577984166,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,238882194391809160,1500767230577984166,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,238882194391809160,1500767230577984166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,238882194391809160,1500767230577984166,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,238882194391809160,1500767230577984166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,238882194391809160,1500767230577984166,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,238882194391809160,1500767230577984166,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 konthaiusa.com udp
FR 216.58.215.42:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.konthaiusa.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
FR 142.250.179.78:80 www.youtube.com tcp
GB 157.240.221.35:80 www.facebook.com tcp
FR 142.250.179.78:443 www.youtube.com tcp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 42.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 157.240.221.35:443 www.facebook.com tcp
FR 142.250.179.78:80 www.youtube.com tcp
FR 142.250.179.78:80 www.youtube.com tcp
FR 142.250.179.78:80 www.youtube.com tcp
FR 142.250.75.238:80 www.google-analytics.com tcp
FR 142.250.179.78:443 www.youtube.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 i.ytimg.com udp
FR 142.250.179.118:443 i.ytimg.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 238.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 118.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 67.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
FR 142.250.179.98:443 googleads.g.doubleclick.net tcp
FR 142.250.179.98:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
FR 142.250.75.230:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
US 8.8.8.8:53 98.179.250.142.in-addr.arpa udp
FR 172.217.20.196:443 www.google.com tcp
FR 142.250.179.106:443 jnn-pa.googleapis.com tcp
FR 142.250.179.106:443 jnn-pa.googleapis.com tcp
FR 142.250.179.106:443 jnn-pa.googleapis.com tcp
FR 142.250.179.106:443 jnn-pa.googleapis.com tcp
FR 142.250.179.106:443 jnn-pa.googleapis.com tcp
FR 172.217.20.193:443 yt3.ggpht.com tcp
FR 142.250.179.106:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 230.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 106.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 193.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 163.214.58.216.in-addr.arpa udp
FR 172.217.20.174:443 play.google.com tcp
FR 172.217.20.174:443 play.google.com udp
US 8.8.8.8:53 174.20.217.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
FR 142.250.179.98:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 14.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f53207a5ca2ef5c7e976cbb3cb26d870
SHA1 49a8cc44f53da77bb3dfb36fc7676ed54675db43
SHA256 19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23
SHA512 be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ae54e9db2e89f2c54da8cc0bfcbd26bd
SHA1 a88af6c673609ecbc51a1a60dfbc8577830d2b5d
SHA256 5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af
SHA512 e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

\??\pipe\LOCAL\crashpad_2544_YCMFIUKUVJHVYQMD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 18e58d171f2e37d67b9308e842e6234c
SHA1 ffc17424313dca012823106b26de478d907deaa9
SHA256 b9af1a719d34a839809720097b9fe86b03362c84c3752526f7cf7fd569ac2122
SHA512 94f809a676f28688f8abfc5b291cf4e7f128ca4a8957cf8e8fdebe6447a3c5c5e2edbcb41c411242e49676ea2a75066b666eb3867cc1765e2dd75d396720044c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e19d6587026dbc062d561626f46a0800
SHA1 27781a32c4f7955d8181a9a0b09920d75eb448e2
SHA256 283468adc9b1710803397a371a12d77ad3417bea6c5bf21f1a3d0f525c4896b7
SHA512 182fb6e37d1a554aae83a2272fbbe4caabdc837cad8e1df42c86da2cbab85fd1b39992c0a4b75713b4f43a567cbcd75abd32dd0aab248875fe4b5aeae56303ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 63b6b54dbfa319ca581d57be513e7b27
SHA1 b2ebee10ee83065486f8cfc3687a097d8623416d
SHA256 d3866fefcc915ba2911e04ee80f09720958a113cd48d440e68605ff738a935fb
SHA512 56e411de6aedeea7d0f73f2d74e3c351157362903035423a9ea5fbb60213de77601bc0a928b69f6e993c8f48645f303fbc4ea14d834c459f1a82ee743c2bb1f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5de769f3983fed9d6bbf5b7cda5ffa1e
SHA1 a522cc466f8d47cb818021ca5fb8d180ecf03ac1
SHA256 591a3d496226933de54a50750015a0739604f570484da0b46c49c3b6fc5bbf91
SHA512 02fb740a9db8006b5ac83481c466f728bf484b015555ea5b5676fbfb02f9f626ddc4b9ea8b58c151bdecede2b02fa9830c87a8519eb6b0c8d6b1985c9c84ab11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8c4bf8b8fc72b94f73c67072f3b99f32
SHA1 596a94e631cc45339c7b90f9304c7146a45aba9a
SHA256 1cb2318dbcd97b13c1ade59b4f25564faaffd6c6eae37b942d051244a1d4e0e4
SHA512 9c78e516cd5c6612822557baea02681d7cbb663c96919834e182c43f01fe661d0170cd859ed62420f2313995969a8f10520319024283b9076a23ef4807433b95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 26f5bb19a86b479a28f0c41062c3c566
SHA1 a0aa096aba74099459f29d618fad42bcdd47b4b9
SHA256 4593da5a328a89ab1a088db267251233e9d3965756f3e41243922133effef521
SHA512 a076dfb32c0890f275ff7c01552b1529c0c6f64b30a9481fd8ecc4f0ea98d23b1f22c301e32a1094523bf52d23eb97457511f8d2e109facef536906d37a77529