Malware Analysis Report

2025-04-14 00:32

Sample ID 240601-w24h4aba2w
Target 8b5b21be1362a377d7c5591bd43b5d65_JaffaCakes118
SHA256 679ecd2064eb0ed693a0021ddce92f2cebdcabb3e4a53abef6dc4eebfde3736d
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

679ecd2064eb0ed693a0021ddce92f2cebdcabb3e4a53abef6dc4eebfde3736d

Threat Level: No (potentially) malicious behavior was detected

The file 8b5b21be1362a377d7c5591bd43b5d65_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-01 18:25

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-01 18:25

Reported

2024-06-01 18:28

Platform

win7-20240221-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8b5b21be1362a377d7c5591bd43b5d65_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "16079" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6427" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "325" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3403" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6509" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "325" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "325" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8955" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3485" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10061" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8949" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6427" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{64E73651-2044-11EF-9F86-7EEA931DE775} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6509" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8949" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9697" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a1f7279edade6d4c981d85a78514faf100000000020000000000106600000001000020000000bb852617a480025f4cf9d5245fb3ec151e971402398e1f2f0654798aa8f98893000000000e80000000020000200000009c133b7d3c244de3487178d961b4068eb18bd246762c99f09d45341c758147d490000000815ddfabe072348583e40ce03d90992f21f9194a2342529086a2254084e7da9f95eecd8c0964caaee7d5ff9a9cb3b3d6ae70ede475a2248cb0cf9a2a01206025e46df417566fed5cc246ce9adef954a73b943607c1c2a9fa84285b4c1dc6fa8bf2fb77af7783427a6436b747260028ff68e7d69af2894b94bc2c2ad20b17c1b54f9e8ff8c5acd73eb802d269295ca87140000000a8d9ed95fb1be80741fcb0932d0cff596253aee93509daa7cfa120631e3df7d1fff880415faef17fbf02520064a5a169b312da546e1797edac1dedaded81eb43 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "16079" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10061" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8955" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "3403" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8955" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "3485" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "233" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "3403" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8b5b21be1362a377d7c5591bd43b5d65_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2168 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.konthaiusa.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.187.238:80 www.youtube.com tcp
GB 142.250.187.238:80 www.youtube.com tcp
GB 142.250.187.238:80 www.youtube.com tcp
GB 142.250.187.238:80 www.youtube.com tcp
GB 142.250.187.238:80 www.youtube.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.212.226:443 googleads.g.doubleclick.net tcp
GB 216.58.212.226:443 googleads.g.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.212.226:443 googleads.g.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.212.226:443 googleads.g.doubleclick.net tcp
GB 216.58.212.226:443 googleads.g.doubleclick.net tcp
GB 216.58.212.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.200.42:443 jnn-pa.googleapis.com tcp
GB 142.250.200.42:443 jnn-pa.googleapis.com tcp
GB 142.250.200.42:443 jnn-pa.googleapis.com tcp
GB 142.250.200.42:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 142.250.200.42:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
US 8.8.8.8:53 fe0.google.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 216.58.212.226:443 googleads.g.doubleclick.net tcp
GB 216.58.212.226:443 googleads.g.doubleclick.net tcp
GB 216.58.212.226:443 googleads.g.doubleclick.net tcp
GB 216.58.212.226:443 googleads.g.doubleclick.net tcp
GB 216.58.212.226:443 googleads.g.doubleclick.net tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 367be39f0f0bd10ee528276085ebdf48
SHA1 bd2d8f3b91e3d0e5dcca4c0734f27ca4b0f257ce
SHA256 6568d4a4c638ae3fec4d5bef16d7f5378195466005a7d7de3667b501878e566c
SHA512 1e33cbeabbf89c1d5f5320be70459a27b2b4fdbbb4e5bd8fdcd4f4dea5b5b7761e49ca4cc72dd0a33423e4ce15353495eeef01472c7cb005c9d9dd4ea9d4a606

C:\Users\Admin\AppData\Local\Temp\Tar3183.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e72742edce812020eb6bbe72d46a370
SHA1 58e118037eb00f77b4ab976938c1d084a4a53253
SHA256 a8520e7b3ddf9d2f0930cf986fbe0fc60f6995e4ef4ae5730de8920b90167595
SHA512 33aeed3c659a0aea824bb6eb281c2144864881b23a1369936d443c8740b84f61c2e37df6ba6e2303dd0c4531b0c060658740f13a0739b5f079e106be1a58b55f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_DBD1FAADD656881B5EBDBC1DB3D60301

MD5 9e69d6f92027bd379f7a9d0e196e0d07
SHA1 d8d27b21cd87326b10c390f90575830697655e76
SHA256 8dfd868db1060adeabc40573ce48eb9265a830955cf74a234c911d215a099132
SHA512 c92bc98245cdd106ca01c546a333ed14bb0d7a2d8d776ee4885423d55530281dc2b3e19bb334310169afaf3cc10921f909c9af6250aab87065e1908421c462ba

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\www-embed-player[1].js

MD5 d2056f8d081fbfffcab81d61ea45b151
SHA1 710243082f40626f64943ad3b656400f444d7130
SHA256 49fa9b168cc8bbc037cf4498e31c355509e9b438b0d19fcf750b1c5fbd1efcaa
SHA512 530ca2c291c44d3d2b5869b0ae661ac047748a5cab50de280a2c8dbd26b52cdd71a906b3730e8a849debece542eb919462a8407ef2410acf28c57d2b6068cc14

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\base[1].js

MD5 9178a954abcce420219864651c7787b2
SHA1 f874d3e998441ba6439cfd7e89514facde08cff4
SHA256 40cc1692dd4d8e1c8ed29593ee222240494b872b734c0e31da4628014da7346d
SHA512 927bf88499cdd64ce32f3780a0cfa88b14fdfbeac6a237454dcc43ee5d56b04754a40dbcba402519637ba1a3b0f948a597260a74ddb0b316698a41559d8e1cd3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_434205A76CE72E9356C6165EEA1227C2

MD5 70ba25abde2bb3d00c945792c2a2cd13
SHA1 0cc3695e5f835ee2d6f1a6dee387bb3cd2986bc0
SHA256 543a20bae815d57d1f312a78a546522564e0ee5a0b1f35a25241c1f02e27a60c
SHA512 7bb0d296a12a6b5b8f4c21c8d2a00d37325079b7efc23ae70faf510e65c6d3eb8a8f3d0e6babdde3f6c1ef6cba6f2ee6c4cf6137a21becb749855fec43c0d55f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_434205A76CE72E9356C6165EEA1227C2

MD5 ae29264db2a46f4791d226f21213efaf
SHA1 bcea3263efc011fd15a05ae9f8e8479f944f9bb3
SHA256 090da2e999beed63a79336f73e3b7d2ab248a95a67394b769779fc1c8d7ec9c5
SHA512 1092ec1be56b661d2cd92f7aac2efd4189eeb0e64f6d3e4c3376cea99fe69d999ba65398dcd290b410c2494ae64a3d3b11f9c9843a850b5d646e57949b4d156a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_434205A76CE72E9356C6165EEA1227C2

MD5 2073a5141a7e550e98e74ef2ec4a0736
SHA1 011da88cc2a957b70e21a95a5a282baa669001c7
SHA256 4a21353792900b21bc661e2b430726061456845b38ba6b14024e18a9d10f92e9
SHA512 7319dd66465caefcda81199829ba23b2441d3c41db9d636563637d48b9ed5f9eeae8606612c89e1524058a078a4b4b5822852d37161d078bbe2baa7ca88cf349

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml

MD5 cc02e21e2ea18d4ecfe934423c05a276
SHA1 95a80db283d314a9f1db7614824f9963f11344e5
SHA256 ce0a88e633fb460e0cea4f96b74bdb3a77694036166f179cf93e24a375dc1ab3
SHA512 a5c6a25bb199a38e138d42a1e063e440746bad77b443b2525b169d36de1f49f0701239cf197b03ff9b1039c04f05ea8c3b1487c8d0e7f5494b6ec159e1f5fda8

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml

MD5 8cc11d1923b7dabc075980a78f57040c
SHA1 e3498ad59e4ef72ad9ebc20335893f4a7f5d102c
SHA256 ddf22676cb68169cad1dbfe767e6afc9a2dc1e8f7c788c21787ca42ec11811c6
SHA512 7cb5b4f975aeb2b3d42234eb8c4d58dd69f2ef4600dae639394f78c367a472eaf9b21c5d2df413995fcb28f4de4a5ddec5f22357e8e986e5679b12a9c97e8e9c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml

MD5 96682a5a02173a8fdbfae04de706fd45
SHA1 42cf297d3d7922d94bb5ebb23d15e2a4f5cfefe3
SHA256 31699323fdbb83f89df94e1d68c7cc9f979023ca7a03d6cc4c9d7d13d7b990dd
SHA512 e44f051a2ff3a470bc04ad5d022dc761b1112c7619ed49d465ab4ce04789a1b65897bb73f143ac74e221ab3db6bdaad3842ae6cbccf5eab701bbf7ebaeb03998

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml

MD5 03159f6995d8e4070214a8a4cb9bb4bd
SHA1 befdd5346ca24e030eeb4ae9e9b7cb3e2510f2e8
SHA256 9db09d48aca0d31c2038d672ffad70d36e82060d6e3b21aff79cd9275ef79740
SHA512 c1aad807ad7d0007fc32808b53940d9398f384b54bb284ebdca5437da225847d7941bac4d5b48762099f4e424e82e0b8335fdc254ac85140fdd5e4b986ebd7e1

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\embed[1].js

MD5 322e970509e24ab233b6c326a9339623
SHA1 10e2ea809ae638d5f32385d05c569922ab19bc17
SHA256 99cbd012a57f19a3fc1b412866ba13d6b9de2a5bb22449dcbf14ec0a88937000
SHA512 8f8bdc9418feed04e6fc7415e9e57f0934a6b136b1a763e0e39f67efa47e004a8c3385105a1c1dd9fa48ada83ac5a2a93940f20a99d6d16722ae903c93d9817c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml

MD5 d172187bbd799e214f2cbb974dfa81d2
SHA1 9860f787cd86688f2ff4292b6150965c7f870468
SHA256 99fd345a973a3280248c43cfe6d2e778155e7338112ef714f86b733af1d40602
SHA512 72de4c7f3c875bd87b80840b2b0b1345c293df2be64ed99fb1e6551229a574e84980679d2dcb3ceeec8526eeb56aad0d6f10ecffd270b228da2e085783d322ba

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\ad_status[1].js

MD5 1fa71744db23d0f8df9cce6719defcb7
SHA1 e4be9b7136697942a036f97cf26ebaf703ad2067
SHA256 eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
SHA512 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

MD5 de8b7431b74642e830af4d4f4b513ec9
SHA1 f549f1fe8a0b86ef3fbdcb8d508440aff84c385c
SHA256 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a
SHA512 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\KFOmCnqEu92Fr1Mu4mxM[1].woff

MD5 bafb105baeb22d965c70fe52ba6b49d9
SHA1 934014cc9bbe5883542be756b3146c05844b254f
SHA256 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed
SHA512 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml

MD5 41ed9d410fd88fbcf40a0b04d83e41f9
SHA1 0fb6d58e497bf22a92db6b7e59debdedb082e111
SHA256 5cf1556e0be8c1da6456f2d918a5095f768fbf2cd15003869b652f02cc19dd4c
SHA512 3d3c58e7623266cd883fdd1970948e9109ae98dce908f638bf9b1d14cd4b5a184c48fb1f994b38a15a0ae1a0359d90f10865ebb3cfd5884fc6b16eb79d3bb9ca

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml

MD5 5147e60225b74d598d10ff7220833582
SHA1 dc4f9309e0a2717d94b9ede4d0ff67d35827a927
SHA256 c826769ea567387c90f1059fae5e338bfd96484cd2bf81550cab23bb6e1eca00
SHA512 42eb39cb29bfca852b7908aa7b0a90aae61bdece44bf0dc402fb18e11bdc1410c09fb812e0d54b3c38e5e1ccc19332b0872f5f205e05bc7c6d30ec8c18c89215

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml

MD5 9c070e93a40b3ebbddc0372d9ffe25bf
SHA1 ff5abff6c9d5224440f2801894c6122db053d57c
SHA256 058c94e719341216f6a3cbb1a2efceafe8d78e848c2017dcad327951631e7355
SHA512 2a4f11b51d582de92cca2fc41661aef4b59ca311a56029dedb78b89bae84e56d9d47956d60056dabd8894f3cc30a1a79bf1f31f8e1960e5eb5bf0747310f5f1c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml

MD5 497ce22bc05f22481ef4a343c092ccd0
SHA1 21e9a1cb3d4698b11f883d04f56c58f3ea2d86a7
SHA256 8516263492bb5b16f9e112692a633e20de5931471a7880185f315312fa3c21fc
SHA512 978ef2979938d952cb535e76c75342838ddb30dd2d553468197a55652f3bfd48fd53eb06d6fd491b697ee6fb2c5ee8129f089d815b2ef65a857ec6b0375f52bc

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml

MD5 46cc99a3b3bf48c4bd227ce034afed10
SHA1 528f7cb555dabf7cf1a7b277f7b2fe37fc8820ea
SHA256 f1480c3f9d3a3cb68f4ea1ca34099437c3aeee83ffa0b878f1c369b2f5d429de
SHA512 3b38176b8dadab8194e40a5308c052d0c5fdb71806afb733de173ade4fbe77d65e6996c8ccfb01180bc5f1fae7f071b89f3cdbc577dc02694aa9ad5251b305c1

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml

MD5 cb25e9f40da9a70a7291e67e6c8c2653
SHA1 0e6f166b9d1cf80a83e2ad99c1badffe74a5a648
SHA256 7b1ca9eb077d747ac906198fe6f9cc79744e6e8b86a716a07c7b5082179f4735
SHA512 12b3aae8d65fb40259be0fb1e1dd4ba51d30fb649303257313454fa6cf96e98074d92c623246aa0b0db6fc45775efdb8cb46a8a30cff2c25bd0fbb7e32d75fce

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml

MD5 d28add882496835f80992c3f2cfce375
SHA1 9c4d3afed75d7d530da92bf0e4f16b4b394c6103
SHA256 7c36c9dac930b020c4e0c09ce817a7fffe8fe8face4eeb26cfc1b0ae7ef84f99
SHA512 3f6f0c83daec659e67b77857046bcac6006575671ba60cabdf4f75e77eb22dbf1d597f20fd129da4813e180943e6d0ea3b15170899faff06281a6caa579ee6b8

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml

MD5 0a86c5232323c0e26ddc4f14e6bcac22
SHA1 5269bb8f5b87e26939b55425e189bd9020eb1b8f
SHA256 05d56db0e07b39b7d966f162dca5c8415a036d6e67b89d05e889a1c4be0d9762
SHA512 e96092807606ab669be22928cddb619e8b8d5f1bbb6a617deeb7a8f9591aeb4a9e6d5d8935120948c4751462e16206fb6d4d11e1e95ce896f8ac5d65efef3fd3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml

MD5 fa56fd80dd9455aefb78869f8ed24df4
SHA1 f49fd07c25d09701674372b30a3824a5741736dd
SHA256 b1068748b77463b24ccb1d34d05cc84d6d1bc3a175a593d9341a8c8350750e81
SHA512 9b9c213e6ad765f99c5e5276da5f7fec228468db4b39d7f632acb1baddc4a649736e20484de0d3cb68ca54fb59dbc060589989f4fc775a0495a8485b3431950c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml

MD5 8a60b73e663bdd4ec609ae9068e8721c
SHA1 d222c2b3e89ac1acaf544bbaae0a2d01c2dd3a55
SHA256 d8e8b27d3bd3933da4a72d415aec2263a47ac40f4104c71d682a810131fc00ba
SHA512 05988cf383de16d33055d87b827b6882a66d9e2d867dead3d0166804d4d2b07523afe4cbe1f421ce750011f524198d33fdeb35872b893ab2e31044b7eaec89bd

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml

MD5 f78b4b8457375332c16a925b7410fcc4
SHA1 d31390f325d911dfa34b711c4958950c598089fc
SHA256 e5bead3264f1a559e3bf20e92c9fb08b99353482d597699f7f8e6229bfa28ebc
SHA512 9bd81e61d2c5caad6bc125c2c6bdf5ae1091b7f7e4380cdf3cc81161afd976e499d3f98d55ea09d05c4c609d1be098c03d8f738349dd1b17edcdcb6fbb2101f9

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml

MD5 9030a3c1519757a6688519eee03f0fd8
SHA1 cd42d18784361e6c5261e94efa9df4c68360d059
SHA256 bb439e8cdc9091352f71a8f7070eeee9487b478d26f3b8e97c70e5843efd3a7f
SHA512 2002a6f1bc59abb9974a1f61e7d4f7662871e323804c15400466267ecd2e163f57b51e12483376f1e8bc4c1230109511ade66ed0f4616723a3a34542bfcbda42

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml

MD5 f96d33870d50427087a3e67602cadcc7
SHA1 368c5b288bff2c7c3bf646789019b3197b1dbe3f
SHA256 077a5180658601a314579a71c1763138a848b67c92ff0d4a1f12fd6a21cff491
SHA512 f58c5a2ab43a2113e486fddc5279c02d028c7072d9a2007a630adb6d00685cdc7442303cbcca65307b897d40719aef38bacd173e70f8d898240b98cc689ae507

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml

MD5 ad66c48ed9aa44f52b8a299435f26d1d
SHA1 f7418b1bba54837c327a760da43a9bf54cb663bc
SHA256 faeae2bcdfe326b03fb05350161742b860f116d51dbd1d41fb4e993d8c4c52f1
SHA512 b3fcb116529b2e4bab9c3edd2051ab6fe7a342864ceb4346efc087ac4859fd2e213f1b52a7a6ce83a088e8fb226aeb620f5e056763abb47618510f327d8de84b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml

MD5 67dbc35aed71d345156ca60084eb3e8f
SHA1 02ad7f389d258be495c5937e01b0f1d638511eae
SHA256 37d1d6807e34ce11af1228357968ebc7aa47df049fe5930e98898412471a18a8
SHA512 3f544b859730c1e8411b0c9ffee8f0a1f840e9dfa670ad40bf757d6cd14b7cc24876b920cca9394eac6eed98578cbbf15f69c5eade576fd23f535b8999d285c5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml

MD5 1be632b92046feb7c5b939ebd1b476ee
SHA1 3eec8675d77649a64cd24cc6f1d1d9114a2a6a32
SHA256 bb3613d35798b8a940c5b0907bf066ed072b8fd9b614a0a5562c58328bc806f9
SHA512 f74bfee4c178d797b7cee03d7c08b3cc1fe4f0b7c4e705b050a18edd97c94aba22d694efa69279aba97161d17a7bc4c48e349703dc0732636fca06e5a378d5c3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml

MD5 d02c8284c49512d4bb2db1ad30aa4ae8
SHA1 6e2e1bda5cec11aa8c9dd8d2596f383b2d313278
SHA256 a6a0331b3972e05d25a645fa5692ac50144f27cbbe5c406cf778a5594cb78c46
SHA512 8e9a4ae837e20bf525f9fa6fe7dc9ba8bd9ffa31de2931a2edac00a59f0f911b3b5acc5bf3b52b720c87f3c1c985f801c64866c496e9a45a281816b330e234d9

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml

MD5 2b78a499cd698c625060d5622205e3b3
SHA1 1f30fab433b87bca4a28e180f2e39376f9d6aa70
SHA256 974c8af8697d5b0914da115895b9dec55848368a5e1e92a574fe6d9b8ad22244
SHA512 a07bc481c991572270620bc998e0ffbd391d903255acc40808e764b001daabb763fbb96812643ae11c26f8d5e80bb0fd8a430c53d2838d1e64d9e956897cf159

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aa2af1a8ead04043e54e2211d0b1d5ce
SHA1 b1414762c3000574d65c52122edc52149f20ae27
SHA256 44d4966673d3934e64be224b65f8d7d0c4e50bafd54b0f498975665b842ae4f0
SHA512 e81faa1fec080c9d1f8f10e3d537f3514c6b7ce10fd5968fc82ded217005ad009a3ef6edf15209db950a92eefac7d35e9d8962f1b76152df9c22fce4f64165e3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 934260db62d1bb0d71d6b354ff515ec0
SHA1 88863fb3b0ba190d759bd3a88c26cd372432c3de
SHA256 e69dc28b3ce597064b44a100451868f124846549fac99e7284697ff637d9de9d
SHA512 7d9f62b81def77e06caa8dcb7990d28e9fbffc8cb691a35fe1a807157289fc0a54b518a28ade2991f2627a3552ae57ecb2549c8f91da27eda4424d77bae21fb9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e8b3894f0d44e226f4c01bbf9c7602fb
SHA1 1b1aa2389ec7617750a3d1dd30006e9ca47155c0
SHA256 7cf46e166e57d35ac816993149bc36bedbb3f6dbc9b3695ad2b38b9d5f6870d4
SHA512 d8f9153a669b3a7e063021e01af4069683fe5aada4f4f343ad2c3258e4914b62ab980cf1c6106d63befd6992f1f43d21d63c53657590251bd29abcca40fd759b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc7c2810da09f6013761eae945bcbc37
SHA1 1c2add223ef2f84545c8f83a2a2d03b0ecd3f8ae
SHA256 578d44a94a5a43de728bd8621beedf8f97d9d58d89230491b30611e398405aa6
SHA512 87b58da309d098d223a9a82b8934eaf4e5318fb8a5949076c9eb7dfd7d9034b80547750f93aa87797e4ffde7b0e4911a9662e88ac78c594dd8162a9af3bf8757

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b2d20233440ff28483f169d54da9d628
SHA1 595e524e2b1d8218426c84fe019bd22c92adcd00
SHA256 b6ccc77c7ebea5bacd5b913746706994e26a17c8ee5b6079e81bbc26a9ee84a3
SHA512 5647fc09c6ae89f7e33df6ee64c69426bff3c9903edb5f3cabae6e8da8f5f7a9b9095dbb38ec0e08cd07ad9f2f4b6c4d676d11343546fb7295ccdef016c17024

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5903ac95447508317b9490c9d0726dc6
SHA1 d6ce74926f05121ef7e9c7d7c387515cb7dbc0c4
SHA256 dc29ef8c87735367544f00ddf6b18ba316f9203732850bf3d60167ec7b8f6cb6
SHA512 9b5931d208d5282c064817169e4598a920ac23a7869131755e8f13244e68d08fc6c5888b9d9ff83ba14f464723e571ef6204656e6d1a0907e6f56c4eb8896e6a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b3ab0a44c9e24ba66cb3ecff63f514d9
SHA1 489a7bf89b1852ef3dc4e8bcb27091e9585f0f52
SHA256 4c26d61013d63935b1305c828d552bca52067e2a81d13959b6f71a449dd349c9
SHA512 6a83987d57cf478665c1856e132fdd33532452cf10e58e20af879af78830780e0003c61f81b1c0226286567fb32c5d6e3a969a80e89af3dc2efbf2f992c0d7b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 61d4a57af9ecee796d75a2b01f1eca40
SHA1 fd880ff50195e6be882a9779b3949608df9e7cf9
SHA256 a753dfd8bab116366f8cbe25860018f0e2d6b23ac05f49d445059cbbf5477532
SHA512 f001f8800c0129e6ec95bfe599949fc2e3c951876072c3b098e391f6dba3dcca3fbb7f1d4df33a863a9a4ec2c86219f93e4de652fdb24f15dfc54dcebbea715c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a2020eedc175c1507a40dbd4654df6dd
SHA1 882ccf4dd90608a60271665f03cc3d7e0f3b36c3
SHA256 ecb96d68d83552546e3fef439e1e42f310620367a7f349817582312fa99591ea
SHA512 1d1f81ee6d57737244180532115c28dc082bbaf605b3821ac42433f0936fc5ca07740a8841b58c397f3a3ae16a4f66f65a6dee615a9a6f0bf30310b8265255c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 98a860e633e3c679078d63ad70358e99
SHA1 5841bd606cb7f9a19032b52e1f8de1ea5a92bfcc
SHA256 18067771e2491ecf32afc4cf19ddf1fb3d9ee212ea1c4c2dd7d2e6f7a0e850bd
SHA512 a7425ec669c6bbd9c0f275b6e6c555c3ef7aedd64149f06b1d8b47d17082e89502a06ad543a0e77223bcc76666aca1b3ad968cebd013f3e7329840bda226ec0b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf3fce5c92ea5019eaad4241a30c114c
SHA1 67eaed35fac25d60be5740d8efd57e58fccd31e3
SHA256 9da14a3eb89b810539e613ef6802492996b87ade10fac1c4da279e09f484a249
SHA512 27931b75eaf497bdeeb9447d88f92f0c2b1a0158e3bd3740833cd1c852abc24d7cd9505ed7b65831bb92bf026e4480355c6c18231fabff192ee6b238a4d22402

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 abaaec207c4b6be8b1918069be5ba943
SHA1 e4786f1afadf64ecff5d25967534954010940625
SHA256 1119b46167a66a459bfce2f0d89610b0ebe4d350d7209b6b7edffd77d7b9fbed
SHA512 e0708218ffce220d02a5e67dfa42645dea78c85c5a4c46f389bd02311deac436f697b6178945a7ffd06498652434be3c93f7bac88fa7e86a3825e940e5a66b5e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 63961b9a4bd32535bfcdb7222f0f5b0f
SHA1 388510d01225c9d8d741cfb794148fbf872cb8e7
SHA256 3ccc1a96637d3dd9e97dc22640f079012ddea9fedcb769b9d3d89d3a0aaab91e
SHA512 650c3fc0f68ba06c6c933fc490b8e7fb8fe3101440af19e312f84cfea17977f8cd349dcfc2057c2135489ce2127369ab36ecf83341c52f2d551c7423f0435621

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e070bf0cdb0ed20ea3861635d65d06c4
SHA1 000607bd9b6632c6ad86e84f3cd3c17cdb24abfc
SHA256 afc6ea62ba90c020418e586794908840fe2ebe32da37776b5f69d934e7b6eead
SHA512 354baed7e4394951442e200072a07498ea4561b4f8baa0857fe9a76a297c1a448015ab0d996340326b89778f17ed80bce7ec20c153cefdde54972718010c7340

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 65bffe195b9b6c237fe56c91f73cd6e9
SHA1 ab3457b5e69a0d3f11a0b78a856ea92ef9d6f3ca
SHA256 5328934f38de1346d1cd0a502c8adec1cb4ec1cf1f174790fe9d505150e5315a
SHA512 fd087272a37fd0886cb1480635f6fb1ce09114d97cbd7bb2f159b614a4655bc6479903ec73e0deabbee662733e261651b88378d42c59cf85a400a2742de42c03

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a9db1c67658bdd1e06fdb2862409e284
SHA1 1b3f226cee025befe8b82073b1151fa3104907b2
SHA256 e59fb0bf7ace908f119b274a7ab65feb400b6d43017c42fdf4431e4c5e53737a
SHA512 7276f3f460d2b468b0ec1b774f93df63d635c431482e910429a70db9116e8900b5b83faf76fbfffcf7f9b598f42dc591c009468f98c139b76c467c91805a5954

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c82ae8512e450814b98d06de69fc530
SHA1 8a370bb8a481862c1da6ab1680cfd73b5d416ab9
SHA256 b340fd308f0acb1d756eb8042051cd7ddc2f242998fe5cf3c8bad1bab74f7352
SHA512 2e1038ee9f9aae60f13aaea5eda189bf894c5c4420dbbdadb51ed763682ddbbef82a7a3e12ce6381b627f2460e464510bfa719bb0c38f11faa8a0515d00e7db1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e7b8e8584a445d559bcc792656de5e68
SHA1 ac8f74a49763d63102efa0585798e0f9d3acf032
SHA256 91063ddc9353b41cd5999fbe0c1b1bcea08bc5ee723fed72e8bdb3bb4c8c3295
SHA512 7fff247846bfe4debb82efa65e5050e1ccd67c5197bd8dab5a174417a4fa4bfd0eb7b9d17fb0b7bf160d0c23d3d7a249ae700df3bb2eaba1a1d3e8b7f85feb9a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 312a5c4e4743c3a8dd1e5319629c9b99
SHA1 66493dd19a727f1e2567129627c387de014a399c
SHA256 fc77c514049875b55dece01ea90fd6afcb52160094641c935432da438714c29e
SHA512 6858647e0dcbc3992c2b9fab1202b05e7cd839188b8bd1f2448ab7e0b54c04ad63312cf30cd6dc861dc35a10c18c2a37c2c95b5b1371cdb4fa129f2afe87e62d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 73cd1771275feb2226e1c5a21ef061c5
SHA1 a3b3a73f72be8fa62097087b65796f2018655d20
SHA256 5957042917133f4aacb49b95f9b11abdb330f9e8b93139b9d78f147467699f64
SHA512 0b1c9dbea377dd74adadb539de0603bd28e629efa3bf0281dff13b5e44d4637074a0ff0bb63f6d5fcef9c6fa2a1b9b97c83c387b80d90c467608fd5d7f78110f

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-01 18:25

Reported

2024-06-01 18:28

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

149s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8b5b21be1362a377d7c5591bd43b5d65_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2492 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 2464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4348 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8b5b21be1362a377d7c5591bd43b5d65_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc2ac46f8,0x7ffdc2ac4708,0x7ffdc2ac4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,17626121625524553177,7708889394369773584,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,17626121625524553177,7708889394369773584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,17626121625524553177,7708889394369773584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,17626121625524553177,7708889394369773584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,17626121625524553177,7708889394369773584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,17626121625524553177,7708889394369773584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,17626121625524553177,7708889394369773584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,17626121625524553177,7708889394369773584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,17626121625524553177,7708889394369773584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,17626121625524553177,7708889394369773584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,17626121625524553177,7708889394369773584,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,17626121625524553177,7708889394369773584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3740 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,17626121625524553177,7708889394369773584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3740 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,17626121625524553177,7708889394369773584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,17626121625524553177,7708889394369773584,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,17626121625524553177,7708889394369773584,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5168 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.konthaiusa.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.187.238:80 www.youtube.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.187.238:443 www.youtube.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 142.250.187.238:80 www.youtube.com tcp
GB 142.250.187.238:80 www.youtube.com tcp
GB 142.250.187.238:80 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 145.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
GB 142.250.187.238:443 www.youtube.com udp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.22:443 i.ytimg.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 22.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.10:443 jnn-pa.googleapis.com tcp
GB 142.250.178.10:443 jnn-pa.googleapis.com tcp
GB 142.250.178.10:443 jnn-pa.googleapis.com tcp
GB 142.250.178.10:443 jnn-pa.googleapis.com tcp
GB 142.250.178.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.178.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 439b5e04ca18c7fb02cf406e6eb24167
SHA1 e0c5bb6216903934726e3570b7d63295b9d28987
SHA256 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512 d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

\??\pipe\LOCAL\crashpad_2492_MPUJKIDLWJSXWSFA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a8e767fd33edd97d306efb6905f93252
SHA1 a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256 c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA512 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fe6f39515660b92a2631c2e570a156e9
SHA1 065318a532ce0273fd6bfcae1315e62a42603c87
SHA256 c92a3e2ff1073540c06d9ed217da2278acaabe56a7e42a11c268d2cac6e96f6e
SHA512 bdaf65b5f6b33ee18d940a9d006e66d529046e9493d92950c5dff784ad68ee05ad84c7e353b1ffaddcc4d4e246e46d437bb922243a0a934ebc53377cc747ab86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 66231120afd943343a9e477511faa320
SHA1 5cec0430c15e1bc17f4a28de5e4c991d14ed2932
SHA256 4aba558e7b543dbf1bae57ad09067f14c5c44b6d449998e24adc954bd7fec47a
SHA512 68a13be629e5f7fd897f9c7af71214c21b626a49d664cb18951e83b7296ce66a920594178134dbe1f8b0467945856c934c5c2c087ceb9564890b18bb4106e02e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c4cb735b70461a5812d21a0ec4ca7ce9
SHA1 ed8a7e55b3c7dcd95017417b023ed9de7d2dd772
SHA256 10464bc8091e0b7ce97c9cd740774825117416c3471a88ba81e9660a88e2d506
SHA512 9b11eb377674db9cc920811d981a122173b81fd54548cc4d21fea378f38fd42ddbb3554393dbb66a3477b9e701c6149c8e5ec149b709da50ff4a406a191d4b80

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 87e26ce135cffcd0d0b07baac6067499
SHA1 3315862c8b19afabdae7a4a62cceb0549af57898
SHA256 dbdf45fbc1905fcd9cd1f48ba90216540ca5516f8dbdd8aab5f27b2db9891028
SHA512 5a431d8bbb9bf983688ba185d0a39690fe6d84c5e1a8b49f4afad2b19daaae304a79ed0c3fe9110e9c0d2ba8e133ba9773528a46aa313cafe372c0f3978ebb0a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 08feb96627e262ba9aa8eaa4efa7d7c9
SHA1 71b7420d4a0894f0dd8809cdcf696f188be68cd9
SHA256 b0dbfeb4a01e7fd8e4944770ec6c88018a24fb71d63c3a7411c54507cabd4d43
SHA512 0f1caa4cbd89d5c83a1a94019b42a865da7fb0ba09d3de58088c3b3106df805da46d904e9327cda8ddc418c7609e2f1c6c73cf4fd7ad036860ddd1705b15b311

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a0ad989cacbc492b4cc5ca59bcaf54d3
SHA1 65f88a2f3815b97fe9851ac07de492ee45b01cf8
SHA256 99beb3196ee4c0aec73da5735edaecadb9d708b535904471351df3fe59cb1d56
SHA512 e383ab1f139f5322dd62c54928b56bc68c0fb2c91bca253e02b6e6244660bb8084f7a9265e242bd670172525786cf5c6205fc9fe1fc22c25c6499f08d0798e77