Malware Analysis Report

2025-06-16 07:26

Sample ID 240602-fevpnscb38
Target 8ced791663c0d8235a92c2fbb0988957_JaffaCakes118
SHA256 ecc5ee4f2a184eff9b2e5db5a42e72512efc4f4fb01342c8e68e7fc406afead5
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

ecc5ee4f2a184eff9b2e5db5a42e72512efc4f4fb01342c8e68e7fc406afead5

Threat Level: No (potentially) malicious behavior was detected

The file 8ced791663c0d8235a92c2fbb0988957_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-02 04:47

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 04:47

Reported

2024-06-02 04:50

Platform

win7-20240220-en

Max time kernel

149s

Max time network

140s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8ced791663c0d8235a92c2fbb0988957_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c605c7647af81548951480c3fec3ee0e0000000002000000000010660000000100002000000094dfbe50c196e6eca70e573e76c26f03dea2cc11be838e790cfec41215f0d866000000000e800000000200002000000098e1b75838758e7ff87dabc7d7abf13da57f41da2f3645fe6562dd937ad0e1c82000000004dcf678cb7da5c341bb377e6ad949166a3bd654252f21624585bec5ada122dd40000000258be428670fda976e8dc2138751aede624bdc00353d1abd2c8acf9b216b7d7732f9c20c7939b950643f5efdd93337fa2804bf0582bfb2cc9d38fbf370f8ae69 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423465527" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3D613841-209B-11EF-8A5C-CE787CD1CA6F} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10884" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10884" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10884" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0e04f16a8b4da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c605c7647af81548951480c3fec3ee0e000000000200000000001066000000010000200000007d643021cda8bda9030511f37ca82a5a1ffda8fc8bac237a1a5acc2509a0637f000000000e8000000002000020000000c9589940d71e0c638a876dde626b73e6333631a7476c4d0cabc73783739d8f16900000008e516879c9c828dba32fe0ff370cc873859921971446e9907842990963d1ee1d5b03634490c9c71faf305cdd6601142dba139539602f21f81ac2a94e6d11420b19a66d91b38a6a3fbc5b1a9032eec1a5e6ed1f71ab2dda1c955829b4a85f1f470895b1a510281a8d5b9353d67f4c28405d9315f7924f2c08504d134a2e22e62179a157657f112a212e2d0cba1f081a114000000026f574c88c36c5a1a1ad03bf7b750bf08f27cd3e191076f872a759ced79249e0ec3f74f972366f4309fa1f4dcba82cfc755205e089d99cb2c85fabad6e344ca8 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8ced791663c0d8235a92c2fbb0988957_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2080 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 easya.lightsolution.hu udp
US 8.8.8.8:53 mozicsillag.cc udp
US 8.8.8.8:53 video.vid4u.org udp
DE 142.132.202.70:80 video.vid4u.org tcp
DE 142.132.202.70:80 video.vid4u.org tcp
DE 142.132.202.70:443 video.vid4u.org tcp
DE 142.132.202.70:443 video.vid4u.org tcp
DE 142.132.202.70:443 video.vid4u.org tcp
DE 142.132.202.70:443 video.vid4u.org tcp
DE 91.195.240.94:80 mozicsillag.cc tcp
DE 91.195.240.94:80 mozicsillag.cc tcp
DE 91.195.240.94:80 mozicsillag.cc tcp
DE 91.195.240.94:80 mozicsillag.cc tcp
DE 91.195.240.94:80 mozicsillag.cc tcp
DE 91.195.240.94:80 mozicsillag.cc tcp
DE 91.195.240.94:80 mozicsillag.cc tcp
DE 91.195.240.94:80 mozicsillag.cc tcp
DE 91.195.240.94:80 mozicsillag.cc tcp
DE 91.195.240.94:80 mozicsillag.cc tcp
DE 91.195.240.94:80 mozicsillag.cc tcp
DE 91.195.240.94:80 mozicsillag.cc tcp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.180.14:80 www.youtube.com tcp
GB 142.250.180.14:80 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 www.statcounter.com udp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
US 104.20.95.138:80 www.statcounter.com tcp
US 104.20.95.138:80 www.statcounter.com tcp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 216.58.201.110:80 developers.google.com tcp
GB 216.58.201.110:80 developers.google.com tcp
US 8.8.8.8:53 c.statcounter.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 104.20.94.138:443 c.statcounter.com tcp
US 104.20.94.138:443 c.statcounter.com tcp
GB 216.58.201.110:443 developers.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
GB 172.217.169.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
US 104.20.94.138:443 c.statcounter.com tcp
GB 216.58.201.110:443 developers.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Temp\Cab2992.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar29A5.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 62f26f0c9e39d505b601271ce1708789
SHA1 23282cff7502c8673a6302be62a0590bf1704802
SHA256 3a9fa11051fdddbd9f1eb30fd49ae45267fad30b8ecb5a09e0e158af261593eb
SHA512 e1fd75a028d3e1ce32359d1ff4cb8f4bacc7b99a89511438cd37074b72b02b72f136d4e9e6d9941ce8f05dc22ae0cbe3ec111f1f20993e50c9c9f3f888eb4823

C:\Users\Admin\AppData\Local\Temp\Tar2A95.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3728c59a9994594d5305a73aa218c626
SHA1 4760a4408bba94671f43fd6e76fbbc61766c5155
SHA256 aa41248c6e543be1f97683589c1e69ffa115f695cca1b60197ade857d7e91362
SHA512 76e8712d76267621bd167b6adf4e32fd85bf08d246cf57ce9b68528418db6f0c9aa377a8d5c97032895de2bf87eb5e2005d06df2e0c8162336bac9a0a254a8ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d165f520fa4a87b182e4cb6cdb261e9
SHA1 ff899dd33471c352d2906e10beb5fc31d3bc2606
SHA256 afab96d26cc4991fe08754fe3008542cfe5df87f808435eac14191de09590808
SHA512 fcffdec89ee3ea5d27577239cb5d905539b8c98acb161c5e629bbbf57574c299e59b3f6fef8f02583352bb4f3dd0421621d801f656613f992f482f5e1e730252

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f48457d79c78db5edca2793a34bcfa74
SHA1 5a344ca26fac38fb3ea41d1d8c0e4232b641a49f
SHA256 2c9a0eea2ab5a698b1db2190ec607659a485d9ec279810fd8c7d0715fdb4cf6b
SHA512 138bda212981b4c9287843c03c098e4914def13fe73a616aa3fc1ac319412038c9085c06f77f6452f6f5b58d6af5fb20c5f1669d126cd001eaf1c3c2ce42b831

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\FBXMRWC1\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b4dcacbc195e976a848a3ed59d07d542
SHA1 af1f14d630d905480fa4afc40419d9a496c6c4ff
SHA256 eea629d49fa469594baab7d2cc22bf234a7f9a946704681b215e9c4210f06668
SHA512 b30675b29da512a8d11f57d6c661af6108c37fa3f96023ebc41b4fb3eca08adeb112ac67b3cd50aae34478843a68312a0206b8f72e38cd22ca46b3715e8e90cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ab38ef4ac366d6a3ae95329c67a640c0
SHA1 289d4817cf49acc78078b680711bd169b15f5b4b
SHA256 6bffd173b32395484af1acf96c3209ebd86d73e6d219d5943d295455b4b35c5d
SHA512 53a45eca8444a3551af1e2f6907c660e0900239466dffdca3ae1896c20043d11429ea109a3e9dd15d7c97f425f3c1c95caf91f42d0cb477a5e2b4e29a8e5b599

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e11659736de7cc8f972f64065a3ff858
SHA1 5b108c3ca14dc3a891b2baa51fe573cfe4e75060
SHA256 29c71fab6f6cc282904c2dc33bc35220a751fc67dd156f593a98ec6f3cc2d366
SHA512 6a51b2af5c32d715c49a8e4ac9e8d3d23c5c903379f6f6f12c6be56a6aaa35fb7afb5e75e15b3e30a283ca65c683fb572adf79fb7d154e4326a07c70832582a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 770b499292398c910fa3279671bb93f0
SHA1 9e410b308f26f14e11d39c844a741d2720a7c2ad
SHA256 863245221069f8ca725f81ceef3580e53a88aae86e8311f856567069d9347bb8
SHA512 1dd8d774c3cd3e0946a30d174d649150423986912b8227476ad9dbbfd218d1e000086dc031d404ea61aede78e1ef59f44a4ae8f4f733fe9016bd690f1005118d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b7ec900c720d9e492b71e9be6e69bfb8
SHA1 b711fadcac6639f7ea11b2b5e009b8928ae1a4ba
SHA256 b2175cb5d7e2dfa1a96de63333bbbecb58fefc04722912aafafe4ef36234bbab
SHA512 196f8f9d474d58b5dfba9fab7e689f5b30026cf46db1aa0d7d8f69982155980ff7895e79effeac68818f1edc605de1172077f50980f9f764199b699c00662eed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\FBXMRWC1\www.youtube[1].xml

MD5 fedc494c5097f6203ade4160f9872a5c
SHA1 7a940e28f2d727efcb416fbbb08a24d25d81bbdc
SHA256 f88a5a5e879ea5db87f666436d6ba971fe1b57d1e6b4a6ca42af580a85ce66ed
SHA512 c72c0b3f96a52e1d8d222b2c2c271984638b1ba6c1bb0843cef440479dda0dd62c1385f06b87ffbd8615eb84fc3b743d69554707801d966394d383888770d655

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\cb=gapi[1].js

MD5 0fe383a7ddb9bbaefc3105b3297f5583
SHA1 f80c9d789f251909c7560bd91a9e1b9a10c26362
SHA256 d7ad4aad4e48174c30ef21fc32c9380659d2c99a5c39680e10ed9752139d8683
SHA512 31de1f59377bc76e5d602d02273867ce750bbbccb7edc8f2803c0188002ecae6752ac3ec31c2108e64b0d871b01e6a8a06711969dc68bd9823303def0e7c1ee4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 89b5375f05da2f6abd9af77efeca7145
SHA1 4019ed71fe4936b985bd6e95be8a31c1fb49c2ed
SHA256 a67a907cdfb7f24c000bd4704b720169d41d67b2a4b4372553d3a8e92ad5403c
SHA512 49c7638465c855b141fd8f92bc722e1fdc5bda7f60da8ca2de8d0e592e1fc284bc1431499affe6e4a75c56c8d5cbbb47b00772c2e7b97f369bf71b18c8d5c950

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\FBXMRWC1\www.youtube[1].xml

MD5 9f86650f3c64ae89239cddd629e9bf4e
SHA1 414967036830c5a950f80f45c5fcdf87e286ed0c
SHA256 a05baf969c17590e4f81f4bd035fc06cea159e877c4c783449a865c10219edb2
SHA512 8570f12845d378e2900b24245bd835107d202cc3800d0e0dc94ce3b6416eb60868542a898039eb3dc066e179b050b47c4ab85fdbbec2673805a7d6c5eed59428

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\FBXMRWC1\www.youtube[1].xml

MD5 2ab0feec19a557a467b8fb42e8021f6f
SHA1 3ee67fdcd6c014588de8e28d9704c2082007f048
SHA256 8c1c73d5c28e3c6e08b4e7bc52f9782a7595514cb742fa5a32b950bdd50e738d
SHA512 2d7eedba1631e8d95c6789ab0111e7be3f145d9a8983a7ab799077d39e694c51034050a480490258c9f729f34fe897fa9440e37df83b3ce37337840879bf5733

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\FBXMRWC1\www.youtube[1].xml

MD5 d398bc739cd3f406c30daff4b4a4bfca
SHA1 794b8e6bb9b0f65d908e7fc5b44d5dc4b003fa6e
SHA256 29d2bd8c21687d58ff4f2e236604d0fbb81fc0deef8c0b0ecef4c4f076281386
SHA512 20dac83475f2a6ab54fa7022fc3233d21089d01fb0cfddeb213863d3222e50ecdd33687fabc2fbc4bf0a4229902178a8bebd5ad255ae7ff69b4d2687d1dadbfd

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\FBXMRWC1\www.youtube[1].xml

MD5 e73ed99fb100d4aa0f96a93193827fbc
SHA1 d3778f7e0313772b6d0fe148eeba92190d763fe1
SHA256 863bf1fd4f65b8a22df5add6bfdbdaead81b5835ac201da87239db029f719a20
SHA512 e6f4d4d31fb0cc53702505a3f10a251cd151047c7771069075fe08725acc7a0dead57c6834424fe61ad673ec7ee27c6ebd515afcec7a6c5e00b07a0aad14f205

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\FBXMRWC1\www.youtube[1].xml

MD5 e7818b587733a90347528fe8d568e304
SHA1 32157d8b9fa0dd3975c286c87b61a3c68d08b673
SHA256 66c109b592bc0962f65e5741534370833fc05f37d7ccd7b24fe23ea1122da50a
SHA512 eb6103eaf7800cc8a21891eb1c9b60d4c31d5ec0b671c0c874614a64537ba6ae593adc9a444e9fbbd712ab80ccb8490c64e045b3597b39f26ae64cea8deacd2a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7973b74e7553db7792acca6437893ad9
SHA1 9be03cd67d1301ba2f183cb41126ace059a3d607
SHA256 a98ef5f01a104880de0a831a01044815783ac0d31cd1311b9a67acc1ba7174ca
SHA512 605e52427fd26f1bb1f850e1abe928dbdee9fe1a28228a2d33968fe6205a89753157f0ea1bd1464b8e1e0baf4eefe536c7a8d910c96189cc4ef5e24f42312643

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d0bf45e2f23d7a80b794eab2854e193
SHA1 ed7509994671ced16bd96678a41117e3087dcb2b
SHA256 7cb89edac6c4a2784745c757a773c3b0d8178267f8a4d538ac50d1e170ece77c
SHA512 51464692077f0f052d894dc534f24d5574d3598b9d9010d543c3d2a5e2229bba7630ea6f0cb8b2c0f18c285eac73d02bbec86ef74c565156ca29039239ad4a8c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f421ebd1182b35e8361bae611722391f
SHA1 ba0ae468807de2f155974548cef2c487cdc8555d
SHA256 275f87a3591ad07d17721503f21cc0594e5eaca2381b1b29014792bb12adc53d
SHA512 036383f4e1f5f5104c8bf5c57eb518a0e611b17d83fc214e024ca8c7a1bf2cc9373b0586b6e236afc8fbbede81bc633089222874f690757fda56b23d159a99cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c85e56c0116843d02047fbf73acd2af9
SHA1 398497fd7eb0d3979ea66d8d3acffe042e6c1fa0
SHA256 69ccccb66ac8a0b3d57862b6cbe34af9efe97188e46fb1d594b4fd956b104759
SHA512 81fd3546adc798ff5ca8a065235f1ecdf2c3750e2d0a3d8b3a273b64de7ee4c38e6d50e2e7d5db1da51ae1ae068ef626c3b09771ff21f1cf743bc829a707ccfe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3708b6f84b90e7846a841b0244045704
SHA1 6bfc0b66866b9f6bf62498c79a981235b0a0cf69
SHA256 cfe7c1c15a4983a2902e7659031c4b5d5d37760ec89c889f43a5b815ae31bc55
SHA512 6e8b098c207590bd7d0ec7b390708caad8c0a0224b81231869223c2b1b9f830d14f41dc69a4d3c94c656897ceec940af180bdaab51e4f644b3d9e03a7dab041d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 45e60d22ff7486af1132b42a8404e776
SHA1 86704720916dfd5b27bc8cdd3dfb224bae86b467
SHA256 7d8897232ae0ddc80ed4b0b59b8c3251eb05c41e6d2ef6e532956f359694a56a
SHA512 cb3673a49641d8243065b02296af0a9fbb3d5ed3dd75bce9d655bf9e7f8b857f43ec6c3ac9029a0ddd4d33ad2316c08bc8472836f18ae8f27a255d27bf6d3a67

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 113d4f8615e414c6e3b35588b56f2da6
SHA1 67436fc241f3488e9bd5222856c910a03b6054d6
SHA256 0ca60bfb5f9284e9bb20834b755e405ac2284e5f0b1e9f8a6255db970427e34c
SHA512 6862f8e1aa7f18dabe1fef98324d7d4a6796459674a9830260e5aa631a4a982ec3af0e5caccff0ad344af2588a71b0c9ea46e9235b022f979aa875fc5afa7545

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0d57e5d05b2f06fcf6bd08db6de2d598
SHA1 66efe746a9fe654f49af3ffe9af4364e1e67fbe4
SHA256 50cf2822fdfbff225e75e038c216ce55af63ed124810e74d615533841a245570
SHA512 4e75817cc6a1fee8422c1f11108a0016069d26c27b0bdf52c58662a1ce71054e2977940d63ed8a5ad63bb26351229a868a553465ac10004fcbdf0d6330524718

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2e308cf67e0780a2cdf2c677b0dc72d5
SHA1 345e35705f8af3f061c23bd16a6fc6ba274312c9
SHA256 b8b390b05c865ec35f2b0885a918e333ff535ecc476ff263da3853395fb0639f
SHA512 61ab63c44b1a06e438af37dadf91f77f1755d8a7dc78824c30bc1ae5b554aaceba1a8eea282cc7652511b190241a633dd817a02aa4c9ee7fd5c006e939338afb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5fe6c4b0467cf5db23bc56a262204a10
SHA1 e862682c7ce8459cfc5288789e79ade20048b36b
SHA256 519643611f05f71e419cc3c8c7d31c5d6230ac73faf47c9d595a75e8a79add3c
SHA512 a3cc4694955f1361df9b02b92606d1ba28774b0caf52faba2c817d4ebbd1a6728bd0099cca26753145fe84fc43dd7b9c822c04cfbb7cbce891976f133255308c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\FBXMRWC1\www.youtube[1].xml

MD5 3c763ea168b2d91f50acb2b0b793a0dc
SHA1 11ffe725be53db6dfd9b1f7384756275251c92ee
SHA256 e3006c5a2afcc4bca4af6d1bf270c37fbf7e3f868b1b21a606f1dc62138a3c1f
SHA512 98400a58d3b17f7cf8a2faecbdd7651b5da88b2a4d70787ea1ed66e763abe028454d68bb9b09d56c58291e5ee725a4684da214a156aae05980deb5e756f80875

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 97980e5628b6dea70d1da8eee8a332de
SHA1 eb255340140f632052ba4b057023dab0b40c4fbc
SHA256 85cedef4a9d84466dc274d864b5d7eeaa73b6833cc5f2f25cccf4cc9c435868e
SHA512 3df0d0e66b20c88ed09dc15dbcbc3e2d25111ed0d3e3e3b9065cb3c22569519444f27ee7f0b020d138b9fe44dd84f6b0fe460cdf4095d0c404ace2eb98561a1a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 255ef719c8bedbc170139601894ef603
SHA1 484b6877009f125b343f26f384e26eda70ba4978
SHA256 91d435dcc0362e0e735ea044af9e7bd22d500df33542827f7933c4008eaa24af
SHA512 e03f237a3c9b75189a2fe82a92015dbe8df2fb6422fd45c4cc751852da24eff63ee7cf696aa0fe35ef0f989307f07944ac84e327bbda39752d12e7a016ab718d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 e5f7e4c293eb367f3aaa411fd4a7ba66
SHA1 4b420c010f15232c46dd74cc3dce2c58cacf2dd2
SHA256 69426f139e460ab17236ee13171880c8e525612b56f3507fef45250760be3f69
SHA512 990e41a59677c78cbb0bab6aa1f022cadc9a23be98d36bba5836f68fc5ebeadd52a36831bd28c8e42f34eaa8d32dfc1c1ba0045ff35c259ebd74068275b3b6b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7497b516e9a63cf369175cfb7cfa535f
SHA1 17d88e931eb6bfef8fa75e1e63bb6585e3b17328
SHA256 808f9ed3e9f976b0e7d69f19c0f8c800938be6d225d46ed87a9f4850a0f48dc3
SHA512 7b5a93283f9289781147a63a5375a18890e5be7dacef3e830e895ec3f249e12066a40c6d50a3dcfed2a301ca0f5939c44da531835810c5fb66df0aa727155dfb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b4621312a9d356e83533bd68ed8f112
SHA1 47c2e1f00a73a7106b03a9199e3ebeebbc21cdae
SHA256 e67357391436b7e1424e857b1f8e6a322fde3d6191fd2753f8c745e150620026
SHA512 1fedaac26c17b0bad88ba16221fc0c73a95b7dd1934617b60a0e6ac8cc61d5a74ec008a43fbdc982fc9e0570dff409e34dc0ab0be78101c8c35061b0a46c33fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0f31766ab648c1e806d92cc54a2f6805
SHA1 d1516db9975e034ecbfa476bbfb28cb1130b6ae4
SHA256 68531a39127971188f1258e113a1665e7ddf242a7a61eac2cb900e963b57074f
SHA512 b4e3a04b48aea4442ca425cf779e62b696940354667bea5a65b6ff03853e023217dba24b08cd0ff87f51a4909dccd016e117b3c30305788bacf85337cd4e3333

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cfd20e7da8c52a4bf4095e5289cd3d2f
SHA1 00cec404700390a03dc6cf140acfa2b99d16311d
SHA256 d36ac7250f651ada6d33d7206c5e69e315a9a8c7266605d3e9ec0b8c33723602
SHA512 e25b18640540d358f3de7ecae0bd7bf3147e9ae39b9fe86550834a5b63249824c0d967773ce0fbbe901e47d7ab8b10504fba73477ce921d592e21d0e1a765759

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c95d07cf46e230291b7a0327b40d1027
SHA1 2fcbbbed590d7e05b68e9785b0185c3fe146f1c3
SHA256 03ddb6f3a223f120c6f54f155684bc9a27a19486f785d8b1c50f8af73d6d5fb8
SHA512 ca765afd4f84f0daf8b6666609193873d50b7818f25954b6dea608adadc5f8e49ea9145c3b04582ac48340f6e381709ed891cb8fabed5d5659545889941125fb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aab6539145e8a86dffc29392ebdf554e
SHA1 44c03e0046837dd282f809b0a2f6d1e5ee30f7c2
SHA256 d888f7ccc5bb66edd7091429957f325d05dc40c061708710d11ba33c21f86f11
SHA512 d665ea9773f1929626170fef60833ed164bd6c8273caac7b7adb88efcab49a6d9814ede0e9356436993dc56dd3e8b4684eb75b0429472ce0994f5e5e626eae0b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 3bd6cbcb84538115592a74d98dd13897
SHA1 7ec7c5c804f165e19ce2331c6539de1f96a09c31
SHA256 1909c5199a8803e9538a0f893f7fa663f42f70e758da5c7350ee86b383d05def
SHA512 e5a1eb9490a81e26e166edecf569ad70199ef94c17db0c3881f12fb9ab299b2ade08c4d40eb44ffd63abb3dd3c5ed012a3ebf4371428c7294809fec282bbb8ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4370304ccc03f7c57966ac25765a28d7
SHA1 4835108d8d4b21a8a8319f1f219646f9b6bbcd9c
SHA256 f80a75132e3455850410a9b958414906daacebc4df246b4af572f3d57c6f8066
SHA512 919d3309325d2ee5c79eea42da43b0a050dff21fc3fbd45798039a03d05d888e55b4b5713bf6a9fb36402a4ca688a236cbd3bfe86e68092dc9fb8e7c010cf21b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 39cbe0c9a8d13478de58368e9a87991c
SHA1 16c3e6b7975d885305f47137a24ba95189f3ce26
SHA256 82ec691c6bcdb8e5e7f2ef8638061df2de15270ceb66574648f59c81ac6126a2
SHA512 2a3f4329c08d685b6f64199a36175ae10ac50ddab6dde8e936d7c7bdc8d78b30332b996654d216c8d47c266a6e1b624419c2ee4d2bcd7458a91e7dadf16dcbac

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\3604799710-postmessagerelay[1].js

MD5 40aaadf2a7451d276b940cddefb2d0ed
SHA1 b2fc8129a4f5e5a0c8cb631218f40a4230444d9e
SHA256 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2
SHA512 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\rpc_shindig_random[1].js

MD5 6a90a8e611705b6e5953757cc549ce8c
SHA1 3e7416db7afe4cfdf3980daba308df560b4bede6
SHA256 51fdd911dc05b1208911b0123aed6b542e9d9f04c94d7504c63d89ca259ef679
SHA512 583636571c015af525cddd5b8dc2ac9964aba5a7a9b0acd3908e4aeb4c2ee74cdfaabe49b0aa13d7b142748542426864e91e88e90d7f73bc647f0bfecb0ff7bd

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 04:47

Reported

2024-06-02 04:50

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8ced791663c0d8235a92c2fbb0988957_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5080 wrote to memory of 1812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 1812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8ced791663c0d8235a92c2fbb0988957_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff091646f8,0x7fff09164708,0x7fff09164718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,7249875253891195691,6320457230524103705,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,7249875253891195691,6320457230524103705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,7249875253891195691,6320457230524103705,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7249875253891195691,6320457230524103705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7249875253891195691,6320457230524103705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7249875253891195691,6320457230524103705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7249875253891195691,6320457230524103705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7249875253891195691,6320457230524103705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,7249875253891195691,6320457230524103705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4484 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,7249875253891195691,6320457230524103705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4484 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7249875253891195691,6320457230524103705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7249875253891195691,6320457230524103705,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7249875253891195691,6320457230524103705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7249875253891195691,6320457230524103705,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,7249875253891195691,6320457230524103705,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6088 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 mozicsillag.cc udp
US 8.8.8.8:53 ad.adverticum.net udp
DE 91.195.240.94:80 mozicsillag.cc tcp
DE 91.195.240.94:80 mozicsillag.cc tcp
DE 91.195.240.94:80 mozicsillag.cc tcp
DE 91.195.240.94:80 mozicsillag.cc tcp
DE 91.195.240.94:80 mozicsillag.cc tcp
HU 193.201.191.13:445 ad.adverticum.net tcp
US 8.8.8.8:53 easya.lightsolution.hu udp
DE 91.195.240.94:80 mozicsillag.cc tcp
DE 91.195.240.94:80 mozicsillag.cc tcp
DE 91.195.240.94:80 mozicsillag.cc tcp
US 8.8.8.8:53 video.vid4u.org udp
DE 91.195.240.94:80 mozicsillag.cc tcp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 94.240.195.91.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
DE 142.132.202.70:80 video.vid4u.org tcp
DE 91.195.240.94:80 mozicsillag.cc tcp
GB 142.250.200.14:443 apis.google.com udp
DE 142.132.202.70:443 video.vid4u.org tcp
DE 91.195.240.94:80 mozicsillag.cc tcp
DE 91.195.240.94:80 mozicsillag.cc tcp
DE 91.195.240.94:80 mozicsillag.cc tcp
DE 91.195.240.94:80 mozicsillag.cc tcp
DE 91.195.240.94:80 mozicsillag.cc tcp
US 8.8.8.8:53 developers.google.com udp
GB 216.58.201.110:80 developers.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 ad.adverticum.net udp
HU 193.201.191.13:139 ad.adverticum.net tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 70.202.132.142.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 www.youtube.com udp
GB 163.70.151.21:445 connect.facebook.net tcp
GB 142.250.180.14:80 www.youtube.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.180.22:443 i.ytimg.com tcp
US 8.8.8.8:53 www.statcounter.com udp
US 104.20.94.138:80 www.statcounter.com tcp
US 8.8.8.8:53 c.statcounter.com udp
US 104.20.94.138:443 c.statcounter.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.178.2:443 googleads.g.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 138.94.20.104.in-addr.arpa udp
US 8.8.8.8:53 22.180.250.142.in-addr.arpa udp
GB 216.58.204.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 connect.facebook.net udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
GB 163.70.151.21:139 connect.facebook.net tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 platform.twitter.com udp
PL 93.184.220.66:445 platform.twitter.com tcp
US 8.8.8.8:53 platform.twitter.com udp
PL 93.184.220.66:139 platform.twitter.com tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 jsc.adskeeper.co.uk udp
US 104.18.35.65:445 jsc.adskeeper.co.uk tcp
US 172.64.152.191:445 jsc.adskeeper.co.uk tcp
US 8.8.8.8:53 jsc.adskeeper.co.uk udp
US 104.18.35.65:139 jsc.adskeeper.co.uk tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 a11ybar.com udp
US 104.21.56.218:445 a11ybar.com tcp
US 172.67.136.238:445 a11ybar.com tcp
US 8.8.8.8:53 a11ybar.com udp
US 52.111.229.43:443 tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 ad.adverticum.net udp
HU 193.201.191.13:445 ad.adverticum.net tcp
HU 193.201.191.13:139 ad.adverticum.net tcp
DE 91.195.240.94:80 mozicsillag.cc tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.178.2:443 googleads.g.doubleclick.net udp

Files

\??\pipe\LOCAL\crashpad_5080_GUMJCDTUBSWPVLPE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1 df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fcc515e9d18074a780940d464002d909
SHA1 08e6cc82b715b5fe6edcf1f94fce1b3baf91f676
SHA256 60c817ad468287b4d23404e723871bd21554d64539ab3a54e330e236c6135a81
SHA512 fe7df63c9863c1c79597970b6a092f2ab381475bf2519ebcb9709c8d2d3fb975822eefc4b7899fd7910c5f4a9589d4a3c1c130287f8105c291ea0b1bf626b0ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 27a6cf804ba7d93c6edba2044bfa7c8a
SHA1 f29dae9715b21fba1ba541a58237556995dd62a9
SHA256 05573838b9df4ffa14c17ce985747ba88cc0470e51e4684b5057add3b90b29f6
SHA512 2a95f97193a7f7bf91442c81f2b31af282d8736529579ec0e83c69d14815cb208a4ac9bc0fa89aacca12e563303d692ced01a3c1eab929e1d11d762e03bc56fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0c190954830cfc305a7ab828f00e18d1
SHA1 8a3b89fcdfb350e4eb29b23c326555b8571953d3
SHA256 66abc196eee02ebaf431cb7fdde27beb96b117e92e0034c568ff6a010cfd87c4
SHA512 11b0c5582559b8976f614bdbfae96fdda5b7143f9bd761af1a68633cb617ca669c3680954efd7bbe8b1a0f93c656b716e30cd0a90788d9ac91988f6537c20071

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f4c9619cf01cc7866c13a6c5077c8431
SHA1 f39fc35f565adb949497a0f93e42fbc54221bd99
SHA256 1df6f10166a2c45e7656bae5336f8736ec942d8fb0403fa92b736089bb8d7e15
SHA512 4531fcbf6df874307e4e67590b6f03fd18b802fb9610fdfa1b26ad084f87a9bfa7043038b62a29cc6e966bae471336b2798a2d3c9fc3afff05c8525df8822887

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 e1c71f7c04be834f5587230db2ad24b3
SHA1 f3bab9cb99d9f343bf7ed3981aaa7450515d2424
SHA256 9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899
SHA512 205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ca0d194c9dd00d6825c3c0eaffaa329a
SHA1 fbbea3f77760e32e1ee7edb4d8cf3f989654a9b1
SHA256 3a09149bf08b63cf3e28e647d663310e08cc9399139852badd5daa153d84c21a
SHA512 614abbad05f3b56c796291499ef22d39e60a4016f62a8b3e5c646d03d3f6711bdc6c5ac10167ffad3e2dabc099b6bbff5dd4c1954d909c8bbfd7ab43ea9063fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 aceea425c8f337095dc7e633d0e9b0cc
SHA1 e7e2f7c673f20f4b604b76c7c5f0b44d9bc5e4a4
SHA256 abeac8aec1e34ac15da40faba2c1b173ff766198dde3eed0ea40abc3185d1188
SHA512 4ba49be256afb09e31ae3d13948316717a4c1eda16b00268d4e54e844adc9bad7c9ebfda57b5c52030154c1b5dc1b5fce39ada044593edaf3070fcf37764288d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 14be739a4ac52f64eb42c90bb0df1558
SHA1 b34a4896eadfa806212d956190f3fa9df901815d
SHA256 bc9dd3fb807f07b6da1f5c9fb898dacfff0ff0bc9484e08251cf229f9acde8ba
SHA512 ef6dd65063c5b16e1495a1e15dbdae25d971239d51116674affefe89eb280627a77b03c74624ef09331efd1e131756292277739e94566eed9c95a201e12dbf77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7095c5f06806087bfcef4681c5acc1a3
SHA1 168bb5a7cc57bdb4d6b97945be2de2f5df6b8d6f
SHA256 086367fad69bada0ada424df5000c4eac50b75c96f169dd4874de714eec1981c
SHA512 d0143a9135cab4f58bd99f73e868be6946c0aa2aac5c3ff7b3e2f7429510b58bb8bd767c4d1c19db0ea89d4fe93393ee93d42bc383e0990b4a900bbbe802a849

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0a7fcfa2cba490c3abfb2aaf0566c811
SHA1 72a99f6ea42be2ff74cd778a86d91c6401f38173
SHA256 ae15a70310448c45e57f53aeec494d3ca07b0820cd2e66734005eefffecca6ab
SHA512 5658050ed5fc8a7f57d49e2e9926ff5eb2d35d2ab326024cd183510dc42ade0ac47cfa8da9576a083769bb07306015fb764ae2f7d77259f82a2be04687c597de