Malware Analysis Report

2025-04-14 02:37

Sample ID 240603-jv3xrshh43
Target 91090fce36f50582404f4a059fc71ec0_JaffaCakes118
SHA256 04e6b73fac7fa9ed0a9a510568051abbd577fe74172e8b2f073c1e0ce45b2b66
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

04e6b73fac7fa9ed0a9a510568051abbd577fe74172e8b2f073c1e0ce45b2b66

Threat Level: No (potentially) malicious behavior was detected

The file 91090fce36f50582404f4a059fc71ec0_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 08:00

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 08:00

Reported

2024-06-03 08:02

Platform

win7-20240221-en

Max time kernel

133s

Max time network

140s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91090fce36f50582404f4a059fc71ec0_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10531" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10531" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "19674" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "19674" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "233" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10525" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 400c522a8cb5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "233" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "325" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "331" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "19674" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10525" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "325" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "233" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423563484" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "331" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9640" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "9640" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10443" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10525" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10443" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000eba64bb6a4bdb4459be39c27e20f14890000000002000000000010660000000100002000000010825b4b8ebe9a24bd3114293ccddc49c17012cc399b0c6214f1b6a733768769000000000e80000000020000200000008986ee16d016672f5aa07f8ff22295fdeb3d127d974834d8d0629ad679930a91900000006ee5ada992b1ce0d53be5761327a922c914656eb6a6dc43071cbf36760fe83c29925555a17fafc6b7966f9abb5a9b514baa46adb54cdd5b4846333e29586ab7adc2dfabe749751fe2c203251209e80eb935a5b4ed41c4d7d1c69159df113c0b40cbebdded02dfd6e4ff9f0d0a05141cadec9ca5823e1cfe7fac0acc6cf39586670d4d4d33e174a300a7c4b27db83ef8e400000000cc5a00bc1e7b8e4230300616db96c2d0ecef903fc2b2e811369cb214742b97c513c9b02a3977cf5c3647ffa94c66d8e0e1aaef87d2fc6cc62cf3e8bdf1854f7 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91090fce36f50582404f4a059fc71ec0_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1628 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.noithat190.vn udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 opi.yahoo.com udp
US 8.8.8.8:53 www.doanhnghiephanoi.vn udp
US 151.101.2.137:80 code.jquery.com tcp
US 151.101.2.137:80 code.jquery.com tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:80 www.youtube.com tcp
GB 142.250.200.14:80 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.212.226:443 googleads.g.doubleclick.net tcp
GB 216.58.212.226:443 googleads.g.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 fe0.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 216.58.212.226:443 googleads.g.doubleclick.net tcp
GB 216.58.212.226:443 googleads.g.doubleclick.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SHYE9N0B\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SHYE9N0B\www.youtube[1].xml

MD5 872866014aa94a52ff87a302cfde27c8
SHA1 2019dc71fcd671a6ff414bdaadb6ad36c3d7bd0b
SHA256 91cf4610b3c5c4cb1a73942e3edb1cc33d54317ad528cf6a9ffe54754fdebe8d
SHA512 201930eb667addf468260286c5256cc4559e1c95a9dc14b3a33666373997db9cf69267723036e425a00d6425e7288fdd745f6ee2512024554cc1fa719255c7ef

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SHYE9N0B\www.youtube[1].xml

MD5 6204313a5ef1f5400abe28786972fc75
SHA1 dc90abe1ee02b11e1ab39fdc8dc84b02d9846973
SHA256 47be1aeb783505e2b4b70fd00ca26affe033aac332636bf61f0349a96779dcfe
SHA512 0f8fa11294be0147fa61586ef49211fe6de9857ed681e30b01b3384a1a001ae82dee40297df6b6ea2de294502e0f973f8bd82fbad5313b345161c4ea248b54ee

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SHYE9N0B\www.youtube[1].xml

MD5 4727420e95ce7cb45dfbdf88ab2d8812
SHA1 0d27819529b0f1532793af1bfb926e35f52ab734
SHA256 59c795c4d18a98a4c8bd2288ea42d315336192d8a5cdb72de92d380554fcd1bb
SHA512 da7c6d4827a64c550b41d09b9e6158c17772abf0eab2566c59201bd717af15b93720287b995da5ab9be35b0ff451590c6012926198a48b5f707ec6c4c297b591

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SHYE9N0B\www.youtube[1].xml

MD5 fb8d2a299f54d972c60c872e295aa020
SHA1 bb070c2f109fa9e1dfc0d75c6f23aa18bf609e59
SHA256 d0b848083d537b69fe7fc24de21b4a84f4f8f9c367313cc34fbf6c70ec9716ea
SHA512 0fe411f3ca30db35d8130bc0d8a034654ac2941cbf0f6469530b26def46743ebdf04dd16ab6002484900ab46da5ad5da3c8466fb9587956a7e41694f122e4e7c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SHYE9N0B\www.youtube[1].xml

MD5 501e2beccf4c41847deb689cb4ff9aec
SHA1 e8a70a5688af7c68ec896886d57ecb2eaba4b36f
SHA256 89b4fe60d431bbaa1e6917789c59db1a560c05468c883c065358471b3587596a
SHA512 e1b816d2b2ff3cb5e79dfd5a57b82f26c86a4926236b1e4c8ae5f93c8759de32aaa9ff1037924d8a3563b63875624e17dbc6a82416ae2c790061c8f23123192b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SHYE9N0B\www.youtube[1].xml

MD5 40f2e4d28e18852b6fc51a2c8cf1b277
SHA1 e0ea3a6596e731a70d36548bd83652e63e798101
SHA256 53f01d3b602ad0e54aef3d7a2a5a6697f133642fb9a2acd67fa86f16f26fd8d8
SHA512 0eba659f9c380772f6b7463531062b39ca42e84f59ea6402ea08497b55ca9bb5db6ce0aacc52e06233ce15e35db08cbce8e24b8af1d936fb1dd4c64abf7ba465

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SHYE9N0B\www.youtube[1].xml

MD5 ec88b7872dea7286669aa944c5c0f075
SHA1 636b7e7575e082068bfc61bfbfdb25f6b1472aba
SHA256 afb851b4b09fe722130b124233e9d972633f824deae4c03da12d4a285137836b
SHA512 dbe027eac056bb50cd0b8f715a14f9ae221c0f19ee21ab508f18c05e01336b4b61db231064c123b539bb1625fd29922524c6edc9f5f3bc0f8018596dec0932bd

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SHYE9N0B\www.youtube[1].xml

MD5 cfc01e0f91422862288477ecb1b6c1ed
SHA1 6d5a0a28e9bc2fc4c52e7297be2ca8ae54f63db9
SHA256 1204311df3ed485034ee2fd483b0cc0b52975d88b88406eaa139d66455c74c0e
SHA512 c136755c8edb3c7537b7042eee9885f61dff2a208a20e11b3138a7f1015c7f6cc1abff622824cf248ad9132ba8534e9da50b122d3b7b1d04b7365a9fe1d05967

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SHYE9N0B\www.youtube[1].xml

MD5 0a956b8c8aa2f7303adc9d43f0e4d932
SHA1 d968a691677150c23932c2c1e64080ac5ea6a711
SHA256 1199ca4a1b1bc93c3d64d6a218f530ca9f8653ca496fc7450fda5a5d19df87ad
SHA512 152697da6d8b64e1b8c415eafd9146b4304d13cb5a9dbc33deee98a179b06f733a809eb5104edfe040ad4014fc76dd61414e4589bd7f452e0abe86d39948ec9c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SHYE9N0B\www.youtube[1].xml

MD5 f8e0493159152dcb725f60d8f42ac180
SHA1 980119106c9c7d3632cedf0a5537502c94a7492f
SHA256 8d4f51fe38ec85eb8923becd6621949bf6583d4208ee4ee3543498bd90983ae9
SHA512 4ff7ee5a6b8de2e2b59fc1018fdff8580752c392fda09273be78230942f71ec196c866d53b7d8889268fb649864b440064d37adc071efe1bb4165eafbb6ccbc6

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SHYE9N0B\www.youtube[1].xml

MD5 2bf26f409f24893eb3eaa82460b79b1a
SHA1 e18739979473ded018cadab521a673cccf332af0
SHA256 db9fe74d8900a5903a301d9fa0c054ee8f889db1ca9da0ffc327eceed8526ab0
SHA512 97427c3c911066f0a3de573fec69529f22c95ffbccf253bbb97b4d62ddf1247bd6752fdc74a3f3d9d55923a252e9c5e5e00fa3533a2f9f0003fb9bee177094e6

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SHYE9N0B\www.youtube[1].xml

MD5 2603fed03137c13a2d16e5acd397a7ae
SHA1 ec6ce061ceaadebd665c0f35e50b29c9cff58d2c
SHA256 72fe72679487ec7153a9f51b8dbd9d0cea145b5b7a44e52de54a375c85e30f6f
SHA512 bfa1c43ca6ed12600dc4df3b29e2f75c00e3189995c57423995c46782badd48a0e0c62821f01fff2773d69259a1f5bd2b1878f3acd61262cba5adbb65aefbbc8

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SHYE9N0B\www.youtube[1].xml

MD5 e7f115a9eec41e45f4ca39ba4cc03d41
SHA1 99d1194be23de5b7d1fd1792f4324c8c5c4f0c19
SHA256 3a11a76a09f205a998d0389ff88372389a829ed8a870e11cd09464f80cbf4098
SHA512 e0f464e577f16bacb35f46e39a3e9f839de0ea3e6006d0277711e9d0f7e68bc3fc08396950e9c9c38c8b0f077c42d5847e16220e9bdbac776ba3e11e520ca342

C:\Users\Admin\AppData\Local\Temp\Tar5321.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\Cab5322.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5919ab69a169dd5530c8de4ebca63a00
SHA1 bcdadba750ca7c0f47c107ce3ddfa3070b624fec
SHA256 7fe45d5558d1eaee90687e004ca782fc48158243ec45d1084f775793c505a45e
SHA512 5dda1c93c4205e29f7fcfa1bf485f8debbe3ac82a71ac2bb64e91a286e34776acf9ae929134747cf1d076a54a22adaca92fab5b08362b00bedfd7fa8e0de2e52

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar5404.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 148baebfeb2ae9f6281d74bfe89eec0a
SHA1 3ff644b8399084fc50146cd8b9a493a7f9117e77
SHA256 c5c5dbf689d1b0a941fc34b6be58438ce1b43993f5fea6826510dbbd0dda7152
SHA512 3104da8c1b21f2b88e959a48def0ddc69082983e37c8b87c4d4f8790cf04a9fcff17178b8e7001886323f59f207d9269ae8ac9444d0992bc95acde36c1ae9ad0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f04861bf418b1e200f8963424e0dd2d7
SHA1 fd77b59ddb428eb543641ed1edee9f0d9b2f8efc
SHA256 761311ad05e68776b2f3268f1fffa865024593b73fd3d72f4cf1cad40bdc1d95
SHA512 044a157ca93dd7cdfe8fdf17ff3e63c622ea2b94aa52fd97ef37522c49e3c169bbd39fe097437de69b23d9c504ae45b9dec0d2da94c9a7a86a964432b0d9196c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 383e223faa21fd7648729ad70e49a35a
SHA1 47fb3586d4a47ca413700922ab6985f6644f6bf8
SHA256 e0b1f68760d3a36abe1b291a7f2a9fc32ff5ecd45b244210c436c9ece0fc994c
SHA512 9431d66b8e75865ce3b3800b12db311c2c0087512b09e85be306275a63f95a019485a834f3c9248f7f23ea95fac63ee17694316b62c3f220382c6bf52869d20c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f665c817d4c50938779b28340c67979c
SHA1 875508b0fe8284968433666741ab3355ac8a303b
SHA256 d97d11919bbdcb57f84654305137828a7c66c6c4220cf44a37497f51f500e90e
SHA512 4c21345c0aeb8a3cc847dbd24cc64656887c8000dff9457ab8b47ce355b31c89e888e73cd13cc26663423b99adb9203f6f96f62472df3b25e34c242d6c2b797f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 07ad376cfa62c54e9160701a0b3240f9
SHA1 fb747a9f9f410ee17a5595d05626e5b6ca753a3b
SHA256 81ed9c18a74b52f28ae7faff79588c63e3c147be32bedfd67dd944569c7564f2
SHA512 9877f14a74a85d6dd69c91dbd1e1b7d5bee3094cc6f921ff2deff6c626ca53ecf6de46dc594673bb213f36d2cd9bf1a69508999a54bf3d7d1b3695ad0b035241

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc397de0de5087670a13d70dfa77e344
SHA1 1257ca5ea3d7c0556f58cfa453af15aa139e155f
SHA256 2c41b25abf613e2d54265f49309a03e2b7fadca9de8b7aaa2ade84c7085936ac
SHA512 4f9afc3fde6f0730ef14436920fdb8a6a307632c41fddb2a8376cc10030e05a4b1001185fe07ca01793024021c8e4c3cfdb25b637b0cbe28502458aac2a20269

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b7551db0d3de735597e8333588f92c0
SHA1 90f2fbc25b232d60ab69ae39ad20222f95baa588
SHA256 69e71d753d142b675c2fdbbea91471c8d066ebda35b50cef9bf5b57ec4fe04ab
SHA512 58198b3a3095f8d654de6aef1bcddba29c78b563727b127c8a8f5c6cb60b023d853041520c2a62c76e18d3f0a290b21a790d17ad3dc6cdabaa349dc21a79723b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3701527085dd98ececdbc6daf90287df
SHA1 a9707fb5829570d53382693e9c1240b49f706778
SHA256 09c5c4acf561e0b421edc57e13cb3548e3e6edd5b72d080f8cfe8fc32c80bd77
SHA512 377a1f47e977df7c56378d7ff3a5195a4262e84a4ffeb7c80410f42189e2774f7210b44b2b036808f5cdbcc5fecc0e0e10b5f349ba14792fe313f85b5cfa7d30

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36923d9fff52527dab87b1a45b7515e7
SHA1 7aadcb109e18373bfe42b84ac9f2fe07d58d0cda
SHA256 2b133c76539920023a8a9aff23e3771c6b5fb96388a41966ddd1ade5398eea8d
SHA512 50efd3ae3d915fe7d401a3d6ba7eb00dfef6dc5e9ea80ba5f03c1a8c804e24b7f753eeb6e5da36b91d7b1703d6af8f2baa428e226c75b300227dfe8d23e7e388

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SHYE9N0B\www.youtube[1].xml

MD5 c309156f311656e8d42ff058bc39134a
SHA1 f6b6bc279f1777349d27f122a2e9285f64bf84cd
SHA256 2be7d9177f4daa4b59e7b8034c2fe43c872c502420acba4232dd486e9334801f
SHA512 af448b4dd7fe8e3e0fe38892e3004244f0949acd188c2f40dd75c611ae9a3b74b1ba69a9b63c620bde4933b3abef136851ebc71539ae252f275f4bda9bcb4942

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1aa53e6e8eaaedb15d011a1a6e83d1d9
SHA1 e903576f159f89aced56a0e6983f8d5c65d41594
SHA256 7f5e3eb538756815c666351b538368ba701cf1e5cc321d9cfe1283774c812aae
SHA512 a9b4acdacec0ee37f26cc6d9ed06cdc0ff2cd4aa56c28792e01e5085ca97602d344fa41c3a430365f76e8966f1ba33f0e89c68344e34b0ca2f7a94c4c3e17653

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 0577b9128f390aaf7c77c417e0c75842
SHA1 6085df937f1c5b54cdc0d4caff36e694216aa9b5
SHA256 3c0b25f2704304958e93c7f7c1752708addaba1cb79d8764f17e84a5fce10db3
SHA512 96b09ac46ff2d70d3c0cc93e4cb24a9ed7931f78a2b65e2dc4717249a577bc212daadcf89ad437e401ef6a544dc9b586a3c700fa03d37e380c840b0598beaf3f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 69ffeb19c8781e3169c3574a967bccca
SHA1 d39932b2f923d97de08bbc310cbdd5fd5ffb3351
SHA256 38ba7b683fdf0682408d111076ad62da341c10c01aa39ba9d1bdd2392808cfc2
SHA512 69e0a0effc3e03f753582382290b3915e43d094a149ef7432a280a1026684bda751a5e08f70c1cd99837a2a3866630ab2ad6bf502b0122ab1f7cc54836f2580f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6a020b7c242e61ca08a71cf9590ac8e
SHA1 ff51af9659c6b256667803b02262b732a69323c1
SHA256 551680cf36c35a96a4807908353ac908efd3461db526f31f13797b5135793c15
SHA512 aac2c4004e38bc8679728c0bf3f21a3f6084f87688aca4832968b441d4066f344d8509bd1a210b9909dcfcf4755a67663be9b24386ba3dff17c46ac9d173dc8a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3020d900d5f60e3c34cba98bee1bc4e0
SHA1 b82a6f4dbdd1c84449848ca2d3ab62db3202b696
SHA256 13f0c48ef530035da108c6c09e7e81925183a1d5ff6681fe5f8f1f0a2e3f4e7f
SHA512 bd84596cf844355b58ba9946f6f6502b7cc0b3618bb0bf1d2fcb8ce5e469110cd7778123ed6ffdf7a1bb8d2b9a2bf90ddb0a2a29c64f53483a0fc3efbbe68173

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 83c454df7bce019a0a5893805feaaba0
SHA1 2e6bdd11f5223012a28b574aa0aa4f1224b4e98c
SHA256 c864772bac170db9a5dc4574ca3ec6ca1959ddfcf305a37a765caa65d23ea195
SHA512 a08b10bc5dffe074c41459bd6432da981dcf8998f10ff2f64b121eee548694d38cc608eaef466a73587f4931f2036c22fe34c5cf66f434555a85311d177bc27c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 582ead9a857065c11e0fde27367cdec9
SHA1 407a9bf403364ad8fa0ac8ca8145f5639b584869
SHA256 1e892c9097ba6d9f53168fd20b3418dfe19a792190a61cffafb63081ecaf9879
SHA512 1bfea6f1edd901e61cb9083ca14fff80e2009295863f75e4736db5dcc8ea8ee2865ea527ec8053fc74ea8140e6a6df5d9ac4f9b7c786ae3cc793579ab90f3228

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a72f5d6a46ce16ab4b9abbfb09b178ae
SHA1 3c1a2ed2efcecb8bef4b17a09633496461f1725f
SHA256 423db59edd6a7412931755ee26032bfdfd7d4a883d5d1abd4a010fe0bb0077ac
SHA512 1fc9a4c72e2907d5126d3a1e9df9769bdff7e3172911ccba8f4525cd427f5c6025d2f291867cf1a51c3e5a0b425d0f37235f8feb2bb26d5b04aeb82a31919763

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 3a5df9129c26bb0e8be51e33ab10b74d
SHA1 5cee4f4f8358af964a640e55a41f4c82b21355b5
SHA256 f6d2c89be930affcafeabdfa7d52ca4e8699733ad4c6de8c5df41620376d0dc9
SHA512 11d740ffe639b8593daa49997efcc6a29b27101be84b02e1b778e6286871f8f60034a987cf8a594000473f48f530096b71aea65cf529fb47d0eaecffcda6bde6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 51caec04055dca037441e178c82a9ee4
SHA1 84acafdd30408cc8bd7b0a4853b0b18a3a9f8662
SHA256 0d543b8d475ea28ed7bfb1e6087ad481fd6d75ee72f5a9656d7d4b5acbbd1c75
SHA512 8a1f9ab2d79218e8fcd214247abd35316e3bbaa0f28d2154a53ea8f785fe53ac2b356b76a5c8bb26383d82abd72c57eda45a9589f637d209274b7598b5c4b75a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c5a12a3e322db587247e775fd8d182a0
SHA1 5715e2c1c3796b4402b7f987e968e012a95ccd0f
SHA256 34c0887f9f552d72af9fabaca8624d0b964e993c8389fa897850b6999a626654
SHA512 92c33dccc666e72460f056787e94a54d40b708a29e5f7912ff6a11f090e86be077c0b75619f0cb401f2a38cd0d075f641cfee059150c8ca885b05341e012b9db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1423e4cbcd5e280b6e694976e0ec1356
SHA1 08e8f3eaf6df3c039b6dcc9d1c648ffd3588005c
SHA256 f9ed6b34b719c3f728369fcc657da8f649758fae7ebed49886e4588a7876cbd8
SHA512 af4028747f3a69d943dd2d211ffc22bbb84c6b78b84378e862222085f867e40c3b50cfad5978e69045fe108e5e62e1750a0ae97decaac912e5fd000d66d09c6b

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 08:00

Reported

2024-06-03 08:02

Platform

win10v2004-20240426-en

Max time kernel

145s

Max time network

145s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91090fce36f50582404f4a059fc71ec0_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3512 wrote to memory of 3472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 3472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 4236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 4236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3512 wrote to memory of 2936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91090fce36f50582404f4a059fc71ec0_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffda88e46f8,0x7ffda88e4708,0x7ffda88e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,736245246212338699,7042865381117853389,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,736245246212338699,7042865381117853389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,736245246212338699,7042865381117853389,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,736245246212338699,7042865381117853389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,736245246212338699,7042865381117853389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,736245246212338699,7042865381117853389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,736245246212338699,7042865381117853389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,736245246212338699,7042865381117853389,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2856 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 www.noithat190.vn udp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 code.jquery.com udp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
US 151.101.130.137:80 code.jquery.com tcp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 opi.yahoo.com udp
GB 163.70.151.21:445 connect.facebook.net tcp
US 8.8.8.8:53 www.doanhnghiephanoi.vn udp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:80 www.youtube.com tcp
GB 142.250.200.14:80 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 98.14.0.27.in-addr.arpa udp
US 8.8.8.8:53 137.130.101.151.in-addr.arpa udp
VN 27.0.14.98:80 www.noithat190.vn tcp
GB 142.250.200.14:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.212.246:443 i.ytimg.com tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:139 connect.facebook.net tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.200.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 142.250.187.196:443 www.google.com tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 246.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
GB 172.217.16.234:443 jnn-pa.googleapis.com udp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com udp
VN 27.0.14.98:80 www.noithat190.vn tcp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
N/A 224.0.0.251:5353 udp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.200.2:443 googleads.g.doubleclick.net udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f53207a5ca2ef5c7e976cbb3cb26d870
SHA1 49a8cc44f53da77bb3dfb36fc7676ed54675db43
SHA256 19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23
SHA512 be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

\??\pipe\LOCAL\crashpad_3512_RTGZNKJDGADZGSFR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ae54e9db2e89f2c54da8cc0bfcbd26bd
SHA1 a88af6c673609ecbc51a1a60dfbc8577830d2b5d
SHA256 5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af
SHA512 e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a2919e64d91d2288bf8731262330d36a
SHA1 56dba46c6b321c51880d075a53f093886f362213
SHA256 e3916d87ae1b15462cb9175ce6940db5d1fd22f9e75db6e9aab72930c6b8b445
SHA512 da7eca582fa77189cdb5aaef0e5f438c3f7fde4998b27b569083813bc4d642ba12473a23bf1bf6a6492d7297b316535bec7270356cfba89d0622e93652ce8edd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d91f736f861000edbc1f29802c6bd176
SHA1 d9ae0edc613908b155a6358a5eab5bc02fc062e2
SHA256 a0a7efbe2be8b3a5d9b991a0e76c8bf4f3a163d8cab37a07e1df5807208d49ef
SHA512 1db2f91e1f568e3b3a0f59446bcd6fb8b1c8f7185be1efebe399c678b22f2d3cc858dc8ee203aa4ff65414da548d80290209609677e953460bea2f8d8390c1d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3ea9988841822b1f2c8bce953a632d1c
SHA1 e0d2ed68b40981f726b677027ae75b3a3abc9761
SHA256 86db3e7ad8048b6832f65d5dc5058c9ab25fcdc2063266636474525bd08d591c
SHA512 de0da2103de94dbe86ecedbc911199db45e31921ebbcb40ed94dd7131c6c3d7210016e8f45e46074568e49134f90ed2c6467c4a1cf6d270d14064e87cdfed8ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a043e9eb1aae9be3be8e3ef0128031fd
SHA1 f78c510af9bedc4bc023a7405ac78427926018be
SHA256 e7bb7122ac1ee7e925ac8473490fa3a65126b10c19b8dd1abdc662dc46c712f9
SHA512 3a850e9fbf0e28f8810c114611d18014fcf6a794324e74c802beac35f4ffcb2f97dc746c9c1c18b44cb59fc19dbc2d68739dc667c080058c7548e756e2500c0a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 22cab22e980fb93ffcdf02fa812f18d9
SHA1 b0bb8cdcad0e5269fae8551fbd52f07d3d89d112
SHA256 2af69956339b52d5c61bfbcb0458f865c409646351978f6db8b403055c44e4f5
SHA512 e2cad8a629dac8a8ed66b066465944fc884044f3bc16abab61c20e6046256ce6dde8b6b5326f59f6caff7bf7c0c003b4891e6a445be1f2c5b04ba3cee5ec108f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 42dfdbc2b40a662ae1b1b851161c1d14
SHA1 029494461e1b313273631c73bac8e26af1112e80
SHA256 0fdc798230b3a99eba895415ce38f1aecf3d00fc049e50e1df50f117c2a11dde
SHA512 e2227e03d1a78bbd80ef5460e0c24d7d4074005a709764ac0358061856aca811276e82ac79409aec46bf0024d6eb97f375805a7de5158977d287233b5fecc5c6