Malware Analysis Report

2025-04-14 00:26

Sample ID 240603-ktghtahe5y
Target 9130c4d75f9036b16be8979046bf0aaf_JaffaCakes118
SHA256 198c50b0612ed0f48164f6245bc3a36e76c5aadecc58d397677955b22641763e
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

198c50b0612ed0f48164f6245bc3a36e76c5aadecc58d397677955b22641763e

Threat Level: No (potentially) malicious behavior was detected

The file 9130c4d75f9036b16be8979046bf0aaf_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 08:53

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 08:53

Reported

2024-06-03 08:55

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

149s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9130c4d75f9036b16be8979046bf0aaf_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3612 wrote to memory of 3080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 3080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3612 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9130c4d75f9036b16be8979046bf0aaf_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9903a46f8,0x7ff9903a4708,0x7ff9903a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,9501444908015350182,875460277030607153,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,9501444908015350182,875460277030607153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,9501444908015350182,875460277030607153,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9501444908015350182,875460277030607153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9501444908015350182,875460277030607153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9501444908015350182,875460277030607153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9501444908015350182,875460277030607153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9501444908015350182,875460277030607153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9501444908015350182,875460277030607153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9501444908015350182,875460277030607153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,9501444908015350182,875460277030607153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,9501444908015350182,875460277030607153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9501444908015350182,875460277030607153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9501444908015350182,875460277030607153,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9501444908015350182,875460277030607153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9501444908015350182,875460277030607153,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,9501444908015350182,875460277030607153,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5568 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 www.konthaiusa.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:80 www.facebook.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.212.238:443 www.youtube.com udp
GB 157.240.221.35:443 www.facebook.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 246.212.58.216.in-addr.arpa udp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net udp
GB 142.250.187.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 52.111.229.43:443 tcp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
GB 142.250.187.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 612a6c4247ef652299b376221c984213
SHA1 d306f3b16bde39708aa862aee372345feb559750
SHA256 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA512 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

\??\pipe\LOCAL\crashpad_3612_VQDDRTCQTAYKJSXJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56641592f6e69f5f5fb06f2319384490
SHA1 6a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA256 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512 c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bcb5c137c54b70f28db5880d71229208
SHA1 72297b77773555f12f6fc3451afe23329fe64105
SHA256 ad60d6e209b27bab064ae5b51ecd320e054835e524df9dee2bcb2de842fe199c
SHA512 81dc1a2294623d0828e9c27c9b5fc119269ad8fc7d3acd5275bf5f5f03dca63157c8770422d04e6a3c3cb29a646d19cb3f67283e94d5921e18a0612d8c174362

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 0f0c9989cbb18447d2f5d954c20ed99f
SHA1 9ad0fd560c0c478c67cc8f118e363b3a1d1cdb5a
SHA256 a43a9e5bbd2d8a8aed070df3b2c799afe064312d6f248c4a498a67c0f9a02720
SHA512 ad6a2c60d3e5aab48497169e380d0fa50d7a0fd2bfa0a07313d880afaafd2ff2be7521864ab7ec661866b1ee4309467ef2733a24dba7e0facde8d190739d9fa3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 816e759cb3aa613bd03019694e671a76
SHA1 d1c2a9a7000806f0aa73e6daef0aeb172fc566f7
SHA256 759e981faf77e94697339be8d7c914a7dfb09b33f5ad2db39a01d8c10871689f
SHA512 533fb895e714ee2e77aad298b8670fc5147e3f0da881617a87e8aaca23e630aef2dc57e8cf41e1322e477c83afbf510ac0cb27e94a711b7adff7971bf491a36b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 73bba232bb148c0c14c3ae5a46356d98
SHA1 38342369aeac2ea691af46840a47e5db435c25d3
SHA256 dd3b073369f1bcbb4e91f018445fda7497eaddf0d34955ce25055173891989d9
SHA512 72f225a632e43dc58f3c6583c379eacd1a056af7e184d8a8d074da0ce64636dd4fbe74166ef1e8deef88e9fc98960fcd1f531e9eb71571d035bf9412c5a8fa90

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d32d9998d09e15bdc30a22419bd3c6ad
SHA1 b73a644e9f09a32f8344c2cdc2b26cb572bc7e57
SHA256 60760a140c215a48c4ac3afdbb563336503038cff56f35cf2b44dd1d346556a9
SHA512 14ce1e2fdb44c644e1cec9cdd6d2266a359436fd1dc7bd7586f5f2a4ff90204dd3d844981758c5d1d281f7ea523122a5f907480e158446504e9acb67b643cdb5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e40d69df418961ff82c6f7daf9f7b00a
SHA1 2cf9837b771804455c3f142bc72b2ff0a74f9090
SHA256 de37e3a0e2bed86c6f4d2491860f558fcaf573f1867034879f372d5bc1061c14
SHA512 42a51f44e3e7cce5cff601cae76fcecf2a258d091114435f40972060cbcb9bb9dbb87d7034af687af40d95c27a98c3939bb3b4345de5991446077f71478a0090

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 708eb0054c0d8d44689a0e5af479ca6b
SHA1 91ad49a4c21e05b1e8d9593bbba26d4e3e135fc1
SHA256 34b7235ca61283db869464b82c01ef95c178f215cecd063b139ea2d66bd33609
SHA512 7044798b38cd99c6ef0a26aee20ed53b4885d435a929231c2a6203d4239b410b3a7f9ad688dfc0abbe2c56aa8c8c2e7f61f4033c00dea849cbba45ca26526c46

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 08:53

Reported

2024-06-03 08:55

Platform

win7-20240221-en

Max time kernel

137s

Max time network

144s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9130c4d75f9036b16be8979046bf0aaf_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "5711" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8190" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8272" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "200" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3528" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0577b9c93b5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3234" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "200" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3732" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "2760" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3522" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "5711" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3640" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "3732" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423566675" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "14013" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "3528" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000079f2c2283c44d340bf0df3eed16a34d600000000020000000000106600000001000020000000250dc662bd25de6fe80c80e52bbff9b86e1b43e4c9923d7e5b91a3dd8a18973c000000000e8000000002000020000000ef552b6ab8393b46b19356df2fd23faf8f6433172664a76a96fadde3479d977c900000002e6c54245486b4c3b5567b588af3e807b4cc879faf46418e7129f29a9c295dd2b96b6cb04dcfe92a4b5b2835edb231c2ffcdf73159d7931396b0dbb330da8ad65d18ffd558158930a6377ab8f2b21d5decccdbf9e2b156c8c033200d84170dbc42122b52e102d3d9441f68c26974a5584b81194d9885ed018c37685a4734c80a61d1dce76605677997c73de01608c47740000000000793b516b895c407fa96c4d6043040b7fe43bb917d76ffd11b85b008623588433774fe2ff2bca9a21d72b29e546f69db467ab6d4bb800bf190909cd6a8e445 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "3234" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "5237" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "3640" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "5793" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "3640" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "3316" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "2760" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "3732" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "3316" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "17048" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "17048" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "3522" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3316" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "5793" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9130c4d75f9036b16be8979046bf0aaf_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1136 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.konthaiusa.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 fe0.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 2a267c8371f84045236028d9d98b0988
SHA1 689e34bfc1f5b0d068c4ee62baca3e32f2a8e2f8
SHA256 3e6148f5d2f700962e4ca856d369cf61329d27095aab4081997a69c337194f4a
SHA512 7da74e5c2144e31887d70c62f623a0271b33153f0be825828f006ecec9fcb7d1f006249171b2b6746953cec27ce3ef159f980919e2b7ac996ae64d2519938e5c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 8e1435f7c5aec1e088d317ddc8f4bf48
SHA1 1240227a9b320e2315384c61c7cee6651a10b7d3
SHA256 0ce4c93fa050eec821d7f2ff0401494daf18fc191e91acbd534e6ec652d3f596
SHA512 06f30aa67fddbda61e40f672f0d29afa6cb8ce6c23e6421241dde4c6cf94608eca6522d738b664c863670fc627dad2c45efee8111979c2db52fc7deb142aaea8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 2c583dd6d3f522b5bf90e56bb567dd96
SHA1 b32bf080ad1e3be391e4ee825cbb2d9b8baf47bc
SHA256 a1117b5adf63d46fe6e0050fefc8d87ae678518ddc4d0cf1a4117e3d3a57844c
SHA512 1fc9eba0bece2f4730c0fbe49c1aa5c7c3da38d2f3c9a50c4b3079967f51e6827be5b1af3ccbf3868705f4aa62e39408e5db7a1a95612f953b250bcfb02ca918

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fbf8710a3097d3348638909d5288e5f8
SHA1 5aa7a950ed44a1f81ee2a5c690403e9aa1fec834
SHA256 4a514ef6e62f49257afa0abb34d73c33e640e203c87a77a8a6b74ab604e59175
SHA512 aff424f4be60991b27804852565084c117604d9fb570cb9e6926287f9ef685e7a3bec00b0ff3ab8c8ddc317c1c3f2b06b86573d5c78bb1fbf6ce76dff05ce40d

C:\Users\Admin\AppData\Local\Temp\Tar9A82.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_DBD1FAADD656881B5EBDBC1DB3D60301

MD5 9dd79a6f651a37175d67de52b60cbb53
SHA1 0088a4294701ff338b889456cfca02306b5548bd
SHA256 bcda40ba3fb7bab5600937e5be5bb9312091b656982d564e4022a9e9a4088d6f
SHA512 0024cceb17665b8c0bd31632432c1a00d772ec5752c7c3c8e62b2d4c5ff2e7b0e11666c5b14cd45c14055cd3e30b0b583ddb1dfa0b1736767b7e8ba7850be830

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_DBD1FAADD656881B5EBDBC1DB3D60301

MD5 72448cad77f8641e16e44083e8db8fa1
SHA1 9d968f6ae1ad37e1dc54d7f3d889ce64946ce433
SHA256 c584a211992ff3fbba5dbc71729f37946be9d170dd29861c64815880b17a4dad
SHA512 2b1bb175f8a069838d3c165d63cb48e3450bd7c775393ce86713c9669483994f5787c3691c2c40a2f08b50d1cd1278b52dc54f3e5669020b22dbda5779951497

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\www-embed-player[1].js

MD5 d2056f8d081fbfffcab81d61ea45b151
SHA1 710243082f40626f64943ad3b656400f444d7130
SHA256 49fa9b168cc8bbc037cf4498e31c355509e9b438b0d19fcf750b1c5fbd1efcaa
SHA512 530ca2c291c44d3d2b5869b0ae661ac047748a5cab50de280a2c8dbd26b52cdd71a906b3730e8a849debece542eb919462a8407ef2410acf28c57d2b6068cc14

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\base[1].js

MD5 9178a954abcce420219864651c7787b2
SHA1 f874d3e998441ba6439cfd7e89514facde08cff4
SHA256 40cc1692dd4d8e1c8ed29593ee222240494b872b734c0e31da4628014da7346d
SHA512 927bf88499cdd64ce32f3780a0cfa88b14fdfbeac6a237454dcc43ee5d56b04754a40dbcba402519637ba1a3b0f948a597260a74ddb0b316698a41559d8e1cd3

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M0HR0P6\KFOmCnqEu92Fr1Mu4mxM[1].woff

MD5 bafb105baeb22d965c70fe52ba6b49d9
SHA1 934014cc9bbe5883542be756b3146c05844b254f
SHA256 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed
SHA512 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

MD5 de8b7431b74642e830af4d4f4b513ec9
SHA1 f549f1fe8a0b86ef3fbdcb8d508440aff84c385c
SHA256 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a
SHA512 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KJJ2AG2X\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\ad_status[1].js

MD5 1fa71744db23d0f8df9cce6719defcb7
SHA1 e4be9b7136697942a036f97cf26ebaf703ad2067
SHA256 eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
SHA512 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KJJ2AG2X\www.youtube[1].xml

MD5 c7252b9d7237d6a48d2c43dae5e13aed
SHA1 a09dd7f2b9569502982895dc815a8fa56ba6ae56
SHA256 6023e099062a3b78e95bbc5679d7718f90f73f500675e04c2abc814e86026f09
SHA512 cebb12c8dc39b88f85641caaf97b890cc38c94945f421e323ad7fe9792b01b7966f9cf900eb01ffa85a79ac3cce4952f287d02cad17bfea1365394a75b496b6e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KJJ2AG2X\www.youtube[1].xml

MD5 c42625d6fdf558370dbbdb10d0725bf4
SHA1 9e0c8ffb1d7cf1fc597fb45354cce5160c90f671
SHA256 934cd1e785b5d398b23d22a7c12113518fb07d726e4b096e6d79f2e63cbd8d42
SHA512 de3308b90f4261b70a7a8c36249ae43f72d93fc8ed63e70b403e037fa8999ba35627228ce4cf5d427a79635a03b3335b642fb83d4b2b2e4b9c6849a4e2e8ce97

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KJJ2AG2X\www.youtube[1].xml

MD5 ca93c6123b09e4bca4b4ad9fba487106
SHA1 2bd17a5a9a4865da457038bc6e85d41f3fcbc5d9
SHA256 db401103869ef5fbffa8b5afa9ec81b85c459c00b1155c926b0e90ee6b1e2ff0
SHA512 d1c9d33a0a142a32c4733eb3b003fe4b1f78c20f5359b65f9e1b65479af7e407c2e911703a18a77db7eac0d916e383cb148c58314d551f66eefda222c50c7079

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KJJ2AG2X\www.youtube[1].xml

MD5 953711ded31d572f9448bb7115c44c17
SHA1 18f35658efe411ddeaf7804ef4724220233b54c8
SHA256 0b7390674eb3d7171f099dee472e66e6b6d37ed373c3d62a1684eeeb39089a57
SHA512 cd3d77df6e03530ccd5129165d0bc162a0d9552d23b0c7677f795146024d80716e1be985bf959ac7e4f472cb74a41ea106a0f18c534bc5a24144f42f942efd93

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\embed[1].js

MD5 322e970509e24ab233b6c326a9339623
SHA1 10e2ea809ae638d5f32385d05c569922ab19bc17
SHA256 99cbd012a57f19a3fc1b412866ba13d6b9de2a5bb22449dcbf14ec0a88937000
SHA512 8f8bdc9418feed04e6fc7415e9e57f0934a6b136b1a763e0e39f67efa47e004a8c3385105a1c1dd9fa48ada83ac5a2a93940f20a99d6d16722ae903c93d9817c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KJJ2AG2X\www.youtube[1].xml

MD5 46109e9d4554306fd228bfe828d14e12
SHA1 ce2be29ab667aa1790f6d7be548eeb825b7ca6ea
SHA256 7992bd3ae808a4b0baaead5c890f2c57c00ee43c8a279e8b34e4e55bfaec0290
SHA512 89298945e6da247947fbc1ea6c3bf057c72241639591e584a901bbe9bd594b3eab57c157c3206216c571c3f4f440899cbfd8346e2c6ade6fd3a79e710e62cbd2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KJJ2AG2X\www.youtube[1].xml

MD5 1a2da2f89f24d7086d9b69da0e509398
SHA1 a3da7261c8664961f160c6f4a44addfa11c3994f
SHA256 a3fc3a34b47df0e0d8452b0a7ee624b25c3da8ab058ca31054d725750c5f9e22
SHA512 e9320cb6e461c58f995fae8039f1a1ec24b00c752b09d68dd6cf05149c29753f44cf634fd7a02263afdc9cc7d23fb5780ebda14011d2f618a91c2398efd4acc9

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KJJ2AG2X\www.youtube[1].xml

MD5 3334e479d5b5abec5a1f90dc677f45ad
SHA1 b40dde40525b3b4c38f919452b0aa48abb917857
SHA256 c13a11373f534dfd54d05d16c2974e38ee6a0e01d6f3a7fe2395f1e84bae40f2
SHA512 be3d012ed50fe6af711fff988b87e0672582670ae9fd0dbaf2e139c866e456ae92f3342789769268220636918cea7b5f319c1f26577460db7a064c056eae1954

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KJJ2AG2X\www.youtube[1].xml

MD5 9817924689e7cf5d2ad4a2a8845611f8
SHA1 d7945a56273738a73a5ce770f60447a89b70c5e2
SHA256 1e50dd8da9e801bda88ae079ae3e2acb0674bef1fd02b8de5e98fdce1ccd9744
SHA512 98b6f871b49a17afe5d809e387eb150d9f8b4bce024ff9640ca6e6b8280da4411755adba8a2e4b6f44947f8dd4e873376961966276a5a75002e877ed1f420f99

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KJJ2AG2X\www.youtube[1].xml

MD5 883ceba1d21f8832ece76081cd887f70
SHA1 3ba21aa0e6f9423e91fb7590a2ec8898debeee42
SHA256 4c661a8bba45f81ada4333f66f0188505bc8d4a85f7b9b9b66e27480281712b5
SHA512 ca08eedf2f9d160e724df6ee60dccd7800e47421add6303d7f3f427dad4791f6d0ee1cd5bd688ae589fdbb243477279f1682d49db38f30f4cb0c8d23eff77876

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KJJ2AG2X\www.youtube[1].xml

MD5 2a15503a7375a0c3eec2bcbb4dbb2d0d
SHA1 50601ba4fae4ff261f0ed60bbf5c43c4194b914b
SHA256 b92d630004a07b0ddc0d12880a5acfd322769a48920acf3484db371737f2b6e4
SHA512 ef4d847b8c3f6fe28f0172c0cd6b0ac53fc58a50570a8f2909deb3450cf36da9dace79ed07f0703d8c5648ddb3918809cf5f86667b6bd26d87bbd85af6e082e3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KJJ2AG2X\www.youtube[1].xml

MD5 63381ce9437557a514120419cceeeba7
SHA1 8f49cf2fa3f4de06a04bc8f3b4099a2ac19a4d4a
SHA256 7796b4322603d814b3c4398cc4bd6412ec35a180c9845aa0ff62127790125488
SHA512 a32a79835c3b34ee6c375158482748f43d4400040b80858b926cb4ce3578a1ddd2bdc647df0d309550f478581c5a6d98a19367c1ce1fe5932efdf682882ed78a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KJJ2AG2X\www.youtube[1].xml

MD5 a6e6772635ba90aae73de6e11dc105b0
SHA1 674f25c278a51705fa80e304e2d79fda3f323f35
SHA256 a8bee533ab12045e02e119969815a60012e9dea281ade471fcf17f2673cd1a85
SHA512 4c9511ad6822fd3dba69f486a51cb6c5e8023d0ddfd3997378a68962cf3b905966cbae522de5571091f2a13e9bd52d902c953413973927d74cec2f41cf99cf99

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KJJ2AG2X\www.youtube[1].xml

MD5 4dc7597c0fa684f7cb8a51099b4bfdde
SHA1 f6b0e5afc5ca97e8bb9ba9bd26983a03471b38cc
SHA256 de27b98b5acdd8d8d68feed9772ad1feb10d4187a76b587203da96d3a23ba301
SHA512 3c6c444ee3e74b4b4db759cc4e5d45dd5cf48537997722c88770a8827e77bc001a7232cfd0d1b88b9b4748a1fab5a472203074f8c7e0d3d2c78dceb22f903005

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KJJ2AG2X\www.youtube[1].xml

MD5 5eefa1e87c9c857f757d27df7fafac91
SHA1 14704af601ec3db825aa890e3d1533be1392171c
SHA256 389700583d6e19359a06bc4eb9c923e815e78f812f47f9a713c4087a659a4a04
SHA512 ea59aa00b80108a45ecb421c133bd962b9a80257ddc45721a5aeb5c0c9a06a8721e4083eb0d17f381f5ec5d095fbf2613b3e9aded329d23bf342b7cc1ec64842

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KJJ2AG2X\www.youtube[1].xml

MD5 78cb61aaa60c56940a587dfd280b3f2e
SHA1 4c1070c7028b745f2997ea2e4faf346b60cc68f5
SHA256 4832900bc7958dd12fca42f9778c7a791e2913bfa923c14c3ba436e43a0159be
SHA512 ebdfd42634ee9c701b43dae7fcfbbf3e4559e6e608c9c64e35ca0ba29a5d08e73d66af7ade8e16f58557b1af4264b5effb51060c86c0ba2eaa16c43a54158f33

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KJJ2AG2X\www.youtube[1].xml

MD5 8a0129025e9360587bc91f451b8a7d8a
SHA1 a36022e35effd1168e2642a949764f014ed8f9f7
SHA256 21cfbb9ef0448c21165db455c75ef11bfbb19bfe150cfdb1480c2e7bc9a65af5
SHA512 ae5bcfe0e1492287a107ae4990a00fde4e182e23b6131d7f26dff41c656692e85287cd4348e81d3f0996a8eaad6f252cdad1fc0152a3c159e81842d567695e3b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 15486a826d829267b240643b967e17dc
SHA1 6a066b64882df1152295a9df0a5c0465098b6fd1
SHA256 54d59db1c47d3487489e9b77ce3ad3242705948e24c91a17aa27c8f6eeeba1e2
SHA512 9fde64d2b602c3068e65d3c3fe43c94acb33be7cb5b0fe9cf9f807d63ca1525b9fcbd83c6a28657dbe5f7d779f1fa788bef3dec977b8b18d441e2108a1aaf3d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c0b8a1e1c3df107cd7dacdd644bc47f0
SHA1 587fa930f7273bb23e224459374da57f764d4711
SHA256 4f398159851817ce79dad5a532bf0ab2e33b008b1defde1b7a65b8468ace6029
SHA512 e09ca22809f9842490fc1767b3b0c715b96d13fe68c53d4a88af0d7ab6eed77b242b4740492cf7b12f3d51c32ef4caa76b7d04b25d18cff273eed3f8b8964a32

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e0ca63a9be99cd3285196f98f6f13389
SHA1 74025733f3c153addfbb2718003d1a63e6371c87
SHA256 1dec4d1868499f0205fabccb13a38fa9f37cc1b0fd0a9b12135af2d57791f0ba
SHA512 5d003a1dc2158c03f642d868809b5c37c0a5ac6343800ba801beaa63fef7f6607c4e11f5d885dc141bcc776e13946412a163026601ec6ef3923638db0be0b689

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bde28eb3c8b92bae1f18189a5ac9803e
SHA1 2c5ea4537753230f7314bd28fad1605164d9776a
SHA256 33cc2ff1ccb9b2e11fb9660d8cea59d3012e0ad9b4dfab77330e5ad2e943b538
SHA512 7e56509b9d95820719a878c6bd888665fe5345510ba02545a8ec4d6180d629d8e2a81d8a05f3c74cca7e4d4f265802e99ec9c7018e02c7f636dbe97b61eefb9f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c3628d0fa325b0b1d87409c9837dabed
SHA1 6d5f1fdf3eb718a7d89caf4f223b0ecf763d0bb8
SHA256 9326a7a8f6c159fb13fa81734ffaa20874809176723bdcef8a68baaedde726a7
SHA512 ec4c2e7138f355a486d2176790b55997e5f8b696bafe1586b577541c42a89092d0a9857806e8d30da0fbff48d5178168dbfbac9a6f6d31df33dc4c04591f4208

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f91ede05ddcbd4e39dff414806e67d5b
SHA1 1db7c57e639ce6e6b20f975b4902bf7b0bdd3d19
SHA256 5bd8a7ce453ea693cf451e558809f1b82400c64ec21883d071fcc79f1e67f30c
SHA512 472af62e5fb4be25c786abaf20208ac4c20717f8a1d814905e0c6ab03894b568d9d31f7f56875e53e42f93607cec3189c52a81c96ff5fcdd8fd14cbd27a98a25

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a0df55f361410d7a3b9995b16217405
SHA1 af70fd050a7fdeb03d5c29c486dd24a9baae792d
SHA256 329eaf8d39514db6fca1926cc4caf988c8b68f92115a53beeb22fb7a43012272
SHA512 a404ab498b918db8086342a345153973807344653a5c76357f7637dc382c1c302554500577c2de89b450727a69991b439e56789317a4e6ceb2b14061313c963a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KJJ2AG2X\www.youtube[1].xml

MD5 746829dee208890b148047a6755e8945
SHA1 bf525bf3bd8881b6d3e16d75f94726456d2a5120
SHA256 df3424fa51a78c3101c18e663052bdbfb56a012d02ace3b11ed75a8d2d6140b5
SHA512 b35db6e92cc298ba33099186fe657f7a6037cd41f8375e7f241316821b01ea354ed9bc9b1a40f97e588e7aabe71d618a3563f833754449b0687260877b7ec3b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 29d7b7e86a05756ec8527ff51a6b90b6
SHA1 eb8878562ab97d5d41d92b324d74e41ffd731181
SHA256 47423fe87729a9f3a7f3685f37fa6f73a1150e9976bdb33624c59f8cd5c6507b
SHA512 39a6f6b6b600a36b54a2b6be0aa094e32e7bfa34eede67ebad8b8460efc11ad7e8a33fffbc280916ff6bf14d4145847104b71030b43e9b7afff267c02b57a123

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KJJ2AG2X\www.youtube[1].xml

MD5 f286d1e3a6a8af5d6c796681e7915582
SHA1 a4ee6a5c9b7651b099e2887a78a0c183adbc4cc4
SHA256 99fd67edd7d9154dd52f14e0394f7a316be2bdfe91dd1845006c1a8565d5a813
SHA512 7a1950eba1f7812010540900725c6cdcc567e2eb6731ad80291910913ca812a56bf8b3d2168210f986c6a8fe38845ce769cafddae197b12d96bc66b2e9963e62

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KJJ2AG2X\www.youtube[1].xml

MD5 8e236dcb7b3d4204fc2d96ddea2fe82a
SHA1 25f08fbbf798a663014570b19c2dcfc8b01c4298
SHA256 d57852f067e560779a287b9dc94f55d39cb8e836e384ac280c6a29909cd23035
SHA512 63db2e9454c5c6704458652f0bc95fd7da6c0520a44b0122293e230654ab17191b0aad06e2a8a56a755d1797e754de0cb1b519d9a32f576b122e00f11e28180d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 947acc402d4316125d4c6176024479ef
SHA1 b8a6402fa2e04bd3dfe1939b55a71c6c1151e0b7
SHA256 db8e040daa9aa10ca432929b578b4085016f770766f2625967a1ed682f30394c
SHA512 a79be26df99cf29c826a11065e1eddabd25a1145dbca12d0f14152791cc6912f4dc4ad35a13344185c49e382f6e6efac0cc5336f9cdc579c84a19e0b5006d7f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7682886db6b6407bd450c9ed2fba3f16
SHA1 09ee1e6e8dd1c6be9402972c86a223776676f973
SHA256 3317394241adf78f196f0ab649cb68ffef045dea665e60502451c2eaee0884eb
SHA512 4919f7784617cc4757131b6251da910caefe9ffb1be342b83d04bfd748efd6f6b1c5a3997dfac1535e32f30523550ef9b9f08c2696e8dece11512c36b0afa0d0

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KJJ2AG2X\www.youtube[1].xml

MD5 b1800ca71a9d4ba46f8db4496dc2b1f4
SHA1 897aa91171a37134132a0381e2ba5a80bd5c0df1
SHA256 ea9c4ec1f187fdcecf31024673ba608fb4739f893439bd53f353b6cdb1a12cde
SHA512 3a8326d9792717e47236b21309e2e83dc8c973e799c3fb8107ddd1d602d3dbc8df7c501cb420ad12a2debf7849877513464f91ff4e60bfb8d8664a422e985477

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc8347fe3f920d513ed5d98c8528c2f7
SHA1 fce93e0736c49b89202d6fa2df7e73d4d4ccf602
SHA256 c14e990f29f3b0f5fe53d0047b182ad41e785c4f39d96b88d995586b2d110756
SHA512 c2c6d42b47a168f6d2cf1477c33f0800b6953c2f136ac0a971876b8a763f071377582228074f53a5f46ddd115677b291a3ab5349b628e6c8328a6a5a833d6b2b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e9a709aafb5377cbd60f5e2f239dfd1
SHA1 bd99ab1c8d9d8c87a4726d4ab055aca1e295f2fe
SHA256 892be249024b04884db8e22f86dec5f23ace248ccdc3bc2cd49da2788d325f66
SHA512 0d6f8be594aa0bc1a84e5934b0fdac7eb0bfeb26dea59464f41457c0c4cf29f5ebbaac02e41bc39149d0b38178ead1e773dab254209441027367c63c15ff6913

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 954d896ae49266efa237d506caa77f72
SHA1 469600597ca718db93124775daec2154f09cffc7
SHA256 e2abca9c6661997ce4998a0bf0fde20571b8ef3e62c8424f2da55f78c3670032
SHA512 7481d4ee9898a025c095def5034a37e9ba9f06791e1b83ea8db978e6020b4a08ab0f4428c2a1a893396eb26c45221dd1bfae10402fa1eaf7bf1d26dd9b854fde

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aa4d37125d2d5cdf00a7d5258a29a2dc
SHA1 586adf7ee2d34fb3e3b2023fb258b611a4747bc5
SHA256 4512b9a31680a5d1878f745aa062acf72421088f70245d7689eb7173028edc7d
SHA512 685d57906ab549536471e82e824602a22e683f312af58f0945ec05e02e6d95da5f06e78ad4783c96751ad9bda5f2e8d8e60be9b664119404fc3aad501ccfa9b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db7f64d84f8c4c4f066b202c22652120
SHA1 224d51491a38fd40f041b712a0cc07e3f6060702
SHA256 b338d3024eb04e09729df6e85c7c560daeaed7acfbe98f14d6ee61b4409bba8c
SHA512 36114c05173864238a87b97f64d7ecb49bccb6555164fc5c53b4565ade9559fe7f50e631618abfd85b594f96a746c4f221c65f9ecdd050aee426ce44547e41d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 60446f8cb8cf23c16524bebad04b304d
SHA1 18f10839fb705a9abecc84e9311ec0475d50ff65
SHA256 d47740856d2bc3236c14f6aaaeea0c285ff29169dc947e3fc3a1ce76cf7c221c
SHA512 774a612aa334de8822af33a7bd267d1808bbf4d06f38bae254781b56fdbcdf9866a598222f4009777162a9b38910c32b7c2d5b19c771cc6860ec0f5f0be0d2c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ccb8b884f182b1a7ef8dca926893fcc
SHA1 d6c37320a86019706334fbd75b22b3d725a85674
SHA256 252196ebf1ce83720a934ac2dc0970eec0b94178344dabc4d0810c3a407e46fc
SHA512 348f8744d9e2158eaccb50ab32bfbc24ded3675046409df60e2e0789a12bf0413652f39080df55574b2075912d68b07e51270b89e3ad8abe7d59348cbc89243e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb49aec6fc2f16b860491eeee86984f4
SHA1 ddac5f17c4d2253d5968b7c721b8b14d5c0115c0
SHA256 f56777f70383f965b30e425d72fa22ebf906f83c930078394475b83e082b15a3
SHA512 d47acdf8972b1dd23a9cf1940c089248f15b83fb3632e4cefbb8fb252883d44e75d5e7b244d317988a9c829cad03ed750cf1e8368f2256c31aebd9d607112b7e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ef77dda0206a635caabd1e98b3dcc30b
SHA1 1deaa84abf1ef81bc74fffc9e1e03c19dfb0628a
SHA256 418674eb8141381e03035fed52de964ec1bc095ef6d6a7ed20be96f7fad294d9
SHA512 5befa24e47d52a9443d8dcfd99077b25b90df5c0ffadcb19b5ebbb8a4417bdb95154c436dd895065f41360cf53103d9a963f739296748b7a0f1cd810561884c8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 5080fdcef513d4fc18502c2b863f8a78
SHA1 be398fe0ba7ae3d6994d184e456676f3dc493e61
SHA256 27458f92a7aa76763158ee39ec91681c8627ccfeb49ee0cc662e18f850126ad0
SHA512 dfac833298e64900585d21756cb590a882fa0a08d4de57839a2626b27056440c49c19eccc6dfff3ca89e960cf858e395654e7f041bfbe2f921340947ce5774a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25404cb4d3ce93529770e9bb727530d5
SHA1 b6393693c5de8cd489ee8db566e38f0c99168db6
SHA256 42459137463b2291dfc12f805c73cbf5fe9d2aa7a6fa7405458ce38123da0a3e
SHA512 66f393ffe4f7b7c893118ccf040a3ae73cd41267de6db15f98b822d42526cde9d342f36dd39db0903f1223f51f97d8332cc267304644f908100c473c7aea7c84

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f1c891b7a26a17f07bcacc2a7981901
SHA1 1a9a5f9f6f50d1f72702ff3df28e23adeec4184f
SHA256 f116f0067154e6d3d773986e06b69fb2352bc43a8828c974e3cd43aee143707c
SHA512 ef99766f58904964d9ae59e0c8908383318a7be6b988a2486078edc299ef8ec0e7d321782bfb10f3240136a02bfda1a14939196c01b238c26bdb9c52dd2c83ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d9a3061e5538bf128771ebe4f4e6b4bf
SHA1 22fc9ffa20e9b72dce2992cc6553792433ce2fab
SHA256 fa1828470e2ea6f30551e6a94471223172f268cb2595b1604e1833b0c7cc45e2
SHA512 a6151630ff7f92ed276d1d91854f3c3aa7a1b1a1fd03afc108e98a3f11eaccbf04d502489d8a5a5bf037c9b6966eb1eb04a9868f79e5d355067a6648f636d2be