Malware Analysis Report

2025-01-17 21:37

Sample ID 240603-qb7vyafd5z
Target 91e3ad55db8f7ac8dccc0039b8bc5283_JaffaCakes118
SHA256 4884b0a38b9cdb44f4ea4a371b0d826c61582a021e3b4a2913aae3ffdbf8e626
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

4884b0a38b9cdb44f4ea4a371b0d826c61582a021e3b4a2913aae3ffdbf8e626

Threat Level: No (potentially) malicious behavior was detected

The file 91e3ad55db8f7ac8dccc0039b8bc5283_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 13:06

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 13:06

Reported

2024-06-03 13:08

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

140s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91e3ad55db8f7ac8dccc0039b8bc5283_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4876 wrote to memory of 1104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 1104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 1000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 1000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91e3ad55db8f7ac8dccc0039b8bc5283_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd711f46f8,0x7ffd711f4708,0x7ffd711f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,8673810175032829099,9265573251514776862,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,8673810175032829099,9265573251514776862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,8673810175032829099,9265573251514776862,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,8673810175032829099,9265573251514776862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,8673810175032829099,9265573251514776862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,8673810175032829099,9265573251514776862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,8673810175032829099,9265573251514776862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,8673810175032829099,9265573251514776862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,8673810175032829099,9265573251514776862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,8673810175032829099,9265573251514776862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,8673810175032829099,9265573251514776862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,8673810175032829099,9265573251514776862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,8673810175032829099,9265573251514776862,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,8673810175032829099,9265573251514776862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,8673810175032829099,9265573251514776862,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,8673810175032829099,9265573251514776862,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2672 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 konthaiusa.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.konthaiusa.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.179.238:80 www.youtube.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.200.22:443 i.ytimg.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 22.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.187.226:443 googleads.g.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.169.10:443 jnn-pa.googleapis.com tcp
GB 172.217.169.10:443 jnn-pa.googleapis.com tcp
GB 172.217.169.10:443 jnn-pa.googleapis.com tcp
GB 172.217.169.10:443 jnn-pa.googleapis.com tcp
GB 172.217.169.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 172.217.169.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 233.143.123.92.in-addr.arpa udp
GB 142.250.187.226:443 googleads.g.doubleclick.net udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 612a6c4247ef652299b376221c984213
SHA1 d306f3b16bde39708aa862aee372345feb559750
SHA256 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA512 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

\??\pipe\LOCAL\crashpad_4876_BELNRBCZBDNAHZEI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56641592f6e69f5f5fb06f2319384490
SHA1 6a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA256 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512 c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 24f32eddacbf24fe58c1670d879819bf
SHA1 ea7bb6c3181806f7f0a830e5518f1ba9fd38bf74
SHA256 090caaeed69ce983b3d45264e045e601f22bf2ae2cda1f6aaa16caaf2d24cd14
SHA512 ba0e85f2ea7ea9b1c38061f7afe92e23e2c7f366e122d99fe41d3ad2d8a29db98a0bb2c94cf3a049f8b1fb3b9be45e0757e74418be486612c3701a588517417e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 0f0c9989cbb18447d2f5d954c20ed99f
SHA1 9ad0fd560c0c478c67cc8f118e363b3a1d1cdb5a
SHA256 a43a9e5bbd2d8a8aed070df3b2c799afe064312d6f248c4a498a67c0f9a02720
SHA512 ad6a2c60d3e5aab48497169e380d0fa50d7a0fd2bfa0a07313d880afaafd2ff2be7521864ab7ec661866b1ee4309467ef2733a24dba7e0facde8d190739d9fa3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 318d6b9c8ec8e8110f973989d4d01521
SHA1 0f985eebc9ce5dde10e36307eb0ac52e5ac71596
SHA256 e430c83555fea2c82c458c0095070c4e9992c407fcdf2171201d4e003e775d3f
SHA512 efa17d497a8d2a1bac788b0ab79bea172bd2d10803fca5d5339955181504094574c3e7a0e760196d9b52f9257754963056fbd8065fcd6e2b6e94d7533c0b6c5e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7377b1230c6b687dbddcd8e99bf95d60
SHA1 0c8f410035fb30ce053aef389fc38fbbc1c6ffa5
SHA256 ac373c050a7f398aa212df58322475209f0f083e8b4e009f192ada09b99e4e4e
SHA512 44d79770497e754beb55444b831ef75ffd6f01fa2f4555a53e2e46fd1d39fb3e5e5966d7bbeb855f678de24ecc4fa97dd341e6ae5f4f60fd0d9298cc7aa981b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d933f15109b855d3035bab9e47b186f0
SHA1 a1e98d410cded859f9a3086f4f43195748f63c37
SHA256 e6f17e7391227a4e7132516b260150d8b03bcd06e10de8bf454230146b19b593
SHA512 e0d3fa8464d4462bae4e703e6f21ffb4409d2dd508f2c26afbdcc1ceb51747050132e855cd9b7eb277b66e2451da35701068f168df3d16d843e1922bb1585e73

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 73b1c7be8d5a961733f88d9d27ca9334
SHA1 95ce092ae242e3e077ca35dcc377d0e0415e6362
SHA256 7c566635de950a17561829f0e67b983d0f462086700e07d6c7e9c42429ff617c
SHA512 79a328294893f065f110d4c8e5aede547b20576c100a9bd78fdc071c742b87b09b71e8a23ef9b06612c9b8df03d81611d9410fcc8769b08c43a991301c5f915e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b9253f1f6f307cd4052b297980e8e71d
SHA1 1b1f6defcd8d341e3fdc75eeb2a0ea1708762919
SHA256 e1216a31256ec0e0d36490b4e47f6dd900ce9cd92fb1fcd0567ab77cf16a3cad
SHA512 c277201fcc43de2a7a3fe443a154b43e78302efd6174067ac10a6b9ea80fa693e92c46d5a8c2de95bf59b7eb0d4f4432fa518400da53adb6666c3cb6a59a0cdb

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 13:06

Reported

2024-06-03 13:08

Platform

win7-20240508-en

Max time kernel

136s

Max time network

134s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91e3ad55db8f7ac8dccc0039b8bc5283_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "3872" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "325" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "16412" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "325" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "3872" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10281" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "331" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "331" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "7406" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "7406" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10199" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "233" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "16412" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9497" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "7324" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 208f3f0eb7b5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "233" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "233" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "3954" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3872" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "9497" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000bb2cb2cf90ef2f0cd790b5185d45a217ce0ae90c4c1e6cb151f96c3648400ab2000000000e8000000002000020000000f338dcbf7fe3ace82fed24073d0cecddaf2f7b866bb61b312c1252b2f1790c3e90000000e02b00f440379426aee797ce9193668ebc236059d0d6ada5bcec3429bf57b0af1148637621ed090505144a0bacbc6874e3e7150ea22b0c538f1d1a8592002521cf836427ad6382f85376cf66e512a3aa5c5d6ba7af6eb708fa160a0653352911b62a8f2c12ec3469779d23f12ccc28868a38c1e6db7e3c79f44a40b64a78a8f78878b4b4d1f82256abced8b7f55edca1400000008cff0e21556eef9de5cb510d08ae4f29ff5183b802f7b0f73826007e6223d007b785dcbb1fa6a95e7b49e6c3f29b45746befc0a7463470b2437e5df330b2f287 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "12960" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423581852" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10281" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "19783" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "12960" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10199" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "7324" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "12960" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "7324" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91e3ad55db8f7ac8dccc0039b8bc5283_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1760 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.konthaiusa.com udp
US 8.8.8.8:53 konthaiusa.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:80 www.youtube.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.200.22:443 i.ytimg.com tcp
GB 142.250.200.22:443 i.ytimg.com tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 fe0.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 fd364fe4bb8ba0130e0768b60b49fafb
SHA1 4cd1d0be5c2a8b9f0017a623503d69a912730f9f
SHA256 5348c9ca54603ec2f55e4fb30eba1f13ebd9420d038f543138da52134578e9e1
SHA512 73d11631fc9016b24e4408478fb34fa0bab3ba7b7eec0b9c4379296e5c8068d1d84cc8d2063fdc2e656762230ae1b0e32078c70c03bddc9ffe44159a164b6ae2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 13ed5e0369cedc64c8437eb9a493a981
SHA1 880053c91809fef7b2a3d688143f554d5a05c0bd
SHA256 3560614f2f62c19498d2ad6c3b9fa8f232883167479de05e924a5a3ab19a8454
SHA512 18b3c940a3b722b58c476af4141ab987ed9f7557c1e52f3f20548b2c209abd67c943761d22e20ed59c36d69f8cd911285aff7efdf2d20f51c35cad62932aefa0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 7fd81eb19a233f7a18791efbdbfb44b4
SHA1 9cc39acae103daf08a00a89cb5ffea07f01e0e4a
SHA256 9382b304f45a2aad0de96781c4ff9916b4eb61cc43d234c5c776cae9c4446430
SHA512 7155222c5c0b0c7b2158ad492d43c0aa41c8a137f22e6234679dbe3e938ca7ab2ee7808160cfe0afb43bf8c35658928559d888d7c1d3bf1266aa97256f134445

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_DBD1FAADD656881B5EBDBC1DB3D60301

MD5 10297340a6fdf3b94c75a0a3c999ea38
SHA1 bdb2a4cfbf72fb5c4226384f7607a3c915622e8d
SHA256 a05a5be2a343ea192b29857d8280590df0f85c2c6e880564b95d228178fa15e2
SHA512 c0605edebb6dc58f49fd85ce5ba67b41a31c61ec1bf7e8fbe7ba85ba2424eb4ae461318e1b34f61d03375d2b06e10a703d1515d9f47bd7a779ff3acaeb30d279

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_DBD1FAADD656881B5EBDBC1DB3D60301

MD5 d56e8a9958811e5d78e98e6667fe9d95
SHA1 8029dfc8298249261fafc49d0849e17030d4e4a0
SHA256 530de98cd37b6d5c78973086e0ebea5519fe8426659cc8a0a09022cd47ece718
SHA512 c5ce434c7ec865ac73079565eab541e58842b0671c86dd4cbaa1fb223884ee7557f808baf984706bbd0d75cf3dc41f97dc5aec32a45091a2f172657d2ebfa24c

C:\Users\Admin\AppData\Local\Temp\Tar19D.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVDR4C1U\www-embed-player[1].js

MD5 d2056f8d081fbfffcab81d61ea45b151
SHA1 710243082f40626f64943ad3b656400f444d7130
SHA256 49fa9b168cc8bbc037cf4498e31c355509e9b438b0d19fcf750b1c5fbd1efcaa
SHA512 530ca2c291c44d3d2b5869b0ae661ac047748a5cab50de280a2c8dbd26b52cdd71a906b3730e8a849debece542eb919462a8407ef2410acf28c57d2b6068cc14

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVDR4C1U\base[1].js

MD5 9178a954abcce420219864651c7787b2
SHA1 f874d3e998441ba6439cfd7e89514facde08cff4
SHA256 40cc1692dd4d8e1c8ed29593ee222240494b872b734c0e31da4628014da7346d
SHA512 927bf88499cdd64ce32f3780a0cfa88b14fdfbeac6a237454dcc43ee5d56b04754a40dbcba402519637ba1a3b0f948a597260a74ddb0b316698a41559d8e1cd3

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVDR4C1U\KFOmCnqEu92Fr1Mu4mxM[1].woff

MD5 bafb105baeb22d965c70fe52ba6b49d9
SHA1 934014cc9bbe5883542be756b3146c05844b254f
SHA256 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed
SHA512 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVDR4C1U\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

MD5 de8b7431b74642e830af4d4f4b513ec9
SHA1 f549f1fe8a0b86ef3fbdcb8d508440aff84c385c
SHA256 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a
SHA512 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZYW2OM7K\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_434205A76CE72E9356C6165EEA1227C2

MD5 9f2818b6934693c6f8b336938c1b83f7
SHA1 83aba9f7c80313992553f1c40188e09a404ae943
SHA256 1bd3a70b593d33b1bdc4af80560509778580aed3c3a6a81c0085a7e6c41bc37c
SHA512 75651c264caf478f23f6a3abf8989e38de20ed2469cdf03cba38ac92d7e4b4c45e5fe24db57245a7fdfc2f9f61320ee72fdcab498ec614338728c51847516366

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZYW2OM7K\www.youtube[1].xml

MD5 d87a0e76f4e052a290e4485d5488706a
SHA1 9c4db683b6af6de794d3ccea1251483584529672
SHA256 67b73f1104f30a68ebefb9d06f48e4dca84ce75da234d2ae7576cf9a93cf80e6
SHA512 4af6126ba9570e5e6af4b0e3e77c8c52f2d00eb8089d768a965469f5a7e2aad6715d40d6bce66fb8ff2fc182c632357e2a1fc3d3284ddee01690ed74fa5bcbdb

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZYW2OM7K\www.youtube[1].xml

MD5 788c33fcabd021575d1d29be493dbada
SHA1 c6e9c11dd212367c709ee0a2d44fdb9276863ede
SHA256 74b7470147248876a411ede9d9c8d290771624479fb3b33cf04702cdeda09ac1
SHA512 f2eed1c56cdf8d3e5e2a1f6109d83e593d8887fb6ed4cdab7a3ecd91aefbefdedfaf20c2c5666c72ebf18055c6808e02bb0755e4c7a4002e471bc79116c186cd

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZYW2OM7K\www.youtube[1].xml

MD5 4a2ac94133297f2ba36161c50e435c82
SHA1 4c2bf22622bb4e798384ac5acee5bef8832cb610
SHA256 84bbd746339512ba8a67941707f01e4bc52dc3537a3268cff789fa4cfa49d3f5
SHA512 03cdef6d5e3b9892618d7031731c83734b2c67ced5456d5c4cccdb90777dff8a965209ed4cac1d009703541842463ddf281a246483f2712b9ea8a71d341117ff

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZYW2OM7K\www.youtube[1].xml

MD5 eb15c3893f68fa6061b844a184842b7c
SHA1 03b5fcf9b09353fe8faeb8ece87dda58cf2e493c
SHA256 c3f56da8f58dcb5030bb6fa739c331522679355f647147f3cc3c487c658248b9
SHA512 07bdc5e872431187aec65296bd3a6239dbd4f00d4f2c0bcf74feffdccbf26fea4565a4a77864672ae46576f4953926b8d819225efbbad52c50b51adb9bd8a656

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2XHJXO3H\embed[1].js

MD5 322e970509e24ab233b6c326a9339623
SHA1 10e2ea809ae638d5f32385d05c569922ab19bc17
SHA256 99cbd012a57f19a3fc1b412866ba13d6b9de2a5bb22449dcbf14ec0a88937000
SHA512 8f8bdc9418feed04e6fc7415e9e57f0934a6b136b1a763e0e39f67efa47e004a8c3385105a1c1dd9fa48ada83ac5a2a93940f20a99d6d16722ae903c93d9817c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IW68H88T\ad_status[1].js

MD5 1fa71744db23d0f8df9cce6719defcb7
SHA1 e4be9b7136697942a036f97cf26ebaf703ad2067
SHA256 eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
SHA512 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZYW2OM7K\www.youtube[1].xml

MD5 e841ebba2c071ce142661766a0a6a6b9
SHA1 b22c08fe0c0cf3f4755ada6c768916d1c72b3d84
SHA256 c3fdce7702f2aba5923e0791cda6b7c895338838ccd53051e4d03a0e8fa0247f
SHA512 e7f526400b2b8939a990ade74fd997fc0eb1c3b99fd7a5eefb85bf6608a4b96a84edbd83652e1babcf35c0f9539038266ba4e2980c557aeb90899d7b0bf4fffb

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZYW2OM7K\www.youtube[1].xml

MD5 a28f2ae89696170ca7d71bb9cfb5f1eb
SHA1 2f87a381e4519bcdc7edf0936a4f3086216ba54f
SHA256 8ef04fff29899e2ec00bf8a15e2cb3dcac657223e33309adbc7f7292efa5dbb2
SHA512 0f34cf1fc1e61c6df3d6bc2a3f6aef0e4939b880c2115ebad3fb7f54c2f2b5c551cb688b5486134087d6eaa349ec5668fef2b6dba7dacd621c8253d93185787b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZYW2OM7K\www.youtube[1].xml

MD5 d480c6cef68926b7339577ccd0f57531
SHA1 de4e97f160356a5155728e59c344ae5db46bbe12
SHA256 b45dd0b6b46428f9e63460183012374bab945e64dabdff6c7353d095528158c4
SHA512 b8848cc2b4fb277ee3dc68d44646357475800f159e0ad0426c8afe873bf636da9a7e25b81d2e095bdafb3aaf2632c86490de6bc751aca7a248cef4ddb630cb23

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZYW2OM7K\www.youtube[1].xml

MD5 6d83f55d3de5fe7f2a784b54739c1b46
SHA1 2302a6e0545494e12a18a3f09cba3085d533def9
SHA256 b8b26bb65215955e4a42788351a1b2f5e2228ed69470862d86ac963bea20217c
SHA512 77cde20f33db515fdcb25ce7fca93017fa27b0bd32d9441762aa330559a632230848f97467c596b9adb1932055c0ed7ec34142d0af3a8db894d60e97ac7a8517

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZYW2OM7K\www.youtube[1].xml

MD5 08eb86dff3b9f953c790472a5a0b78a2
SHA1 f4bb833c6e251c9019a19cae48bfe48b478750ee
SHA256 07491fb3617f7c888ed2ff7fe29235d6c561116213af783c3c5d7c79e03e7b8c
SHA512 59dda14ded872b52d1f1f032179c9cbabecd38662d00fdfd088ddc4300378f05a062715a324786e883784a9361a42106d8899ded353486be31852a8f36dc8387

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZYW2OM7K\www.youtube[1].xml

MD5 8665fa1f7fde42264d6b4ead9044ec13
SHA1 1ec5c2f4a586b36c99b301e74513dd5677f40e9f
SHA256 cad0bda16e2a5cff29a0310d8bbab2ec2063164e3340a98fcbdae81861c3ae43
SHA512 9b1f9fdf62ac0046080061d30e66da2fd9f122cf605ee4cf1a40ea4632eb30ecaaaab51b0b7864b32e860adc6024d9d91c95d6476079dc315c7e5b69940e4c37

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZYW2OM7K\www.youtube[1].xml

MD5 3c72fb259cc1ae719f309989e74f9103
SHA1 a3c3c174bfbb57baf4c44d8fc117a621498e72ba
SHA256 1f47b63ccea3518e3dcba78fd94cb7202e027980796c6c8d94e0955e8f0a6911
SHA512 8d39a45efba9cb92c9da1a98fe00fd8b6a309a5cae7a34f2c8f7d65d3920034f72a0c65638147ec82e1f0f530439f49300f99570433abd9e5b56cf68be0b75e9

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZYW2OM7K\www.youtube[1].xml

MD5 de4a08b5845845366cd3496aa6a912d0
SHA1 652b1d9f8820f9c2e5c9d2fcb601b0437c8dcd70
SHA256 cb01222ecd240037339af3f1b1df5d83f6f62a0298e2881e605ce691dd464023
SHA512 353fbb934348678b8d15d22c0f4e662e209f49316215a5efb9c31eba8a105cff5255363ff01cdaab09198fc5b473bb95ac334895edfa5317fa4c31e62b071a17

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZYW2OM7K\www.youtube[1].xml

MD5 70df655feea04365f342019a12aad878
SHA1 f1a3aa723ae3a979f8344a37735861a327f2fce4
SHA256 3bad86a8214d053d4ac30228f7c26d55196b88ac4a810380f5a9efeed50cf63c
SHA512 5fa1ba21294a3febe05e066b00b0f8ba5a6a1d02088c6580b6959d58fc5bd5d1295bf9939774cf92c45d250c29546265d78ed560934867890298ae86e5d35d02

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZYW2OM7K\www.youtube[1].xml

MD5 8fdf63266d26d14e96b4004d7da2a80e
SHA1 0e6e3d8bde62d894cf9a319b51ae5f308cb79061
SHA256 c34073d6a7811d2bfe98a562b9733d4d6beda9ab76e6ac28ae921939f6c38068
SHA512 d0c98ebec075d8e41fb6de90f356052697eacdf3ed655262d844b8f3d45e550646249ea1c62e292f4d371e43ee104e7e09fb0609e8b569779e2e362b694b78f2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZYW2OM7K\www.youtube[1].xml

MD5 8f08396917f9bbb9070900e01468176a
SHA1 fb0a47966bcf5551cc8c3b48eb6c262b70b95d98
SHA256 9667cd8cea5d85c349061352a03fae5ae093663e6b7575fbdf553b0726d949af
SHA512 6f3bf25ba6c51d585bc12ba86bb26a92eec012603c1f0840ff598e3e09614bc05761dfcb92c4c484d1c01f90f654b1ba09362297ac3aca9cf3cc278134cab0fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c04293e15250225e14bf644dfb2935c
SHA1 4b3b7eb5a27892d9c81f82ad97481c780c3c10fe
SHA256 75caa8d4e415c11f8133b9713fa24a815d798c051fdc6ee5b42a9d7af7d75366
SHA512 540f7e7fe43e71d9c6872effd423b72f4daf35925f293b44d2d07356032b3120c9b8267c5d0f93abb7317d86037ca4ac7770e8536a2804cec47a22a0c43a7fe4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e886b676746084a29cd3e77612d1233b
SHA1 48fce8b485549f87e85dce952083666d790f8a5c
SHA256 123930ca08a11030ffccc4da721bcd60865edfd08a6cf9e52c3e4a8cea3a628e
SHA512 e481bd825188f2884f4b19882b96fedccf5929ae92a4009ea0e1663cdcd5f5360bb40ee89406affe45944d1080507ba9e077ad193dd5353f6e7ed76cbe1cc336

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZYW2OM7K\www.youtube[1].xml

MD5 2b003eb382003b9a65bff98c10d28a29
SHA1 ed0a361356c31924916aae43c83fac4d3f6a79f8
SHA256 781cc7a332b24062905a1ba8a1e2e661ee242e7857d58f84d1892769d14514de
SHA512 bd59ad9ed3f0ef25e5cc5a6eeb59c3c29764a5e5245df3739316e4f723cba3f6fb59666a3772160d10c15ae8e90a2bbd704b8800fbe92fce61f19620aca5a8c8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e0767ee1e371f59771cb0d07626d3023
SHA1 876fa47f2f29257bd9f6469eb02be3880306e269
SHA256 3dce4c54805ca4b8a37931da732051511c8db19e1062e67d32297a910fad8bec
SHA512 3e53d537a97b0ded876a3f452680037911eec06ad017ae76777140375df0a9517058c21104b05c898d4ce991bac716cee5f402713f9a264925244e0748691766

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 312f7d0fe53723a2b4b938a0230a5428
SHA1 91fce1c5b58ff605d22ba4ecfc102888d314c39f
SHA256 b832b044ad55033e13cd8027f740fba2b38e7edb4465c18a81959035de436f32
SHA512 35fcd441ec40c5af74e3a42064f74a19a64b06dda70c363c54a384b780e317c521ff7a9638b0c48579116e40d4de7b260f2268a5357b06ba903628e973abbab8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 674608c658702cbfe7bd006d741f8c28
SHA1 3e8ef3615218bae4d6ede9bbaa71addc63046241
SHA256 6ddcb7ef39e31e39fd55187657fad8ce559ef09b3f8eaa9bdace192d953d1d77
SHA512 f20da1f39a1eb0a921673c4988c95551a40e4d7991802bedaf12aa099ca6bf2333e040d616887f04801d5e939cc2ba95d139c803b9bc3f69c63dfc25dab6a10c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 96888bf947fb7ee91d66ae9a3dcde041
SHA1 6bfb6e2539c94154deb32dafd8652a8664d76c2a
SHA256 bbd03b2303829821304532fac8c84211c9250d95a120ff7ba8b8d2a4fa890f12
SHA512 1ab1121ed03822a5e315b15a555a87d141c9eb2d419ff7b1b041f1c53100813e19f484e8196a52d01f2f12fff54146a086323f22e56e11fcc0aa305dc362b520

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e24d7705ffa7d09c9c54da4b836445b4
SHA1 f181c3dbb5411fb455f177af68351f31370fd798
SHA256 c0dda6e7b1233ddd76b26a6fa66fdee8368842df75c6646ab65a88fa3e2fd1e3
SHA512 3272972b6af6ea467ea114740b313ac06edf4a301ec85c4d2be4f2f7fa39d0aa47d7e6d67d245298ecd7f029efd1ed720fdbe87138424759ef650802c166363c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 beb7dcc7af71cb52cbd880bbccc54b96
SHA1 1caeb3eac5360d5007c5602548a32ea37c7deeca
SHA256 2defe2fb44838ec9e50ec61e2fe4e17561cab925b96c7f65f65cf3a7ce30a015
SHA512 be3486b242cea2b5a00bbe49436b254b8563a5b568c30b079ae70bb6ecab3a9f4925f7688ca445f5c7e2a554d747792002495736e9d57d4f7779ef032f9786f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b29518f348140c29f42473c1cd56adeb
SHA1 f8926810a764594959f3891c1019506b6423c5a5
SHA256 8906a57fe9d5f94c338107f38448565b9690603cefeedcbf566a9d546d141b42
SHA512 2d71477d5d133e4049c5b12f9c359b6e46931b932fc323fb8ecb858ebb6b8f6a1f59d07d748cbd183157e2715c0c4f53882dc00fb627bf64817cfa042ef5b968

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 947b4b7fb286bf501e2d4035dad44f0b
SHA1 52acc1a3e3e2415dc56322a8bbd4df83b9c1457c
SHA256 26d34c4399e54c187c72e87e267bf0959eae9fb63521370cbc1d422d7fb5acf4
SHA512 a901501ee87ecce2341c1baccc194394fee34e854c828982ee64f3f04982081294f58a51ecdd9b00b8f87debe96064e6d61e177aae570efc31686efaed79e7c9

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZYW2OM7K\www.youtube[1].xml

MD5 4276ab8b6368dd596ce92e9064bb7433
SHA1 0ffd61f1f88158a1d1bb8c77da6286e5711959a0
SHA256 c33ad6e139feca15fdc483a36be0b0211681efd2e1323bcab46895a4b53a3c2d
SHA512 3f97256bb3aeb33f260dde63a8f7ac3986f3856dce0e68638c5b99b1c543e4a90d55dbd9799b2d860d147426d5a23d2dbe30fa07dcf088eb703de7a8f73744d3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZYW2OM7K\www.youtube[1].xml

MD5 94272a984b1aee915d2c3f993d22ce35
SHA1 c4288569c2dc7cae868dff5e65235d165e893a09
SHA256 6e063b314500353eeca42a1013efb9d5aa6e88793bd4a4c0edd8d01452300329
SHA512 c995da1730d945a095e8519e8e96dccb40701efa21e29de30b3379097e1cbe920d47fd7ef85e8020228a79099db5ee4f609bf8254701f211ba2ad7a820687687

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZYW2OM7K\www.youtube[1].xml

MD5 b6fdacfbf257ce9578ccccac24d4d377
SHA1 c2696579fa56588a5070a9fd7c53426ba12a76b3
SHA256 ff9068c982099b2105067f9464b673984c756c05690cdee03889c24cb5e5cae0
SHA512 81ad4e92bdbf53d2a91bb7a18c21b9f1d8d6c034f605a7ae64eeaaeeaf2d108e585673c160d2708ae313c67bdb1b82dd5edcf07c1a3faa3261d1a0af009c1fcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a3992d97e8049546f5851a704236299d
SHA1 94ba635ae0e59ed5c3bdd00ebd579d128ed450aa
SHA256 11a87ec212265c9af7623971166c09449133660453ec3724e5eb41217d9006e5
SHA512 3b5cf6c9bea5896bb5ef8ce35bbe73d3e2d909e720d6edc51a44c37135631da56fa3d8a41999046e6c6b8bc3e77496a1db6d5ba378416767480c6520e7671bf6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 98f91d93527571aa4c1abf54193ec2d7
SHA1 c85fb48e8fb807a4c7c6474727b9da73ff75f611
SHA256 85c8666e4edf36d11658e856c6d166f1c386fa3f545f8bed558bb6d55d92f260
SHA512 36e0886f6ec5c1f4bb3e8cfeeae0dd89711e19d96db27e1d73960f8e6c286ba09fe9628a5dbe8fb4ffc013da806a5469eca5fb355a2c9def9a7fcb9fdd830136

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6890da57f3abbc3d86055b7651176bc5
SHA1 6e915612e13d1e3c702a6fbdc3f9a4c263df40e2
SHA256 ca54a649e8daca77147810f73a1b67b0202f358bf6095e02d10520ae89b90cd8
SHA512 92b0798df928345834f44330784714456d6684a40f8f9cdc8d9d299faff2332850b236bb40b600891adacd96cf1daf615f6e92c0ea72c639cfddd99a1850e94e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 99d39a3ff5975308ba8eae9399b83a21
SHA1 5d1602782bf9e8b54e45d89dff3df4387acc2b24
SHA256 cf0f841e54adef39685a1b8efe6c8c547babf3c55d75e204215b668bcb2b018b
SHA512 12c1ce31d6d58512f721ce0854551d06ab2bb0c64599de235be8c8b8fb81d8145e45c4a4208f87e9ef69299eada227b5e99e526a3d5025e73b6d71c414010bcb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5fed32a47c9737772bfdba366f2f82c4
SHA1 7e2c1a970d3a2cd24a8a96f13613ac101651657b
SHA256 87c851670fb18f0bd4e893f1a4b38ae0b4e9ae70809c59dd15e96813af2fc439
SHA512 c3365612fdd734ce5188b6c993c0f9a29e87b2f1c5cbffc5f070870906b830929a315e9fe2b5c49665c1b367b059d5f1f8e1534abc75041674afacae6e0e7ff8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f223c62369d16388aac46396d1ee2940
SHA1 2d4665a2089cfbe4ddddc2255305222c14d0124f
SHA256 a93022d3e47c7b529cc2883e782e6c5b46c1202844427ecbf39b662df1049ee4
SHA512 55ec2f083da9bcc8ab7984721c033e697ff8b458729181cb5922aa3afcb666c64afc2579ceb8919560c852bf623450aff211ffc490db13a86ec001da2b58807b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e7e88df2ab402dc868ef07f5735d446e
SHA1 fc1bd1b6bd441e6480fa07395867c72d3855f121
SHA256 f304399f2c8d9c79a13f2bda7aba1535345b324e8f3de042c1c62b2feae11ab1
SHA512 bced6cb2d5fc49e6f4187317856958a52b565465aa66cce5f66eb491c54d66d18afc006afeb15f1ee811f6f26ee4d3a18726a9eec6d18be161c74888d23c31f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bbb7d43b507ff473c801622e493f7296
SHA1 f49692e9eeb425e62dd14ba9f4ba8f9c88a30791
SHA256 f166023b21673d1a8c17777d937339c9581cf06e280fffd9720ed2a049502c4f
SHA512 e8315ac920cb127a45da21e5fde92738f778c2caab9281be04a03572f1dc10c8abba73b547b69331b828926c43ad87d0a71c0f8e0bcae683121e80219988acee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd4b677c59fcfe6e94bc29b1d7d6bb52
SHA1 09378cf4667df85434e16f179a9575123a826121
SHA256 2d1d514428ad5fbbafeeddf80c0a94a7dfdcb51182d1bc74ad637e517101c107
SHA512 b36b349132e9dcf7476dab8b32a2a5f5b9c90b7724c3228c18469998560e5e945fd6c0f79c6065600a8acccd0656497f8461f00425e049e768e4d377bb829455

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 23ac3f6b37f7916cb9c2397b0513ea50
SHA1 9c64609ae9ca40c367038480a014e1f6be80c2a0
SHA256 e64ddaf525337aa4d6b584791f6ed94bd98717a38f1c14aa3b0af6ae68cddefc
SHA512 99ef5a4d1cf4547ba1d75c57eded90864a5ac7f3f2143cee00df9139b4f4c918903080077d336708ef5a655bfa31333c7728bc3ed682bcff01f29f7ad284110f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZYW2OM7K\www.youtube[1].xml

MD5 cc2b46d77f5104ff1ceb0876612263d9
SHA1 221814aa942058ee97d5af374ba8ff5f940548cd
SHA256 3ee7e128892191602d04e25399507bda9a34f378767259c3e24c4a532e81ecdb
SHA512 c6ad596f98bd1486e8483eff4b6f611985fd6653c7af5ea0523c83a16832d829c4c5a5c1a5ce6c24d6b596ed8bde821229a43c2ba21eea24f005a9f7880cfd3d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZYW2OM7K\www.youtube[1].xml

MD5 ea7dafd5679d490879b999e8c8dd6594
SHA1 09bbeada1f4ed5afdd703d3d07c72523b09e887a
SHA256 c1a3a50f9f724b4186b5dcd88320e92ab74f763968d2c265ceb87dcb5716a2fd
SHA512 a61e83f1a2273351a96de65a6607ef86007dddc31ab1dfc8fa86f6089c4000dc5705af53664745c94010d1afa85404e69d7c35da37549b1c6c9d4ec4e1c9e734

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZYW2OM7K\www.youtube[1].xml

MD5 109c06580a620421e88d11bd47b23903
SHA1 bef2d6cf07ca4b78085cc00e316e7bd7ec4d64f8
SHA256 7ac6f72e3e80d5e3ac9681f478c9aa25dd78ed27e184b6cf89e01a358c9c6d2a
SHA512 96ad38d59681773515296c8061016cc1bc37349df8d13f2d385931fe1226a1cf6d6c7999a77c6fafc5971334342b1bc0a0927c90815923a1ee8eea0fa885dfd9