Malware Analysis Report

2025-01-17 21:57

Sample ID 240603-qjmvqshb24
Target 91ec03a2c826231ffa6cc17246389312_JaffaCakes118
SHA256 9d5042ce88fc8942ba51325d7cb7efb96f6c4d671db3ffc1f18d4bb0aca18215
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

9d5042ce88fc8942ba51325d7cb7efb96f6c4d671db3ffc1f18d4bb0aca18215

Threat Level: No (potentially) malicious behavior was detected

The file 91ec03a2c826231ffa6cc17246389312_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 13:17

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 13:17

Reported

2024-06-03 13:20

Platform

win7-20240508-en

Max time kernel

135s

Max time network

129s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91ec03a2c826231ffa6cc17246389312_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "34599" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "19035" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "21943" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "21861" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10065" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10065" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "34599" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "31398" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A3D0B901-21AB-11EF-8FA5-CE57F181EBEB} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "331" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "233" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "12854" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "31486" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "22154" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "233" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10147" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "31398" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "12936" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "34599" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "22154" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423582522" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "325" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "21943" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10028" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30623a9db8b5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10065" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "12936" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "31480" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "21861" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "31398" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "31810" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "31486" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "21949" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "31810" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91ec03a2c826231ffa6cc17246389312_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1644 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 konthaiusa.com udp
US 8.8.8.8:53 www.konthaiusa.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.179.238:80 www.youtube.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.200.22:443 i.ytimg.com tcp
GB 142.250.200.22:443 i.ytimg.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 fe0.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 9a5a60b681e5a068fcad6fff7dd15095
SHA1 3bc64844e9c35064d7faa73dad000a3b4cedc146
SHA256 372cba96be745dcb1574c0d91ce6e9aefda8181a89f99d4d624649ae734f91be
SHA512 c1b9b7a9fd2cfbcfff031ad28ef3f30b458dbc9e92fd46c132eebc4cec53c7a0fb6a36a5de29a66fbb1bdd4d49b4c270aeb888577fe790c15d9339fc4ef847c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 13ed5e0369cedc64c8437eb9a493a981
SHA1 880053c91809fef7b2a3d688143f554d5a05c0bd
SHA256 3560614f2f62c19498d2ad6c3b9fa8f232883167479de05e924a5a3ab19a8454
SHA512 18b3c940a3b722b58c476af4141ab987ed9f7557c1e52f3f20548b2c209abd67c943761d22e20ed59c36d69f8cd911285aff7efdf2d20f51c35cad62932aefa0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Temp\TarF5EA.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_DBD1FAADD656881B5EBDBC1DB3D60301

MD5 1e7e3a3e437180e09b3883560dfa4a9b
SHA1 f8de9521c7c008f471073b906873e01cd3008013
SHA256 5958d61b1bf798f081a370fbcf38d28080541a652ecef929a8bc22a1ee5f2930
SHA512 6a4125b21011e4458419ca49a46d3eb8abf3563f6aaf008ea0be7efd48bbd7ec88ca285f86c2cdca0159151dec2682964a6c94689f104cfde1479737f8d50a4c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_DBD1FAADD656881B5EBDBC1DB3D60301

MD5 10297340a6fdf3b94c75a0a3c999ea38
SHA1 bdb2a4cfbf72fb5c4226384f7607a3c915622e8d
SHA256 a05a5be2a343ea192b29857d8280590df0f85c2c6e880564b95d228178fa15e2
SHA512 c0605edebb6dc58f49fd85ce5ba67b41a31c61ec1bf7e8fbe7ba85ba2424eb4ae461318e1b34f61d03375d2b06e10a703d1515d9f47bd7a779ff3acaeb30d279

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3714101161a1c2d8f210e583e0e4222d
SHA1 d7ab3f28d753c92818d284b00bf3f3080fec4a9e
SHA256 fcc018e21b0d71406eab56ec569439ae34c4a4ea4dfb0f93c9d464b13ac64200
SHA512 092856a9825bc7582465c4968aac76a4d2761249aebdf9403fd051d0ad7b7e09a2575699dcc246746ccd84361eedba0cebd22b0079892fa284110cca4ae85466

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVDR4C1U\www-player[2].css

MD5 0fe92418bcd14dafd31cf4d854a2fb52
SHA1 592691394af239f5d823d5caa236c572e3fa6798
SHA256 f45f1399558f995cfc02656899d2338b8da40a49f558c9d04904a0c4c8c7f1f9
SHA512 2a8408357b7c859c20d687a17fa2ceac011d33671c2592d83dbc850637f8215214545aae2b90d5a1af580f83f536c0508e81bc63d04635cdf1ed3e32a51e8a05

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVDR4C1U\www-embed-player[1].js

MD5 d2056f8d081fbfffcab81d61ea45b151
SHA1 710243082f40626f64943ad3b656400f444d7130
SHA256 49fa9b168cc8bbc037cf4498e31c355509e9b438b0d19fcf750b1c5fbd1efcaa
SHA512 530ca2c291c44d3d2b5869b0ae661ac047748a5cab50de280a2c8dbd26b52cdd71a906b3730e8a849debece542eb919462a8407ef2410acf28c57d2b6068cc14

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVDR4C1U\base[1].js

MD5 9178a954abcce420219864651c7787b2
SHA1 f874d3e998441ba6439cfd7e89514facde08cff4
SHA256 40cc1692dd4d8e1c8ed29593ee222240494b872b734c0e31da4628014da7346d
SHA512 927bf88499cdd64ce32f3780a0cfa88b14fdfbeac6a237454dcc43ee5d56b04754a40dbcba402519637ba1a3b0f948a597260a74ddb0b316698a41559d8e1cd3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9T7FHQWW\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9T7FHQWW\www.youtube[1].xml

MD5 518b9c5e173344c5a654a139bd8d3455
SHA1 a757687bfc657312ca817254cc96436ef8f8ab2e
SHA256 86031863740b2b0c8eb79b4a1b4f23255762005dbf911fec41822ea412d7d06c
SHA512 02d6dcd8c1b1042435aaace7b65af0250a6679dafd32a802cbb017c57db501fff603f7350d7aa849d291ef46145a6574ef28a1e1a553165709f40c8205774c24

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVDR4C1U\KFOmCnqEu92Fr1Mu4mxM[1].woff

MD5 bafb105baeb22d965c70fe52ba6b49d9
SHA1 934014cc9bbe5883542be756b3146c05844b254f
SHA256 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed
SHA512 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVDR4C1U\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

MD5 de8b7431b74642e830af4d4f4b513ec9
SHA1 f549f1fe8a0b86ef3fbdcb8d508440aff84c385c
SHA256 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a
SHA512 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVDR4C1U\ad_status[1].js

MD5 1fa71744db23d0f8df9cce6719defcb7
SHA1 e4be9b7136697942a036f97cf26ebaf703ad2067
SHA256 eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
SHA512 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9T7FHQWW\www.youtube[1].xml

MD5 95975b9cdc4cf2c4e7983761bb931fad
SHA1 cfb1e667586ae034758e5dbda244108eece7fadd
SHA256 4dd8410e965bfc49f61660f526abfb4c04f1bba82c2ac3477a1a935361c0a77f
SHA512 669acb1fc716ed57f62debba7243b123576c1ca46ad777b6e0a5e6927192f7c026288e265c0055a6e71882fedce506d4d912f2ee95bc417c9f9acd39f4104502

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9T7FHQWW\www.youtube[1].xml

MD5 05d5703e7aba086f61b2c597e4c5f31c
SHA1 9e8fe52460c2d48dc3c5a58463f52440235be4f7
SHA256 8aba62fea652a90e1b95a39e37594420cc807aa9bd9aa226ccca881bb0606fe3
SHA512 5a4407386527f71a616e59805f23afae31f33e65a7146fd664f8d3d1e0de3296a683f0fb405a3fdef9d8b2a0718ce4c965143be567c5f90b79a8a87cec409eed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9T7FHQWW\www.youtube[1].xml

MD5 88424e757f66efd36c624e534052284a
SHA1 bd5afa2ecc06b4d9da4ef77ccfdbfc7810bd29ab
SHA256 f2d162d2e45635314786973be896bd5a389a6c993b5c5933be55b26f13f587b4
SHA512 30dee5fa0e5e9b065de6fe070f677cde6c5064c364815eac21c2df6fd5dd575f1adb1a6d4c935d963c7727804cae21f0e5188aff90dc750f5f763e05766ac9b2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9T7FHQWW\www.youtube[1].xml

MD5 9ab612b681f2eb06afb197dfaab2dbd2
SHA1 be36e146b4f05748a1bee5cf1246419396ed8631
SHA256 60406b8bcaafee843e7fa939e675a3d78406dcc216d338feff1ca0579301b644
SHA512 44a1a8e45ad03e8bd3eab5dd8b98751f0f196f3bb5c838bb8a4e6c582c63139478a14c35768224196ab91d23b5a588215bfd3acdc4cfa7818d35258fbadc01c6

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IW68H88T\embed[2].js

MD5 322e970509e24ab233b6c326a9339623
SHA1 10e2ea809ae638d5f32385d05c569922ab19bc17
SHA256 99cbd012a57f19a3fc1b412866ba13d6b9de2a5bb22449dcbf14ec0a88937000
SHA512 8f8bdc9418feed04e6fc7415e9e57f0934a6b136b1a763e0e39f67efa47e004a8c3385105a1c1dd9fa48ada83ac5a2a93940f20a99d6d16722ae903c93d9817c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2XHJXO3H\embed[1].js

MD5 023c86d8b93e90753ecf85396489f19e
SHA1 94b1dcf6a9ced123bf723d5ca76f3b62e536635b
SHA256 c4d868b347d7b4971075218990fa3a2e516c6e0084d8fb0851f24094f2c70237
SHA512 442ae5415fc06bdf52a281ee2c379d6cce0612aee26ec7b783f8779b355ae92bcf0d86bbdb5368cb70130b0a0c0a65bbbdcd5b25cc6969ec32db1fc59b5c04d0

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9T7FHQWW\www.youtube[1].xml

MD5 6813163d5977bcf61c5b1afe93981e29
SHA1 7526c4743105e2aefded11b6a130f484fc5496a3
SHA256 0cfa8868f5abb57601603eeeec1976f96a9ef233f2973a75771044e8ded8ce10
SHA512 fb8c9f027a110438a97cfd609d35c6d95a17d4e2eed9bdef3e1a51e3ed4464f5fb12d73231c541c3a7581eb69a8d15ebafc16b4727a18de39baba3d84b0a74c8

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9T7FHQWW\www.youtube[1].xml

MD5 95e7c186559e651687e2431cf350cef5
SHA1 b1787f22d8d89b75b988783c256c526a64f4a4df
SHA256 1f9858205e799d80d7d286e62b80695fff1dfeb2be6c9ca60eba814d829d6dca
SHA512 5a065a8424c35c713846f59553a5ffee3a1a135c7a9d20506ab73d0f2491466160777d3794ff1e11346fabbdcb97bb40940b264e1d426afb390dc9dd68150d33

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9T7FHQWW\www.youtube[1].xml

MD5 de0a228ae7815ba0d50604f21f99139c
SHA1 e1618664fc56fa46f68b1d88d0977efff82c542a
SHA256 40da7fdb4c324b1346e5d8218f2be4cb6f9aabe6e2d0536ac3c61d202e777151
SHA512 c79dbf261b844ccaae334392cca88189c7cb804278e70690f2b67801907786f058748138297e649676f6c83878dbcca4b8004582a3acdbc91a42c18f2d2feafd

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9T7FHQWW\www.youtube[1].xml

MD5 533bfaa91e978d1179aae77bb728e920
SHA1 0e857abed290c4ed1bf91d1121de21719785b253
SHA256 9b09fb8e8705e06aec0b75104be04a56c704b70d826ca1ddd5842da743c258b7
SHA512 45e3edfd5aad918f9ca039e90d7970cd89316cb23a93e155ce161eefa1327fb98f36ccd3b84f31010a095b9730c4f447d654bf6193dbce5bb8c0d06ff9345abe

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9T7FHQWW\www.youtube[1].xml

MD5 535281ef31811fbeff0d864dd9f23acd
SHA1 47899eb9519b93ad07e34b8e8042ee6f91bd3a0c
SHA256 e5a288a79a4c85830a27c7be0a7c26c066b29044518d8d999ab620706cd7b426
SHA512 e67e5800a9c2478e6ac7141fb8a5c7d4fefa8c12ae07dc2abd00a3349b37de7962cdcd79d96c863caf056e9dc54363412b294902c5e0c378cc6a12bc847160e3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9T7FHQWW\www.youtube[1].xml

MD5 d024f47238578382f042a71b747222f6
SHA1 7354ed7dd20130ca2c8397978c0366168341e001
SHA256 159f13301bd63d44b87710da1c716da55ca88a9935de03b0bb94ca9d69dd9267
SHA512 049061e072eeb35041a698ef62e90696146d98f9e86a3da263a0c5dd4eb95a4f29591eccf0ad50514b8857dd5e070ab74f8cca96b4b6c34ba473e18682b30b89

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9T7FHQWW\www.youtube[1].xml

MD5 0cf6c2b3558337e7fbb131f5a9a74d49
SHA1 6d18242a7c48af4bfa4362f2b9d8e3a9647cf569
SHA256 e1a917dbf2413fa9d9570be2b2197b8b5762717854d43adc90e5d8fc4b1f73ed
SHA512 d24b41d351ba665d4018707df046ecbb4ae287611270cf04f9d0e8383903f6789eec647f3e80d98462bb5fe0d1e4f601465aa21a9311ba6c9a26f31cdc1584d9

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9T7FHQWW\www.youtube[1].xml

MD5 e58d20f78901a62ac13a5ff78f30970d
SHA1 dacec34a7e4c1fc74c095a1a754ce1ad5ef8254a
SHA256 354d4a28c93fae074f6f2a1cd88902d0403b0f649cc7390ca192a75db2f7292c
SHA512 7e730243e41631dcfe47c227c3d944cc203172d3d1964805751c4338492f6e2ceb4ff996b2b3a7336d9226bcd186035ca2f5cd38bf91862bd18d1029ccfd5642

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9T7FHQWW\www.youtube[1].xml

MD5 013661f8b62d179af7cc7d832b3f6268
SHA1 89858fd7ec57a23ac7cb612ff739f31514caf652
SHA256 0a1760486af37be99593862b3c0a08e885ed369e9eaf750c15d9c615030c3ab1
SHA512 7991c6a387870b25f2ee427aa1621981b004b26e3397ac489d23906e53284d7d420c0091a0ef36b51e3846bd0fdb703faf49f396f95f06e498afd1d5362fc029

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9T7FHQWW\www.youtube[1].xml

MD5 e52ae8747428da37774f1c8716402e18
SHA1 0a7c83a7438b03bc6e0d1ac6ce13bcc4b014827e
SHA256 07fcf685a220602f8002c7c263aba19d8b797f69d44475ec53fa33f72568ce20
SHA512 40e93d6f24db51cc569a05c9e0b487195209a1e1f242fd559ca211432cca877c480cd17a02c2bf1247fa7bc3174f3ffd4446646978be5f8fbdb1930a967eda20

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9T7FHQWW\www.youtube[1].xml

MD5 7294e977b50f817de346cda222430e0f
SHA1 371eb16ad86880ff361667132deb706da9354ccd
SHA256 ab438d10c4ba13ef353f8e26757274befe490f790a01ccc1cd457ecb012f1572
SHA512 b4e1851a2ddd5f39febff5c06665befe9bb6b646297391b4278d24b6996a26439a4a669d66460f482b77c8bf05ed3d471b5b30b323a385997066f8a977eb8677

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3867eb679cc284fc46abdde024c41f6b
SHA1 75f78708e3e8e72d1bb74d9d564f26e87c6fd668
SHA256 0503420806aebde9df075fc7ab2e236516450030ac69eee454803afcc8138e4d
SHA512 7b30f00d5e1bb3881d61225385d3a2ff14bb6598c9fd6b27ecf7c68e615631c4ab32fb879e1262b02f5a69f78125ff70df302dbccbaa77f3dca8ec987900f44a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7cbc907f67d4a83d50a96db1df4d4ebe
SHA1 27cfac399851ef4ae8df9c551d31601cad821348
SHA256 cc4864bb666dd5ae56087996b6176d30f3a32c819ef83c7783fb3078986ec876
SHA512 ee607d52304f1db957d21e6af5c3e510e46a99ca1c7cf7e0d7d6755d3ca25d3574755e7bc2a0eca1e440fe93535d89a8a7d4b69d6c361ceebc0307468af71908

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 68ad9370ee7942b23ab62fa51ebb64a4
SHA1 3d470151e467605047cb37abe54042cfeaf1d74d
SHA256 dbe87f9a986af59d15a09ca5c2b4573e7690eae0bd4932a839e27af320521377
SHA512 3f779bbab28c15cf1d4a7312fbfcb5a56ac49b71f7d49c9d5ee051701f2d415670e0b54576417bc5109b9e69a91e025cdd8ecd5cdf001cbc53bd5f6f17cb669f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bdc8cca71a8958e27073c2995e854499
SHA1 feae76d12300f5da62d35576673d3bbb0686ac9b
SHA256 cc5bbb5fe7d9d69ea0fc881925288f75d12d939c323eab212a47cbeca09599c5
SHA512 c9b5ee1eeed840dfb49251bf3fae7e4af138aaf32f633401f3a41b7230c79926297ceb5f32afd573688dd3b87f52be53eea480e12d899cdf9abc3baa08d693ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2e50d4415363ab04f4038a05fb9882e4
SHA1 8e76f65b1518fe1f15c5139c5bffc0467c64a269
SHA256 5df9ea05bb199786dd00589af0cf3d621eea2356945dc3f2e07ab1c7c25be323
SHA512 a88af7bb7d4a99c348e9394206037e035825b6784a487385949469a900785bfc414370f9395b73cde2e66fb64d4b307aeba7bec9cdcc26b77612136873f3017b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 569f81b5ca4a42b30e7491fb8a3033bc
SHA1 a2e42b0676e7a388798356af0d7d8333b928bc73
SHA256 1571b1a269d633e51116dd543521cc776fb86ac0bbc02ecb5f69af4eb5266c37
SHA512 617598e967ab0b2907bcdbd4e089189fb4f405db012a0af978bcb0827f842f171ef1b79171a452f86c81a21d218db2e5768da996b174aafd01ee160b65e8bb43

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 920cd5fd2380543a09abd41a3f61be84
SHA1 efdda8882c7bdc3424362ba4ed1bd6d16219f065
SHA256 147a35ea050c0d001e229ea4cf7aaf08301a7b2d2c8d08fd90fae91a97d1facd
SHA512 f7f141668e8e65718f9f1cb3c7e2e16d29d66d962b424fda45c0377feb76f1a1206bb419f487a1c45efc2c2fe18748063a6afa9397482a5c7382e341b57af0d4

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9T7FHQWW\www.youtube[1].xml

MD5 47f4dea2d7321a31b05bd1bbd73042bd
SHA1 b71d32fd1d808370914af0f3c71e1e026daba5c2
SHA256 89b12c28af43b2d05b54a7e1e2697dbc26a5e61f07a2c792556bfda74fc36fc0
SHA512 05182444745e51b0129f0d9b095cd2b6792efaa7c3d792546b3ab4abdb9a9d56c9468f946ba5814daed3927f60bb1351784a4a71450609a84bb2aa8702a2acf1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 78ad07bb42307548af051cad1bcd3ccc
SHA1 ba99e01ffbf40082ea16013dbe7de30611bb1928
SHA256 f293197d9590d49d689cf22103f4c6f5e32fba8d329300e29b5801d7078a17cf
SHA512 f99d56a7a8f3cbdf73aa3fd1d70200603e598f8a2adb956ac12dd90c1016214c4583ef2fe3b7e63adc22b4bd248f3e2e60894dcdbe14fae28b5288f752ee8897

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b10f646775b4744d28a423dbcaab519a
SHA1 2ac2cf44cd616979d4914fd0fb7635ac0e387cc7
SHA256 5bc7da15a2544dae7358fb87825ef9b43c290a372feba8d8ca9b6b6d0eee63a0
SHA512 9c2c3c13c636420b32b6273a50210048839d309fc32c503307d93645efc97f9c1f33517189f6718027370200b551d676c874d3cb3ace06d792fe17aaf96f331c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9T7FHQWW\www.youtube[1].xml

MD5 bb74ae48613cc7a07b03b840f7818dc9
SHA1 3a33e8e44a2c8bf8df525626747034a41823a472
SHA256 9dd5bb2964a97c79ae204451939c9ca43779f09e513a35d98d2b0dfecc3c6d26
SHA512 8b139eb1a3db51c366a5b205516e9328752325d38db2a089f9848b8e4c0598e359c995eca7f42ea95648dd4c5ee2d1b8c01cd8896470b8f2356fdde9464e64d9

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9T7FHQWW\www.youtube[1].xml

MD5 9d590a0a4206ed51e75a02bf8c711b0e
SHA1 6b61cf1fc4c5685d05c31435c1170116df94c5f1
SHA256 b7736b0da7bcf2b0b54301958290ee46c878c0351c68f06866f3a265d6b54628
SHA512 9c95e1365c8ab2f74a2c6425563f159db2a4058144bcabc5917cdcb2128eea3d7484a56e6acf28b94d784e632f6199777adc5006ad8d46a64fa0e5a562391578

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a542fc0891490fefd0f267da7f62ee0f
SHA1 a18d7fc8d586795b112495c520fa99560af26527
SHA256 ca234e03532cd1038bcafe102d08bbc3e6d3a77899154f042de26ed19297ec08
SHA512 0412a98749520d9311d9dbf0b788da3ad1accbca8724bd3be7c073e92aaf063227f61562ee7f4cb8f356fb920610f7b3969209458c0ded7eb7bc9d37a18a8771

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bb0bdd58c1faaf25a6691f3849e1f3e9
SHA1 0eadb66c3c3a45885adab29813433d8cf7954215
SHA256 fe9cae57a7f12d68d495cbec9bd54ff3bbf7c52ef227ebe945c9a58f742c82af
SHA512 c5836708a77ba1290fdf9c3a4d74949bc639dffbab784816f3c42b1543aea9affc05fcb1865aa41110707db6600ca142e95aa63a556b820b02d58785a49e7e7b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 98b9d1841855b4427ff2795c8fbd8b61
SHA1 13655df66c2c31a6221fab0b42bd8be22e3b9238
SHA256 d593fdfa8c2bca0ea96dfd089f9c018e8fa4ea8a81540be70f2fc9f5f3b13298
SHA512 e4694af53912978e585b878af3220ed8aeaa0c67d0c311727cadf7eccf2a7107f3cac0f04546802b921fc166bdc604dde896327036c43288c4adde808c123166

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 96e2320b9a5bf8ffb9aa0d911f749795
SHA1 f5b13baba10dcd634007aa5429bca85a692de320
SHA256 7064c7a469390a12050c14af209e61293b3a0a1f5b3d193282cc5b585a69e8c5
SHA512 2fd777c6e7ec00db75ebb4a4b80ed094877a1135736c043e4b1a5efc5efba305e0523f6f85e42019c1a120db7acd692e24b4f62f8c51af1a5995087df1f76972

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 53dee548cb6d4bb24a24c133fa226607
SHA1 4e55224f5841ebc9b12b9f123094a48026c40fa9
SHA256 2837de33ebc1d83cce09d2906865db2ee4a8c495d6eab3731e10bfaeaffef365
SHA512 ff1cb5262841cd46d8b39471b2e1fe8caed1b77633c6b0d4a79b33d2c42035082ba4be49a5d001e739052bca65e40a4ace8e3637878db66e724759f718f8e59f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f2a8e9f9e65fac3d3d33bc238c801035
SHA1 81a5cfc9e9a6ab4bba0032299e6ab8389cdc4c69
SHA256 6f8ffab878267f3a9b4a75ab569baa5073a1a8887f458ddbf08727fe9c2615a2
SHA512 3efb76879bc109882b611a240f0196c40ddaf268129f5e409fe4d7ab1cc3f5fb9afbe1e0358cced52d5380fb22161224dd687d482983b40a5734a69e5549211d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d3c04d411be5cae007587d64e784cdf2
SHA1 7e25cee2896c8cdec69740255b6df1a33c07f659
SHA256 ccfa3913283271ec58e372c5de694bb993910b2a60d538fd95f416f5509b34e9
SHA512 787dad163ef2e75fca46f26682177e1a8432d5b160dbd68462d2b08a8c35ca788073b793e463a9e23fbd707a68826523a068ef25794d7825d40b86ada0e04e34

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76e077cec90d7ea990e043e4c7a45b8e
SHA1 b7af6b78c9979d2216355f6f9cdf011bcd40e78f
SHA256 da40cd48bfc9a1f56203c331f2a4d05b79b9f2b35bac7910eb9def0d1f99027e
SHA512 09b3ef5094a0922ae5c54bef6c6327eb5bd5c2892b575b3f410bf658a0671919ade900cf49b91781832912df823d432858ef6b10aa4ee8a3627d98d7bee9cc4c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 52465e01fe7d4ec28a93d7f882caef6d
SHA1 32f150d32711ab207b623826ea39605d3d03f230
SHA256 992d57286ca6d8831c113b19097cb29e7365ca0d21146e46b6c4ccbc0491519e
SHA512 b04e9112a54c532d07f23b85f75d32a9209635e762bcbc3f8c7fed4550567709c8edbab8526545a6d209f6408bea8c2ae3b77e8a91bc7f9e8d2c10dc477b4d38

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 22132a3470d6e95532215e2580b2c8f5
SHA1 db9e7757f2da76aa628b9506f0a1fc100acdebff
SHA256 f307839446629718a3392a7233f29873bc3db7f74767625a25a0ac33907150c2
SHA512 013ca10e8b166d90b10d2cb9aa668755cfec659996d6f85783bfbc7523039902b69e4d1b3d73fe7be7bd738fb2002e3008a604735d9d245a3638ef762999f341

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6e9997990366e2a43b2fc630037fa2e
SHA1 b5601337a7b76bf4fe06ff9720c9714b675249e0
SHA256 e49c47efc9bcc377160b0ce01d5690ad62091377e79725523c45ffae437da1dc
SHA512 e95c48cc06ef3a52e23b5b5daea436438c90377cc06b98e5ae8da38e0ecc091ec00049c09ac94287a525f7273b1c455833fafc7fc0aa0dc6525efc09386a021c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5a15fca87d2adea0e69a071970c5b07e
SHA1 da8c1d0280dd10e795a93aa51e78963e58eb1a96
SHA256 721550ae5438aedd8fb0d2e27ffccd393502616d10a42c03b816653d0d5be13a
SHA512 faa3b5aaf716a957e41192b1151162eea338baca65f713cc15bafb54da69e52d1f537d709d92ef1bca8dd475c992344f6489ba41621c524536e5c3a08b412cd4

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9T7FHQWW\www.youtube[1].xml

MD5 4101ac4a6ace735d36b2ff0b26d1f1da
SHA1 a26785ecfbc236757f2a715f73dbf6d18c3ab387
SHA256 ec2ff9149fa509e4862086207bde48ac80ec5db3180a777f2e4aebfd717075c9
SHA512 043fd7cb95eee7e174dd34a7d84d6f7e30c3669803540e4d03c3b23e8b33b2b2bb3992585b4d2c2a120b3c320470c0124e9a53af450afd9c0b5e85f42df0647d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9T7FHQWW\www.youtube[1].xml

MD5 1f60993ed2fcd27aee0ded5574f8bd8d
SHA1 35b602065ffa55f56d1e8a40279c9bab5fa8ccd9
SHA256 bba4081950535990398e29aace2981473da0fdbcbc314d4f7e3711b82ccb0468
SHA512 62a911354ade54b982819e4ab833dc2f6ebd2045d88aa63d552e83ffdbc6b4ef62765e4bf81ba5fd86b365cf1d5b9741a22eb900b531caa3b799a81a456103da

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9T7FHQWW\www.youtube[1].xml

MD5 7466128e431258542a103375ecce8f99
SHA1 823e683dc413edf23a235bb513dfd1ed916be1fc
SHA256 813293ed462785b92d14cc0085243191e6a0ce99b81aa339adbd085d386bfd86
SHA512 1e846149d7486ed5a483464daa28b5ff072d32fa2c663b889207940a3ac765252840fb58ac94cec44db1dd868d806fd3aef812234b0c770bf3b8403e4ffe0fbf

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 13:17

Reported

2024-06-03 13:20

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

141s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91ec03a2c826231ffa6cc17246389312_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2476 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 3236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91ec03a2c826231ffa6cc17246389312_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc04f346f8,0x7ffc04f34708,0x7ffc04f34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,15713901766992980443,14047170209910595839,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,15713901766992980443,14047170209910595839,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,15713901766992980443,14047170209910595839,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15713901766992980443,14047170209910595839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15713901766992980443,14047170209910595839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15713901766992980443,14047170209910595839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15713901766992980443,14047170209910595839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15713901766992980443,14047170209910595839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15713901766992980443,14047170209910595839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15713901766992980443,14047170209910595839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15713901766992980443,14047170209910595839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15713901766992980443,14047170209910595839,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,15713901766992980443,14047170209910595839,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3300 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,15713901766992980443,14047170209910595839,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3300 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15713901766992980443,14047170209910595839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15713901766992980443,14047170209910595839,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,15713901766992980443,14047170209910595839,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6216 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 konthaiusa.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.konthaiusa.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.179.238:80 www.youtube.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 142.250.179.238:443 www.youtube.com udp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.200.22:443 i.ytimg.com tcp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 225.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 22.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.200.2:443 googleads.g.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
NL 23.62.61.75:443 www.bing.com tcp
US 8.8.8.8:53 75.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
GB 142.250.200.2:443 googleads.g.doubleclick.net udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 439b5e04ca18c7fb02cf406e6eb24167
SHA1 e0c5bb6216903934726e3570b7d63295b9d28987
SHA256 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512 d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

\??\pipe\LOCAL\crashpad_2476_VAEOUYTWGUGLUXXC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a8e767fd33edd97d306efb6905f93252
SHA1 a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256 c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA512 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b20b75022df4f188181b1fdda9742fd1
SHA1 3b278d6ddaa22ad6862c5291e6a918a1b04fe4ee
SHA256 d9574186299693f1c45e12d048f109f3e5458c2984b576527592f952aa1df693
SHA512 c096909d841989457278d07d92d4c22c0cc878bce1de2994b7d16d8b3d58f7773aef7a53d1f812014919ba5ba1f3d5a0c93fcc77d656ba603f8b83a167fe53f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 413e7d73a3ed50287080bf56fc695713
SHA1 e0a4aad64c5eedeb1c0e6ee20d0df1ea0abfed6b
SHA256 5598d387f0b4948f12024410c040fa7e707e5ea54e24004e2ae46a62a28826a9
SHA512 09cb6b809a5a56733c097a6c07c421c1c98f0f8f929ea759b51e55194a0ca1aee14f942aa9ad361a0b627edf44f9d26b37dad172018eefe2524b06d520fcac64

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 500130e1de613ec7e8e03d7430c247c4
SHA1 70252e74209763072f046e79c40814d83df64228
SHA256 ce6f2ea59cdc7f5131bbbd9087d997c787fb71910008f90ddbed7694363a3447
SHA512 1f98671c55fe44ed5958ee284e12d55e5581562f752bfddb1c98b6a6f9016c60a1ea9a8f26d7f3f5a8808d70e97f2113d1e6e85a29b2f7e689f61e0e1899182c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7e2230444c9ddfa0ed4195ad48b9ae04
SHA1 14cb57da58185aefae6c3d5f00551d2d9dbfa5f2
SHA256 6d894a7ff744928b9698449c38e4bfad8c7a69d17b297662f3ac0a5993fb7a62
SHA512 c9412dcfb49e8ee822c9a78a77662719c7a5430332ff27b49a2312a5fc0a95d7e24437d99a0fea6edc74e2bc1cf1856b6a184b2063ae25b9f3e1ba830657810d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 444d83428deae17072832b9cc1af3a4e
SHA1 cc860c7cfd266a278117cb216c672bc81e1adb90
SHA256 e2c42087e5104cfea7b81ef212968652f1937a3fee2a714d24ad6aece7fb93c7
SHA512 312bd737387b096e36568476bc62520b39e43a64e2b698844aeade46edc0cada7717c1793c0c73a89b6aff73c8581ddbadf2bb6738d4c2efe1ce18b3135ea17d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0f9cebcac96b89c9cfe607ae197a3fe0
SHA1 8b42e7f80073dcc5c1325c9d8a93c51e00fdad6f
SHA256 a8e9d043359bfb123fda8f165c8dd60384943c01961f9fb6e3c5d8bd54fcee0a
SHA512 04e2e6909586ec2490897a1dcb7d153151b58af82ca8b5d42cc282de6a450d6e35919bbb5d85f9ba2c63c8511ab31e6d7642e5cad7a645e94cbd72d2a1d2a0b0