Malware Analysis Report

2025-01-17 23:30

Sample ID 240603-qjz53aff81
Target 91ec8a6471c248947c188614fa355bd0_JaffaCakes118
SHA256 752b147c1afc34e0542c9d2e0185cdcf7dffd04673df168249343d9019c9156c
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

752b147c1afc34e0542c9d2e0185cdcf7dffd04673df168249343d9019c9156c

Threat Level: No (potentially) malicious behavior was detected

The file 91ec8a6471c248947c188614fa355bd0_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 13:18

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 13:18

Reported

2024-06-03 13:20

Platform

win7-20231129-en

Max time kernel

132s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91ec8a6471c248947c188614fa355bd0_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "288" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "22795" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "400" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "19927" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "19839" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "29438" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "19921" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "19927" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "19622" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "32611" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90abbcb2b8b5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "19921" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10023" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "29444" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "19622" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BA70F581-21AB-11EF-8EEA-EE2F313809B4} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10111" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "22795" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10892" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10111" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10023" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "32611" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000029c4c8c6499f4c42963365ed3c346f510000000002000000000010660000000100002000000097bf974aede250b1350635df0cd9eabae87db4427cdafe78a95c4db6ef2fc093000000000e8000000002000020000000db362478f858be19a86ad8ccd5064935cf8c73656bf9c49153318994903c4b95200000000b971db8733d8ef56b992cc4c03337fe5fdd9e92728cc957a2f4257321b30589400000006eb75ff99c404726cadb7e2554dd50a29b3555f2acd60ca542789c2c14e638b921635c327aa989f4b98cc308ff592cb70114e3732887c8998e4b22c7a5dd2b97 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "19927" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "22795" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10105" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10105" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "19921" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10023" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "19839" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91ec8a6471c248947c188614fa355bd0_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1364 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 konthaiusa.com udp
US 8.8.8.8:53 www.konthaiusa.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.179.238:80 www.youtube.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.200.22:443 i.ytimg.com tcp
GB 142.250.200.22:443 i.ytimg.com tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 fe0.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
NL 23.62.61.129:80 www.bing.com tcp
NL 23.62.61.129:80 www.bing.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarEA93.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a06a23a8d3c376c6b92988c8330864f6
SHA1 eec2baa959fad81df6470899a6f7be9d1848ce33
SHA256 d3e69f5221eb87f27ecfbf508d7a04bbf3fc00b1109f4242c860c0a8d03ba563
SHA512 a14009e315a53fcb6f34317cf3683a4c79edeeda2d3d5bf9d58000f50a22f37ed444840a7b5024cd685b4674a72166ac69cc4fb419e6cdbf4185b1ca71466da1

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\O64TP7LN\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\O64TP7LN\www.youtube[1].xml

MD5 f8c85b955336a2531dba53129807e5ce
SHA1 8a18707268090e3a2ead97f4ae0eeeed418a2a96
SHA256 5142d9ec760ad74c3c01b3eb3403d8a8035f39beffd3903d1d0b4f658593356d
SHA512 bb3f81c179bc68cd15c4be3df715fd248a6a5a78a6e2d8e0bb386c3908c018556e4a2333c7af4af0b5f2723b3bf870ac29c278ee0fbd259399bb224933677f06

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NENKP5KO\www-player[1].css

MD5 6e076abc1095221e4e3e21dbd9d1db4f
SHA1 e908cc0f7829aea16b42d8fec6aad567c41f587d
SHA256 c7e69ec7e436426c5edb45bb5fdd943623f987ecfdb86413528b596e5b0888e9
SHA512 3ceb46ea8e5d5abca4a1a053f20b38ac6d6c9ee60594da54122f4ff09422495261dc9356d0ed0c240ba44324c37bde120a90655b2ea40556280df674ab44fe2a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NENKP5KO\www-embed-player[1].js

MD5 d2056f8d081fbfffcab81d61ea45b151
SHA1 710243082f40626f64943ad3b656400f444d7130
SHA256 49fa9b168cc8bbc037cf4498e31c355509e9b438b0d19fcf750b1c5fbd1efcaa
SHA512 530ca2c291c44d3d2b5869b0ae661ac047748a5cab50de280a2c8dbd26b52cdd71a906b3730e8a849debece542eb919462a8407ef2410acf28c57d2b6068cc14

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8LQ8K2O\KFOmCnqEu92Fr1Mu4mxM[1].woff

MD5 bafb105baeb22d965c70fe52ba6b49d9
SHA1 934014cc9bbe5883542be756b3146c05844b254f
SHA256 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed
SHA512 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NENKP5KO\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

MD5 de8b7431b74642e830af4d4f4b513ec9
SHA1 f549f1fe8a0b86ef3fbdcb8d508440aff84c385c
SHA256 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a
SHA512 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KMBW2RIU\base[1].js

MD5 9178a954abcce420219864651c7787b2
SHA1 f874d3e998441ba6439cfd7e89514facde08cff4
SHA256 40cc1692dd4d8e1c8ed29593ee222240494b872b734c0e31da4628014da7346d
SHA512 927bf88499cdd64ce32f3780a0cfa88b14fdfbeac6a237454dcc43ee5d56b04754a40dbcba402519637ba1a3b0f948a597260a74ddb0b316698a41559d8e1cd3

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KMBW2RIU\ad_status[1].js

MD5 1fa71744db23d0f8df9cce6719defcb7
SHA1 e4be9b7136697942a036f97cf26ebaf703ad2067
SHA256 eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
SHA512 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\O64TP7LN\www.youtube[1].xml

MD5 8b1599f9dcf185b91659e1ac0fa80ad1
SHA1 bddc9510efd0e7679c3310ad1dbd053901cee51a
SHA256 a008d86e988cd1f9f2c9d80a93edde3adf0b9b566b9785c265463a39231f76e9
SHA512 c3ae68ac5b8773f31bc50f679c1de63e3c7afe76bef72dffa468147e8cdaba8a9c0f173c5a1c8fbdf47b535e750e4862ef19e4dbb06be4b65ea53a1cb98c2be9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KMBW2RIU\embed[1].js

MD5 322e970509e24ab233b6c326a9339623
SHA1 10e2ea809ae638d5f32385d05c569922ab19bc17
SHA256 99cbd012a57f19a3fc1b412866ba13d6b9de2a5bb22449dcbf14ec0a88937000
SHA512 8f8bdc9418feed04e6fc7415e9e57f0934a6b136b1a763e0e39f67efa47e004a8c3385105a1c1dd9fa48ada83ac5a2a93940f20a99d6d16722ae903c93d9817c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\O64TP7LN\www.youtube[1].xml

MD5 b9a6e709433dcca012d9fd7f2948da06
SHA1 d072b1df1ead142e1a602ab3366e7b07c57400b8
SHA256 cdd41d8ea16587475600ad9bcdf14e9b13db5ef1f36080cb479fe144977bc9fd
SHA512 e188f36dbed2d985d135ec365fb7a64005b9bc2a547e0fcba2f4a83ed9e31a190e269715cec2b23cdc7a95f16bb14767133d8cb4bd7d602ac5e6a2cecba697a1

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\O64TP7LN\www.youtube[1].xml

MD5 91e440bb536ee49a7ab340d1357672d9
SHA1 f207ea2832c15ae69e663de06be22bdcbde5b94f
SHA256 382daa196d1c8e599cade13095475295d22535114df4e163cb0cd0c3aa4ae0a1
SHA512 3fb892343c9a266f367c45ee7465ec221fb32d7fffe023ee4f8912b9f4f016f20b5aad77d19e7a461e5144e639e61e48fbd8dd7a922d387ea26558543d6d0b6f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\O64TP7LN\www.youtube[1].xml

MD5 8602ab2c497ce4993594a632173f206d
SHA1 89d284e1de6e168d007203f88e2da92bf35393e6
SHA256 b9adec365c727f910bbe70651738d6257318c98278c4e6d6aef4decfa9834fd0
SHA512 d70645cb428fb279ee1d0a57381dbed346aba888e0ac6d31498fd4fa80b3757c91c0d233045bd46877a341bd95b3b8e25b290bfee3745ba818fa5c8dcb06dd8b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\O64TP7LN\www.youtube[1].xml

MD5 9f2f7d7f36705e636344ef412e4d1e74
SHA1 30162fd2fa1d6374bdb9a7a17322ffc66b54cf67
SHA256 650547d69dc505a3d1bbaeac89af0b9d378550ed1bd10f928e974228e31f9d0a
SHA512 9b088518f1b9a5174373e5acc718c8ddad280385c0592c3aafb8ad9e9c8bd4ef8affa753a1bab0358694dbf4d738c2d30a992358dd54b4c30c508fd7f04e27ea

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\O64TP7LN\www.youtube[1].xml

MD5 721095553a78bbb2e521798faf3bf9b7
SHA1 024b627c57ca8a6f6e3c038bd6152959649ec16b
SHA256 d3b0f4ab54cae78f2436be0fc26aaa3d5fdc6c80369c376814cc445b477b25e1
SHA512 a567a303cfdc86081f477428e7ecdfbc71eb6ad2689e7b2641c03250242f1a0d18eaa94632fa5eef56fbbbbc71d13557cd4622dccdbdcdbce3eecae63ed925e0

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\O64TP7LN\www.youtube[1].xml

MD5 d6d74a110cef29efbd0e06f0df867957
SHA1 0c03ad99b618c31f926087e0d49683f657ec8e3e
SHA256 26785f74ab744ec43aa71211d68cc6963ec46acc143c5e698890171f64e4ae6b
SHA512 688bf39289b6ba5d458b076c30beb90496303553368d8e5a126733b9a0ce9ae3792153f57e8f1ddbb2acb784227592d6b210225452dd1ed5990bf7a87dcfcbb8

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\O64TP7LN\www.youtube[1].xml

MD5 78e2c53d523287415a9932ceaf07a91b
SHA1 f21d0efd4476e668dbe97f5e9a2d4dd92c80da2f
SHA256 c043f2049baa2e33285128fb33a9c4374dc66b4b8ea992d258812f9c8e6b5e98
SHA512 5e30b70045477f7d54f146f3c395e90e49c8020a5a3609bd5bbf6efce217728509a27dc4cf612e453a148ac728993c73a982928e068069bc9b59e0efd089415e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\O64TP7LN\www.youtube[1].xml

MD5 9492c2fcd62f89fa8afb9c0dc7c8607d
SHA1 64bbe54f4ac8981e5d63f83039a9effd40ea5c39
SHA256 b6d4efc0f8ac87caad1c9e8fe0488f4eb7c77f1263f5df564e7ba024eca346ac
SHA512 fd43cd0b2015b362fab413cae84a511207122d78b2bdb8dac2d2934304f58db71ebacc27d3d3cb9c77459ae5a135e5eb5f0d7273d87ec5304459a467f40f9a49

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\O64TP7LN\www.youtube[1].xml

MD5 88eec1d6657456946b244c3ccc4a01c9
SHA1 5b0b0795014456220953cff81db72b51909da1bf
SHA256 22f4b2e3fc5e49d83eeaf7a4e4d4e1f89597bd2936692ebb71248eeb5a233e8c
SHA512 dd396311e6d93bc846540dcc720f84ff24123534a8e468b2cc8e261bebabf03bf9bcf651978fc685c8a93ff98e36669d61305285b094baf3f759b120011a6a1a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\O64TP7LN\www.youtube[1].xml

MD5 7f8918b90974c70c0cdb64c50ff39230
SHA1 517301e0553a2cf010ac112df8798a35cc6fa01c
SHA256 0db3d8630beded1b47f41ab43bfab110f5f459d9243cf3f2d56d846ec7e6c2e6
SHA512 186947f4599c2f951f5e61fe175b779f4c1092f8482c2b82f186c107eed312a0cf61770e3d44d7b0ddd522250c8e98263dc96ad0a378cdfc6ba15edfd47fd923

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\O64TP7LN\www.youtube[1].xml

MD5 a12674f08d80d54a4e5891f925dd4f3d
SHA1 13148571d268e897cd3a8b92852fd0307e1a1ef5
SHA256 910af50d769d62c2c9dd01b3230937c53066b135fbf2f7779ae928500ce4b630
SHA512 b0d06167b0e3368c39a1e2683915b4e359c7117f77621230499652297898888acd326734b6a179e1e098b7292d08be4db0d873dcab78e27f856d0418ec9143a3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\O64TP7LN\www.youtube[1].xml

MD5 a7e3b2fb1c954dd4c531a047fd38d02c
SHA1 59343830094e3239d01f901c428eaba24b2f9680
SHA256 2aeaeed7a651034c87c9f8d6f8d749561608a206a249373f83b484f1395bd407
SHA512 050d4860259bcd78a110e3b391424eed84766e9a14ff06b117443858770f99a74b1842ab9346afe5f114e263075a9da598b5e0c4d2df7a41451192972d8d9731

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\O64TP7LN\www.youtube[1].xml

MD5 fe97851f0ea8be03b19da9e30a479bc6
SHA1 5bf22f6fc0b3e5a041c744e669e09e4b30ddcdbc
SHA256 450cee70c0dcd80fa45e0800e820651ee7963aa13fc5abcff3b8f01a8d91b655
SHA512 f1370f1b08e11e4ff98a2f6ff92ebf9269465176fc9b2b6825d096bf98a863dca8083b25028072d8a761fddcbf683727bf6471d2e63bbf7c9fdecd59fe89f08d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\O64TP7LN\www.youtube[1].xml

MD5 dfe7a16af2571f4dd60dc5ec2b23952c
SHA1 4abce235f7c39ba3bbe309bbc8c02ba0d53bfb3f
SHA256 8d8399b4be898cb7d7787eb989be21fccfdddee0a0ed26bd76a91827d38125ae
SHA512 7dd4379c35504483358f5f10a3d05ed755802c50ebd78685ff08e1e11711f1bca48de4ec9a92b212627eaaf0e00d521ced5f86eb153f89401a093c6369a42cda

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\O64TP7LN\www.youtube[1].xml

MD5 2b81e45f052a225fe75ed9a69f2da712
SHA1 8ffbecfacf23a646181a3ce4c453ba3bdd3080f0
SHA256 bd047455090f3a2fb2007471213412671fc928042acef3e373d08ed98e13bd3a
SHA512 09762cd314298f32022925fb02876013b58f052aab38bdaa9ada06a286d865b34a0e6a95cd529f0727e1d8cae6f6dcde87a95e506e89ad9d726bca928ff70f06

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\O64TP7LN\www.youtube[1].xml

MD5 422aaa7b19418ebd832c67d5f01deb2d
SHA1 d6bd05cf919cecaef38dec6d926e759079ed46b2
SHA256 ae9c043025c5e3125f02d80cf318ee7bfa6a3d4998fc5c9e16ab3852bcb97b1c
SHA512 a43373cbf15a5b674a53e933dcc129d7a60ca707a82d8991ab1b4326f4f58a007f6ee90fb386d381dd1fc9992a722d5d27dc9825fa5c6ac57743d0c3d6a5e355

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\O64TP7LN\www.youtube[1].xml

MD5 796d3abced2724bf9d4959d0ec278da2
SHA1 43c003a76103626c05516e6197b2ea47de35e1ee
SHA256 e55550b824af2a57263b4f43bf29ff1a556e38f0f6df63888ed78c14367f8e5e
SHA512 96c07146455052b168866b4c82513202a1480c08ad70720a296972ff8e4a0400be5060e7dcc3f1cb57e8110629fab6a9aa6ff69b6d8a9e639e4d40d6443ba4a0

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\O64TP7LN\www.youtube[1].xml

MD5 eec1f840fbb5bf1a8f60a9cf1bea1c0d
SHA1 9570ef94099ac9c58f02c68d49ce6d2e70f4cabc
SHA256 32997159616d62f8ad688829177cca047a3e1e9894f97f9a47bd10c88b4bcdad
SHA512 cd45e493b5504cb9f5882f6e87b5540d64d74758061dc8d9ce38bab8d0e0f4ca44c979c2bfc1682a7a33d8c16a9acdcbd9484b81122956d2ceef82bacfd9e85c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\O64TP7LN\www.youtube[1].xml

MD5 37fc463e8fb2938a0a8d1f8b09ec6afb
SHA1 0b13eac10b5ab79eabff59fa67f6571bc812e809
SHA256 e585138284766a5a0927995d154253ae32f12c70f78648e19560eb0048d27ab8
SHA512 aea19893dc3539393fb101385a89fda34eae8437fef9ae10fd9ac3be7c43d8de51b6ec4748378dd0b4ecb1f8b433e11deedf1c407b3373b05f5e0a64be09e4f3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\O64TP7LN\www.youtube[1].xml

MD5 af87fbc5d7e4735311ea2c58b9437679
SHA1 d0ee95f1fa0e3ec28e21b03737d72fcf526fbd42
SHA256 17d3a523bd7af323e4abeff9b42078fc3e32afeeed7008810d04c8dd80d990c9
SHA512 a6caa89696b81417b27e666e09f2f022afdb88f667b79893f315b1c404c188d8baa6abe4606a80b79e2084c4a2941a3f13be193306e13ba2ff3395388a24f47f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\O64TP7LN\www.youtube[1].xml

MD5 24fb64f7c6ed34ed2fe28f05fc4a961d
SHA1 682d040a813f5c092a4dd0991d20a072ad82c019
SHA256 1dc7950daed53a96988ce34d639b09f797f60aeda07e4fa86e086fbea5266072
SHA512 c33d202374ab6992f7096ead4ee831b49892c50f3703b74bb1879e00e385c50fdb9dd699c1dc00354c96fac4fbeffd6a708b9653ae7179150ccb2358b77521d4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 77550fa4f185ec3a8e5c5b50bbcc3afe
SHA1 0ef92a67ee2df9ba1aaa28e291cb2266b4092fca
SHA256 cfbd622c756e70d4766602e8cb3c09c00af9ce6cb731b12794e16d5edc89ddff
SHA512 2cd37b70e19b376592238243085e0c9b9e7a341b191bed1a14aa483a7749b356451e24b244e6b9909ccb0e52a5722ab37039f3cbfc4223d1ae52033f08ddb187

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9869e379293dbf4afc02c5d7206059a2
SHA1 5186328a8f46a4968331bc45dd30a32fd6a73c08
SHA256 b487199f69f79a4f41a46cc56579e530ecb3563aad0df3d59f8a0e07dd216b03
SHA512 baf5ddcb3ce98f0e67a3499a1958530488c2967dbee423a46b52698308b913a78dabc0a1da13311b9dd9d3a003d4aa7deff7e5e7bfd229038782ce3d35922a91

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e55a12a76edeb220ae340d25d1fbe846
SHA1 7c85bfc9b9d4549ca6317634581046f047dbe88a
SHA256 195975096624068185e009878fe99a3afc9003fcf5d81104197a7e27c30d36c8
SHA512 08300bfca953933529b3da8284abd8382bff3e7c8b9b2362ef2b93354a955ecc328a92425accb490815cdb60b59007b2fe2f9a6918658cddf3d2320440a2ac42

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d07853f6f2adba51549457b8474a981d
SHA1 3f118b9165d88a1ecb310ae92f16729071a18f7d
SHA256 9577adcec44b0dafbd307b4be29e3a8a89ece1f83d64f7b95641f59d58ea8abf
SHA512 526ddcd5925568bf85b4cbc266864ada027fc99d5803a04c7b8fdaa568c8400b8229505fc634d136e1f186388b7d163f58538827c24671cfdfecc976afd0d895

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 0554e5779b40ed6fc107b42424412194
SHA1 ee37ea1ec71c8b9b1a11c4a6397502130a7bb6d5
SHA256 420f9b71211599d8f5b833439bd0a997ce25d95e3ffd2daeacdcfa7e129488be
SHA512 9cd84f22ab20e4160e65add75bd9e499a316780370505df8a7763fcdd59841ab3a097d95e8f35ff706239b121d8bb9775938dd0ab05e3d4520760ada2deeb640

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ea16bcf0a15fd00609ffacb116aa5c85
SHA1 370e2c00f9abaf3d71d7e8129ec627452284fc9a
SHA256 8244459c27e562fa7c7adce50427e9983a35fde303d2709863ac033a5e0675d9
SHA512 1a783077a467137d9a66c4629e722f0e73b3a46c23448804b81f7e81a4b006e70b7c63eddc2e05640d50e8eb8731e9f6471643310faee9cfe04dbbd1d0be91b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd83a8f215acee0fb98b0fba78283e51
SHA1 36f4fb0b791db9f7afb0dd6c80e4403e264665dd
SHA256 10b4cbc962f2fd8453e162e397609208e40af49fa1a6487d7a19057a7674a59c
SHA512 aa2b40a9cf14bee5da6a8a4f5edec76152e921d77ddf00b7588b65b815b7a1510a7a5abab2472af3a2f3d1dfa58eea4e4ff505006f352c1ed1860782d1224690

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 218fae9b04b6891c7651dbfecebe6618
SHA1 7a049b4c9f873b78191ea4eebbefdcbe4e0ffaa2
SHA256 4779859649e39dbeb5d4a4db81c35f8ac0b6b8fdb97e3028e24176c1a82c1df6
SHA512 7e637ff7cad4be53268c1981870cd8a693181ae3e38b0889aa9f77ae74f40faf19506f58efc9f2780ce9799bc282d973cf5cfa406df78e0ac04a8fb4c077554c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c9e6c7ce708d13ae618cbdab075148be
SHA1 310336be813ce4ab23d362068f50ac5148a32daa
SHA256 7575a7ad431ffbb9a81683968f4bafb40feaab646895f6787ac51ca771fce496
SHA512 e4d85ee65acd70355f28eee5c7995c733d6a8ef52cb7c8bf211425cf014f8564f6a924aa9471f44954f0734113f8dbfc98c6ad58abbc09bc0092777f45c3f0d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 67c13631df2df7c2a89c29eb59810bf5
SHA1 e61473553ff7d0b95b370524b4a8b35682bbac7d
SHA256 13da5aaae16c940c1d8daa00585e06b4524528ece503263069ad30e49e27a460
SHA512 a70ae74aa9025816dffbe9b966fefa51ed5f44bd189e79dd9a7b9f5d25c5e18cf8b74c455885021fc47aaa77f37663cb4e9be9dc27c965c3bf54c4dc15667eed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 61963921c7031fbae558a2a572811df4
SHA1 b51fd24a4061ed7a0fb074f24849263360d9355b
SHA256 a62c710c3dd6cacc0a243b79960b94a27d7218e138ceb8122f9513a5a8c29ff1
SHA512 d76663b087f9465dd111492be87a61ecf55a3cb5bab3606522a20707b005b57d04a55c51a9f72da7587cec893e19919414e7f364f04c6211a27db35532835e81

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5ec08ae5878ff9e3b375d0ea9149ae01
SHA1 24406ea6ac3c28214e2d5c986d0d40d09838d9c1
SHA256 ac7b8d3da5a7d8cd99ff5b5c5e68e4d777d968bed0db211c756050c17683be5a
SHA512 20315d18fdd856dea4cb3ca61deea982eea8be9129db0eacc5c6fdbcb78d591f5f85bd5fcc4ab52316af9c61222e13706a9ed39e8a2d52cb395408f3f815e477

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 43e9df3ee1226cc1d2eebfb767998a43
SHA1 10e45abf54fa6ef971193684204bdd45f0bc85f0
SHA256 9d40ae6066eeb2fbea4d815227b4bf6145afb5e87d6efbd5f6228ac412b87691
SHA512 bc86e18324358fb99a0df4183e513230e758b5318901755749bdae3e91e2cb51fd58e9475e069a625f038887d5e54db9039f4c466d0d409af0f9bf888fdba6da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8843952d4faed6ffe02bd5c8025aa193
SHA1 b495e6081a98a1f833d561f0bf917ed4a3a8fb6a
SHA256 d1ebe1c466ca7dc2e8b7dc75eeff85b8b1435e423dde680047254e92edb17f08
SHA512 3d30ce2e8be69fc8159f0d6fab5d1d67a3e80cbf554e876f4b8a1ed85a2a47fc368e1b27a540cf7ec531c74b58574387b9a799323cfd74289fdf833e69f304f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4027d2c00b1061e0ac576b07f60c409f
SHA1 af544a1e77073e4379f211ff334145a34fa66fb9
SHA256 642622933ff39cbe3c0ac4c26eeb8df08b5755ccc820395b5b5e309ed1447b1e
SHA512 22cb0a46a88a45ba01d67c37e6636f83944711969d07769bcc9e2401c3bcc2e6362f8946000d1c1c64f062b5732387cea08a5486d2d422808e7fd8ac9bfafbf6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f2c677f14ce362a7a5d148ef403fcb03
SHA1 f0230b9a68118ab4eddb9b4dff99f8adc4402071
SHA256 6c0e5e2dc5b4928dca8c03fcdf9752f3e037b25b55f9baf0c99524896e02f71a
SHA512 3f156548fd864a779f4a567fdbf65abde5ec5493390acc55198f0833bbe18db71db01146f19c10c135e1d3b09f7566060200fb5532b58581ef79b237c0e1ebe1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f023c098a5f726606eecfd5828891da
SHA1 6b64299250862d1ff0326624e2b9a3cc70994d10
SHA256 0e64e9b4e8c1edb1c4c3495ea8dc69d7c33eb998689575fa1a7f2177610c95d9
SHA512 8057bf0dcc6f9d67dd6f444a9ef2392d2bec564c4842d826298b77670184189b56749d8e5f62dd631964479a87b32781fbab461345918525371031e0c06d6695

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\O64TP7LN\www.youtube[1].xml

MD5 b4551af1ca3036fe2cb3a62d2630e5ae
SHA1 cb0bb231461a8e0e0710e1a3f93d346dd872ea65
SHA256 aecfe42b192c5992c5311c48cac5ed6ac8e38e813383c17ac0dc08d5e04ca74c
SHA512 d21f067283712d73986c4235c794aeee9023c227d32df40ac7a1f8ae6c04a5b1b4dbec5f8430bfa257510cf17acc3ea65bbfc7712e1b987c1fc64359965c8c3b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\O64TP7LN\www.youtube[1].xml

MD5 b93c08d6532295a5909971b3d18167c7
SHA1 c50cf667ac25c9cb8d85482c1b4e7a005b12ec08
SHA256 aff12babd3104ec013bc4c3dd70e0a1e25984cdf4f56005efd85d003905436ec
SHA512 11a94bdf5b6c9733d6662c11a037b1bccdc8522635ba48bb4803d4e5525b456a14348438e0e667c991feae2da46211d74660a8ce13f47c5f66339a2b89b726b6

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\O64TP7LN\www.youtube[1].xml

MD5 853e6988cad0bce5638cf577eaff2f64
SHA1 cd986fd552adab8a75e2014f157a8c2f6ac3d5eb
SHA256 5db74d9476aaed430f727b9507ddfd8f1dca64486608cb7cf19844f2253bd0b6
SHA512 fc0e4e8724357e690251000a727dc7bfef01d1a10f0eb181c7c36eda668e4fef7a945c9f2009ca0f0d00b0632e3e971b1e56e0e04e7526c7b2a0896eaaa9b64c

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 13:18

Reported

2024-06-03 13:20

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

152s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91ec8a6471c248947c188614fa355bd0_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2664 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 1216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 1216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91ec8a6471c248947c188614fa355bd0_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e77046f8,0x7ff8e7704708,0x7ff8e7704718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,4266913944046617294,3920434527056816511,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,4266913944046617294,3920434527056816511,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,4266913944046617294,3920434527056816511,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4266913944046617294,3920434527056816511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4266913944046617294,3920434527056816511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4266913944046617294,3920434527056816511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4266913944046617294,3920434527056816511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4266913944046617294,3920434527056816511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4266913944046617294,3920434527056816511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,4266913944046617294,3920434527056816511,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3576 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,4266913944046617294,3920434527056816511,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3576 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4266913944046617294,3920434527056816511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4266913944046617294,3920434527056816511,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4266913944046617294,3920434527056816511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4266913944046617294,3920434527056816511,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,4266913944046617294,3920434527056816511,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 konthaiusa.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.konthaiusa.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:80 www.youtube.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
GB 142.250.179.238:80 www.youtube.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.200.22:443 i.ytimg.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 22.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
GB 172.217.169.10:443 jnn-pa.googleapis.com tcp
GB 172.217.169.10:443 jnn-pa.googleapis.com tcp
GB 172.217.169.10:443 jnn-pa.googleapis.com tcp
GB 172.217.169.10:443 jnn-pa.googleapis.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 172.217.169.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 172.217.169.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 138.201.86.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
NL 23.62.61.171:443 www.bing.com tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 171.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
GB 142.250.200.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 6.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 87f7abeb82600e1e640b843ad50fe0a1
SHA1 045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256 b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512 ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

\??\pipe\LOCAL\crashpad_2664_UBWBTFBRTRLIIOOU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1 df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 255c30a52611d03c9ff941ebdebc1970
SHA1 b4c3863919d3f0f9c3f5c01b0da58c1d4291b8e3
SHA256 0bb93cd0dfe59a32e60220be87bf30b3bcc84820ede1ee2cfdf3673f1fc8be64
SHA512 a5bb6e83c42565d38cc5cc08b4039a980f78482615ceb8bac1cdf6cb78444aa8c63bd36ccfca5677557ba051a4e9a96e9372aa8507158ad302226c2cb3aad79e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ee75a62c3a8daa82dc3b887cd6717529
SHA1 123651ef4582999aa0b423554127b6e1fe1e287b
SHA256 dfe5cddedc9f2fde38238e804e545624d182c400386dd4a9bf97d9357abfb764
SHA512 5efcf160005becd70c73b91c6b5002ad825f962e6eb748449caba66c218c13e28c2a7029de58f7eb4a9be04a405043d06972fe10a84cf4ec5c9edc1c1475b534

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6d22729702614d6df726c0cac8c39564
SHA1 873f3b33603691292328910015ca218b665ff1c8
SHA256 f787c491921e54fb89567079fac62702b4cb3d4ebce81223d8baaf564221b569
SHA512 0a8a7a194fa527ad55b4ee26c175ae90e0f8a22018f0095a701d3adcff6bab7b23a831501738c11b60dac4b8b21146f9f0f415183e28c8681114294ff7b3a87b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a59e64bae28c9e31f6346587a3c63ea8
SHA1 556421b7328f2efc5ae26168c3e4df5714b9427a
SHA256 740be088b137539f6f9a8130101ff4ffd7af2fbc2d6f6cdf3975f0b63cff1bd1
SHA512 5771c526aa403b41cf0666a47f67f355bddcb7dc921ceb238144c3ca8d0b4c6f0f3def424ce7e93416f0f91b0ea8796c66aebdc67289042c209a1de9109075f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6c88fbff26721b3514eb9136c187fa6c
SHA1 44080dca56bf657eccae91e3dcdf40304b780be5
SHA256 e6641c662460645ce7beebeea7bbf639b1858078ebde39bd0d9fbb45c21d8442
SHA512 b34597137db07b7a1fd12360553c668cf6d9bc42938f3d9f0c2e86177ba32ebf11346f7305f52b8b96bbe085330c301d221c7f2b919e2df5ad83f6e7574bfa78

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0b2509ed7dc02098c90f2c97dea95ca8
SHA1 5a4b0b4b86311775f41f12396cec8db1d32d6de2
SHA256 f7d60c0267665b5a33e078332d1e481035a56d5386d69c468721059f707016f6
SHA512 b472bee8ad9cbb557d70b82127f7f85ef69b0afa21112f4c2287e395862ed5917039ea4b3573884cc73c0e4ebc793dc7b68ae89bab503e1c8fc2268e4414a367