Malware Analysis Report

2025-01-18 00:01

Sample ID 240603-qpyt7afh6s
Target 91f282e4e556f12b1edb8237ddfa88f4_JaffaCakes118
SHA256 1eb4d90bf59a5853481ad328a1b60e367d19b59fdad4a53f7233e4780f893537
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

1eb4d90bf59a5853481ad328a1b60e367d19b59fdad4a53f7233e4780f893537

Threat Level: No (potentially) malicious behavior was detected

The file 91f282e4e556f12b1edb8237ddfa88f4_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 13:26

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 13:26

Reported

2024-06-03 13:29

Platform

win7-20240508-en

Max time kernel

134s

Max time network

143s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91f282e4e556f12b1edb8237ddfa88f4_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "325" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "13496" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "325" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10097" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "13496" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "13490" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "233" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "331" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "20333" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F1AB5621-21AC-11EF-A9A6-4658C477BD5D} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "20333" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000af3b9783a7337af3189c3bd58e4fc805f16aa3c9c02edf079de7e11c1a60980c000000000e80000000020000200000001596dc1f21863d0ac20d1dbb6c50ad98fd4d1354ac9c6ec1bbf5ae7b73cea00d20000000aeee2c0eafc060ec959feefb9cb64669cf91fc30a05bbbd11c756375ac49a784400000008528b22df3afe09bf3a89d70ea893b67b4bc81cfa0e6d0b53fe70ac65a610afc244d21571887263c81e277b57d0e1e3a7672e1edfe1f6bb7df0b2fe1b0404d58 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3884" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10097" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10015" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10530" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10448" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "331" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "13408" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10448" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "13490" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "22770" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "13164" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "22770" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000a0c992f1bfc757a32e872c23a02d7759108fe89c88dfe95f63fb300161092c67000000000e8000000002000020000000b17647b444e0e17762718963abcf625a8b585a4cb7c0afc435dacd11394068d990000000d872842e2ab1be5ec276ebdd3f7b9a413f2a575ba993a297c93229574655dd7e7590d1ce7ff620604793c466c43d69c4debeee8a711ba5a799c0b34916e2057470e8835250ab41ad4ddcc9f50cf8ee1b1842c8227cab95e2b30b8779bd6ff11c33f4093cdaf9717472d65b148976b9744dcf3b349ef33d81eb3f76a9bb9bb6bb3045d62495cc79f948a3fa67acf49a16400000006ad92b9d5555c59c0700de6bb0a967797f9a7e56f0bbe3c7f5be2ec5f81888cdd39fbdbb79b60cd3f898f02fa766a8309ae167b8658cd79052c6aa5155278912 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10448" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "3884" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f06aa2cab9b5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91f282e4e556f12b1edb8237ddfa88f4_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1812 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.konthaiusa.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.179.238:80 www.youtube.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
NL 157.240.201.35:80 www.facebook.com tcp
NL 157.240.201.35:80 www.facebook.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
NL 157.240.201.35:443 www.facebook.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.42:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.200.22:443 i.ytimg.com tcp
GB 142.250.200.22:443 i.ytimg.com tcp
GB 172.217.169.42:443 jnn-pa.googleapis.com tcp
GB 172.217.169.42:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 172.217.169.42:443 jnn-pa.googleapis.com tcp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 fe0.google.com udp
GB 172.217.169.42:443 jnn-pa.googleapis.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab24B2.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar2584.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da1ddbbd693a4d2c9649b79c0d0bc8e8
SHA1 d9cf2413238ac247da5afc5f832acb328dd1d674
SHA256 c1d97119b673fea689ab2b20efa13e010663f269914cd55d9ad820e40c732e3f
SHA512 d7792af5ceacf16e2e2ff96d74c59c439eafa3cdf846e2d1ca1d7533b70adcf1bd3e3183cd387115bd60d2f8017345ba9268c5c6b5e0f801f3e0925f2305a9ff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 13ed5e0369cedc64c8437eb9a493a981
SHA1 880053c91809fef7b2a3d688143f554d5a05c0bd
SHA256 3560614f2f62c19498d2ad6c3b9fa8f232883167479de05e924a5a3ab19a8454
SHA512 18b3c940a3b722b58c476af4141ab987ed9f7557c1e52f3f20548b2c209abd67c943761d22e20ed59c36d69f8cd911285aff7efdf2d20f51c35cad62932aefa0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVDR4C1U\www-embed-player[1].js

MD5 d2056f8d081fbfffcab81d61ea45b151
SHA1 710243082f40626f64943ad3b656400f444d7130
SHA256 49fa9b168cc8bbc037cf4498e31c355509e9b438b0d19fcf750b1c5fbd1efcaa
SHA512 530ca2c291c44d3d2b5869b0ae661ac047748a5cab50de280a2c8dbd26b52cdd71a906b3730e8a849debece542eb919462a8407ef2410acf28c57d2b6068cc14

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVDR4C1U\www-player[2].css

MD5 0fe92418bcd14dafd31cf4d854a2fb52
SHA1 592691394af239f5d823d5caa236c572e3fa6798
SHA256 f45f1399558f995cfc02656899d2338b8da40a49f558c9d04904a0c4c8c7f1f9
SHA512 2a8408357b7c859c20d687a17fa2ceac011d33671c2592d83dbc850637f8215214545aae2b90d5a1af580f83f536c0508e81bc63d04635cdf1ed3e32a51e8a05

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\82O0T3YB\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H09CVCL3\KFOmCnqEu92Fr1Mu4mxM[1].woff

MD5 bafb105baeb22d965c70fe52ba6b49d9
SHA1 934014cc9bbe5883542be756b3146c05844b254f
SHA256 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed
SHA512 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H09CVCL3\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

MD5 de8b7431b74642e830af4d4f4b513ec9
SHA1 f549f1fe8a0b86ef3fbdcb8d508440aff84c385c
SHA256 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a
SHA512 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\82O0T3YB\www.youtube[1].xml

MD5 426134a2bdf70551300aa5ff95a6169f
SHA1 1d273368e1d467b82c7495b786a4171f599b3178
SHA256 eeb2ab87e7e250e4870b92b590164fd4678b4f1c8edebdef9099ba2d4a7add67
SHA512 e820e43df03077e9f93f73858bc9aae01946f8c7bb0865454e2f5307e2336d75fe5baa55eb63c3b2adfb39a6aaed7414ef439dd43d7359c97b857af4acead7a7

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\82O0T3YB\www.youtube[1].xml

MD5 f9c55e020c5a57c731e4fc88cdadb2d8
SHA1 a547e4946b270f6471a22ba0fc246776235cf7c8
SHA256 a3301571c94140342e7b5758f8f70c719af2fc80ecca9e850207e72d49baf92d
SHA512 2553f3f96a6c540ed2d32ede1a2de05f9b30ca5f7eb1201a8a661cea2e4d58ad9a8572f06649d09bad81cc3191033f2b1a509b507298506461c8da1d2a3bb6c6

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\82O0T3YB\www.youtube[1].xml

MD5 363a1aa87cec020397e3769c53294779
SHA1 2a4fceeb6bf15dfea1f9d9fc1e67d953edf905b7
SHA256 a4ccfbcebbbb6e51c62253ff8f8728e3e4420b9bc8a8c25e113343f814bc7d8e
SHA512 cd4133d340cdf07f46b2660eeee17ed62dd51e028c45022b819573fb82ff2e4bcf238d8cef714330557860029e17e81666548c02161e8b8ad18ea8d4363585e9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H09CVCL3\ad_status[1].js

MD5 1fa71744db23d0f8df9cce6719defcb7
SHA1 e4be9b7136697942a036f97cf26ebaf703ad2067
SHA256 eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
SHA512 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVDR4C1U\base[1].js

MD5 9178a954abcce420219864651c7787b2
SHA1 f874d3e998441ba6439cfd7e89514facde08cff4
SHA256 40cc1692dd4d8e1c8ed29593ee222240494b872b734c0e31da4628014da7346d
SHA512 927bf88499cdd64ce32f3780a0cfa88b14fdfbeac6a237454dcc43ee5d56b04754a40dbcba402519637ba1a3b0f948a597260a74ddb0b316698a41559d8e1cd3

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2XHJXO3H\embed[1].js

MD5 322e970509e24ab233b6c326a9339623
SHA1 10e2ea809ae638d5f32385d05c569922ab19bc17
SHA256 99cbd012a57f19a3fc1b412866ba13d6b9de2a5bb22449dcbf14ec0a88937000
SHA512 8f8bdc9418feed04e6fc7415e9e57f0934a6b136b1a763e0e39f67efa47e004a8c3385105a1c1dd9fa48ada83ac5a2a93940f20a99d6d16722ae903c93d9817c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\82O0T3YB\www.youtube[1].xml

MD5 70d931b38835c6023d6a101a64f70b0a
SHA1 8f55df1d491a361c259573738eee9f9302bb671c
SHA256 4bb1eb2fceca6eb70c3dfc5fbfe128b8dbafcd75c6afd183953cb299d5ef4248
SHA512 73f291dc32f47fc8d478c78d658310ba2369179133b17de84904c41498b823ace1ef5d10131c722fcd94704ea32d7b6b9ba3fcce6c5f26a0dff281fc1477bdc1

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\82O0T3YB\www.youtube[1].xml

MD5 a6a7a515c215a42fb33e47dc9780fb00
SHA1 f410994bed546ae7944d03616e0ab25ad81c8b6f
SHA256 b3bf74b473f407fa247272ac52cee2739fe6b69c3603b101d31c533a7db79d73
SHA512 51ccab721fccce7bdffa1de4a70f5df465d2658fd50ed06489cba783bde29cb03f46a940a19967d3c9d245dcfdbc868f4ac132b6420522c0946ad6cea9e8b06d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\82O0T3YB\www.youtube[1].xml

MD5 6eb27f9f270597b4f14c8f947c45dfd4
SHA1 33d288056c69c89cc228b90b3d5ffd1be2e24fc3
SHA256 9768b2afc8ba6dcffb4e6b308ed4f5c46d5b8fd9a33fc3c78d338c1d2b8084b1
SHA512 f18d5007429a974a5d02b32e7f431c502bae080751ec65f3a5d7aa1cae2c5121595bebd9731394552a8542496826c98dacbcfa9c3abae8f20247c72b1899e7c0

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\82O0T3YB\www.youtube[1].xml

MD5 ceb0d744823dd6e41f84ba77ba5d0a42
SHA1 7becc2b21216861639cd554fdc888d18b3d406dc
SHA256 150a52b1a59da23744accf24c55b9af614e7367c1072f35584dc23ad5717f748
SHA512 55b072ba6e45fa4a84bbc3f42763f4f0643033ceeedc06ac429fa6b93142f9b3b8e0ea15b3deb8b3b8fe59db1693bc346f5208acbba3706a7e821cb3a25c1eee

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\82O0T3YB\www.youtube[1].xml

MD5 0536ebd30f227a3ee1d87f068ce7d955
SHA1 d7a4f7fdcda2137fbd924478f285ad0e3d807a68
SHA256 2b7e9213f470d0ac3a44c492e3d167984b0b2b5b0e6e4a3efb4e1e813b010f5a
SHA512 330c0a5974c0ce42c4b40a8fcefc78784048c4b0b2dd5b0356ad08ad0399a9a6c9a442dfe7e74d2f048d7ae889429f33df0aa70dbf339f14e1cacd4ed6cd9732

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\82O0T3YB\www.youtube[1].xml

MD5 4d759b9114cef446ec8ca4d44e1dc34c
SHA1 9d7936ac43857a2c9887680e1faac9b62e573fa2
SHA256 0f90a9b4c46b31a74d2d33db3d716dd1b710d5c83336ee97bbcae049c91b9ff4
SHA512 2df0012e5b48cd6aa63102cc41e3ebfcb6a01c1b9bace33e51051ec09ca8b515fb8a457894073dbcc052854f54208eac8fc6c18df01c6cb596402c65a2209391

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\82O0T3YB\www.youtube[1].xml

MD5 f15de48f4335bc4ccacfce8ff2dcddac
SHA1 b12bbc47ab668436b2123a6e912281b1e93dd1c1
SHA256 76e510b904b5951b7805c783de2720dcbc4bcc510a712956ca6ca5a7599d6dc6
SHA512 04fefa122367dbe37813d688f03aead2b79b789ee41c8a73826ce366fb0d63a73a930fe0661e202dcfd8332d35c7a2cab2111d6b29a7b2e1c88986ff959b6ce5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\82O0T3YB\www.youtube[1].xml

MD5 e1ca870f11180cfc9aa1b20db12a355f
SHA1 4912145dbd0425d0690b2a3b1e85b4763b0858e8
SHA256 5e7e5d1422437ca9d91a6abf5a6ffee2b421ec266413e8ca0030caeb09cf22bb
SHA512 752af14dceead5659d5a3682c39965639e4c6ad9eb66eb18b70bf588a5efb2e58ef0531df09b366b9c5559a1f4e19764c97fbcf94c8068e97b696adfd67fea0f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\82O0T3YB\www.youtube[1].xml

MD5 737ea13704dbd39ea5864a3a60985e78
SHA1 6f2f19022008acc050fb6d9bd62368285c6b4a02
SHA256 35f9e9f5412425534ca8f9fa44af1695fb0f3f9324f99a0f519c8791a4969ee2
SHA512 37e0bce1e6608d9b492bfcd7d6824e75a0e99b39c0cd7704a31bb63e89d57066af48eceb704a18e04efcbf2a1b5bd03b1583b9080480aeb53cb6b405c41fe501

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\82O0T3YB\www.youtube[1].xml

MD5 113b318ff4f1de55087c624659111c26
SHA1 d4329ae6582bb5db449234ad8ce767157b7259bb
SHA256 d03e1b36eda6e46b5ca0df9c295ee24988c52b99a139f728d6b6d8188f9ed351
SHA512 87344fbfbbae26cd1211f425ef9394775766c17c9606ee3aa5f0e7f80fd8b1ef60069638d65235a4545ad60e836a4da04a903f27775cd5cd908ffa66172b0f50

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\82O0T3YB\www.youtube[1].xml

MD5 eff8ccb75262aed388b86928b75a4d10
SHA1 4a03c2cf2523ca1ce71b404cb257cac0afda2ee1
SHA256 f04b520746a85edbbbd3458c5e707b4571bb6d67d70d7ae9330a95e4afb93886
SHA512 0ad4b64fe0fff6462b1e346467da1300fde7860f6931e6bfa27371adca8f7666b02c543197db62f2d6821bb38d224767c6191b2981af1a50266fbbf04a97eae4

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\82O0T3YB\www.youtube[1].xml

MD5 a8acdfd8c874a81a38f560b8793f6282
SHA1 75c90fad55e925c5f03d95423cd99865819cf448
SHA256 15912a824263785583d209dc276f153a6786cd73c81b401fe749313785c80826
SHA512 b61aef29e776e684221805b04c2258ac8971b75ac89378e0ba50130fc7e5d907049b936bac8820cd72292c6f53ac13e8144762579c2da48e822d9ba49e4a233c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\82O0T3YB\www.youtube[1].xml

MD5 819b94e93be56c6b4f971d738c2db5e3
SHA1 01009bc6e21c27ca7f67793cc752940d393051cc
SHA256 bfdf1d03211ccdad503f4d773f432d1578c0ff58f718fd6e5eba2ea062c8eee2
SHA512 09125bd051290cfc53ae663c61c3ed15a868c6ccc6e1311221fe69ec33f161da1276745708b0386d652ba1e8d8a0c5646358213bed192db280a1fb809b53f08d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\82O0T3YB\www.youtube[1].xml

MD5 85456a252ec90322bb1eb371477e8818
SHA1 8dad588dda87a40bdf4e2008b4efbafd9ae2fde4
SHA256 41dfa6380fe50d5f7146b8913064007ffa0c5fde5ea50094f7553787a5a1d91f
SHA512 ec789c84628c0311b9b63f781712616498a79d4da43e51882ff4e5879b6e4ac571cf18bfc2829dcd03fa4348ef7b2b6a23ce678de8a858e6b999605ec1bf816e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\82O0T3YB\www.youtube[1].xml

MD5 2d3bf014d3713d4318d98753d77e4f9d
SHA1 20e0ac90fdfdd949f014395d73f1cc74c90230a1
SHA256 92a0b8d6b233bd4c13f59c84e0d52219487a13dbdfff110f47038ab8b1aa718b
SHA512 801a4d91230127b3a23eb8a38f912584b84365d44cf0459727bd3d08590717b82c2722154c92500a4ccf0f028f7ca5e3e6f26d9a7e78939c5f973e655c9eae0b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\82O0T3YB\www.youtube[1].xml

MD5 72531b8a61d1756265fc0892954f68cc
SHA1 207607f15b0ea6673d184fe7efbc37920e4bd17a
SHA256 b2a66a1d89ff1295272264eb0bc00b9b30bf132fe1d964f32abb6871252af429
SHA512 ff9ef4e9f35bf9816f6a07ea72b755e4cbfbd8ae10bf271d30666aef2db3f8e22e3c802117ea388581e80c0f3b265124d402be51f5ad6a8f134f5291ced7e9f4

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\82O0T3YB\www.youtube[1].xml

MD5 5129675f7f79ba660b7dd0f3166c78d2
SHA1 db0ba3474b61dda91a45519ac2d28a2bc114c23f
SHA256 f2b9672dcdacbfd471c23870909e848a3a6f90a52c6180f74a6393631e5cf0f3
SHA512 18fe86d65fb0bd1817aba915bf1c279ec8b039c5078267f214e21bfd4deba8ea4c64a9f976b66e04ccda4c42f9df5896a0251b09fc49c218c6f576b7ee626d19

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\82O0T3YB\www.youtube[1].xml

MD5 867951fc6ec72f2bfd7cdb64285e38b1
SHA1 9e7580a5474dc8299e5f1a3048f3bd6d253ef0d2
SHA256 a76c7cc3a259caab4bda55e03d88623a742c506d6122e8146a3cdee4bb288d60
SHA512 bbfa2443cbd2e687af3524dfa36bfbe1cd5a98e467ca05139376397d2eda579cc2705669bb79a4c020b0aad3d21a4b4459e9358847c509f837855f3e93215e74

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da0d12d9628e2e5d1d693604e9bf7437
SHA1 329962541baf999754d40514f074955258a473fa
SHA256 308b2942fe5a626e2b611cdae96fdac858b6bc02543ca7e66944c6753396dfb6
SHA512 8642725374a6fcc2069186e918ec409aea80cf56246f0abfecbbbfb07200c3b303e28db26c1f60dcb571d1b66d330a8d58066d1119011081ee0afd731d4a11e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5fc2fef1dd3855ca85aace257a6c2b2e
SHA1 dba4472c577e68d4caa38e1e86d13805e613bd86
SHA256 17b660fd376721709ca0a361ed3df7a91899d0c0bd934818aab3db5574872a69
SHA512 c12b49c14d9c018b3c64544f98c3bceb1a47e3b2f13f17ab323bbf681f6f574949dd5184f86252f1a44884f74a93ba07760d35c1ba4a56539e33556bb73668ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8725aa3fa5fddfecf79e581022a81540
SHA1 3d5cd6a5ca0f20c5f621abe3c9a3e8d9179074e4
SHA256 493ae5957928423049a12dd40e9c25c23bafcc347660d75be3eee577c45b686e
SHA512 bf0fa62c631d1e4d589f98af97d79d670cab1437e101c48a84f79d04fa0cd40dc76b6e4e4ee3f1a2d48e965795feb6887058f759fd308ed70d35c574b1d5ca54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5cec2a8b168e7259121799dddbdeaaa0
SHA1 88192db88555e071a34e3bb790d5eec42936bd29
SHA256 292bf4d8cbec3ab459cf4e30865d6f5a8b9ce551de9c123a15e7af424591349a
SHA512 2aea6a4c7d0a663c05b324a3122c51e143d5b717cbeccb64a122b5c18c9eefb70544acb767d91cb3983d972732ee4d7e56833deed5bbac32e7d5aa9633386964

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 23626b902693f752fc3df9aea15af10e
SHA1 53209aaa2010832cd4a34431c0b59a59df1dd30e
SHA256 d155cd80b4bcab576acf1788842767782adab29f5f056e272eb9c98f51080421
SHA512 2db98df554b681ba0d23ddfd9e61a71bf06c2b2644a3c053ac92c8d55cbb304491a71cb0792cc1cb9fbb2b2e37d31efff2e9e5c2a01f838614e85e4d62106111

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 27ef8e783b07fdffc0da7e1e093d2c56
SHA1 12ac8730c636b74fb22ad248ff5a8eb460191247
SHA256 6082158cf463027279397c0d3567331acf91cf8746569cabb6ed92b56fc470b3
SHA512 f433857037d1de09d525c11a9833452c65d77a1837ac58fe12fc71752fd08a12c79c4ffb3145313010647ec1ec4788fc16e52df823b59c57d5ab556c09ddbc1b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 28983bf01b45f3c1566f88c7f9b5e273
SHA1 309f6e62adb52c62f4c245aeaf5e155daa26df44
SHA256 382f484adb63996c0a80e7cc24dd60b224e37066ea9d66b5412a95201f6e0b65
SHA512 d0a936434aa4218768187be08d88cccd336b55f883e811e4d7ebd39829556874b67a4111804d8346df4a5f2394945d2cfed301bd6ecd9820116c0d276df37974

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4dd2b30a209e4a10040f3b8ad2df7ec1
SHA1 32580017a7d4f7762c314f17e0622b1db59beb6d
SHA256 b52d6a8726dcf088eff4652e702bcef07981158c4f84dfc288a5a9b720257290
SHA512 7616fa9935c7e07d09a130a40cff285290b8118c7ae89f46c54869584216d995728dbc7940f02baa5ee44743ed874f71d56423d8e1574d50b6bc8c3d794954c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f3ab459b6ab3cc89f99b716d70d44468
SHA1 b0f3255afa136c9da5f3504e0abc691b60777c36
SHA256 eaa0c8a5fdae42b747a9be0fe84ce3c5fbe9aaed9a0bce8225ef4589a6a029e5
SHA512 9094437cd5d13c1843353583a1aef24920e8bb201b5b276e703fa40b32ae6cb10357f6849f536e94e17affe43124eb0928071ff315467e220848e9f74c412169

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e4e7a3176810be704a3c1dada8dabba7
SHA1 ba2fe13fd1f9a9e6263c2e545b5313886805b43d
SHA256 0e4a28e0aefde496f467e56ea7e5967d7ca631cf33739c417cdef3fb8fe550f3
SHA512 954122c47bac7c39bd4d86299cbaf9b757b9f3314fc0d4620538e11a936ee63953a377f13fe6fb1e3a54c556bea71ee291f2a25dff86755bb593c69170cf86be

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\82O0T3YB\www.youtube[1].xml

MD5 1f2332c632e8c85f1ea454badf16c7ed
SHA1 4445a5b517e06373ff0ab69f370e778570d305fc
SHA256 735c39b7bfefe1fea2ef0dccbced473f88556ed7896fe0bd5242ca1d40bd37f8
SHA512 3f8e847f222c4b644c2ffe1ea22f8a138de7bf1a62830b21d31a40a025d9d4e30f96b153ab4290b03e9cc488540fd996b875d769859cc61a2a7a038e1565885a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\82O0T3YB\www.youtube[1].xml

MD5 ef529b701b1cb4a7f91983fb6e8599e5
SHA1 d6db6aa82ed8b5683a42922c52310bf02976150c
SHA256 81764d2da35a487b84e50c06e19abef817e3d35339deaa76989e87a4a2b86793
SHA512 34db2fbc59eb7832f7df6eae2658d9a5aa3ffdc92a4a9c0ed560688e31041bb56085d27e7b30ec797e40877808ac1afb5f161be784090e64fad770df0fdaaecf

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\82O0T3YB\www.youtube[1].xml

MD5 3c05e4aa6ef3c3bb0ffe3921a494c101
SHA1 995629902bfe11671e18e1246e14a2425d0eedab
SHA256 adf660455f80307a0d5e62fb58c6bb52674a5b5d3bbfcb1238b46f2616d01eaf
SHA512 8f01cb3124dc12d430c63c1890963f3aa2c15522f3b36e28733d65d85428672a6453ff49fcbd3ffe2d5d1298df6973294a473dfe309f709fef39a175ec90dc64

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\82O0T3YB\www.youtube[1].xml

MD5 33ac92fb1af5109a1b3620c31fb46e48
SHA1 710c5acdb618dd9c136c0311c9c4687c79efc24f
SHA256 9f928abae3ef78d6aae86e7557e1c00cbbb337c2cf4fe60fbbcebc0bb33649a2
SHA512 d20922d6cefc14face00dcd7d6d9c75a454df20e272faf5acec65992d8783cfe0e57979d3c1974e6112df3e759e213c16641a19809448170c71b8a0b45ba311d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\82O0T3YB\www.youtube[1].xml

MD5 6140c42c7326e9e9fc0e76751d5088c1
SHA1 96e27aee89a9385a7bafea00a6322567f39a5e33
SHA256 243e1dcc178c1a6b0aa03e0f35b65d8f18cd48adf5031a6306bc274c95127bf0
SHA512 7528290d3b9370fa612bf5c920b45cddcbd5c4b38137d2f89a52a745cd8d5ba796bda39c23868acd6e8994c5e2f71418ea353b833f9437acb3457c9e5d726eb9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 41ace98d446a19a709b9a0b340d38fb7
SHA1 4be2290b186765113419c66610f4796803f213d0
SHA256 74bfd3bb100d4102cb4e330284d51a615cd29deb4d2f2c259c84810528f20c49
SHA512 4007b7c7abb7c581e21907b992b01bc3ce708f6f65760801f1b11a575350e832ab7c80668011cccb164819c5fdbdac3f73ca6c07fc86a2eb319b5fd8335f48b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bfd36e6e6aa90201111a27cca6e47ef6
SHA1 3aac3b55bf81b1cab0297272b0d94c49c9164514
SHA256 da8666df8890c1876daafb1de8fee82b92e51da0b9bcb308fdd57983cc712de8
SHA512 3738de06ef804d6dda76ab6467d62260e4fa978ee853f369eb65404a7a5662d8f1599ea98879732fc0ffdce3fddc3b3b0e6b1f04346ab67e80f45f798056d8e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f089f787b76fe943b3179114a370178f
SHA1 53c8e226b5429fa7a935dc1df041a2a602112b99
SHA256 c74699957677a8c5f9d5bd140573782578ed3919d304474d760e7cfb50f3d5f4
SHA512 5c4c6457e48a1feeb7f9662a3520e62bfd8e7334ec64694446748b4c7b7380e71f19572c9411b9086a1d36db4bdc7ab74e1ca2ab48e20589c322ead2f5baff43

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 90b8096d6626483255efa6fea0168f0e
SHA1 a9387fd80294701934c6cd1d21f1cfca5e65747d
SHA256 34c5dc4ad19523971ef343a364233b0be4c46dd9ef2d799167b26adc334d680a
SHA512 6e6d4f64d636ee199b592829b6dc596f3b61aa34e0509593c22f5694d9760030f139648550efc0b9398c8a1384297418fe89ea2f6aee98e2a0d93389301e75d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 54d5cbe7aa5e5ec82d87c08184c843ec
SHA1 26090662f44d19b1d340c4e1081a35c4a8a5ffc9
SHA256 46ba30747f48ba84292821a08874c162cc9f2379ab39ac931a3dc6bbf692f050
SHA512 edf86f0c16d7f6d7164e42ccd7f499c80c021c6af1e6e4bbf360b07cf5481242bf8021b1a4d8ffdece6303c0a4a0b08cfec65a10c686fb9d9895888c8ba320a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08ef04b09cb2959eef327be2c9b998fe
SHA1 e36cffe23c754c922bd409a2c56d214f37477ef2
SHA256 e42871176da96aaf9c90673c8079bcae4207bc44884ef1b8c84a5b6bce95efff
SHA512 d0fa59ba161e4916dbdf7053c69538c2d5d82155aafb6b27f36bf703241f779def8c989226c6a2e7f767ced3d524e3ce481560a004ebac5ad178a48918cbe47d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b6e118d9009ebc09163b978c1b8a522
SHA1 6ec9d83f532609557c9fefa5030de882c530a1f3
SHA256 399dba4845bcca2b10427523b0d45561d4dcffd4b26e7400cae0ecad4af295b8
SHA512 15762f870af4e4a5cbb52e17228cea21a4e4362ad82499897f228ee0b79c3e8427a5f481b622bc032da5f5c63add1a50988bf22e671702732c25e9fc7b37f251

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7e4e5f9537da25fbfe97c1909d5aa6fc
SHA1 fea83c44af7c445c93a80ac8595cab10c2d30a40
SHA256 8fe85e59f084f6e64bf3dd32bd0efac4fe972c4f159a4fa0a5087036914a9170
SHA512 568b692d3864f02a1232ccea2e84e50f31e087abb0bc577f368922dc006e274e67c5803c25ea631c9995c263cc6c2bdab3cb0022ebbf0d436d61552a66f5a41e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee34ede9177567e0c5cc000fd2526c87
SHA1 777f960725939a7f9e1a34302c0c20d8bc1eedb3
SHA256 84cb1a38534664bf3f66906fe3cfab22b32e06dad8a46a994ff93c408026197f
SHA512 3576d4034218784486c99ed8198da3a9e8c5398331ec3d52b1fcc048ff3c2ef7946456357ceb0231c6c77bcca964dbcda9c5aacf1aa7eb2d2ef44f0733d8c2e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f718f9a14308008d3a070cb0e1649897
SHA1 3fdf0e585c36b27f3a0a8d236803eaf09c314fe9
SHA256 235cd6e36edded1f5608a73f57dd69e2d34bc5fcafe6e41639f71bb5c36482b2
SHA512 3d3142647db37f9c627c4c8483393bd784da7f99b066d7eb31975105ab1b2b0d894754ad16b5216018992bedb213afcf195679b476e39ce7f9e2256b55152e70

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 13:26

Reported

2024-06-03 13:29

Platform

win10v2004-20240426-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91f282e4e556f12b1edb8237ddfa88f4_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2632 wrote to memory of 812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 3408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 3408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2632 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91f282e4e556f12b1edb8237ddfa88f4_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd073e46f8,0x7ffd073e4708,0x7ffd073e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,12112357076816933104,16364180099746017993,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,12112357076816933104,16364180099746017993,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,12112357076816933104,16364180099746017993,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12112357076816933104,16364180099746017993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12112357076816933104,16364180099746017993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12112357076816933104,16364180099746017993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12112357076816933104,16364180099746017993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12112357076816933104,16364180099746017993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12112357076816933104,16364180099746017993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,12112357076816933104,16364180099746017993,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,12112357076816933104,16364180099746017993,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12112357076816933104,16364180099746017993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12112357076816933104,16364180099746017993,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12112357076816933104,16364180099746017993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12112357076816933104,16364180099746017993,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,12112357076816933104,16364180099746017993,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1984 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 www.konthaiusa.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.179.238:80 www.youtube.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.200.22:443 i.ytimg.com tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 22.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.179.226:443 googleads.g.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.179.234:443 jnn-pa.googleapis.com tcp
GB 142.250.179.234:443 jnn-pa.googleapis.com tcp
GB 142.250.179.234:443 jnn-pa.googleapis.com tcp
GB 142.250.179.234:443 jnn-pa.googleapis.com tcp
GB 142.250.179.234:443 jnn-pa.googleapis.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.179.234:443 jnn-pa.googleapis.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
GB 142.250.179.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 12.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4dc6fc5e708279a3310fe55d9c44743d
SHA1 a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256 a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA512 5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

\??\pipe\LOCAL\crashpad_2632_TRJZPLCNOUWWVTDH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c9c4c494f8fba32d95ba2125f00586a3
SHA1 8a600205528aef7953144f1cf6f7a5115e3611de
SHA256 a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA512 9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3121fabffeb7a215fdd854ae676dd562
SHA1 416b47bfee335ed7298fabdf38d4298fe4949c2c
SHA256 db4e68a7448d78cc2470ffb3f43885a61d0eec37e1d013c7d9d0817025130b13
SHA512 46093fa8a7ec02695f745441e0a6743dbdbb61a38e8da0f217988efa68fe2f1852ba838d87f2c63e946a278294b2cb1f260a6d4d8221ddaa51c053927485fa89

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a46cc43fd701bf822f2750c49248b3f3
SHA1 70d48776f548ef3995285f37b4fd5711140b6c84
SHA256 ce6a198bc67a74f0ff371632254bf9285111fbc3384a2855b88890a2c154af07
SHA512 26674ab514476d8b732643d039298b5d0f2351c6c8d980ccf1b16e4843fb328f2f9d4c8522f1ab26fdd4a7cd13ff5c5eaa7223182783025544b82f3499ce6753

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6d0b1178460eca2cbde452a4bd03ecd6
SHA1 139f01d5ff0bf944fa4c135e50d8495962dd0768
SHA256 5b8ba3e02aa8e2a273f5b4c51e1689b1688956cd15c7bab83121575663f52764
SHA512 61fde45df1248017ba073d1b4d750cc4465de026b4b4fe5ffb3022dd2df5b1426ca66dfcdb1b036ac5e62210ea485f096ed72ed760d732d26a5868d3c584efbf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 aef943fe863cfe3c1338484f84fc0ce4
SHA1 afb5ff9c88233779ad980cbd29fd3a1f7921fb52
SHA256 d357de77ba4913ab77bd5ac14f3b38d0e9223320b3489ba2bf2fb637d7718aea
SHA512 2c5b8a73f7a76bdf49d89e0b6145995065db939e68ed7728a4c095ee4f448d870fa10b07b9ee7c68cac346553d0938679cb5cf28202c299c6a6c0960016c31fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 602b4fb4f5ee9ea90b9ba98892af4828
SHA1 7c555a97288e15b0a51287573d422c3a58614c37
SHA256 d6522b56e6316d8ecbc60909ad3887a33ade2daa7bf7a1f9ab807fbd199d4433
SHA512 35fa21faeb8165537d2c738f8f25c616bed968c1cca31b842e71676bad0f58bb303eb0a16b07620dfb1eaa196aaa5ec67f47f1cbc66ebb437165d338893e2fe4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4c3ebe02336465b4adcc7321570e97cb
SHA1 963a49dd8034de231b0d61a0efd3793f0a791f1c
SHA256 3ac508581df81d6298c7e21c4b1427663ff13ad38e68c39a6cbb172828b11ef0
SHA512 f5d9e9bb136dfac7adfef4892f022446ea7c2b229649a599a215c5cd5d15651ea308a47a63456403406a0f91e41f355eb5250dbdb90404b6d7a1796775779a9d