Malware Analysis Report

2025-01-17 22:13

Sample ID 240603-qrm6gaga4w
Target 91f46548b8316e59c9d11a237e0c06b7_JaffaCakes118
SHA256 dc028f97a33b2b8c5f497e073f5d7a6bbfec435d7e6454ffd203941822c22042
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

dc028f97a33b2b8c5f497e073f5d7a6bbfec435d7e6454ffd203941822c22042

Threat Level: No (potentially) malicious behavior was detected

The file 91f46548b8316e59c9d11a237e0c06b7_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 13:29

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 13:29

Reported

2024-06-03 13:32

Platform

win7-20240221-en

Max time kernel

135s

Max time network

130s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91f46548b8316e59c9d11a237e0c06b7_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "13446" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "3943" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "13364" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "13446" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8954" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "9493" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "22448" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "18996" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "288" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "13364" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423583259" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "400" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000023779399e3c88b49bcad2cbcb83c280d000000000200000000001066000000010000200000001b4e3d44615c72e79e6fc8b9794578194acb4cc4e582818b3a5a9ee42603b298000000000e8000000002000020000000e0ff0ab4c8b103afafd4ae9bfe297357425677fdd7d7b594c5a30fb0709b2adc90000000521f9d9682e6231a24439ef6dc3729559661d9abd10d5dab42f26bf04123ca75a7cf116b5621b7455797c9cd31ec287bb56e4febf53d5820f691b922b5a4d48e5fedd147214d8cfcddbec0f0f657e8be622370e2cd87d960d81e795c74117aab50445215d72af310fb3ca182c456eacc86ed5a493f8b3ee0d440525cf04d82e7df4c57deea6476035d5948456684390b40000000aad91c0ebbeea995a96e322dcf26ad1bc2bba70d40965f86d0307b68718f44565b98ad649ce5485d8b3cf2e38a45fde8f35bfd8768358bf2e83fe937ff08e681 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "18996" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "22448" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5B27DA61-21AD-11EF-B1D1-D2EFD46A7D0E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8948" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "9493" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "288" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "167" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "18996" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "3861" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a094ee53bab5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3861" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8948" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "13446" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91f46548b8316e59c9d11a237e0c06b7_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2756 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 konthaiusa.com udp
US 8.8.8.8:53 www.konthaiusa.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.179.238:80 www.youtube.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.179.234:443 jnn-pa.googleapis.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 142.250.179.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.200.22:443 i.ytimg.com tcp
GB 142.250.200.22:443 i.ytimg.com tcp
GB 142.250.179.234:443 jnn-pa.googleapis.com tcp
GB 142.250.179.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 fe0.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabDDC4.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarE05A.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AID74HUF\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AID74HUF\www.youtube[1].xml

MD5 1a68d212bca9a97a8a68ad5ed4d62e3b
SHA1 b4bacbef894b1ebef84e89b8aea7c74fd3ac6776
SHA256 76f6568a3d71cb62e372d7488d3f6b430342ee87bc20a5134d7107208c8d4202
SHA512 966e592986a3f5992386b8c1c433b2c7192a958e0e96fe4887e69270c4db216aca72550ebe2b9a544dce5fbfa868ec556afeb60cb18c643c6af9d260b46beed9

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AID74HUF\www.youtube[1].xml

MD5 b6c1cbf0c6cbb661e1bf5d2a522b9328
SHA1 960bf41be54b067c291f99ce249c782624475795
SHA256 4d87a4949cfb0b815cff121b76b21cdfa4852a6cf8f78b1a8c118d9bd14c0539
SHA512 d80130f37681db8b3849293c60bd5febec7e9ba4d1ce6d9dd13d223b4932bf7318a711f0bc508bb50cde488445422661974a6f6992a30fd2251038e25fda38db

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\www-player[1].css

MD5 6e076abc1095221e4e3e21dbd9d1db4f
SHA1 e908cc0f7829aea16b42d8fec6aad567c41f587d
SHA256 c7e69ec7e436426c5edb45bb5fdd943623f987ecfdb86413528b596e5b0888e9
SHA512 3ceb46ea8e5d5abca4a1a053f20b38ac6d6c9ee60594da54122f4ff09422495261dc9356d0ed0c240ba44324c37bde120a90655b2ea40556280df674ab44fe2a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\KFOmCnqEu92Fr1Mu4mxM[1].woff

MD5 bafb105baeb22d965c70fe52ba6b49d9
SHA1 934014cc9bbe5883542be756b3146c05844b254f
SHA256 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed
SHA512 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

MD5 de8b7431b74642e830af4d4f4b513ec9
SHA1 f549f1fe8a0b86ef3fbdcb8d508440aff84c385c
SHA256 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a
SHA512 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\www-embed-player[1].js

MD5 d2056f8d081fbfffcab81d61ea45b151
SHA1 710243082f40626f64943ad3b656400f444d7130
SHA256 49fa9b168cc8bbc037cf4498e31c355509e9b438b0d19fcf750b1c5fbd1efcaa
SHA512 530ca2c291c44d3d2b5869b0ae661ac047748a5cab50de280a2c8dbd26b52cdd71a906b3730e8a849debece542eb919462a8407ef2410acf28c57d2b6068cc14

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\base[1].js

MD5 9178a954abcce420219864651c7787b2
SHA1 f874d3e998441ba6439cfd7e89514facde08cff4
SHA256 40cc1692dd4d8e1c8ed29593ee222240494b872b734c0e31da4628014da7346d
SHA512 927bf88499cdd64ce32f3780a0cfa88b14fdfbeac6a237454dcc43ee5d56b04754a40dbcba402519637ba1a3b0f948a597260a74ddb0b316698a41559d8e1cd3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AID74HUF\www.youtube[1].xml

MD5 3ebc3771fad93d5f886907fe624d0dcc
SHA1 ca3547f92c1fd4fc4fd3ec32bfd9c747f4cd4b07
SHA256 5cd7e3a11ee27bbcb20a72170c0f81df0172fd85bab620932eb4a5fc09a2f1d7
SHA512 a2eb00469c9e650ea6af7f48fd3aad2c404ad36b339dd595117baf389066832cf9d52d224417a2c50446a1174ac15cb0664b119d75f9aa37da554b1ed775cc6b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\ad_status[1].js

MD5 1fa71744db23d0f8df9cce6719defcb7
SHA1 e4be9b7136697942a036f97cf26ebaf703ad2067
SHA256 eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
SHA512 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AID74HUF\www.youtube[1].xml

MD5 b75cefd752c1316f8e7db2063c95baaf
SHA1 04096db0bc2004763162d7259574741adca8db87
SHA256 b69e9a672169cb685a577e18d951d51cc432b97c154174a14d9903b56ccba4dc
SHA512 9be317683f44c85c468610fa2638adeb32243691ca210fe2c81349092ed39edfdbb823fdee0614ebfef7245fe0007ddf8abf9d5748768b024bba14b30a5de0f6

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\embed[1].js

MD5 322e970509e24ab233b6c326a9339623
SHA1 10e2ea809ae638d5f32385d05c569922ab19bc17
SHA256 99cbd012a57f19a3fc1b412866ba13d6b9de2a5bb22449dcbf14ec0a88937000
SHA512 8f8bdc9418feed04e6fc7415e9e57f0934a6b136b1a763e0e39f67efa47e004a8c3385105a1c1dd9fa48ada83ac5a2a93940f20a99d6d16722ae903c93d9817c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AID74HUF\www.youtube[1].xml

MD5 f31f3efb3514033777be9c18be86696a
SHA1 8579bf3e238ac741549f89881b706b2d2261dd45
SHA256 09b7281261d921fa62a5b94bfd53db68b730bb1e9c878124823c1d95079d2bb9
SHA512 d1d807ee8cf9553a8bec0ac95e2f84e732985d14a92eaf01fc32d7653c51af1457e52148cfb003e91cb8288382e95c011a4b8e4fb38be4880e731811ef2cf501

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AID74HUF\www.youtube[1].xml

MD5 1ba0971bf5fac2463c950303ebcb8f2d
SHA1 d03b35dc2734f4ebe65e2fcddf1c3209a106f0fa
SHA256 65eee4c4ff311c505126e62db0f2bf9e2fb510097b84848edc3d6c4a6d121863
SHA512 103bacfa966be2c7d87ce50c6c063d1889835ba8701cb134e1de9fc2e5fc7e4daf2d403a4d9f6af7ab8cf702fba07ec4fda5bbde01fa4ee0692a4c5e7fdf18c1

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AID74HUF\www.youtube[1].xml

MD5 1ae0bc3751274eafdbb646269dd60565
SHA1 cfbbf94bc7b9efde099700cc8b65027fceaacce7
SHA256 1a5eac8d266ac6c286a894d99b719d99c8adcf762444bc8c29cf85e662ef3267
SHA512 b6c4fef2090773aca5f330b4ca8f48632420eee8b6683687eb9033be596fde6eabec5b588a580dd1ccb5c89048c628370e0b19cd9e9b6b1c4f59e59e42f44001

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AID74HUF\www.youtube[1].xml

MD5 a603b53da7a0d0aba8c2b9f499af4a87
SHA1 0575ec91958084097321c271f4f4a05c154bc10d
SHA256 cf6a860876383b72d3abbc38f1d1cde3eb96927457b5e08a4f1eab0c6b68afe2
SHA512 fb737741305f0d1ee9469fe38753482a4a8fd65d1568fd8ebf3af5a24805a7b6e770270ed6b959d55a62b22d8cc456478711f76b62f67827baa329b1497e43ca

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AID74HUF\www.youtube[1].xml

MD5 9dbf5fb67a24ffa0e253a348b217860f
SHA1 c3311b08195e498a50c8208db1263583b87b6760
SHA256 fca667ffc707c432235926e3f15569b7575530bf123bf193b6fb25f0f85d62d4
SHA512 5af39f27a2e802c8a048f2993d571855fbb6861b0c5df03ecdbfd9118294d9f787803d7d417b82fbdf862653d7d8aaf9e6a39729ccab301a0133a6fcbfe0c24e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AID74HUF\www.youtube[1].xml

MD5 9c2f6170495505d1158055adc71c7eea
SHA1 c99710e00fc1a7534cb6d8f403fa70ebb095baea
SHA256 ba65808780b6bb854154081331cbc7d0b215aaf32d54ba9467e1c545ddb0b301
SHA512 38e6168edaf65c17d04756b661990cbbaa25b44769f49dde39e3288bb46606cf2313c99f7fa17254e8f6380b8e7f107123fefa6a779ce43da50a48ad298ffabd

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AID74HUF\www.youtube[1].xml

MD5 055b39df62ac494aa669d483cb802eab
SHA1 31c39903fc8da3414c6d54cbefcccd5d6f28b46a
SHA256 b32c6959dccdfb5cc8b33607e756da2527b4341daabd336a792753e7145ca608
SHA512 43f262a981fca93879da7a84956a3536b523eaacfff3aa1cc97b37cd4295843c38e6a7aecff78f66561a65eb341bc31aa021764d25c3882de8232d48366981cb

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AID74HUF\www.youtube[1].xml

MD5 ef099e359107de5ece14f26ac8a02cf0
SHA1 7e49202249c9e93c8eb99b83f5f1ca5d3f949dfe
SHA256 ed61f00e25e9c622d5eefd37a5a4c169d2e78b1461e00ee75825e7defe2aceba
SHA512 d4cd576791c7aa3925197c53eac888311d853da7900e1970c2f387e00a29c5d233124013cde6d282e9295ba793cb60e811e1284040b8ef561b371a443a482e6b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AID74HUF\www.youtube[1].xml

MD5 e027c24b89c86251dd9d16757c24399f
SHA1 0b5c0379718861cfa66fee66281f681e1e892401
SHA256 e806c5d1818e38fa2e0c12dd8ca1571e8a0b4c3a98524218082e241b4e882066
SHA512 25de7c1b03bbadee720888b32903bb806a6e8089919d58a89123414a4662e8f2e138793b1511df073698d66ed5ff1fa9f97b9e6e43bee0798ae2095e79334fb5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AID74HUF\www.youtube[1].xml

MD5 6825ce518f0b15b76f3fa04501be86de
SHA1 dec476d07d53bc6c623fca0699755e558468d3cd
SHA256 4a8c967326afd68deb90d4d89d09e96abf87c39b20587b94c2c1f4812414e166
SHA512 8c68a33dbdad6bc4031fc59d4f710a80006d7c2141e298271769330f31742781af4df0808bef337915553c2b094a6678de9e772971cc47aa87f1b1a59936c491

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AID74HUF\www.youtube[1].xml

MD5 5899f0d8799964a538aed0b2cfb76335
SHA1 91c4272f8f061e8082281d70861d17b8d7514524
SHA256 7de9831c789ea15e1b7f9e395b30a8e1a85e9057cf71dca41f6581b7ea2bccf0
SHA512 fc2e05e1cec12bdd2bff814318e6b9817af39b0977292b041baa2ead013d8357c7d2f96246ef9e20a8bd65a596a360fb5e0326f79e1be7d052f49d5f2870e31e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AID74HUF\www.youtube[1].xml

MD5 1550498d7ea4e801d1eedccc5608a969
SHA1 b4a13ceaaa0a3bf6cfd4e6267efa8dd2a63470ca
SHA256 b93951bf13158a9626876f3366b863a5206a7de1c0303fb9c901ebcab95d97f8
SHA512 89debe81171257fc9378482b61254d16a4a1e156ab7b97edfb2685eeff0f89d1bceb8dbc3286bfcb23486016e578b5e1def9698921d61d7433dd29027717e9a8

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AID74HUF\www.youtube[1].xml

MD5 95d790fb6ee0bc729166b91d7184bd3c
SHA1 06ae7cc947a0d46d104e681cb1b74b027f724f3e
SHA256 677e3f1394e077791e9411f27607181451d98cc970ad6df4091117be4ecb6fdd
SHA512 133aa31dbe25fa3174045d2e84421b7e1efbec954d88f6b400ad8ef46740e3c597b6fa8af6f93141bd62b6fb1f7794c85a4b310891b9b836297fcaf8ea980909

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AID74HUF\www.youtube[1].xml

MD5 2832865bb70585f1e3153e77d7d02930
SHA1 f2385daded2f74610efd0b92fd4365f2f8cfdb9a
SHA256 b47f4ef529d29c2cff50be107f9565d6d2377c4b0cfff47ab3754f34247f10ee
SHA512 fccef40e8af28648ec5c2f6839bcf9453f208928a62b0f1d2e0d133cb8b24ebbdc9388267ea49a2421aa40748f475aea7319703d459b72cab011d9224b019422

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AID74HUF\www.youtube[1].xml

MD5 501a2ac818103bdab9ee2dc5fd4b5670
SHA1 f3fbf96448abc75d540a7efa3f0b15695a13c57c
SHA256 fb155ef91bd46e1db1f575147d326a864f5bf5a1656bfd0cadeacd4de5574e86
SHA512 85fbb6f46807cf19d489cd01f300d4a3382f4ffd85232acbac8fe643127d3e2d01f06f178911fc32d76cf092b033dba80439c499a296d692921fc4f36eca9737

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AID74HUF\www.youtube[1].xml

MD5 fa4c05bcd690da839b4d30f8eabdf03a
SHA1 36c77e731e830cc90382f9b1cfab5f0f063fd3d1
SHA256 28e9990e545cb16eb60dac80780136de2e119178da185e7fcbc4212f458e8362
SHA512 7f7db54a0744002093c162172891a66b07223413c1dfebdb8e5a1a9609e184663f9a374b06907b1f5846169aa41cf855dae2a633ff6a4172aa75c5b45b783a7a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AID74HUF\www.youtube[1].xml

MD5 8d4b6ae4c38554b991878a9e19fca91b
SHA1 c17f0e7c0386cd5e23f86d69c2ac2e660615ff9f
SHA256 acd8cdc66d245fa54db4679004d23e645ff2a3d85b25f4b20beb8db31cd663a2
SHA512 777ac28811af4cc7ef2428e6eea2df78453d78762d6e9a664aab86ee978b4621ce872a9cca096b0fd2ebf7c4c5ba9b54f482e1b5c54d7bde1da3839d1072ade1

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AID74HUF\www.youtube[1].xml

MD5 87409a5dfd65fb6cf28d7aea45e20296
SHA1 77fbf7b56b818ff1f0a2a41769535962e68e6aa1
SHA256 4aae5b2f7ac46814c40f95e7efac143caf1c016efbb4605d199334a041aad826
SHA512 0796ed318dc750d960cc9560ffa85c99a8d0750f9b08fac1fcd7f3500024c3cc74cb7141d1e8b9b455dfd3d08693e5feb08ae09d3cf421683f73e0ce338207c8

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AID74HUF\www.youtube[1].xml

MD5 b2c9f40e51c0b97fac4892987dcba377
SHA1 6db996a9ca54cef3a8c00778fb753e6a314428d5
SHA256 62f8e7feb62fa100d2064b154d7ccb6cb350d546b50bf2901733e89918e079cb
SHA512 9168351f5cd310d850e4ac0d6983b786392b4fd20a837eaf4b706a7a6f3f0fd6cf96f394c20159b51072f0f4a97df80c52413510d34713e320efe0c8d5ecea0c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 561d287d108f61e52c401b38ea81ef04
SHA1 960ff61928a1f03d09e59afc90b68653f50b5b21
SHA256 eb9bde1a116f5225948cdc4801b90c8b8dcde3fd57a4b3c21158e8d19c2627b1
SHA512 0cd59145f811dc2dfb2a0c2348389faddef13ba67fdb612e4d1bbe8a1cc362cb28ba20e74321d215c1355deff88a70a0e7046b6e4be4fa90e8e2585b064c7106

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8dae1f01126b19ab1e9128ad9a36c032
SHA1 0b5698f199aa139ebbf550e257bccdb2fb7ffc89
SHA256 f2b9aec1c7abc43fefdfc420ae756d7337a86e293da8fe3d23e95d94e00f1963
SHA512 259427078f53ebbb534e9d35120a82adc44d417eee56bb5a7635cc693366bb2556741fe063c14b25838f2a5a9693100322e95fcbc15cfab64cf4f6d889927a21

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1d701da7efde8b13d82f889e6f7a8b03
SHA1 03c5de08fc651c988eaa46de4c0b565dfa05d5b0
SHA256 24d78e7042713fdc68431017f0d3580be1cdebaf8aa708f342d160307b4f566c
SHA512 de635caffe5e7fcb9bdb9382f532ad1c601afa557dbf0210dbf2e1fa436414745b61b3419ad603419ce356f920d6acf21136b452d2f457bc2ddc216bc5261d0d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d74bdfe26cbd5a381fd1fb578f72fb3e
SHA1 f0a0943e3adee0f7e39670b832d0de1d6e3aced7
SHA256 c6d54b99d786509a65b06d3b293ed879e8dbc769ef79e99387c8629d1e02490d
SHA512 5a524add42e077eb1b71cadeacdb0c1779fba52c7b64c27df5897ebe056946a0cc89f6a4a1a7bcc49e688bacf68abe74eca5e31feeabc580fd648d9a62a03e9b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 80d26d80e64d53d3b271d68a02f838c9
SHA1 94861eac5a1dccceff6eccdfa372f4a0cee30884
SHA256 f9b7c584b890a8c8725a6ad9006e8f818a8785d0001b10d9cca37aff2647a568
SHA512 0a4ade409f9bbf74fb9a1f904ad44c7972255935aa2d5a13295bd34265b5e0ee8a0f83206eecd40a0503a153d5b8c0d71ec149e5a9572c4f0d881c64e125ccd3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 71b97ba0bd6978ee7796a148b57d5d56
SHA1 b85ebe7db3a7ef5fd07bb03399d3170eb8ffe405
SHA256 d0c71f618818ba4de5ced2a0e0a6a39b26cb16b565b7dd6dcd3fd7fdc047dc06
SHA512 5196cfd11437e0b2720a7e9b89de805b1e5186246766e7f1ccc514aab5fae167f2ba3849f2d4e3d2b2254e9e5f9b50445a76ab8d3097d233e422fc5c01373a40

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b91451cbf9708dc46804b40fac3bdcf0
SHA1 2cbc784fcd559842379f1116004d70b995c40577
SHA256 fbdeed8eda1b4aac1a7eac862a0d20c5ea217504c920898740418616d97c4c63
SHA512 bf79835aa0980d9e91f82b516278d06e1a1963d1356c7019455045cd3f14f7804a0465091d7dbff3845a346a0e540a0a14de08ac8d2f5323aa0876ba9aad4332

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7d355b696d6df8bd42b1a7bc9d280997
SHA1 cd12eae9e17252af3f9ae30f8309f99de8dc5fb8
SHA256 8479539731ff7b33af3805fa2e2c018bc8ab6e4c20c96e725811e430d4816893
SHA512 c67059d2ec96023c8a2ba6500c6b2a5e7833e724ba158f035e5aec1e67300103dbfd41aabf0e340907bee5cf7bc0704f58c4336cae507ce58d34526ea43f0b2d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AID74HUF\www.youtube[1].xml

MD5 247ef462c1f35dc80bbede68cd7dc521
SHA1 9e4f092cc5853e9e24949468b3667b136dd26ae3
SHA256 f30735239b6d19710b2819d483cea4e97357996ef544020d5bd29e3edd0a8654
SHA512 23c3cbdb51e1388a3e50725becaacc6e31d96d24064a215574f6e5a14957a6dfdcebdece3a9567740c3930ff1f722bd17a420c04f5dff9d621949511d57aed2c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 521b33be9d4f4251d508a2048478c4ca
SHA1 2c9eb29c1121c358ff87a725046249492dadf306
SHA256 e254970cc828879f0dda34c36b7f46a0c35c2fd2e9af1d1758c88722d41d2ac3
SHA512 2526dfd3de6b4f8defbed2783c82a05586f8aa911f52ba184f7b6efc9177dc857a4cdcefba6a0786ab06ed8722cf28eb765d85a334dc936403156c3f0d24c0f3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AID74HUF\www.youtube[1].xml

MD5 3560e793efe071d8de091371ab5e49fb
SHA1 8abb3a419d4a360156a989753e3bab4fcd156350
SHA256 81c297efb25f228d94ee619a0a65e844f3f74fae5b9348a0b95644db5c4d4a95
SHA512 35452e9906ba9c087ede7aaf9b4363080ab68770a7924b89be454a1e42d2626f972c32cf5f4f2f769c805d599cf5f28da3d2938ac25be7913943155a152cf985

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e83bb9f9e173397ac27b429b93015880
SHA1 830eae45ca31118e4bb4ee9dc6f189116f62d82d
SHA256 47076f4a1483ba49d7ac682b20b34af7b0f52556c8134606a13afd57ec391637
SHA512 8ba4c52c298398023e69a5c15426ed6d3bef9bc5dd12e4e48f854fddeca99b78cb71fca5a6e9f9110716c9733fcde82c06a228a276a8545e1d845617010d18b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 046478edd8af21a138398b2d93199270
SHA1 7a7fd9b914f1e38786aa4a89c5c8f56fea319c02
SHA256 f2f91bb1a2956ed0024a3d31b067c91cb99eb70ee5daa6218605bb793d51f77b
SHA512 4fa0c8f77e80765615f54a9539e08f2eb20be3ac76ce8958e965ee0a923ecdaac0d7216c4f6fdf198bc8ab88fc878dda1d588b970088d941d4d0ffddd6976ca4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f7b4067c59be6f62f741adb4cdfc66e7
SHA1 fdcfeb361a91af3c8e0ea73ed814e5f1fa9f3df3
SHA256 bfea74e6c28f7112af23981fdd6e4142b50c4c55451b0c9245cf7c9c1443aa54
SHA512 c50fce1f2e09974f548d18664bc7498bbf0b66aab6415cd0b40d866c39dcb8f2e51ad5e424b2b1691d1b0abffeb2ec6c3586d54cb755b76d1682db6aac47323f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0415d7bc9fed886d17d10267c9d7f1bd
SHA1 bb47c413f980884f9e1ba7a551ae7929797be722
SHA256 7a560c223c7bc1891bfe213fb38b44ff56cae4ce8c822d679f2d8570e4fe4102
SHA512 9ea272f8b82e583c6ed267965c81eb0adf71f1acb39e5d2ce4ef73137887c0617f4b00d238eef774b0dec9b93397d0c9b0878c3a4b20160f081c7404c737e566

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c90bd1b60c0634a5c77162f046ec42d7
SHA1 f3a6d2b1300e5f0fa8085c3ae628a67fa8f8b7f8
SHA256 1f225a5722e7e3e1f3ead5d69fa53800c54b41280a9db888852ed638712f3713
SHA512 6b912478528dc72b9196bbc3765804a4364ac60a31f7890b771b412f1b823f81a52086f14d3bbfb252ccd6dd7b89819aa62a80197fc72d2eaa77a681ce6cacb4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c394d7b847d9952b7e471192e7072da6
SHA1 d577eca275f9f9e195fd1f652a6e661849363e20
SHA256 f8b425ad2a11d416359b896989ecfced92f199f7a4fbb7b5ba208a8d4eeb43bc
SHA512 9af9cd5b68a43621dfc1da6d63009c1945faefe17e795dadbb4daa27a8733ad2ae7900c73da70b880fe467d936b0ee0de47226cb6cbfd1ac0ba1f671da485cca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 95c97f9828296cdb9be355a1670aba64
SHA1 1b2a30e062b510e2ce4fdfbe9cd4a3ac6dfbd50e
SHA256 0332bc704e9bb1082179e1896ceb4216f381c553712c475b86c8cf61a7b632bc
SHA512 8297dea39d767343f61f9885b0a3de80076af49d8d44e289fe28c894cb70aafb276ed6407fcf90c6131f063de2ab79ca57c73a20d0d3f8ecd242dadee8986904

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3a322ad885487bac395f406f9d485152
SHA1 5b5f378b077236f7929869f84b31fd8b31028bf3
SHA256 73473b0df7eeb1af5674846de8a092acc397737be00c43bc3510072b15f7ca68
SHA512 67d9455991331dd104f434ddcb2bfbcfec3f31f0423d9ce0d38dc5cd578ffad4455238146f98c42b1238ae4a80c0776fb7f6328c9726fa5da0310ae3744888ab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 83bba09ce0568acece0e6f6a94f273f6
SHA1 f3eff97842ae2066559734f0eb3797e6bea5796c
SHA256 2b365b6a82e9bc94d298be67d05f4a13fb99855c0f0f49b5a78d89236708d9a1
SHA512 bfe72b6a87b08157e91c7ef54bf59ee8aa3e9f918ca6b6cc657da444825b667b7cb5c3e6f3e3cbc06e0d97da91c3e632e4f790ecf53edbacf68da67bb897e336

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8fe831454b3ddd65f6735ee141167b5d
SHA1 8710c303633adfebb1b3e35a77d0fb293a7b39d2
SHA256 2ee60538c3d7e7c6469db2861e0f7ae7e7607933d8dd63f1ea1e62ba9cd3454c
SHA512 9b85a0b8a114ef82fe77caea946d7cf8f92de925d60f931ed125dcc247922725f319a1655ea95ed11d207da8d10bfb427045954b593f870f87361058e7b38e78

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AID74HUF\www.youtube[1].xml

MD5 fb3230addf05554b931b68b0dbe56597
SHA1 7e03bd2bb57b6e582f6bcc787414af699afb2a1a
SHA256 f0f669ce4f291151511434d11eebd4f05b0a8b2efc93aa959b21545ec8ae188d
SHA512 b28fd4f2671e1691e03ad797ee79cfe3ddbecffde43190d60b32c6d89cfa93bf375758fbb594b96546fa7b59828fba09f441e2a8ad9d5ae140b108275b850dea

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AID74HUF\www.youtube[1].xml

MD5 445ff9852b39892e8b9c0c00fd91a75b
SHA1 a4e44a7dd872ee18ea3c8378a0dd560287691cd5
SHA256 5f1f849690be1030dd904517ef96edfd7e4bcf226a65dbf77a72af72fe718013
SHA512 0895588f89e8def489fa390f361ea1234f64d49a681bf5acf30de794f4f93dc00ec1c088eeab09f8751a1efefb4a044496b469b5de2526034da9415bbdf913a9

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 13:29

Reported

2024-06-03 13:32

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91f46548b8316e59c9d11a237e0c06b7_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2840 wrote to memory of 4352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 4352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 4736 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 4736 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 2940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 2940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 2940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 2940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 2940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 2940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 2940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 2940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 2940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 2940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 2940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 2940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 2940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 2940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 2940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 2940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 2940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 2940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 2940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 2940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91f46548b8316e59c9d11a237e0c06b7_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa84ef46f8,0x7ffa84ef4708,0x7ffa84ef4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,14479270401605397509,1622350604836402885,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2276 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2264,14479270401605397509,1622350604836402885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2264,14479270401605397509,1622350604836402885,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2440 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,14479270401605397509,1622350604836402885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,14479270401605397509,1622350604836402885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,14479270401605397509,1622350604836402885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,14479270401605397509,1622350604836402885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,14479270401605397509,1622350604836402885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,14479270401605397509,1622350604836402885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2264,14479270401605397509,1622350604836402885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2264,14479270401605397509,1622350604836402885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,14479270401605397509,1622350604836402885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,14479270401605397509,1622350604836402885,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,14479270401605397509,1622350604836402885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,14479270401605397509,1622350604836402885,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,14479270401605397509,1622350604836402885,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 konthaiusa.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.konthaiusa.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.179.238:80 www.youtube.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.200.22:443 i.ytimg.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 22.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp
GB 172.217.169.66:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.10:443 jnn-pa.googleapis.com tcp
GB 142.250.180.10:443 jnn-pa.googleapis.com tcp
GB 142.250.180.10:443 jnn-pa.googleapis.com tcp
GB 142.250.180.10:443 jnn-pa.googleapis.com tcp
GB 142.250.180.10:443 jnn-pa.googleapis.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 66.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
NL 23.62.61.72:443 www.bing.com tcp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
GB 172.217.169.66:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 27.178.89.13.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4158365912175436289496136e7912c2
SHA1 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA512 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

\??\pipe\LOCAL\crashpad_2840_YWXCPETGIOCCUJQD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce4c898f8fc7601e2fbc252fdadb5115
SHA1 01bf06badc5da353e539c7c07527d30dccc55a91
SHA256 bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA512 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8436cc909947b1fc04dfa9ba71c184f0
SHA1 6546254e24b0ce6f01a178ba8b98c2eb87332731
SHA256 ee81cda0248283efaf4eb922e98f3718157d71ce53d7b0963a56655f7d687e80
SHA512 c2d51ec4af06cbbba9f93dbfdadc91f4d113326a641708413afad3f4d3a9a526bb8d0e9aecda8c0a16e63889b88111b017112708ec1808684b0cc8a92ec53ea6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 af28fbbe1e98d1a689fbbf0fb2811412
SHA1 b25f51475d95c7e008a38aa90315ce71aa20121e
SHA256 f51ad19e434fa33b4282e8d5adb6d49cf193574e3f4aa3fb6ddd9047648441db
SHA512 f814c4de8ee10c9349d0791e604d69d606df57a16705d92434e88613a2d3940f5c3294b1ba15cd0dffb040964543e9279c2179108483cc491aff98c50e52d24d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 375cc26eef81c520bdcae43af51dfbb0
SHA1 9700dc29de90efe6a1a2743ad40ad00ed12bd55b
SHA256 35405b68fa08cb80d2c6c56439ea2c6efac916ee33a98cebfe147a206c3e0666
SHA512 1b471a9b3ecedf6d3a9fa939294f1fbbf63b3e25cf10e51c4d3138281315339aa95a780700792301f35355f886db9d830e88a9f4b7afc8ff5b9d6d68f5944e6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bc700d64dae450c42187db496c11f4fb
SHA1 fc071e3a692361effdca001735dd47e7d51a5d00
SHA256 cef291aa8e93f25fccad2d71ed37b5f8d598eea1d75e7377a342d0c18064f26b
SHA512 46c6b9aa29239f82c60baaa1baf9994a1837c9ced6968bf9c4dce0b8648ce3b07818395ad81d1cad1cba19e19e7c16d0b0a7b1a208310f01596ae6395284ca1c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0f18f059932551ac0c149fb326358950
SHA1 0ef91431a8eb770dc24b7f9623b9193254b572ac
SHA256 0340dd2041215ae4c97e83fa34f25be925edf80387442b587cf852ee40effebe
SHA512 08d56c9d43808844ee6219394fb28bfd296961957855ec99c98e16d51ef920a29feb4177816c88a348afa34181b85f8e3c60e2ab1af6bb4cfca0ae4a82959a3c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c429161326d68c933d251e93e1fd3042
SHA1 fc3fa9f95fe92f1b56ecfd6232bc57c626d8fada
SHA256 99965bb065c7d366bab0092de96502ea56589e4f15fe02538319b97b987a06ff
SHA512 2aabc3584b5d0abbb5d08a0de9682e7ea27b3028a12330fc3238a0ada9a15881a92b1129088dc4276b4f9b89acfcc23ab5dfb80bef1847cc1206c358f7aa2de1