Malware Analysis Report

2025-01-18 00:02

Sample ID 240603-stphesbh83
Target 92425517843864d01e5d97ea773ef7ae_JaffaCakes118
SHA256 e48dfc36ea04186368c678f1b9a8c16f128b82d86ca57caa25a32c38835aa025
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

e48dfc36ea04186368c678f1b9a8c16f128b82d86ca57caa25a32c38835aa025

Threat Level: No (potentially) malicious behavior was detected

The file 92425517843864d01e5d97ea773ef7ae_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 15:25

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 15:25

Reported

2024-06-03 15:27

Platform

win7-20240221-en

Max time kernel

133s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\92425517843864d01e5d97ea773ef7ae_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8861" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "18546" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "18464" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "19041" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8749" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "18546" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "28067" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10012" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423590182" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "288" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8743" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "28067" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8953" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9520" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "9438" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8749" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9438" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "18464" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8953" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8749" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10619" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "28067" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "288" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "167" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8743" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "9438" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000dbded009d178854bb3a4600e51ebcab40000000002000000000010660000000100002000000020f00ac6c02d03f72072497144f5f6567db7f56aeec538ba5bfc0b2f9c82a00b000000000e800000000200002000000056fc7c4e2f56e519da94c05ee29e344f17fb5c7659fa2ec30d5beebc5690271120000000b6a2f1ec7f5cdef31dbdde15c50a0b5db6009f373172828de513141df5b7696540000000f3907914a74798590286a356351e0abb8c3614f8c0f0e957ab4e7e3fa24e7dc1cef258c05dd5edb9d913d1056e9afe2b9496e6b722a9ba23267fcb5d65b313cc C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10619" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "167" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "18464" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\92425517843864d01e5d97ea773ef7ae_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1628 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 konthaiusa.com udp
US 8.8.8.8:53 www.konthaiusa.com udp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 172.217.169.46:80 www.youtube.com tcp
GB 172.217.169.46:80 www.youtube.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 172.217.169.46:443 www.youtube.com tcp
GB 172.217.169.46:443 www.youtube.com tcp
GB 172.217.169.46:443 www.youtube.com tcp
GB 172.217.169.46:443 www.youtube.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 172.217.169.46:80 www.youtube.com tcp
GB 172.217.169.46:80 www.youtube.com tcp
GB 172.217.169.46:443 www.youtube.com tcp
GB 172.217.169.46:443 www.youtube.com tcp
GB 172.217.169.46:443 www.youtube.com tcp
GB 172.217.169.46:443 www.youtube.com tcp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.178.22:443 i.ytimg.com tcp
GB 142.250.178.22:443 i.ytimg.com tcp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 fe0.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarDF3F.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\WC4106V9\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\WC4106V9\www.youtube[1].xml

MD5 cd937af272e20341c060dc3c2c09607b
SHA1 0ba597c7709e9e567b22728203c61fd5f37fd994
SHA256 5b90867c29ce8883b407daea06141b42e03b848bdded459144d147431c45ff6f
SHA512 6d25b927e9abf6af19e6ae3361ad115332d6b65080b1829d578972002b34ee349b050a8ef8875a91b4bfd59f45117b87e232590c24d9515fa95c4cc3c85585ed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\WC4106V9\www.youtube[1].xml

MD5 06462b41c05aadc886ab80fa56c67de3
SHA1 6f135aaa4e1d5856a4e77053f9a3c2c3aa08dcda
SHA256 fc0eaacbb86129b28b3f7a826a2333e8c04123c3c76bd2994f24aa942bc2a038
SHA512 7a276acc2525ea60c49d3aebd9feea18ed42ba4e900c2bda8ac1b6d4ee2b365c227c43bcfc5d139dabf511a49488d784f95d72d5e275c75e8ceca1781dd4319f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\www-player[1].css

MD5 6e076abc1095221e4e3e21dbd9d1db4f
SHA1 e908cc0f7829aea16b42d8fec6aad567c41f587d
SHA256 c7e69ec7e436426c5edb45bb5fdd943623f987ecfdb86413528b596e5b0888e9
SHA512 3ceb46ea8e5d5abca4a1a053f20b38ac6d6c9ee60594da54122f4ff09422495261dc9356d0ed0c240ba44324c37bde120a90655b2ea40556280df674ab44fe2a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\www-embed-player[1].js

MD5 d2056f8d081fbfffcab81d61ea45b151
SHA1 710243082f40626f64943ad3b656400f444d7130
SHA256 49fa9b168cc8bbc037cf4498e31c355509e9b438b0d19fcf750b1c5fbd1efcaa
SHA512 530ca2c291c44d3d2b5869b0ae661ac047748a5cab50de280a2c8dbd26b52cdd71a906b3730e8a849debece542eb919462a8407ef2410acf28c57d2b6068cc14

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\base[1].js

MD5 9178a954abcce420219864651c7787b2
SHA1 f874d3e998441ba6439cfd7e89514facde08cff4
SHA256 40cc1692dd4d8e1c8ed29593ee222240494b872b734c0e31da4628014da7346d
SHA512 927bf88499cdd64ce32f3780a0cfa88b14fdfbeac6a237454dcc43ee5d56b04754a40dbcba402519637ba1a3b0f948a597260a74ddb0b316698a41559d8e1cd3

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\ad_status[1].js

MD5 1fa71744db23d0f8df9cce6719defcb7
SHA1 e4be9b7136697942a036f97cf26ebaf703ad2067
SHA256 eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
SHA512 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\WC4106V9\www.youtube[1].xml

MD5 d841fa086bd793b32452a9db22a0b10b
SHA1 674a1b40fe2fbd5b8ff5676dc4777963d2c108c6
SHA256 4866b18b6c60137d5f0045e9b5f4b300d1b4a0bcfc4718de145effd56ee1ec86
SHA512 bc8d0cd270fdee9c6c615d7ebe00a03a9bd40ea62cefb53763f283abfcca021b716c205be7cb1f960836742355871a66e48aaf34990c8034390a59efa8f7d6aa

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\KFOmCnqEu92Fr1Mu4mxM[1].woff

MD5 bafb105baeb22d965c70fe52ba6b49d9
SHA1 934014cc9bbe5883542be756b3146c05844b254f
SHA256 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed
SHA512 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

MD5 de8b7431b74642e830af4d4f4b513ec9
SHA1 f549f1fe8a0b86ef3fbdcb8d508440aff84c385c
SHA256 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a
SHA512 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\WC4106V9\www.youtube[1].xml

MD5 cf7384bfea7f901408d9e0cccec7d3b6
SHA1 9aae4eea2dac3468e1ba32861829fc709560baf7
SHA256 530aa7705cc32c143ae8a220f64db8c4af7e7f2d349796be0c4b97f498d85b91
SHA512 def76ddf93aa5c97d5cb94845098c693ab2ccad8be674b7681e88ea076039c229893132f2cc3a227ca2134957895ac2c010610becc5a2953852b57dcde726f0e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\embed[1].js

MD5 322e970509e24ab233b6c326a9339623
SHA1 10e2ea809ae638d5f32385d05c569922ab19bc17
SHA256 99cbd012a57f19a3fc1b412866ba13d6b9de2a5bb22449dcbf14ec0a88937000
SHA512 8f8bdc9418feed04e6fc7415e9e57f0934a6b136b1a763e0e39f67efa47e004a8c3385105a1c1dd9fa48ada83ac5a2a93940f20a99d6d16722ae903c93d9817c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\WC4106V9\www.youtube[1].xml

MD5 d9c9c2f7ec233ea9ede3098faafb03a3
SHA1 3a2a8f6989f78b573c81cdaaa6b9f4857cffcdb9
SHA256 5fd0b581fdd9785c43a1028934dce316fbac0891280651d8612624915f115a58
SHA512 0691ed7a4c9ec833db59b78797120e5b6b1cd2b87ba624fea78f307e9e5830c406033bb77698513dd15e596f258f7f46f5a21c95d08fc83e179fc3ac745a27b6

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\WC4106V9\www.youtube[1].xml

MD5 470e21d2b6403b5cb2517767b161f82b
SHA1 914f4d6e4c689339e0e3e51e94fb7739725b4a63
SHA256 45d430c14bcf7512436c847f01ec5968cd415dd48cbe7808296ea320a6bc488f
SHA512 9a7e563fee5ced788bc1de71dc91fe2472d690fccfb09ce2b53cdb865d460ed9627e9dd99ab7c0c0872fc45d9878f9d4c864143accbc8a555425fc08c73a7d0f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\WC4106V9\www.youtube[1].xml

MD5 ac2f10b84e9f8895c4e746410b0a4e4e
SHA1 ac1b06931790ab74193bc62d7c086a3e9ecd3fd9
SHA256 585d77a96b2ff0315050e83f1a9145c055779497469c8f98295b9d0608e586a7
SHA512 59bc0e002b66c4f453c334b3fc8fe9e3590248ad94760f26472be8399c68c5bb74b0dc77b3f0b4f91ac17f43c25d4895ca29f0ebad8f191bd67909869b87aa22

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\WC4106V9\www.youtube[1].xml

MD5 db919cf6d969f2969ce1ec7d264f3f58
SHA1 cdf576c4c4dba78b98fbf4329e753b698363ef3e
SHA256 ac9c8474f295e484c00cac81a63bd46d0e7fd5905d8faab0e35e5156b6d46fe7
SHA512 112a38a392fce492ccc4cd82695ae9a3de17f1a7306841d2d2dc98438d75c65af1fea5c6d91d84dde5083aa40506c50b77bf54d0f676a90b3256d234ed6257d1

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\FuC5FHNNqx6hIMPHBLFutNLSO6Lu9zn3BZWWVNvRnX0[1].js

MD5 362511387771cc02e5d769462fbbd6cf
SHA1 70a77448643daa84347b0eb76ba64ab54a5648d8
SHA256 16e0b914734dab1ea120c3c704b16eb4d2d23ba2eef739f705959654dbd19d7d
SHA512 94874f96004e9bbce4b9c32c8941764a60e138614c348923869dc294601ff6c5026999660a3877708242df7f286c744ff7c6ab37c3e9f759d6fa95e52e29fa55

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\WC4106V9\www.youtube[1].xml

MD5 693d7c5e20f4d5919443a98bd00b5f60
SHA1 763c823c8e2a1435be77aacddb8d671786e800aa
SHA256 ca39be7fb2d18b463bb3f3b09aaf8299d87070f7e13ddd01eaa611fad56d6749
SHA512 1563c0a3e1b9f2d1ffb0e2dc003d1a9966cff780fc215891f81b77eec02fbc5c89189ed9914637012e6d528597a6f0e73e035f2e29af11eb8a51a8248d014b14

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\WC4106V9\www.youtube[1].xml

MD5 5404b82cb9b8da6d988229cdc168da4b
SHA1 05c59540352c12858e8ef4d82265cdd47480a043
SHA256 bfe79f33abbc973760b6414865e8c2bf3fbee91e52966b7a1bdfd966babb3c06
SHA512 258bf39f72f6181eb43d4583d816c799a3066594261ce02f2f4a90ac9744e03789fbc33a6d3c063a912a49cf62d5aef44bfc1fd69e85df7ec62ef5b861d7c4c9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\remote[1].js

MD5 9a260ebfcd9283c905736047a6710016
SHA1 abf83fabe75adada9ac80f1ea7478541a7af32ae
SHA256 2bb23e82fc1dd04738a92658823f00ba143cade8c16ab948bf7778fa2707e352
SHA512 ea0664517a12754450d940f5dab26e14cd3b6e30219b65354465f13faf59649b709131836c660096244e3188f425de428ef53c1d21bccffcdb707f39479304d3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\WC4106V9\www.youtube[1].xml

MD5 610f07866d1a564264aa56f3e1722f49
SHA1 0f37e6dff54c468f26738859718f3e3feff9b7cd
SHA256 426c9fa474259cc726c2a6a525ff539289336a30f9b61dd09d697021b562fc7e
SHA512 87e4fa0b839518ec0317a6ff835c1441a6fc5e0e92c8ffd21226294d966b176046b76a47d9af40f0c6b6b314a96738efb43e9d56dc39f51b0fa55113acad7664

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\WC4106V9\www.youtube[1].xml

MD5 a939ee821fb30f71a5c51417a9aee1df
SHA1 0a383e45324cf4108a163094e86ea3990503d9eb
SHA256 4f9eb8593b1b1891700fb5956eefc6cf447df12e2564077a7eed54430c56c660
SHA512 226507028112b8558e9036b77d835acc39ff96ef3112c518c85003e619ac527feb46ed226a93a9c713d76e587dde48d09e3beb272b4fb65abba1f1ff70062548

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\WC4106V9\www.youtube[1].xml

MD5 fcaa5498f74dccac0675309e27daec5d
SHA1 fb5159b20786369af9805d20e666d3031d9ec86e
SHA256 6cd68f15342bf00e99fb8c1d3b1a652f4453f043b4594eaa57cdc94a7da6ff94
SHA512 cf5d402bc63e3350a690e6ecece3e6ac441036743d13763a5a988d1eb4de4d5b5e1dd7240b366d5e7d74dc61921987d88110a1ed4f98194ab02b646f6c9523f1

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\WC4106V9\www.youtube[1].xml

MD5 d8d8c26e7722ab2003a2843a1272576a
SHA1 eed58a67547a1ea3689745e1d8747cde53f365b0
SHA256 a24db9d9ea98b9b762b70dafd69c9eb78345050d4822ac21071528c3cccb2062
SHA512 86e8ade184cd50326fcce1b859bf81a3cb94d5ed272a4ba9e667e1331b6467623a1ff2a47a2916c7cd75495336e2a9e9ee595a4b639714b0174f992a38a685a4

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\WC4106V9\www.youtube[1].xml

MD5 f9528a0fde88fc720a1e441d3d17f611
SHA1 807755a4a62ed3c4747eff4e90866fe41f14f952
SHA256 f9120c7cc404e06ba77463c99e55c1d173606aad8a2768f219cabf6be45fb3e5
SHA512 7e733ace68e1affd3e6aa042b44ac58075b25bb6ebf0b902ad7da39f3e52c6cdfce8eed4aa66673e994b8f77faabdfdf524f3ca4bff14224e43ff3fa2b11d11b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\WC4106V9\www.youtube[1].xml

MD5 ee94095e60296887a034cfafe2ccb8d0
SHA1 bc63d5b62377fb3fda537654ce4300ea8077f164
SHA256 91e1d3da069a2dd0ea84a7d11db46a5e348c6246c64326cd44720b86accfaf79
SHA512 1a7230e0b4bc7857d1fc48d82abfdae0eab96753b06c495569afebe5af5df729028b9623ee22e708fd757be9cb138ca523a1033f8c0e3a39d1c4c42769ad8d7c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\WC4106V9\www.youtube[1].xml

MD5 6b37ef718b7094b744a503d6bf2567a1
SHA1 f88774ce6b7e11e7f60b68d4e81f317b1fcd7b97
SHA256 db9fc6dda5f282b7003bd575edbbd7ede16b9c923007873c0718a4bb1d8420fe
SHA512 91e2815d2a3809610abe0ebd1e9b4d60aec16f409954b3e804beba0c49f38b2185d75d7bf7cf6dc9f460879cedacb6b5c5e5dea8ed0114c3fa0240a92f0df9e1

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\WC4106V9\www.youtube[1].xml

MD5 14c93ae5524580bdc6a4c33ccc992b02
SHA1 1f643d8cfb975a900e2ef46be254e5499d24e688
SHA256 c67be26f990d39be8cc247dd216a0a9e19db5a7f4f313077ca91ff5b5dcf2ac5
SHA512 a4d62bdbe4cad84d31b59c82afa133dfe32bea24ebb972c9b771afada28ff34f1648783aeecca64b47cc646186d42cb3d7324cb874ceb34a27a276d125f53983

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\WC4106V9\www.youtube[1].xml

MD5 9af3be3ab8bf770637d3ed9cb1667228
SHA1 17983c4d01ccb2441ba2d092cbc7518a46ccb933
SHA256 651a32ed2c7bc2ade982cdea8698efc58b3e6075d052fe51931fb2479e053737
SHA512 b3efaf870b4310c227f0250eab5aa62dd48409062f609f3f2e2fa2c9ae307b0589ca865459120ff0d6e17a985fffa85fadd63451d5329ad2c71ca3ee51e03771

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\WC4106V9\www.youtube[1].xml

MD5 70fcb17355dc665dd6927772dedb160a
SHA1 34c8d6e94dc9b8a9c6e0a9e4e7803e644d6e768f
SHA256 64e6d80b6a6f6c44ffaa6d6b2470e3548eb4023a153d0d3d6cfa5377429de15a
SHA512 506561ab10c201612a8ff67b74285ae4d599f4d6729c3f9c58c246e13b4ae32fa4cdf71de5ba520e6c6a502583d9ca7e4472a5d2f071d825ad9dd17a9311c749

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\WC4106V9\www.youtube[1].xml

MD5 090614af591d7a32178d222a4c8faab2
SHA1 ca0542fb998431343057b54b965a437a114bbc60
SHA256 34f08e862a6c070cdcd395a3fd3c0af2ff6012a5caa574a0b41f3c07d5167325
SHA512 f20a7e078e19dd12bebce38decd2acf22198f13f949b39d9df4fe87710059f5f9921211d79fcf7cd330ee8a2c373b6f1196c1fa478a7c237c6d9bf397c98570b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\WC4106V9\www.youtube[1].xml

MD5 133c32cb1966389db9574c1db4425508
SHA1 32abcd4627dcd4c30ca1d6d249647e53fbedbc19
SHA256 6ceca1535b4da7888fa1b2e3544d5ab1ac4b0f212c6af598922f1a9e33114162
SHA512 cb3987fc7ff8b0796d2beb0b21141c9ae60edb4628c4c45d05c48650f28832bd0163bf1b4fa651697596932fefacc91ba87902c3cdbf9549cff3be613d79bf73

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\WC4106V9\www.youtube[1].xml

MD5 2fcf451250939f0a9df747ce2f89c285
SHA1 c5229be495631885c3fceb93601cf617cf45d6f2
SHA256 d5987e80a9d7a6641cf0b32d26d4b500a6e4addd4d5298fa3a7b76d03b696137
SHA512 61ef8ac025e1d7135170248f68e01f3b6d0e0863cb38cdd5db99759ee2fa69313322fd8715a8f70a2ea752d12c7d24284b8ae0a3a253deaa20b36309a282769c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\WC4106V9\www.youtube[1].xml

MD5 6b6d52aa628c7552f0aa1728e43c123f
SHA1 a1dd8eba4d55a8f75a5a24ee97205c7b29b0a4b7
SHA256 a39a8ea45d4e2a2da90491dd748872652c176ff19743203a0b3792f4344c1c30
SHA512 cdec0f8c2f9bd38304f9408c8f472232284f7bdb9166e40ce7506cc92f45806c68530c4379a72802254a312c4639f7f26be66216ee693b8875963ac60f336dc7

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\WC4106V9\www.youtube[1].xml

MD5 46c939a2283c3a04b1ec37788e3722ed
SHA1 38fa8345626173fc4d0898b07c582c96b0fa4667
SHA256 2eb30946b17fd168cd374cdaa35be7d3f467b92e62a41809fd4c8bcc82ac3e6b
SHA512 dc29b3b3e3770334e5750d70beb4bb22ad02487a8b99fcae721d1070b33178fc0e18de97f8d805c7a6c8210a3272cb0bb929908a505317b980a2021869f0ccd1

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\WC4106V9\www.youtube[1].xml

MD5 142bb7667329809cb812ffd53ad4f0c5
SHA1 24d31cc174d45aea29404f23e4dd454f95d7ed02
SHA256 13637e611059d1d8df5e2c0acda611570de97cd45769641363afc4c2142bddc1
SHA512 5fc5486bad2c084e5aced36ea9ea4b288892a4d469f8c04cf4faee7e5fdf7079183f6d5074e295b812b24fb3ed8b19365f1e7d955a81b288c20b38f74a1e7688

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\WC4106V9\www.youtube[1].xml

MD5 328771b57db5f2ef3ab2456aa39e419e
SHA1 a5193bbbd5efb39ff5bb73442e14323c8649b67b
SHA256 a383a9b6c856d155c79a5f32b8513db78d7915d133a6fea2b37c52f11eab0e14
SHA512 5b47b77629f20dee53de64e78263bbdf2b3255f8de1014ae2a40680339febf01a8cbb4765fb1d10aee24e9af29e1878381beee01480afc3cfab4894b8c2ebe2a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\WC4106V9\www.youtube[1].xml

MD5 468abd3e4cd35c20fb8652aa5c5f0eb2
SHA1 bfa95fe982d955718800d4c5b862663c72473def
SHA256 9f00b72094bb3773f25eaa00b0885558211a552be82a7dc231943f99f6b1b34a
SHA512 cf763b15c090ce47c708ed6a5b634f66e3c3755ddc263f01a0fa97c5c304c47c6f89c958efab42f460e4fc203443150a5f19ea45528a01e55f30f760318ff86c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 537a705edc5460c35b5e863594bc504d
SHA1 ff7d70a91679df9ce32cc412726aa3935141675c
SHA256 81105da61ce064f5dc4c1b7c5f858b93f37a36fb9b247d6fd5afb8a2dbfad1d1
SHA512 d5231de409612c762bc38b00879ce01b66e3f5464a91cb55275ad851cab5da817f4167596aa495bc700c606acb92f3ee535030423cb09c1825a170ffcb2d4430

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 33270dcb111ce35563d172ee9ba733d5
SHA1 3b71551ba755d6920e7a8217f2879ec8d8752e0b
SHA256 aa57f50ca7176ccc693f49d78a0c9585a1c5dfca4b54b46757f7b70683234394
SHA512 0ebd3a8b9c2071ceb5d9659f0a1ec2e605871e9203950bd7eeb9b36c6db98826abffd6bd964fee15c4d553caba4cbc38e2450d3ae8cbb5f7fb671ba0f0d8e82a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 777cdc99a62fcaef22afc3291b270161
SHA1 cff8a2178970bbfd8258934403dd23c4a984a555
SHA256 2df42bd4fea8fda6342524e7ddac8cc4db0ae68b78dc0a6c9db524366679a8fc
SHA512 9694d0323b7d4faf5b6d9bbe00f7f20714b04744cb41d37222915ee12eb9cb15e8b20504e2d422a4239a87202a778fd8a4f9bbe4693b43d90ff3545387eab69a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ec892103ab61cddb03d302bd0d4a3dc
SHA1 7867fea810715d035f24b84a69d3f7578083594f
SHA256 588b948b69313b1417d86682dbd16092e5230bef9ee155f62e9e1c87fd47b3d3
SHA512 6b67c393f9a9d07010b5f3cf3094ac39b54fea249e8091149ea5f0dad33f54f37cef33ac46b026498386365fcf52d505b68aa0ce75cdf95e9cc01ae0e578ea28

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b82169aeccc28d095e9422b7e7b49948
SHA1 65eff6ea162c61f8675d11ce07c40eb96f371391
SHA256 2b61422d3002c680fd4ae575dfdf79cc835fec3212992be3dae0eda6444e0039
SHA512 a407a5fca85f72958c0f0cd18f9ea651ad7ed4d962bbb6497a7210016baac19ac17ac914d57fa03574e07aad637bbffa6b9f6f32595dc35cdcbc55d4b73d11f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4028e16980bb06d6cf7688df68213762
SHA1 7f68a424eb514d20a2d884e3ad10361e2dd63934
SHA256 9be25e5f9758b232097ec87634d59764c7a1817ef56074bce8f5b2ee06201efc
SHA512 406d2fadf43f488bcb7a9f368d4d7ec5bf8934b64f46b616abb9ea9f866a52139ee9a2194a1526ff022db0c9abd5cdb8fd49355278c193ddceb3462570dd0b58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d4bd9b924fc33cd281e4f390eec091f4
SHA1 af3133290d9b0960fda61abd4a00c72296e97f98
SHA256 e452f4f52a7b18eca639adcee2c3c0c80fb2d952c498a812a8db7a4f4a306e74
SHA512 9e8872bdbe015c50cf955969aa9d7dad7ee6d95f7d57f7f35864ed6ea4b4e97aaf7c1b7f6ffbda41a0f3ccc722cff70fd96540ffc229e796e1285c7a46a905e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 21621f44217d528a1eb5fe9a91598704
SHA1 4a54f8a73c5812fadd176b1197d16436ea4e042e
SHA256 de896157db1477d280eaac8c18a15f0f21b28087f976d5ba628ea90981c48c8f
SHA512 3b3ca814efe60425a421009100319fbc9bf5d344c7c5cc625a67c7c43021d1671192d47cffe4b38c5b01dbb7e2bee6cfa8bb026a6cdffb60b2c3def668d30d30

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2509ceaa7d335087bd9e0475699c2258
SHA1 9ef8b90e1dc5c03f01d27db46004c228aa999739
SHA256 fe769b33903200103e02c7c0501aea59b91a90ad3baf2aa03da1b5ab35b384a9
SHA512 11e0e375aaf32efba542b8af27a090cc3cf2e4b6f6e98a800312cc14b9d56159127121398afc4bfc756a568daa39016c5892fc01293e7574ee49f0e7574178be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7708489827c297e5335d776c28e5d901
SHA1 396ba60b527edfcab452099319501ce746e359d3
SHA256 97d7f6e37976c07558fc16ece4b2369154efdf11501c53157746e74a4848e096
SHA512 5aaf2df2374f239d702254f7c7c592ab1a1d9b1be80e2d7a0283392eb1de6415886cf2136a850895f8d83680ab4b33b59d8472c121a0f90ba54ef1e95be7dea4

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\WC4106V9\www.youtube[1].xml

MD5 7f69f1d6d1f5569ba0f671fc31dd1a2d
SHA1 64bfd0b94a7c96558e31dcc9e1ee246b6b994c01
SHA256 0f45443e025f8d90789dbde67ef254bccd135aab2814dc17ba35cb23b775ba7a
SHA512 1bba768fde0ae78384c11a231cd550e727ee88d935cd74dd807d70746b3903418f540f1bcd91ba4e583a6111bb43f4048b70646ddab02c65c38334f52c9eef6c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\WC4106V9\www.youtube[1].xml

MD5 bdabf05cb94a9c3f758a46767144e15f
SHA1 09fb8f8fd663b0c7b77a93e671d9d0dc29ac78a1
SHA256 27d4f75e20c1102aa87ba8948b07dd3acf762621c5818797f9735fe7a398cd14
SHA512 3056a5a82e28b8f0805dcd5a404f2f540096628d489e3bbc1f0fa2c5cbe75db49463e1391fe4427eba778c71a1e1b6a62cc1e9799cfe6bf709b6a5e1bcf59b2a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25476f3b14106a2ed393ae1328b66bbd
SHA1 0f94e3705b9d258f9404209b67af6c82e4952577
SHA256 ff1c3be74b6ea011c7b09fef3dbe177addf7193721f298e7a751964db4a93bb1
SHA512 1e71e38d400e37330a6fb38dd1ac5a6554ccd155c08aaec015280c4bf65411c57fda82f2be025fa79e8f1fbbfe26a64ef5ebf1eefdb5de2961b729695e1f4dcd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4df6b4f4fb182bfe48bf42b7c53f0f8d
SHA1 fdde3d51df545161bc93649bf39f0d23f395182d
SHA256 8a96d28242523aaa2bb4bb43a18775843355adfdb17184c64d4cae84da976e30
SHA512 7dfede549df0cfa542580f2139f26087f164e61c7432e36562848a6b71f2a1bf97bcc42e2ea6f839870bf7e465e1d0c51a2a9680368ca381e24567c6f82389e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0952cf91372cfcd4596375d6fa949683
SHA1 94e93699c4b124310fa7c166f1321c6b6f50b10b
SHA256 68fa1aef440227fad02275f32f19fff8e5365a71c97c6fc807bcbb1f7cb41089
SHA512 25a7fc929c011e0932fdf389b66feecddf12b90bc86233df724ad6bcb2042c25dde8d0a1c5556cec15a718d45884b1cb77ab8c0d59e328a38534ee3f9d951d0f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e9b7f3d7c52d28eb4d140443b409e634
SHA1 e879bda3634811e33719def22c8810c2094f2d79
SHA256 513154c3bd5c8dd3dba4b92724e356f573e3488c1370e16e16b1183f87fd41c0
SHA512 850284f893bb30e7d6af41c45a9bf87230ba1c11e8985559ce7f5079711e1acfa63837a1a84b1a6581ae22fdf58f8df8d32c2c91d7a6261716fd8260acc3bf88

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 86cecf91a58352aea01c445ac9d9864f
SHA1 f7242cfb1c47f872ada9fa4b6d452e868aa69c6b
SHA256 0919899c094ad5c39a4c59932a70b99023d93c84ed7ced7ba63e6d38b363e232
SHA512 f3f8a56b058a5bda210fd25f0398594a46267977bed37f8be50a5afe6eff17760c5be06d2e8f22d6aa5044b6f8dc076785fccb67dbe51046bcf34d377a6de64f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4fadf628ea881e5238713985720f142f
SHA1 4e486cd57e6a743ca79b90f59e07efbd8b990665
SHA256 3786898ed2dd13e2fe5e4f9a3d086e5651b7c46be5b139ada7691ed9f00fb7a6
SHA512 167325475e1c4715dcf786fc9a962669adbb403b625eb63feb0f695243f0da74d7e0a081b79329762b91c272ba08a2ac9ea4d9cf2ca55262bb1a12236c9dd0a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dcc41e6ddba618cae8249c9cabb12c69
SHA1 df2949f419529ac32217bafbab4202502c22db70
SHA256 7661ce7ba6bfc0ed6602e51309d906650a2ffcbbd71596b38de26800b32a4c3a
SHA512 747cae1b7e9d060bfc333d98ea0e733cdf3465852c3686da8ddc046c5556aada20b6f47654aca50728bd4b99f010b68d3f1a831be4dd91df3ec3ec089d2b4759

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a9032edc261095a063093c54ac97792
SHA1 00b177868d9c6f2eba5bf25fd4e4afd3ef3a4586
SHA256 1b6b0d7adaad4e14e1e3057b4fca72ca9d798f5008096ff3acf65a43f91cbf95
SHA512 64ab8da8e59788a7798e1d4b6e28a52a412dc11f2aa2ac0600adee236a4d42ff8a242fe61f719ac296d53708f4b18556449a8ebb1c66bca1ab489232dec89c10

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9127a9b300b6af582c7dfa5e9051e813
SHA1 5f5c2e1d7af8ee61c51359b5a4bf892ae6f23a84
SHA256 c372ededde1552a7e19fbca6f5db97d9380fd880845d53c387d476cd1844b4b5
SHA512 cd4e521329ea89ad1ec7eb91e0814df471287024992af64c8f78e298e23e13c8e271845b483213611d5202b0764489e1d4f0cb071b5f7093b16a9b7ce1e9da6c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 200946a47da0d171a67ab2fa1bd52c31
SHA1 70eea3fa7161b30b2b209d8a99aa7afc9b05063f
SHA256 f3a33d206e6c997103aef1653523484517f2c862376ab97d1691aaefca80b7be
SHA512 8d8e259da7cf26811ebd335f070253274df98959a2b67f831ed7f98c7ab7113e0e14a510c365f29d4b4c54d51695abdc221800816d7458335c6e88b5f6632ca4

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 15:25

Reported

2024-06-03 15:27

Platform

win10v2004-20240426-en

Max time kernel

145s

Max time network

143s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\92425517843864d01e5d97ea773ef7ae_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3048 wrote to memory of 2588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 2588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 1252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 1252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3048 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\92425517843864d01e5d97ea773ef7ae_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa797e46f8,0x7ffa797e4708,0x7ffa797e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,11440385547543681485,14760130940640535716,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,11440385547543681485,14760130940640535716,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2492 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,11440385547543681485,14760130940640535716,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11440385547543681485,14760130940640535716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11440385547543681485,14760130940640535716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11440385547543681485,14760130940640535716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11440385547543681485,14760130940640535716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11440385547543681485,14760130940640535716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11440385547543681485,14760130940640535716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,11440385547543681485,14760130940640535716,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,11440385547543681485,14760130940640535716,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11440385547543681485,14760130940640535716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11440385547543681485,14760130940640535716,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11440385547543681485,14760130940640535716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11440385547543681485,14760130940640535716,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,11440385547543681485,14760130940640535716,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 225.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 konthaiusa.com udp
GB 216.58.204.74:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.konthaiusa.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 172.217.169.46:80 www.youtube.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 172.217.169.46:443 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 172.217.169.46:80 www.youtube.com tcp
GB 172.217.169.46:80 www.youtube.com tcp
GB 172.217.169.46:80 www.youtube.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.46:443 www.youtube.com udp
GB 142.250.178.22:443 i.ytimg.com tcp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 22.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.178.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.187.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.178.2:443 googleads.g.doubleclick.net udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4dc6fc5e708279a3310fe55d9c44743d
SHA1 a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256 a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA512 5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

\??\pipe\LOCAL\crashpad_3048_RKAQFRXMNZKRRZBG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c9c4c494f8fba32d95ba2125f00586a3
SHA1 8a600205528aef7953144f1cf6f7a5115e3611de
SHA256 a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA512 9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 69ea173f2268c7bd2dfcce66a267e164
SHA1 68bd380e47f88548ba855031449c8dcfefdb4c4b
SHA256 c440eb83298bb8bb287ebb33a5cd79ede1f88622c9ddf1048c560db52c3a3ce5
SHA512 8abddfb92b3c4d8ad83a3cf0f368d35b0839a1f2bda0b169428a345bcea3d57bea1f3d447d527c4a3058cfb2bcde32cbcbb706272f0b26b15f03df9164f4f06f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 be30c8ad85398f4b36774e37e08be417
SHA1 89d8c596b5c1a01a97815c48bcc6bb2fb0a51b76
SHA256 d5bf59a766d501b40151e840ea3c78abf90f9c4ed8818cb39a6f379db8cbc5ae
SHA512 72d70c7b7c83c01b29a148d682a9c8caa398d32142208f6f4298b3c0b3aac8d43c57962e8c40e74e5faee88a98f038894b3ba371790e780e95a105d7c46f9d69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1df17962c5f82147ddb833c116f340f5
SHA1 f97a2a2e09a1bede812d9df9c83db911c92ee989
SHA256 0b45165dfc1dd2fd51546d53438b8802483e5c6fd8a45659db6885978fda2b88
SHA512 7bf6008132f6d4f4cdabade22c389c997cd02757e886a7e78d5dd7640443bf6a4386df48983b6e87e334453d81ef916f88aadc2e8e184cd89cef58e6c28887f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8520bea08a85d596adc8deefe73ae356
SHA1 c6c4067a2d18cdc3b1d02c3eeb83432665c5ffc8
SHA256 5628ac88eaf2e3e1b3c4676fa36cb75290e282f9bf70453a778f00ec1074e5ac
SHA512 0d10fcabdd639cbe137a8e608a921d7946fe475a10c3eb04822903a2096f1e7b0f4b918d1699664b15b21f9b733e283f1668dc5985367eeffe181733a20c8280

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2e833f4556b8fd00676a9c360427f47a
SHA1 564b7c04b32a9e92e9138bffa44fbd99cb5c7505
SHA256 e3d7d7e7e1520706b8c54b62ad4568ceb4f5773b7a695b07771d7e3ef2f850e6
SHA512 7e4962f329e09d4a24eebb9ec2d29c3b7ca254266ff6f6a45d81bf1499f33b1ccfe589d1391f8fd8ee47ed6107f3d034b8ed08fd4e707bd82e31d062cbdd8e5e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d2153b6b20dd803e4ed72b09d2127e51
SHA1 78c60234c8fa47459212af7588b3ade42dba0216
SHA256 f934070fbf351a28a5ba1baba6c3d980b326468a7756dfb6ed51ed3b223217e3
SHA512 687d75ebf55aaca95a05703f3d69313d48037532e9ac8d7641fa43e885fe09d09e5d55c80d7a0fd7650cd6b76bf28d33f699d20d364cded92e563ef9ae8d962a