Malware Analysis Report

2025-04-14 03:45

Sample ID 240612-xf825azbpk
Target a1d38290757608d3a73eb2d42b5c9320_JaffaCakes118
SHA256 a8b50b31a247ec4bfcfcd59d3c2aed53671919d5733d9bb62e0b53c645e71e85
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

a8b50b31a247ec4bfcfcd59d3c2aed53671919d5733d9bb62e0b53c645e71e85

Threat Level: No (potentially) malicious behavior was detected

The file a1d38290757608d3a73eb2d42b5c9320_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 18:48

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 18:48

Reported

2024-06-12 18:51

Platform

win7-20240611-en

Max time kernel

121s

Max time network

129s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1d38290757608d3a73eb2d42b5c9320_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "29377" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "38358" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "233" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "19421" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "38219" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "19421" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6B865F81-28EC-11EF-BDE8-5214A1CF35EA} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10081" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "18923" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "38446" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "38446" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "19333" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "325" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10163" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "47891" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "38358" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "19333" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "47891" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "29377" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "29459" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "29377" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "47891" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "38219" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "18923" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "331" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "19333" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "38446" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10163" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10163" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "29465" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "38440" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "28967" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1d38290757608d3a73eb2d42b5c9320_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1868 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 konthaiusa.com udp
US 8.8.8.8:53 www.konthaiusa.com udp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 216.58.212.206:80 www.youtube.com tcp
GB 216.58.212.206:80 www.youtube.com tcp
GB 216.58.212.206:80 www.youtube.com tcp
GB 216.58.212.206:80 www.youtube.com tcp
GB 216.58.212.206:80 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 216.58.212.206:443 www.youtube.com tcp
GB 216.58.212.206:443 www.youtube.com tcp
GB 216.58.212.206:443 www.youtube.com tcp
GB 216.58.212.206:443 www.youtube.com tcp
GB 216.58.212.206:443 www.youtube.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.212.206:443 www.youtube.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 fe0.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 660b6e28b38ebe7e521064e60113fffc
SHA1 f2c25e9f931876bf6834191ec5b409f47f869129
SHA256 3e203426c4aa1403e940966905320c612ce4006cc87e03eb64058eaf6d402433
SHA512 96868e652d5e0c25b4d0f0ada20d345115f0c6fda26d3cab724c0c1867386d2dcedc408c51f776b7e019ce2e22755017d99bf663cdd9fd0d88b26182c6434bcc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 9c5001638091dd7c0c7ac0bbb99cf711
SHA1 bdeda59bc8b84b0094c5d6dc9aa38859d58cf6ca
SHA256 8853e503327b69aca37a72b6ca85be3554ba5780da259af9b347414c209ba733
SHA512 92edc8ed8e8fddb7e821c0b9cfca2731d54b0f0dff82ebe0d7d1ee9c993b51a50f44f8056034a962de5d7247f39751b4132a7542d48a45141794b0cbd2da6d37

C:\Users\Admin\AppData\Local\Temp\CabEDCA.tmp

MD5 2d3dcf90f6c99f47e7593ea250c9e749
SHA1 51be82be4a272669983313565b4940d4b1385237
SHA256 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA512 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 f28732a8753254749b3803d41e358e08
SHA1 dde8edc6f7c05b4557e6a532e42a58301bb1aac4
SHA256 b3a93b4db56f21b549406bb76ea8441521a272e30103613ab4a392c009de464a
SHA512 204cdbc8d323636a987d30c46bfee21500602264932837a4bf184974afec0b1a3c5033c3e1bbd0a336908c018ac4e3ea428f18f08ac37e82e30bc9a368a80d53

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f7eb8999461e21fbc25a5f87cc2f1dd8
SHA1 2f0aa65253b8465c403c32eb11bfc3e11d1e7263
SHA256 254d8c5b3fe143bb6c3b2594d38abe36b38de0b5ee9fed8c9b34ddf860b27ac4
SHA512 cf909e3acfc801e765de9b939bb71c3dbac0ccdfae711626e9fb5647ff979f1dee324a8e529448ec3d0409fb7c32208f3a0be9404010f70c607735a2c912cb82

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_89FBEB9EEBFF8AABF1EBFA20B87AFE7E

MD5 aa98d848fd2f0c3373b5f85ae445eea8
SHA1 d891ce4c24f0d1b817f1503dbefa6e2223e096d5
SHA256 c1aa56bbadf30caf25065b1e1a3174d418a03df203800a2f49fdc84736635f4b
SHA512 6f98ae665ed77e6c620c4eb3e67ec18d2b74bc4526a41d754f0c4c117b14aaef41d72e1de23f492f8140b99e5c92f3db510b09e6dc30666b6f4d5c8f17d7da1d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_89FBEB9EEBFF8AABF1EBFA20B87AFE7E

MD5 60c593c796591612a55accb66d6448da
SHA1 816aeadcd13ae6c0829aee7c247b5dde70c7af95
SHA256 0a7ef74ec7fbf8eeee4907e58fe82af1928e84c8585a1684c3257db3ba58f40d
SHA512 fc0b1b8d6d428ecdeb395894b6eda967b75f1835a81fa436abb6fe8b3a0d89b5bbd45292bad2eb5531155b4da048ce579b57b59c94338bce58501d60c8f4b176

C:\Users\Admin\AppData\Local\Temp\TarEE3F.tmp

MD5 7186ad693b8ad9444401bd9bcd2217c2
SHA1 5c28ca10a650f6026b0df4737078fa4197f3bac1
SHA256 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M46YZP1\www-embed-player[1].js

MD5 8940a491297381a0ce25360e21b39bb5
SHA1 43d7a4157e78777fc024415969c3a7bd550a4322
SHA256 afc766cb1c4a339c40d24ad926f05e8b4927eed7532b876291d0bd19adc9cf3e
SHA512 5772d7e7485db888676e69cbaf4c88af01872997338bc61e8e0344d5dba208c2909e167d54d8edcb782e17d1a2b4e9dba955baeb0ad0e43ba932b3bf25ae7dde

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M46YZP1\base[1].js

MD5 cb463df0a090cdfabc77af2691141830
SHA1 e3dde6a1f5c4803e69839154013496a781137473
SHA256 e09e2e8a3cfbcc88eea12d0b17161e1f2c8c75f1bb21100829c09f9858db3f24
SHA512 099374f7b03a4635390b94525105884fa101d93a583eed0d92def7d2de3199d2bd57fc63d885e8e9af0863db40cf521d2fb770eb09400a4c6285f7c37ad88e8c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R54TGSS0\KFOmCnqEu92Fr1Mu4mxM[1].woff

MD5 bafb105baeb22d965c70fe52ba6b49d9
SHA1 934014cc9bbe5883542be756b3146c05844b254f
SHA256 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed
SHA512 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R54TGSS0\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

MD5 de8b7431b74642e830af4d4f4b513ec9
SHA1 f549f1fe8a0b86ef3fbdcb8d508440aff84c385c
SHA256 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a
SHA512 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml

MD5 ea922bfa8085bb45ffcf8d9026c54e38
SHA1 70945149330d89342bc0a5d3a95005ee45422c17
SHA256 57187194cb51169c83b03551f428849f0443df1dd4cd83cd5349e4822beb83b9
SHA512 6a2114083dc551575f18ed899848daad0c80bd8c2fe1e29ec0321090745acdbf07c72b8e2be7e10f13be217cd4c88481b53e7c194be407041c209c738a0342f2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml

MD5 462c4f0897a6347337b6b92fd0cecc1b
SHA1 ff8dd6816e848f5aff740d3cb5490a65a8c7ad19
SHA256 5ba18eca7e852ba6b16e194c01166db995836456d46204ebafd1165c5e65199d
SHA512 b957507197c2747b92a081f2a86e313a43fcaf5d84257cef85536ba0d525262c7202bcc779852f9cc5ceeac9bd3e231b256bfd37ece2842f6ef913e11dfc324f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6F0O117Z\ad_status[1].js

MD5 1fa71744db23d0f8df9cce6719defcb7
SHA1 e4be9b7136697942a036f97cf26ebaf703ad2067
SHA256 eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
SHA512 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FY3LN490\embed[1].js

MD5 14d69fc9da4a63c8ad5013b3d3781842
SHA1 e0272f8403d95fd27df22dff5fc014e2ab5d8a3d
SHA256 e2a5632fec9da56d272ccdea5ecfa7000dc70659673c52a11966802e37a2140e
SHA512 0f85c67ae8969570f6cfa4d265013da7d4820ea11349b11b886d480d7d78df5c6aa1e7484724d6b21421db18678d22bae6d478d3d0e35506673fd609805d1976

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml

MD5 cbdaa35fbca5f330dab19e8250f9dafb
SHA1 d087a72c1ede8d139c0fbbfa09fd504c80638843
SHA256 fcdb5de7664554e2ce6a99d915ff00512c6e431f90b8534c206567960f5aa69c
SHA512 62957a46ccc5d2cfd2af37fa2e1f73a604502c61dbf0653d701f0865bb430e9b710872bf78d2257db3470142fdb744a0a1b52131e8a2c5da4e27cc93b6b365dc

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml

MD5 c0d9cace0dd7b16b0226350d4ebc8cb5
SHA1 235482758c5b292e8acba113b1084ea46481fb18
SHA256 db5bb587b0c37f4c67e1cc3c79ef7eb98b451281d824d0d8afbe9b205ed81f70
SHA512 36edb83fbf14fd7ff4aa62c9377019e5f14e42ce0934ed8b478f2a2a06c399485896a38844c7cbc78ec017f87ea8ce73ee4ae1f469f1a6c0e65dfc1d231b7b16

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml

MD5 91114753a568e9fa053e9fd42e97de6f
SHA1 acb5aa145cc7c6a210ab4729cd7fb2c3eb09e5d1
SHA256 83f4b452a05f25964e7105dab42db895addaabd9331a4918738f6c96d6ed6bbb
SHA512 65979ed8c8879961fc679670a9afdf03a7964a50998ef2992ee9a4d07c7cfb3557faf71f1bc28d270d45b53ac4d7753c6c943c25ca1704690b6c7fed78c0acda

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml

MD5 06757bdb6e8db5f2a389a862ed9acfd6
SHA1 b8b6eef800cb6111fea8362a4370f7749d18dda7
SHA256 6109a8fbffe1db919c38b79ac73cda83e119c7fc65ed04f6344cc93a628dbbd1
SHA512 c30a069e2b1cdc736c312937c939f92ea10cb044e45d5638250aa7ee10fdb4d179a5f926c98ff20f67094aa30d378f8b6c6ed2b53ab228fb3b070052b70dac03

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml

MD5 5f1d614af38db19fc954210df0f859a3
SHA1 a8502f0050167ca32e64a158ab57bf667ddcf19a
SHA256 f1150ede1fd55e004405fbcd902a72ca77af46ddbadc80947fbb81747ca5ac22
SHA512 1f6f3c7ee2ac7642aba721b2097fda711abdc60be405fe9c611686b99a1009d28e6e4da496ee54d8f221af373c2b392fc7fb1967d2e85104a29b006cf167b060

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml

MD5 2715fddf2d628b742fdb222ff2011322
SHA1 feaf57aa9bc10bf5e659305c80a0ffa8a41f23eb
SHA256 809f3d8166ccd3bccec33de8e378a643e935b3250d4dfa3f7f2e2a26f7b1f47c
SHA512 8c6389a7364881308e00e33dac4974405d36317ad25462f8bdda1c070a07228b98724ad33b23971c60077e7066e2b187f70e77a71a709ec0947d9e05f68f4c64

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml

MD5 74e614d75c527276f2fc7d4c8568385f
SHA1 69d9e2914efa02487a8aafbba9f49025da9b5074
SHA256 a5063a22139fdd515b8282580c2afbe8c5831f76323e62e53403d68b69d7b3f9
SHA512 283b5ef2631a8237ae4f52140a5022a910a3e5991e69c4aef3a5e42a89031b3d6cb7834a520f43a777ae2655dcb6f49155135220cd506bbadc6b1a8b3a51c705

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml

MD5 b389aad20510f53a85c2d17b5cecb4fa
SHA1 6615b7b58d30967d70b1a595e746d55bb7d13496
SHA256 cf4abf2254f513127f72535c25e9327ed40a5096a9f0758ffd293ac07d34c862
SHA512 aae89b3eba320cfc7aab77644d021d3374ac656e7de76a5ff1897f708600b3455c276200a1a78899ba4404c7aca5423f17dbb1f7771ec50d81d09c380e38eb1a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml

MD5 a6016fd9b91e1ca68e48a9e6741f812b
SHA1 6363fadd4d9ae4b76a19c61fbc87d3ea7d77ef0b
SHA256 b8ac82456692c04dd05cc32b8e171fdb6c0f1b69f9de743aea8332edf947fb1b
SHA512 458fc5f0ea0dbb25893cd616b85bd49e1ef60e6ab7bdec11af7ac6afa4c11271c2d0a40d81e304ed727a0ab1793c85fc1580f7b1690c0c8c1a91ccea4e0c4fbb

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml

MD5 2baa0e29117cd3086086551a255c4944
SHA1 1e1e579d47a03b939aef2f9b3a9c20d4a9b72b5f
SHA256 f8b61d9edaa61a7ff28dd9180e9dbc6aee88ac9974821f255809ae5f1ea73ee0
SHA512 0b0f80c19533b66861bd26ded3b3ce3260fd1373684959670e22bb79f1d6a6e78c991ab355d1d2e415aecd49bf25de0ea4d0d9d997f3bdfede32baa3aff8cb12

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml

MD5 011082aa41269180aa50ee2a08d1301a
SHA1 c3b8540a3ad0a51a83cd9bbb6b843cbde4cd7011
SHA256 aa601bee0b7e866b260d4b255dbdc4e97444279ab4c0e03abaecd46cb8972b78
SHA512 aaa79c167139d34cbf8f1f7d5d2cafc11bc151dceec7d9258cdc47b8753711e15748189c4d12e32f52ad8bbb0599520117ea29773b70d85e5a01b9b92c858a0e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml

MD5 26ba9ad8fec9e040d1d1183d4ce1150d
SHA1 34939337bd52d494498a51f5bfa0eb21304f2c37
SHA256 f50576f5e6578b81a108872e5ea041a0ace3f55ea08019315274b9d7c0e27b87
SHA512 407c14c0c1c94ae0e1ccb74b3c83111d2e03901f4963a870f1714a524099a1bae096e4ddb535946092cedfc27f124917aa690d026d44e3294d0ea68a081087f2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml

MD5 5efe66b0bf17144848c2716e0c74e764
SHA1 fae308e12b98cb4c6d17a376caaa19659a0a738b
SHA256 09673ab127a530ea0f36f37ef40ba0cc2d63224f94a9f8332ffc55ed536472f0
SHA512 323146d986dbfd3d49b3fd5c327b49b35e9c0a208d92734fb43a990634477249e77c5c6adf5725452e86d28dbf1a719f64b6d3550a54b69ade5f88c31d989ddc

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml

MD5 8274fe7cb8482a9bb5c4286a22285ec3
SHA1 7756dbde62a86700695b98c8592e42ebfceb5c00
SHA256 e160a60b2431c9f207561824ef4a02fc3103f9e8509f2375912674dac9ae4352
SHA512 09eed5f9a357b21ea6d503abcc91dcb5934dead09cbd30a0d5bd18cc2d8d61fb9464a08acb1658f01f535f36a289f715536df32ed3d2ac635937397d0761830f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml

MD5 44e3b360d5ea6ccbf984adc4cac7c985
SHA1 2824aca1fa750dbd5f5394f2b8dbbfbd1cfd07c1
SHA256 a4ef64a722c428d17f35ff0a5098841becea2725978f58ea9b78822781b72ae9
SHA512 f8f52570f0c92ca11b5f1631b85a1492dc7efa43e2964bcf4a5032593a084842f2f1b043ca87fee089ff92bbc8a31a834f27b26829f51272b4b78cce2992e7a2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml

MD5 924a3a04f5281675b4841d7b546b5b6f
SHA1 af19a420cf04a4eb30e3cec0594d8b6c395adb8f
SHA256 acb94ac0331e038aa04249ec6e2723bf11a4cec6f9585ea5bca011430a7cadcf
SHA512 39c66e244f146289700ede71988f29b60ca15fc68ba74abfd4c37642d9511d988955c55003ab868540b90db967ef909c5f1e71412e35d3d899dd91199c192d0d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml

MD5 70a14dc52da61df7793b31be5bb66540
SHA1 28537d96d78e3e082792ef0423bf3daabc62ea55
SHA256 02db878d0efedb418cc6123fe44a6bcbbb5b4df03216053f5784fd1881deaf1f
SHA512 a517fb52cc80e350487bec9bd0515d582f2117b634d0a7c78e147b27f18f5abb2dfb083b5fd8406a7248b40a829afe5d431a24be082cc0a9330518be9e555e5d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml

MD5 17693e4a0911b8fe28fa3cbd3f9ff832
SHA1 30fb3cfa9c8117b8350ea6f0b2ea4ce43baa38e8
SHA256 87ea6a1b1ab7cd8a7f611de61406af496664c1db665ef874393c6b3c81c70280
SHA512 5874a3d991cc5b5ac3f270ca39308d4e9c949ddb5f9442cd3228fdd7ef25564d23f57c4e9cf68fe43db47f18db3f337fbedc1578416dc96e4ee70cc1adb4471d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml

MD5 cd8b626d6415e76d954c91c3287d5689
SHA1 d1295f6d9f467a72492632e4af5512af14b269bd
SHA256 27281e01d5bdf95cafb8f2d1de4a1a7abe4c25d80edd19d9a8c0702120cf8fb6
SHA512 7ef0fc2914e2d32da21201b42f5dc838eedf56e289c8e403f7e4a92b7c288eeb34ca488a06dfa7d47488fab89de1addff8f83c9ffd0cc94c3adf009bb3df42fb

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml

MD5 8ef06db3c679663804e1e73d839792ec
SHA1 f77dfe81a9243884207c00672bf348d150a49313
SHA256 5abd3ecd7fe0d7f5f7067e545c35b032014e50b8b724f9b6f30a566c7521f25d
SHA512 9ad7a637c82bc59843453fa59a1cfac54841fed346edd3898a31a6840c0ff2d3d3a517429bee7e27dab6b05ebf6150a067cc0ef48aa4e529c57d6ff9e6b31d54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e04bf0969d7c391eae7334b0a01b903
SHA1 017ed81c76dc846448cbc1b53894bed089417925
SHA256 ad251b3e074d1e2e58310f1f1d303edf66e3a5fe20e5ab5578f0c94f81735ee0
SHA512 c8cd65056be646b7d28994cde62edc01c40cb992641dedf074d1612fc793980897f653ab6c8881c83a71155684c8f047282bc5b26310fdf080cc69cf350f6152

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f29252ce637d264dc139a4e8ae505e0
SHA1 8d801b814f2486620ee09fd76bb2d105f90d2664
SHA256 6e4e35bf38c682b248aa027da2497eea42ac1b5618dcaa32d09ff45ddcaafdce
SHA512 0384f42f1272d8abb8bbfd46954fcd687f80b308050d65e0c5ceeeca66553e1c68ed0de8271a416d43174a8f0655af06e6018387692d6a150d876c87e81c1852

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3beccd3044478f594f32293d5caedd8e
SHA1 aa24c37bfd695c668b0be56a62220f347397725b
SHA256 d0459b73756cc1fe662b95e6539996e7fdc9a789f61589938b48a9f833184ec7
SHA512 91884a8f87dd86a6baadec824e91e7e2264bcc3a83ac724b954c0d78c2efe66a4e83b7d08c93fdf334029158567b03d2f8e53faf1959637520efa023c3dd2fe1

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml

MD5 e318224974791c9eaa874b67b38280a2
SHA1 8d41ca4738806a8c517533a88044ea7e4b300908
SHA256 f929a7ee0c9dcfcc12f0f0395e5642eb394c7037ff662231a2d92263e690aeca
SHA512 20b8f217781322bcadf8476482f41849458b5bea6525b2df14672c371e32b427ad6dcef6ff539df7aebb986bec50464af17a11961a4445a984d4ae4ebb4cf14b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1347c60c2b8ec7476504866979c3aa43
SHA1 f488599c0e24baceed9625c321a20ceba9d529c3
SHA256 871ab58c10c8843560cd585a51a0dee95030b40a893ee420fbbc4a0c23207ffc
SHA512 82b34e94a274c387b5b49e948ed1e55b868ecd7c920f5090058b1b3e146ac657f903730a37dee0fcdc1c17c71c450b6dcd4762a8571ba66760b5173dbb76e1da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4f2d8fe881dbe854076b816b84b74f97
SHA1 6196b3840286410e2f9deea709b77fc40d7e3c6f
SHA256 174431204e5f93ebf18a32a2194632552ec582f7c08eb8aa2a43948526eeaa8d
SHA512 e610ddeada9b3d8a1af7a569b2158b5bbbe6bf224f7b904dcf588ffb0a927e13b867d361c281e479fc852ba09ad17df207cb3985ca33aa506aae5bb5bb4071a2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 39451da6d1d51ed9005b6c9a0e158929
SHA1 925c89ab9773e1352c0b148bd5bdbb97271522c9
SHA256 14a660fcf1ad83032890317754a5ce2ed228dca33afa03ad96a0a87f9adf22b8
SHA512 abd0d7e1efa7fdcdd136dccb52355c153deeb55754f5b884c84410af69969ea3bbec64fc08bcda9ae6d5ae98241512e0d031c092f751957b850af098f1ebef94

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec50ac1f55bfae290f8906c2e1ece1e7
SHA1 26833a914e73c5e2d57c85196aadb11b4317fff7
SHA256 ab43a385f2f787c748a0b9524d98dcb49f2ef7f92eefd607d7dbc2a706046df3
SHA512 959c77b4874219d2d26960316b058da24a496f0b92d52231c30edcf62ed50cdae6c4394c35bca8025d55f3e7c60dbc8c34314ee84801bab6b3f62a5c638259dd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e607a554cd93c78c21c7727cab51c7f1
SHA1 a38b2302700ef08e9359fa0ba94af45a0960804d
SHA256 48607a0e54a632e3ddf8ee53353cc70dc3b8fb03b1c10554619d0fe967ca7a90
SHA512 4bb4a565ce78bfa29d2469d39037dede1052a879754f7116880e6a6de7df9430a819a00bd267bed163482211d35a6dea1eda27f9cce5fa3f24819242e71d788e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 93594d52c880f5ed1dfbfd533f52f997
SHA1 e22fddda2c262241be7a545467fbf3d7236cdf64
SHA256 87d11351bb3d49c7faa79108797aca1ab08fdd5711c2c4339d6e154d568d630c
SHA512 23d4ecb48a7c4ff29a333772416f4535910156ad2b79cea9103c0b1e2e6561f141d7106a4473cd8730920f6cb433dc15a06e23d44c426fa97248f00757200f5c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ee8150a7a35f2201f0cefbb2fb2a0b2
SHA1 41eb2e2cebca0a14eb019feca62c515d3a30fe9c
SHA256 62f66cfd95c9f12ac3f35f48e5e83084c8c8e948e8abf33bd49fce7a6aee43ad
SHA512 051451775dc9906d7b7789075b2c71e13c0747a64fb7c44dcdaef9cc24d068f5bdb3938ab4fe3d97554cd2668ac653b75fec72134bc1cf8e0f8c2ec7daf00301

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml

MD5 c3ba1cc6c6e5c5cb1abb8195a0c70004
SHA1 0f2df00f0e51dd0d04e9a215f8755dd4362113d1
SHA256 1c45fee2a201f530db03791fb7b3e2288f559f95282f8c8d3bd7663000ca87ae
SHA512 74aeffd0969c1ffdf573d540ecf22ebdd9eba59c9c1ed6e0484f1ec23321dbbcc228f7a40ef7caf3ba8300cfeea30fe20038d6219931a83dbb62b53fee7be0cc

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml

MD5 1f02ffdc3ace9502367d36e48fd9aa32
SHA1 fac8277528c0addb5e463d7277bd7a04ce75d41b
SHA256 c066943f0ff4fc14b906db0d1399755fbb39b0c5577f7829dbd42f4dd4a6af5d
SHA512 92dd90cce7c6904ff0703bb6af45932e4ec07f30c6c65140f254393e49ecf8d7f72f129d7da02542c9d6324f09ad6116e82bcdfefbd16d4128a4c6b4bd6ba67b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9f7d4e06eff4a6222cbd3bf35841aeea
SHA1 dcfb0d69bc60c7a9a9b64a142224e7a75cdade47
SHA256 e6e68bfea4cdaa8135b41826ee10d2a955936672bb8ab847fc75ae5aef82781b
SHA512 2d1fc950555c48903bebcb05fd3d1b5067d2948a25435233b8400e9f56758622a0d7ddadacd94d3520b14912919f6ac191ba3c8b073b4bdf30de3fd0dfd77c36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d7bc7e69b68e158cf18e73f1442bbb2
SHA1 217ebd4040c9490cad5210480f5318ef03f53564
SHA256 89892ae37ef91ee991063f3a39f8866620e61f1c4a535ba64b185f6b63f9c26b
SHA512 8fcbceb00c0c2cfc37ddd406192bcd95d6cfedf52dd5e0776a0d07c652a521b919f0accc6dfd622273e7420888b8195412aa8c7d383ea39b59b374a703455c3f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 33dfecd141502cac46a06a755dfe1644
SHA1 331780a1a62d17bba1766d538e83da1409067f36
SHA256 a96196fe05d293eea9954a20a31f61696efbf1122d70e6350669556ae675cd27
SHA512 6a03087c725b9b81065c6d3998acb85dd52ea89e978c9ef16caabb5331a262f623f17e6b389600b7f53dc4367072f60707bb7d987a01669b48322b0eed453156

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9a26191bbdf7960d5eaef02f737866b7
SHA1 a8f4411e972171c5544efc25f1b842928f9e89bb
SHA256 a8d17895695d0b871a25225b4b943719ae5b9a54f17653737b55264d6d9cffd6
SHA512 1232d2e8b622d986159b718d4a6c556ea39c4df3bda1f4feb392c431c8bed0c7966bd21e4b1238b58026ce8de5c26eba55b82c40878563d76e7af0d4bda9ec09

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a21cfce54bf07529a208028d6b459890
SHA1 b52f7c9a933b6afaa556228c6826ed16daa9aae9
SHA256 325f388dd0994147bdc37db39e5ae986a6c541324fac47d0eeb83bca6a3eb5fe
SHA512 7d2b30a5eee4df938f37ec1b553e70e8eb2f0dae8c15d9b4585cbbaf51fbd18a872608b79fcfcebbe6c8af1801cc223b9db7c59a4d4aa6d09d62c0a0af5a175f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0cef93c2583b7241182d002361db599d
SHA1 b014ca77be8b97c9d7c2c94dd3402d7b840ccce2
SHA256 3814a322e3725d69b987470d6f18c28cf5f47c57778727f69a5a7f1a8ed65b28
SHA512 2aa0181f7e8646628253c28ec3d5d6b94a3a99ed11cf5fc5979c1c799d5fd2ba329c74b4e6b418968d753cabb43bf08806d0eeef52c685eff0acd05e4d731b89

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c1b157eadb0f0f1129dcb8ca37ce5ea9
SHA1 dbc98fa9e06a25711f9973e66b7e160ded5f0a5b
SHA256 42388c903da1a6771be32319080683ff25ebcf9f03ee281ade67cf834cf8f0fc
SHA512 adf5e637e6221caa8b7bd73acfc3e0c7554eded9c291d01220660050886777811adef52cdaaa7d60df6ae71ee6363b886ae9ed7b6c437d022e03a10b1b181dc9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3516c3ad06432c49b22a130cc7c47fd9
SHA1 a3596cf4c972c780f4d9c10f2105b1e9da92084b
SHA256 bb377ae1b64e321d7aef75382b26e387c8e4b46aa657f38690440a93e4f1bad4
SHA512 4ea5a57536c49fc40888fff004c33b39b97f48f58e63a0a330eb7e69e24fad43defebd0c682094bb5815bd45ab224cda81b2a4c31c31aeb555d7bcbacf4e79bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d6e78b0267be70532cfdb5374618609
SHA1 0fcb7997af3eb960c9d4e164dbbd9108592492e1
SHA256 3472dc5f4257af1e1d51c3368e147d49325f6fad2ddcc57741c8aea1ecc40573
SHA512 ba1cda268f560c13b8d30ce94d8c34f147c21300bcae47a7e181ddfaf62dec7947730c1e50ea7c6e8741dd133f756fd8829fcf54e27192e9e40857dceb296035

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4672752fb43e69703cb99d6626a1af76
SHA1 cca2c867ddad50cc4279169e151680513fa70d27
SHA256 b5c9819cb3f5c74d0d99e0c07df2e94b72d24b90e2be370af13cf4d6ed5f6175
SHA512 80b9bda8db53383c858456d6888bc6bcd88a1cc4aa75294b670ae811d44145b30bd1be70c35cf0b798c98de480b322b4a9d8375b6578f79c444d3221f8fb8719

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml

MD5 64cfee92c29ce74379c643d93bedcba4
SHA1 e3cb6237e7adc5e50444ce3effbd252e33144f3a
SHA256 c617f6a1d42186f2a83b04f826e258fe375753fee69d8cb92d1fe17190b80765
SHA512 9f9fd2751d5bb589ce0cd528da90051f4e49b03075df0bff28e384e578caf9310218579eee7588cfce261af4fe6028c3327d3076e988e85d0f1b6b82d52a7197

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml

MD5 f283e0ffaa32ffc15383b34a5123ecdd
SHA1 2b0d9bd58911d4ce5d37d6cec609ded608cb7105
SHA256 0dfed9c70528203f2ff03cb32ccedf15461a39fbaf755e81f0cde0b481c46c59
SHA512 77d58b650ec3b440b9a20e0ff98c9a9c9a2def0d0a340013828d3b0000b8692dccfeb165bf9b92f307e3e807f0f46af382cecd312614bec73989192e1ed4cac5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml

MD5 3469a7e446422b6dc98ac1aa409e21e8
SHA1 2b60e96e239327d8bb2ea08c45ef5cc5dfdb7793
SHA256 91402928a9b1224421b07e2607da564d8d23c497d31f6818c8ddbddd39523b24
SHA512 221e11e9d42b948b2dd4a583d1c0d08d675cb4a6f2acf36852da7cb6b0ef4efefe3c1b2c21c2eb0376f093e808f18c4b22699256f705f85c39a3575c80c760e2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml

MD5 96e75141f4fe575b8ef3e1a71a7bb235
SHA1 0e82122412dbb7dae3faf6e2b2ba53f03315bffb
SHA256 e222a271d9f491a59f95cf9d9e977adb56a66147ec3a6d0c6c6a171eaafdaf72
SHA512 5e76c393a76b291bd96da10523e1085caaf98db9049a936879c6e224d4020d0bf5fcff672dce199ae63d7ee055d4cf0277edd7d7e0c14b923e959daee32bd8e0

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 18:48

Reported

2024-06-12 18:51

Platform

win10v2004-20240611-en

Max time kernel

145s

Max time network

141s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1d38290757608d3a73eb2d42b5c9320_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5624 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 5132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 5132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5624 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1d38290757608d3a73eb2d42b5c9320_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb58846f8,0x7ffbb5884708,0x7ffbb5884718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,8341137223165182305,15357403521606901114,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,8341137223165182305,15357403521606901114,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,8341137223165182305,15357403521606901114,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8341137223165182305,15357403521606901114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8341137223165182305,15357403521606901114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8341137223165182305,15357403521606901114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8341137223165182305,15357403521606901114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8341137223165182305,15357403521606901114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8341137223165182305,15357403521606901114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,8341137223165182305,15357403521606901114,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5724 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,8341137223165182305,15357403521606901114,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5724 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8341137223165182305,15357403521606901114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8341137223165182305,15357403521606901114,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8341137223165182305,15357403521606901114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8341137223165182305,15357403521606901114,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,8341137223165182305,15357403521606901114,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5152 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 konthaiusa.com udp
GB 216.58.204.74:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.konthaiusa.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.212.206:80 www.youtube.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 216.58.212.206:443 www.youtube.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 216.58.212.206:80 www.youtube.com tcp
GB 216.58.212.206:80 www.youtube.com tcp
GB 216.58.212.206:80 www.youtube.com tcp
GB 216.58.212.206:443 www.youtube.com udp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
GB 142.250.187.246:443 i.ytimg.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 246.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.200.34:443 googleads.g.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.187.246:443 i.ytimg.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 35.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
GB 142.250.200.34:443 googleads.g.doubleclick.net udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b704c9ca0493bd4548ac9c69dc4a4f27
SHA1 a3e5e54e630dabe55ca18a798d9f5681e0620ba7
SHA256 2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411
SHA512 69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32

\??\pipe\LOCAL\crashpad_5624_OBNERKHBIKHIBWJY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 477462b6ad8eaaf8d38f5e3a4daf17b0
SHA1 86174e670c44767c08a39cc2a53c09c318326201
SHA256 e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d
SHA512 a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f5c529c2201829253ff7d5aeb17799ba
SHA1 ad8a8ec65a4234dd5b744a0b3c1729f4f95ff501
SHA256 5d1a705dc7351585b54cf833671dac46dbbc2d1603d9469b7d360b4b0745ae98
SHA512 44c619e55ac73887afd218284ad31cae94fac6c128ad178db2b78853d4bad628428d9efd1f648462a0aa2288cf56ae0acb3f95f68fab3dd25e24a24b9329e1a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 94854f39a19277c61da6bb8f641b6785
SHA1 839ef9069756db933711e98d404cd50e94be6af6
SHA256 68b91298daa4ffb28abaccb7cf2c05801374a28857f72b5393a0b004a674f2e4
SHA512 9d2d6f75d288e98b2a3129448b6679c038a76b50a73c31ecaaf94673198326069c72a6b96937d3a78ac41916f9fbbb6c608d0cecc9f43d6766c5a1c90593ea2b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fe0eed72f224df284eb401c6f235b108
SHA1 164a8de91e86905be4ffae99de080059f30f29a2
SHA256 649fb736c9734229c0f368ea5087e1e3b3b1ec02c17b52005ac949950454e0b4
SHA512 23d91fe8bcfbedd4e1fb1f61590e574b30fb0b057c6deddf38fd24a62d0ba6eadf3de4902108d75085c96305bd1f033a4ec816e1e18da7a7d1a45e0e00d8429f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7c384ebb9f7ece17051e0eee3482b3d6
SHA1 0aafb6e04ff4387c45f1bae1011d28ad63ba17f7
SHA256 37daaa428d07fc717525aa496676c8d8869e6418050979fc42daf245d564a5be
SHA512 28e7ffb5dff9fb528e3f54cfc73aaca090a0c825906a7b60cc0a239e53607c1d4ecaa309b8fa3a40370f58b557ab3f47fd61ae4b5e4ff58eac82e577bbb83cd6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5f5dfe51256b3611792063a41bb6234f
SHA1 6021e3fce37bd6580053260c791003f27fc67706
SHA256 08f47775a6cc5fd767347bf51ec3d1e65f2f420f4056701b2694d132b3730c45
SHA512 bd674f6d8c3aa2616f8b3af563135455305b3cfb7f9302ef389bae5e5b8d687155be4692bd015d9e78dd9e7313637e1a4fbb98197fe8f289867090d912767626

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8e29afa459f14faf5b120a237f330ba5
SHA1 600a4cafee340dbeaed6b523ec9d37271a1376c0
SHA256 d3d6f1d301e243231f99a481ca4d1ac3c49ad14b3119f2d5384d9ac15a531fdc
SHA512 e661299ff4e8bc5629d46202af1fdab7cf94eb396f18c1a8c59d6978ac8d86d1ab63bb195e27fc0b6563594563bd58ea9d52dafde1c06ab030de333b0f361873