Malware Analysis Report

2025-04-14 02:59

Sample ID 240613-e9x8lsyakm
Target a3d869649191ad223f45923aca1f254c_JaffaCakes118
SHA256 071c8324216d0eca9a0cb12dc5922f7618998e6c279fdb24780d2d9b438506c1
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

071c8324216d0eca9a0cb12dc5922f7618998e6c279fdb24780d2d9b438506c1

Threat Level: No (potentially) malicious behavior was detected

The file a3d869649191ad223f45923aca1f254c_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 04:39

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 04:39

Reported

2024-06-13 04:41

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3d869649191ad223f45923aca1f254c_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3956 wrote to memory of 2968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 2968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 3328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 3328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 3328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 3328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 3328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 3328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 3328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 3328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 3328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 3328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 3328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 3328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 3328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 3328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 3328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 3328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 3328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 3328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 3328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3956 wrote to memory of 3328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3d869649191ad223f45923aca1f254c_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb260146f8,0x7ffb26014708,0x7ffb26014718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,2536227920072372829,10430867448577567891,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,2536227920072372829,10430867448577567891,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,2536227920072372829,10430867448577567891,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2536227920072372829,10430867448577567891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2536227920072372829,10430867448577567891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2536227920072372829,10430867448577567891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2536227920072372829,10430867448577567891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,2536227920072372829,10430867448577567891,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,2536227920072372829,10430867448577567891,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2536227920072372829,10430867448577567891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2536227920072372829,10430867448577567891,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2536227920072372829,10430867448577567891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2536227920072372829,10430867448577567891,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2536227920072372829,10430867448577567891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2536227920072372829,10430867448577567891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2536227920072372829,10430867448577567891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2536227920072372829,10430867448577567891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,2536227920072372829,10430867448577567891,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1888 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2536227920072372829,10430867448577567891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2536227920072372829,10430867448577567891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4472 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 yourjavascript.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 ajax.googleapis.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 87f7abeb82600e1e640b843ad50fe0a1
SHA1 045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256 b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512 ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

\??\pipe\LOCAL\crashpad_3956_IMGNBUUXOOYJWAUF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1 df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 032cf0787c7e90bf43aeaa9e47f56eba
SHA1 7159c350c236ed61d53aecab233e81d476d6de2c
SHA256 f34263e109b025f9d69fcb8b60b4155ccd3a75155f471d64d77d483b413624a2
SHA512 9425b44c73f61d31a85d0752f49bfbf990eab41de3b3a967ccfd134dbb3a8ec1b6c4d15e5bcd797d1dacd07e1671a2a845d391706d2f065d89e3d3ae5437fcab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3009bc0e82bda10cb4bd00d8a1a3dca0
SHA1 cfb92024a49d72836d8eaf1fe415db6a15c8d9a9
SHA256 c08ba2cebf8f06b50326f8481020bfbc7164ba6a5cf0ce853e10238b0b507686
SHA512 e58ac025bdde81993f6e735afd7b3423e00017d2d1f9d2036707318a6e6e877270dda8b18ccb729ae966bbe0fa6e4664d6399334606bfd7841e2308d816c64b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 145400dfbc314e9fccda9e7f42080171
SHA1 389cc88dee76d58340de51f9bc289342304a07dd
SHA256 67f6d050ce5d758689daaf3ec8af2f27e7e594a5c2c2a2306b0add86414d599c
SHA512 a0bdd93c19deed6e04babcdf4e57d87b89cbfd1455a4df06a549ca5eadaa3d71352ccfd089525257485151d024147a00b34e30450725e9d690438a87faaa24d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f853b786cca648327302982c5832a723
SHA1 5c3ac8bbab29f1845fa8808f8ba580d9579497bb
SHA256 a29dfbd086f0a564f441dd56daf69e3ad353445e56932d86f8e3145d287b0cb3
SHA512 defc94f5006f9244a149b76bf48bc1e7567d69eb4e336fa649af2253432308e6c78d5d1fa4d6ea6cba6a7456c114c0f9affccc66cc683ce5a4efd93b0ba33da4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d86c585d79271524f52c29ba53f2e27f
SHA1 fe4881deda1757c5f2b952ed0d8ad2d8f22e6bb5
SHA256 72abc1ecd2487cac4d4a0646ce4cbacfefbaa3950f4edbc1bf7607e17859b218
SHA512 475de12135beb5bff08ff63c1d2ae7d68b72527e5bf48e5e16b938b8e7fcaf6c74a6070d9f62ea3af8288f46e361ea36ca939dcf5b3b89441060632d33c54d01

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 89a49451f070803e3484bb2facd0bb9c
SHA1 5ddeac61f6924513fd8aea780991b0f52cbc9b8f
SHA256 953f0742e0f70d5edee9fd89d1eb78a32fe1a3a0858dcdb4d00fca1efa305185
SHA512 70808f2be8110856be183a5717c413a8681349c528dc7826ce91bd0f0f01a758f49e63555ed28406f125bce5d2ead3bc44274c0ae5db48a72485304be08b1fbf

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 04:39

Reported

2024-06-13 04:41

Platform

win7-20231129-en

Max time kernel

146s

Max time network

142s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3d869649191ad223f45923aca1f254c_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3025" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "3025" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "2904" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "13574" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "4230" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "5755" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "5673" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "3019" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8496" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "5756" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "1493" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8494" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8379" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "200" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "7049" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8379" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "5756" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "2937" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "19049" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "2904" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "16309" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "7050" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8502" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "5640" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "7051" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "7051" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424415410" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "3019" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "5761" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8413" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "5640" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "198" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8381" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "16309" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "19051" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10854" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10854" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6967" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "5756" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3d869649191ad223f45923aca1f254c_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1328 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 yourjavascript.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
US 13.248.169.48:80 yourjavascript.com tcp
US 151.101.66.137:80 code.jquery.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 216.58.212.202:80 ajax.googleapis.com tcp
US 151.101.66.137:80 code.jquery.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 216.58.212.202:80 ajax.googleapis.com tcp
US 13.248.169.48:80 yourjavascript.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
BE 104.68.81.91:80 s7.addthis.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.200.14:443 apis.google.com tcp
BE 104.68.81.91:80 s7.addthis.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 172.217.16.225:443 lh4.googleusercontent.com tcp
GB 172.217.16.225:443 lh4.googleusercontent.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 172.217.16.225:443 lh4.googleusercontent.com tcp
GB 172.217.16.225:443 lh4.googleusercontent.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.204.78:80 www.youtube.com tcp
GB 216.58.204.78:80 www.youtube.com tcp
US 8.8.8.8:53 www.cebr.info udp
GB 216.58.204.78:443 www.youtube.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.204.78:443 www.youtube.com tcp
GB 216.58.204.78:443 www.youtube.com tcp
GB 216.58.204.78:443 www.youtube.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.179.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
NL 23.62.61.194:80 www.bing.com tcp
NL 23.62.61.194:80 www.bing.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 216.58.204.78:443 www.youtube.com tcp
GB 216.58.204.78:443 www.youtube.com tcp
GB 216.58.204.78:443 www.youtube.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 216.58.204.78:443 www.youtube.com tcp
GB 216.58.204.78:443 www.youtube.com tcp
GB 216.58.204.78:443 www.youtube.com tcp
GB 216.58.204.78:443 www.youtube.com tcp
GB 216.58.204.78:443 www.youtube.com tcp
GB 216.58.204.78:443 www.youtube.com tcp
GB 216.58.204.78:443 www.youtube.com tcp
GB 216.58.204.78:443 www.youtube.com tcp
GB 216.58.204.78:443 www.youtube.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4A9377E7E528F7E56B69A81C500ABC24

MD5 3f622ccf888fe36da98d0349978c576e
SHA1 e70ef06226755e870b6baf80a7de56e472749727
SHA256 b19f1170e0898c352dedfd9082f4cda4c2257527633c6f87d5f559dd811ab308
SHA512 7e0af3c70c2f2646324babcd255baa3bfc18608f9ce4881ada3bed36a0377a67c395de63f1d5d7ae63adb74cf8ba51f082bcd8aa26ad82e9aaa73790f83f10f1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24

MD5 3e455215095192e1b75d379fb187298a
SHA1 b1bc968bd4f49d622aa89a81f2150152a41d829c
SHA256 ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99
SHA512 54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff7b210857de69d933f4520715c49309
SHA1 318bc849d5b0066bca8646dc148a999609bcda8d
SHA256 8b116c060ef9cbd169df7c86b5efcc18395fa5d47386db92076fac0d59d46645
SHA512 1d1ab00637a9a8543ea9212ad09486f9c94953fbe5ef61476cd9d61ea7ec6c10a3c92bb679afaefe3403f637fabc9e044a75b2557323a2fb3dcd4e5ba0d9625d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar1D67.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 3986d742fe36bc0fefbeb88c1fd2fe11
SHA1 d1bd713d14d7949f75338c4d36d9d2f10e74c66c
SHA256 85fabb9f340dcbebc61e685fa20d5a0a2b9f423dcd5b060ae958d8e4e7bf95c5
SHA512 63bb13a3491ec8a1404a696c7a4ae558eb399655bd42c61e7573238eb4a5393752970f4d5583222b955ac53b194dc6df18ef1ae908c886b87b71afc791c21f55

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 d3049f1a4b143f13261e38abab901109
SHA1 1810917619ef7b98f40697c12f35a75575665f8f
SHA256 69df6863aa24aedecf107a7e2e0353d592c52a5905cc2833d824c2298733e9d6
SHA512 6af844057e960d6f4165f297891b676492281fc4abdd7346a220b1972124fabe2a9e0f7b3825c9f67c1ed885262cf6fb994c4dcd607c1981005291a240b6e958

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 298fd428f2cf0ec0a50d53bd365ec2bb
SHA1 bea956f32db75357f4df35094512ce202fd1c143
SHA256 61b15973c208eac5313690512bac8fe3eb6b344bc69993beac357a67e11b0185
SHA512 4b58cd37e6882ef838ba6548ff909c85893e2613ffdac895e44495ad2b7f42e0c5ac8783055f9f20d8a6e6bab4ea96733304d0e00bf6848b26ab4240025a77e3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 e6034fe7a490e74eac138f3520882a85
SHA1 68076d1db581d20f3a660695afa1bc54d72b6e3e
SHA256 e4478eade0ea6e303e821c57659cfcc5c4bfda3aab360b737a30409cc7de0fd8
SHA512 955e1c1715145ef6d0f9f2daa11450b1a77efb9e6f39cedc2424cf61f678a205cb132c59b2182358a7b03003f51b5aa6d33dad18db07a7206eb07a710b813742

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 9fcec8f8ab6504bd5505f5e460342a67
SHA1 36ddc2cbde6545d4762cc3e7c86995356a3a4910
SHA256 22c724d1b51704d8675545edec12db3ae45fa1285f550ff62f52974ef12b8c5f
SHA512 813637371707dd57e0c612c486ce05f671cf9612b6e000d7e059f69d4a6af64e23ad0fae9515f1a724de453bad8da12246a1cd560ac748f7479e677f5792e495

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 264f5325e4889176e1cdd94fc7d9230a
SHA1 d45af6ae8ce5097456fb4e17d8bca5a2ba68dc0f
SHA256 33307cdaae902b5193277bf44679394d730074b604664dd34bc92bdac6553958
SHA512 42591237eef594cb71adfcfbd37a1b4a739b38821e4080b391b057c8ba732aa473a0a42f4d63f1386e49a79a52208420bcb9a7768fa1e55a0bc19a45d16c5326

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 b158f590690bb9d555ee1415a1b078e7
SHA1 6114a50af401db61c88e7243dcd258589fa3ffe0
SHA256 9648482f22bbac56fb15258e2ae4ef6b75cf20175db850b6b10530a409e3e857
SHA512 2b785e183406982f5a846eaca080da1138590dcd19c79b5c3ecec50cccfe366e4e6c7e25ab2655b54027a2e347bd030c2f4a95d727f6de05447f841e769ba3ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_95776108E5303B05527E9B63C6628F47

MD5 574d4e1292c716f575d6251d2c1e953a
SHA1 19fa265147828637a4f0f60cb9af647602f1712f
SHA256 fc9f3b7719841c49ce074010cf2fe9b9701c894260569ec1e9a388f4f1c729ba
SHA512 fc255fcadcdeb3e01ab982c1f78ce168a4fceb85efd034abc4eb43d41034cc09ea66abad86b48b8ce946b26f534f15a31afa656440e62621297134735998dfd2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295

MD5 4c145501e954d69b45c0a492f987d092
SHA1 f2bde458e7da50cef36ab8ed63467a90347bdbda
SHA256 fec442254b0d765a68a35c4f6cece003ea7369463042e167e28aff724d215b8d
SHA512 e877d3a17b5850ecaa57ed27ae304e658ab8e0377b7a997ce002fc970c1cc291dfda5b5e480d0a642bb3c6480329c124a2c9528b16fbcbbe7f3d33b4c27f3258

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295

MD5 a4c3e4b3f212ccf9719236eaa8f728be
SHA1 e017a18974a9969ca60ca2499ac54b464d91a2ef
SHA256 0641546fbe6a6bf201d918796cf5efa992632208053037f369a6173cc2afd39a
SHA512 c4c229eec604f4022ab0d439eb8b95bbdbb554d809d4571745957f0da5dc740e4ecb13757273b9dcf9f431a5b1ca40d53a539e2ccfaadbf7c161dba6b8b2734f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W1IYPSR7\platform_gapi.iframes.style.common[1].js

MD5 682c26af19b240f98d2cb951721fa54d
SHA1 18e58b652c7f82a55ab4b1910693686049e25d62
SHA256 96428f0f585a874c185d560538ad83ebfad0365d760fcf9fcefe80add9e3c980
SHA512 078aeef086271b7f9cf0f6e3a1e7908d7e38465a1a7a4de6f2a785147e9130551a2995e80600824da9341d58e5425d4505518e90eea9ffe1c64f4f41825a9660

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RTD9VOXK\cb=gapi[3].js

MD5 f9255a0dec7524a9a3e867a9f878a68b
SHA1 813943e6af4a8592f48aeb0d2ab88ead8d3b8c8b
SHA256 d9acfd91940f52506ac7caeffea927d5d1ce0b483471fa771a3d4d78d59fda0d
SHA512 d013be6bfc6bcf6da8e08ed6ff4963f6c60389baa3a33d15db97d081d3239635f48111db65e580937eb1ea9dc3b7fc6b4aecb012daeee3bf99cfebf84748177e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\E4ZA5XWL\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\E4ZA5XWL\www.youtube[1].xml

MD5 520aa08d48e1eab6623afdeea4c9f636
SHA1 1eb793a5cc6bc1dddf943f742c44e77d23d08d3c
SHA256 a1257ee8cbc1cdbb1a0a31cf7df3faf34e5f5925c246e0036a30a1bf96f3d11b
SHA512 9932dcadb04f7d89c35fbaaf27012b630d756e484ff554dc2e825282d7b2709285d641d2a36947c481b98a7f59894dcf1a63e36f78069f6cf701ecb830fa535e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\E4ZA5XWL\www.youtube[1].xml

MD5 02fa00c24ae03d799a64cb1f6728e7e9
SHA1 3dab352aa76f1906a603a5a45b9b42ae16a1b5fb
SHA256 a9058706ff0de00e53670368864055d398d9c23baa1221761b22391f66c1a797
SHA512 3935b3a7e5bb548faf41a8f47b98803c18e3ceb7c1847e6a54c3aaa8314005510605dcc810b09c9e8a410441945dae138ffa9a165df080d44389a3dd1582290a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\E4ZA5XWL\www.youtube[1].xml

MD5 06d3d31a07cfd438d6f68f4e38d06eec
SHA1 0835562640876217f09d11ec0dacb1c4a6e21606
SHA256 b5500638993eec34df6f310d9274413caf3de43d5c47c787ab9c3ca055527647
SHA512 3187e9302bc6d7fdffd454ac30871c7a8fada6b9682ae21822c819d6e28aad2aa781e5cea089cf57b3ed3b89a35df0c54fadafbacf56c306a4024a419d497e68

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\E4ZA5XWL\www.youtube[1].xml

MD5 c941b33b13ee165425215ac7048db557
SHA1 cc0d0eed302bc1ecc6de0aad9f2f098fb75b6151
SHA256 4f562792dfd9e67303078511b55fbdcb7f1c682400582f51ee3b54e51522610f
SHA512 9aad3939010c3dee3f3ab9f17a1c3ce52cfbd5103d6a6c68e416c70770cde7771b33de56792d9e042d7a6b021867738ea1a1b4ff43abcd9513eb307e1674dc65

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\E4ZA5XWL\www.youtube[1].xml

MD5 3a984e4523cd56fe832618a67e6ecf66
SHA1 01a435481f67079d20de820f99fb85703e71240d
SHA256 ea103689e5962b1d6a63ae6e647af3780bdddb7ec5a25de549633a05c7508796
SHA512 7821cfd51096158c03468aab902307f07dc9130c2fa77e40b5f0281721506df7129ef0fb45a11df5dfb53f9ea3ec9df1e3f9496225f185b0ad5d17d0284259d4

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\E4ZA5XWL\www.youtube[1].xml

MD5 82d640cd3b6f5c9777b1ab366e781cc9
SHA1 65d54399def08d565d5c33d44c49267170b8f7c7
SHA256 c0fc55368b6edf534525a10387ebad806412fd2273f6fb61ab7fdb03a41229eb
SHA512 71d2460e37058fe9ccc981c51eff0ca28804773f358c97ba35cf42189ec8e4a340e75ad593f09efd07552b01e2792edfc5f56c344b0769571b388c423857e4c9

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\E4ZA5XWL\www.youtube[1].xml

MD5 9163910de4683c474887e3fa9e27b815
SHA1 9ba3e994a84080e78cf77c2a280fe152313ab541
SHA256 d1b9b870d2087a6529ef4b956f09a3ac7a9151ccc352ab47725410fce9372827
SHA512 eff82c264c18cec382042d86889318974d920b70d42702f5e8adfa114de60ece67b0dfa4c0e35f4a96bedd0cb8a81af27c52803e09a9289d605d3c57c86042da

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\E4ZA5XWL\www.youtube[1].xml

MD5 59366bdd13f347cf36de5854330797ab
SHA1 a2b6c9c3d8a61ef6fa03e846af2fb0f637d69a1a
SHA256 e20e4c28a71351a1ae9c7dcd391b46c3ee52a9a0007dd84e9c9de20ff904d1c6
SHA512 cb32c0431a059afeeef7c08a4afb59155678b20daf8e065c85df0281b8f9d0923d3ec471b36c964fa3d48fcc3e6c846cc5ae8d999f61c56d4cd842b1c2e343a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5a46f13fc9cec01e245ada9bea9c8df3
SHA1 d60c5e663f9d0c61bd4c61b5093387ba1a05ec77
SHA256 6aa389f7d1d5c997abc23b740ee57fd2542146dc821b1fb1863128f4dc514e66
SHA512 6f1cdc7c052cfa3c320a091a2a181c0ad5abe0937b8a482a1d55771b9d3db6ad2ec52f2525b0eeecde8959cf60f73c01fb5c81f654980d620c134634f742bdd2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3d07adae0f9f8c8e8f20d4ba252af48f
SHA1 22d23b147cda19249ea0b80ee547ca8eda87cde5
SHA256 1c485c2417ac5a3c17158e47f3333163c47eacff268ee57f0ab04e8afe5cbf0e
SHA512 aec046d146b7137098078b806eeeb27a6aad2b187e3f748b5b32ce61ea784e458e409bd8db85b5c3bcbca2cd9cd396a7fa20a70bd2fa3ab0c5ec9acedff4668a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b82566049d44ab5ad6e3417f0db7ed2b
SHA1 bf3916f9fba049e6d4e43e62a49e6b9bb251f222
SHA256 dee746159c6031f9af458277f2b5a4e7886ab45ca34a4fb6b581fbc1d97b3a74
SHA512 8dbdcd7aee8bce5074ea975a0698133feab57a8105ab656578d217751965341a27d2ce83e4a97ca1f9b599488dd915dd342469fbad026155e3315fd235702854

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 99eca9e079f1e3617e6f673eb8f3b2e6
SHA1 e0c73ff905c3bfce45eb010dd205dc0df4416c1f
SHA256 485ed74cb134083e08593594ced1def2fa97fb368a6df40f2584df6e282653b6
SHA512 4684109d0d781164d7e8a49d0a0205187e9d2db3f9c4a98a5fc68f681cab376b57f28fd2efaf7a7c3e39bb09d4f41162fce1b0be2714fa92e5b70e46c2ff9850

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 308c9c8e5999f3c44b2fdb7077a99f66
SHA1 f1b88758bbf3a49f5ff31389509e55b858c8b13f
SHA256 7d7d9624b2df9f43874c7873ff7d1cebdecb30e5e086fb721eaf56cdd4322fe4
SHA512 cf0e05d5cc0b7e7e28f7b63ba9d3f96d4e85e270843a514ce8bfa778c30c3790214088c7749e2202dcbf8389a2b640ad608608fe3ad90d3be19a01937356674c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 635f518013c69557c3a87d2265a9bdb8
SHA1 69dd3ea03ba82cad5c3aa749095eaff32b33a06e
SHA256 3c729ff124881400133090e794615946304f0b65f251268968a411ea24ac7f67
SHA512 fbcb308674a85aa610394455c45b9cbc8d347b9e3013dcd99c91f0621fa75d3ead21d383f8ed4eb02e355defddc8667bc1efc8532bed934cf3c3859ee6002744

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 601436f9ead98e3269a1a6feadb18ee9
SHA1 17b424875dca501203f16a39ec266416b13c9733
SHA256 bcbaeaace9e6a1268c85091761844b7c2b1e5d0d1be1f498d7cc4f2b5b2aae05
SHA512 d190327d6c177e7ae1e7705b0479f2a74edca30297ecf82853be9bb8fb8ade116f5248c3479d7427eb2f74aa22633bd6ff96ed853d75e1e022d6a14daae2e014

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c8ade6da5b5cda6a4adb03993ec2da0
SHA1 13e7ff4c33d6fba9bb757b29db4b01952c2f1b4b
SHA256 19c8572901233ffc30dbde435da286552ef854f70ae5211008a48b23c31d5057
SHA512 281f9e781ed52618336da190d7f19cce4dbe1ca836b159b40eda32fdc01ed26d23ac35eb18e6ada16811d6d22efb35dac4724b2ac876e3ad202398f85766e7d4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bafb17b2de92c141504bed8637f3e37f
SHA1 819f6a65f9f8b15cee16b034734ca1a2b2679459
SHA256 6803f26f099a0435e280f89b6fdfa884270408e1a289fc5e4eabe72bd279b7ec
SHA512 bd015dac0c62ce13643036e2d9883cf8b18f726ce71701b12b335cf9613af17608d53c396a9aacec1aa4b6315763fa7aa8eff61dd3163957e3823184834af089

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6ad4d11ea963fe7253399d9a425788f5
SHA1 a38313562a5fba4945d227350c98e1118351d7d9
SHA256 cde105b0c7c8693c5d0c687071f0d1770431e252b2c92141708e14c8f99a1e58
SHA512 af670f1d08aa129d8f1640e3bcce4f8204db59e1beae65aa293b034bacfd467166be97e7329fdc36a5e7499f8b0fdef6ac41e56feea0913fe7702541c59a3ddb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 308337db307d6dcf86acf50d87c7a081
SHA1 094cca73b3f7a62e6b4fc6eeb1f3485658881f52
SHA256 23aa80ce478f0d168901af6c3c68bc9542259df1ccac08a78826c49c258aaa1c
SHA512 9bb3913bf1a2d7a84f557767218c35163cb3412d18e94dfb06ba2a65a6de20d49eb96daaf303eb212d045fd0209fe2f2ee9caedc8b6222a8d1b6ffa094581548

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\E4ZA5XWL\www.youtube[1].xml

MD5 00f581ea9cbc162faa35348ffa8f3671
SHA1 0cacdc346d8a906a56fe616332307b9a4526fc8c
SHA256 50e543625d9cd393cbb2eb9d77ec4eebb75afd91038adf1c9fc6cbd09e6c1aaf
SHA512 8b94f9a7f81cb5e0ff5ee56ad5fd1e7aec65f28440ddce79c31f9809d18de79c47f5a64cfc1e5b92d933dd54062ce9a22909cea21ce511ccbf191e254d51ee6b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\E4ZA5XWL\www.youtube[1].xml

MD5 2451f3f81d994574a91549745aa671bd
SHA1 6b89603014af57b09d514c540c160f2777013b82
SHA256 31041563b05ee14c11edcc28dd82efcb4f0d3d3b5fd19e320c2fa0ec55e4da52
SHA512 b2926449dedfeec9fbfdc74fb711404df855fda5536b5f22cf631a35b9bf5c43f09cd6952c58b02a25da7dc0199a83aa2760ddd5d66fd49ee4e0a73b6e28c8b7

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RTD9VOXK\jquery-ui.min[1].js

MD5 e436a692a06f26c45eca6061e44095ea
SHA1 f9a30c981cb03c5bfa2ecad82bd2e450e8b9491b
SHA256 7846b5904b602bd64bea1eb4557c03b09dabc580b07f18b8d1567d1345f0a040
SHA512 1b09a98336cbc0c8ff0f535a457a3db3cd3902e4a724bb2e56563648ed1a36201dd84e63f45dcea80bb6edfe80a17db388379417386dec76341fb9eadbafa88c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RTD9VOXK\jquery-2.1.1[1].js

MD5 7403060950f4a13be3b3dfde0490ee05
SHA1 8d55aabf2b76486cc311fdc553a3613cad46aa3f
SHA256 140ff438eaaede046f1ceba27579d16dc980595709391873fa9bf74d7dbe53ac
SHA512 ee8d83b5a07a12e0308ceca7f3abf84041d014d0572748ec967e64af79af6f123b6c2335cf5a68b5551cc28042b7828d010870ed54a69c80e9e843a1c4d233cf

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QXT16UYJ\14020288-widget_css_bundle[1].css

MD5 5ec495a540668499224a6ecc03a0e90f
SHA1 56c4b560dec53b4c20b94d14579c398ed9fcdaf4
SHA256 cab30da88a231117c2a5ec535b0c4caec1c1f86a680f3077b272ea7265b33cb0
SHA512 ed6a0629dc6f947ac190ba6c83b15704bde9669b8d7c033bbcfb61b98872778d06cbcf25e1294eb73821869fbd8b8b1d22ce4a5fa8edc234cf8e49a8a700ce5a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NL7WCG6M\relatedimg[2].htm

MD5 e89f75f918dbdcee28604d4e09dd71d7
SHA1 f9d9055e9878723a12063b47d4a1a5f58c3eb1e9
SHA256 6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023
SHA512 8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W1IYPSR7\1068921344-comment_from_post_iframe[1].js

MD5 37b1644c77a6d7acab6743bb68941a43
SHA1 7163d786b650f4ecaa0002143f5a1a348ad79a6d
SHA256 c759753b82ae1cdc18b4fde947f5f7df8f2f4a95ae152ee5584deb1a73faf86b
SHA512 6a71205ae16f9e6ba526b1d8e773e283e6d585e27d6105c1bfc02fa811d33827f463a5095915945da5b34887a2234769094f8090acc6b6c53442b77ec75412fe

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RTD9VOXK\cb=gapi[2].js

MD5 c04a96a32e1bdaae41c01eacfb6d31fb
SHA1 85565d4044533daa3f3299a5b7f4eff50722bea0
SHA256 26dbbc454d8fe1a45505373d52d6fac8fba69396d0146ee04792a48759d2cf95
SHA512 cda140904dcf9d7c9e07978cf514f96bca438101d7b631ad1419127690bd732b8aae38a2966c27f6c423736c9e079150314bc1564a9f1542b6fbc3183193b626

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RTD9VOXK\2621646369-cmtfp[1].css

MD5 9f212334462c2e699353dc8988690a19
SHA1 2e25d1abe33ec5ebf10e0a6b055e38c9671802a2
SHA256 2529a8451bea93302e41dc0fad03f7550094f4ef5ec4f3800f28c2639d5e2789
SHA512 58e906a50f8b654e79b242f1323dcb08773937f723d01caca4f675ce2091eb20caf2fce23a7a15443fa4a6643716662304d83b95ac7b7b64d588168b47ce9407

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W1IYPSR7\www-player[1].css

MD5 d32700adacd5d982244c69736b87bedf
SHA1 813dfe8ce4ee3608ed3580113e3b82730ff03c85
SHA256 2c7426a5c6bf00c328c96fb01c89c3e23ba7791e87455cab5aa3b546942f1fc8
SHA512 bbe35704822e0a82de2da2890da6c06138514070fe93978823601079a9371386915431f98e613adaa9566112d728f5f0274b3864e8a0c7da538833383ea5d342

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RTD9VOXK\1697667608-cmt[1].js

MD5 d4d9a872c9031d789fc9951419cba3a9
SHA1 9a236e6c92b592176aa891bab0ed122d11aa377d
SHA256 98379f53e644e9556207599ef2cca7a36b6cfdb9fb6420ee49c421fabf5b8db9
SHA512 1007a7f59c0cd8324fa3cda10983a97886abd7c343b3d284d89af64ec5bf62f9d0e514d2f673c71af5500401574a73a54661b77814b44d6504637092c50cc792

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NL7WCG6M\uzLmB-hD-fj2VMQZKsG8SEy_6Kb5a8vndyfTSmYVJek[1].js

MD5 4f672a598d5c99cbac05add32e1539c3
SHA1 b04c7d9a7a77f688571600c24af05e2ea9db924a
SHA256 bb32e607e843f9f8f654c4192ac1bc484cbfe8a6f96bcbe77727d34a661525e9
SHA512 a3136e7f49fa2ce1bfbd18a405866806c09e7b412dcec5c82d0e3cf532633cf41137b9db9c755363cc617e782afe45dc338c80773519a6b06ea2fa98d56ccdea

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W1IYPSR7\KFOmCnqEu92Fr1Mu4mxM[1].woff

MD5 bafb105baeb22d965c70fe52ba6b49d9
SHA1 934014cc9bbe5883542be756b3146c05844b254f
SHA256 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed
SHA512 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W1IYPSR7\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

MD5 de8b7431b74642e830af4d4f4b513ec9
SHA1 f549f1fe8a0b86ef3fbdcb8d508440aff84c385c
SHA256 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a
SHA512 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W1IYPSR7\www-embed-player[2].js

MD5 96d68f40492ec6dc50850df320a57f6b
SHA1 58a61845be050e4250834de3b0910753b49c93f4
SHA256 144c131cd9805a29c1b3b4f0e2007cc26de65bd6ffc7e33748edae0031c903f1
SHA512 6c0fbfd787ea532eccd85d278adfcac4016db7e1bae459e1794767a6d015f4fec3e2939a9bf51e1d62bbececf0fc0eab25aa950d716ec3c352b1861cb3ad6ab4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W1IYPSR7\base[2].js

MD5 d0ce66befdade82bb7d0897bbeb3c7b3
SHA1 a8b4f3197bf359cafad7d360681a6273670fb905
SHA256 32b638cf9466cf241be0d7137c07ff73d864bfbbb338fc495eac64a59f39d984
SHA512 f1a033dde6b3fe6d8597a589b7e3fc5635793eaa60b741b9c2415055e5ac76856b26a90dd3efcefbe980b15e341afd28a466589686bdfabc4fccde43d13a9bc4

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\E4ZA5XWL\www.youtube[1].xml

MD5 0c61fee6d02d782ecd4e9813af221e0d
SHA1 735e12be669d2c4c089f76b227182e3557bbb7cc
SHA256 a4620a3db059c355864681d5aed3d48899706d951fc6495c739444ca893fc2d1
SHA512 db4e8c035337e668aae9bd1b6e07a6aefb0bb1013423bbb76f98da35503795d62e36de43bc662b53e1fd4d8fc8cdaacf3e525a13ae9ee824115856f7f93ec54c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QXT16UYJ\ad_status[1].js

MD5 1fa71744db23d0f8df9cce6719defcb7
SHA1 e4be9b7136697942a036f97cf26ebaf703ad2067
SHA256 eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
SHA512 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W1IYPSR7\embed[1].js

MD5 fe1a5011c3a3220f32b6365240503241
SHA1 e4f78b28f19652327b60d07c154c57cb727579fc
SHA256 00ab3bc15602e04d00ac5de6b553c6914b10c62a9a6492e6c0239523d2d40964
SHA512 80282e77dd310060bd5e8add02a63cf3bd9b9f629dc4fc1cc0cbac801ba33f7601c1cdf1e62549b898de2fdaca24004f01061519ff39cf6360594f02576528fc

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\E4ZA5XWL\www.youtube[1].xml

MD5 fa052c3abbabf333a6becbcfb0882bf4
SHA1 e67ef4d4ddf068904871726dab144814fc8af4f2
SHA256 aa851eeef2b19dc84f3f73912f1b41271a68aef9df66206c310fe9a7e198f908
SHA512 6d1491e8f8857ca83a8d68b13d0179b8aa643a5826e70d23c4f7e2e28fe82ea6f61ee933cff4bfe336c002804192e5694202b86b43494223a7b58b7612b7ecd0

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\E4ZA5XWL\www.youtube[1].xml

MD5 00953626f44f3739c88d168c64f2837f
SHA1 92e509e4510c9d3b8686ef9812a73d7af24c3852
SHA256 36e20748ed3cff0b7362de8a2fc2abd56088a2898995ab366eabdbd245741b10
SHA512 97653a397b07f28042d70bdb8c296deb96accaf0e8a276817ad4569fa676b52113679ecf374d8d2a791a52e3e571b8ff9c399ca2fc20eabd2f15f55c008481c5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\E4ZA5XWL\www.youtube[1].xml

MD5 441ba02c12d7ff7eded3c97bd3d31fd9
SHA1 0c22f4bb68a280161031365cb45a82cd52631658
SHA256 8e33080636889b5f70d2ef2fec35fdea8ceeabdd5b4066988618f8e949a3d81c
SHA512 f7a6533b797c71ed2cde222931db8587d46ed44fcffd0479984c9e3a55fbdbb9e35a6342ab87562451cc4a605e7537c212785e469106271f9dd2d495dabf8369

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\E4ZA5XWL\www.youtube[1].xml

MD5 36965133876ff51fab99ee2479c38f40
SHA1 f23bbedf4ce7ad879cd7728ce722b7476e5eead6
SHA256 53c7b533839de43a671627b502e063c458d1e8ddb9119c93ebbf2cdf44b1b6e0
SHA512 1aca7fe937f50af5fbc5457e8aa9815f4a75534f43661ca7b1b522b1d3a951c580c577c76b3fe098f2e8bf50cc9453f530e59836ac2f58053ac789425d6c2ae1

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\E4ZA5XWL\www.youtube[1].xml

MD5 bbd58e5801c8f6ff8993207da575e83f
SHA1 e83e66c0c8adac63c0226c9cc223545328e34c02
SHA256 70c13f6e1d861ddebc7b2707414a739abb26f5fe3d8eea5109079de20c39dfcb
SHA512 3d2935a43007dda20f61de5f8c5ec34cad4daa8d8ab23f8be477b0795efdf37761879d614aec7e028f4139444ee46f789f332beaaad79192c42250e9b34689b1

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\E4ZA5XWL\www.youtube[1].xml

MD5 322e441f06fa33d1a5f872ed8b4ace35
SHA1 f996a6de872df0cfae14ffa902cb5ad5bfc8ccc4
SHA256 bbcac00ecfa8e6d44a4ce444029ef0c448d58e87799fbaa7f68b6ea986fe8d6d
SHA512 a74c21d9cffbd1ea11680f9494d7660e7d0f2ebba3e6f6333e89192dd6d80a3e7130aa99a9f4d5405dbc90c26ace4f0f7a54fcbb65b426875d81b0094774e158

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 32c648703d2fb073a803428eb348a2b1
SHA1 03910b71dc1844407e5549f2321f283844c2c60d
SHA256 b58c0d47a2ee19e7b47a8f1714d7f6d729c676ef110862ce95e0f85060966a60
SHA512 951bddf7b4415576f9eb1aed221c1a712ae57adc3160e00cfa8a63342e8a73643dacaba7bef7abcc409370f3f3e1d7f58dc82f3c5de6b07fd4bca0b5bc958f5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e36c2ec625d073642d95f6bf1b64b01e
SHA1 eda4454ea86e66be39999d4271000fa8302d0ae2
SHA256 e9ea401e8b8df094a1e33fbcac1c71ba245bd0aeae40e9dc671d9e4bb1cf42e2
SHA512 3c7de2bd1d8f4946dc6ac8b2aff06605b57ede05fad6c5e7d037e8168142b092c6952d45ec8fbf0fe6f6d01fdfc4479d36bcc45d583636beb0f587cd76e15ead

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88910b1e47384971f802b32fca0eb827
SHA1 89481ab55028d6df13390b6f455ff821969c9a1d
SHA256 f81d06f38f02b4419c2556978068705fe8de32ba713f6b01813188d5bb63e5df
SHA512 9b60539542e16d2177caecce9123ba822ca598ddc0b904ea5768d0971ff8752901dc91c0f1a09b8320b9372a67532778871a8c756726eb61e774221f0dd0be3b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b55b1057b22c0cd5fe28cbebf795ef75
SHA1 e6211e99717aab158fc62893de586e990fed78a9
SHA256 e07a24a73a35926cd6e14a95dd0bcfb5e1bcf5a977a28c6e6c47b8915e70728a
SHA512 56bcd7fdda18f457b27fa2129188b077019b4d11b4e6b6d794f2c0a1e895c86a0922e1939cdd478f07bda914177ad3db290f93261f8e532faf0ce49059de4548

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6cde9996635963645fe40c2cb17a8dab
SHA1 bb400c0aefa1fd5aa03ddcb6c8b6ecfa444972c5
SHA256 51ffdeaafb8b9624ac2130a9da1d5bf1e60d0cbf5785f60b317693d33d778fbd
SHA512 6f4202f53b59ef00d22f064984fc4645680ee7c50158cf41817045a1405faf28b049377e3821aed7616056146c0ab8893b87266f277a39e09512a1458c7a06ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 522be269bab3f2fa59fa3461b2e6454a
SHA1 f8e279f13d18d62eba03457f0bea0d23158ea8da
SHA256 ef4e148c37c68075fec67283baf15877ce9b0b65e710aab09f29fb70a1cf519f
SHA512 178dd3f2246d7a3fc13019f9d5b5808326c05e7d04597db153903dc1e0502dc1d0a588dc1b7a6c57f594d74b12a1420de9b4121486177ac6068be7c6060a23e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 97a2249fd1af8c2ea46b6f5d0478aee1
SHA1 eed4a25e79894ebeb36108cba275cdd3a9253359
SHA256 c425185bcef10b7996035f86a3b344a1c1303ffd39bd9e4af8eee6bfceb35feb
SHA512 d23dfce98607ef6e7dc50f71cc13a9ab5cb3a65f79329ad24d54fb6dfb28d806ff2d88664e9d27d09076e6e4ea1806f8df9f1662220695fadffb703506c17d6e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 575f9bca5a5a64559ab0684ac3070246
SHA1 5d632e266a7d1ebb57b7ab50a54e294439ee7519
SHA256 18836e3f691275d7158189da576455cc250d5d5a278fb94b5d6ce068ccddf285
SHA512 233bcbfb49ce3deaa96bfbf2e17f48592e11f5f15d1e647d13f715d5953364401c2ab3defde68ca9b3ce0bd29f6903d3737e405a7fd7498fc0142195fe2892de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 695e56d4c499eb038cd5624b50b8feb3
SHA1 e53644f67292b3a00b3630e69d956a7a1048aec0
SHA256 acf0117dbe8efb2740808030ed2f3723c2573411daccbaa409c29496d52cb02c
SHA512 5e47479f663b59490dbf58ebfeeeca2c58a9d4485779fd4f5f1fed7eeb121230fdb3b7c5251721d1c068db424728e2d72a566b0992144c0a6adf22d91f2dceaa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 037dad3223c373ea5e5a82c39e11ac3d
SHA1 a44b4c7d90117c1ef8887c36bb912484dabdd745
SHA256 6e0522e6f42defb9d518ed579c73b36489df074aa8e15298bad4af5dc14d8b19
SHA512 14145d058111b21729e03501a79fa8d52a9f9c4c2fa5a54ab8fc66c9ddba7131bd2ab28d64aa090dba035a4fd4a0cc7dc78f71b4be265ded660a7120b998aa69

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\E4ZA5XWL\www.youtube[1].xml

MD5 64842b5cd5138d28b03d0f4c2be9ced7
SHA1 2db6c9948b91a4703cf74d8ef5557458b6f678b9
SHA256 2b80567db5846f8f36620ac7bc219f7e8707dbd67481bb2715f67abf04fcdc0a
SHA512 887ef04b600b10972220b534517d37920bc09ab6fabbedf9373043a3b577d32ecc5c5ff0545cfc4a55e7e9646c5d26d47d1e7ca9d7f84478ee13580f6f559ef7

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RTD9VOXK\navbar[1].htm

MD5 758e0671aa863b9fcbd717840aae48b2
SHA1 16a26c21529be76c1249cdc9f1a463e09f93a305
SHA256 9aa84a76c245674b3fa4a77593cdbcad965538f41c2509dbabcd001fdd9da5cf
SHA512 5a97cd4e00089b8f5ca04f8952eaf0f34b1efff70f69a5d79d78c8829f83ef39a830cbb639e140b44051e68a1c0438c75a688a2a54d3df204983dd6737ff11ea

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RTD9VOXK\followers[1].htm

MD5 446a7cc3a5047bd4ec37f161ea14c173
SHA1 2a09ceef43da286deab29ab65f2da7034f453c7b
SHA256 3ced9eaee10d01e4101394f57fc805519212a5aebb4d5a1fea3cee6142d0aff1
SHA512 2dfb36cf57d4d7e1ad49e192424aa0b7d836d2ea8c21a5d966adc1eb890ac915c78870289c6149da0c7a3e22648dc7d6f305c5712d1b206574b3041e9a4c1a73

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W1IYPSR7\followers[1].htm

MD5 b21e2abbc1c08e1b8d7a5cb052ed34dd
SHA1 30c4a3fcde5f2362a8fd1b05843f6a60fa458e97
SHA256 5b948eec8d39277ff9f28d0080cceb6301c0646444a7e1fc660b8a286053097d
SHA512 6365a4d06ba79a015e8683ba840aec9da6398c043a8d7693239d552c34226b8c16ef2f954d181a7d7b47344cb3e031f78d084851141641b570551fc108b43402

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\E4ZA5XWL\www.youtube[1].xml

MD5 c1ca1f64efefd07e5c415c0fa677f369
SHA1 db8efa0f2127df5d0b39ab215106e70c4d09398b
SHA256 c5998d8d5d2e16729a4635da8c88553e9725f8f49ddfad95fd1d66165b144878
SHA512 50b6a44756382d9a4ab093bec80d58ef0d41a4a69d62de1aac98bc1e28740b79ef1015e5ad8e92ca581831aff228c89a513b836b4bd77ab54aa2194ba43b05a5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\E4ZA5XWL\www.youtube[1].xml

MD5 27023cdf6f8d3a2cddae7123f1a11ab6
SHA1 43f78cb89e49a33c5cbdb72bf53451c5a194252f
SHA256 7f43381db78acaf7e05476480167a4b070ddd7d56a9394bd77b4e39aac7121c7
SHA512 e0bb80fa920fbe41eb8fdccbec99657ba45ea682180a4cc723e9fb10cd4f2df4b568c4d7edae8cdc42b3a61e25c4c12b295833174b31cc1a7f7dfc776fbd24fc

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\E4ZA5XWL\www.youtube[1].xml

MD5 e0887acd32074a7b482c286dd33128a7
SHA1 05714a5d93fdd699b33f1101375b400ac345d024
SHA256 e16bc32294d921f8fa5f9e54109877d3e7c1d4a5c2ef51761eb03f20925696dd
SHA512 1c608be0c22947591bde3ae07e88cd9b6621385af699084225f40776c6d580a3cfaadea8b6401c36e8bad7279a81ba79704b2272a60604d3bd2ea7053940da1c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\E4ZA5XWL\www.youtube[1].xml

MD5 c8374b5a95d0bca5ef10cb380764e214
SHA1 d202a1caaf0c1b1d7bc0e02eb0fbfba96a429096
SHA256 ff3bab8ee24363b74f6b585cd630da64949da3f5cc1ba965e97bfc7d6bd10cc5
SHA512 314961af0b9f4d6d0d9b929ff5b0dfcf0bce0aa9f6020fc3308c7d3e06fa9f8fc27b7f5081d1d4b29bf3b42b9760f0dba4e1ffa26b3e168bb35d82100b36d99f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\E4ZA5XWL\www.youtube[1].xml

MD5 f11c3d4be22d26e7ea1d137301668772
SHA1 f52e913652dfef86b1a954c0af6db6a96d09a0fe
SHA256 8f395479d0de352769f198dd5eab4dee9bbea581a0d1cad61bfc0cb6f7a1802a
SHA512 fdc9d0ef8fa92805166004f5d5003eedaf00b47f8b6458f5073dd5021add51d44ae1b4c7df0e37d4c43604c2b7ba811e3d70b7eefff7746e88f6de9d04354026

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\E4ZA5XWL\www.youtube[1].xml

MD5 347e287849ec499a733dae8d9e64bd50
SHA1 0239279a777e1188a8e0315f1d41783ff70c4819
SHA256 6c73272bb8a17abd69bee6d2ffe71fd07bacbf26ed5ca27add00c467c92c3798
SHA512 0a323d97559cbeb3cab6ab0a35b1d0d559e68bbb10bcfc2fd18a4cad7f0b63143b93b524ec25b1dd49af3b89bbade4c0c491f3b94071f9cdbdb9848883639ccf

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\E4ZA5XWL\www.youtube[1].xml

MD5 5fd5c9eb94c4129a1752e279654403d0
SHA1 f2b250c6a43432bf918ee35c2398903ceb4f5d3c
SHA256 553e0990f3d38475ecccb5710cd5c51dc9f55a608068ae0af1304383906598d3
SHA512 5a6f5040fcf99ae08fb2002ba224a6256ab00bb5a59e7f985c82a6e1018ddb1a032983ae6496147341154f426b11233bc737f938fbb5709d544e4b8642be58d0

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\E4ZA5XWL\www.youtube[1].xml

MD5 3e2c5c7a9ad9d6159d1924e13848ea49
SHA1 08e92ffb0ca38f018385af94b87adb8c23ab4f9f
SHA256 52a47908cbee4780702b6298e736aaf97f248f43aa2f23f30919ebe4a7e0aa37
SHA512 40cb927d9df55282b806b0f069cf65310c377cfd6a60ce91cddfabafa4ef3470510de8db0ffa410c123e19edc4b8b7649ae34496d55628350c22e5e0a3465486

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\E4ZA5XWL\www.youtube[1].xml

MD5 4d19ae2daaac6d2e1e113c590a76de98
SHA1 82791e8f6338c4a69876065464b5e9f4ba629118
SHA256 96c09d6fb60e01e46d88f87aec21d4e2d1e26460519edc3ad168595eaac5a08d
SHA512 3ebc5a7d8deacff4e9d603cf129b959325e05d3564b0fab84b4ea5496b03702ed29a5530ddc28c7345963941347dfa878efa7dec4c675e9e9eb4e9c8c724ff07

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\E4ZA5XWL\www.youtube[1].xml

MD5 43483daf486906ddc329b482962c378f
SHA1 fc11075487294528c631c19d0e89f370ab73740e
SHA256 d85311fd09339b856b46b5428714116a6145b777453229c1ee6fe25e123db7ea
SHA512 55e625d4114fca9b6b8f1935031dab0dfa6715e93bf308c7c7d0aa6e025bdc62c38bb8e4765a7040c1da0e56a46a399b6029b2ecd8f6c900d1247fbcdf30baf2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\E4ZA5XWL\www.youtube[1].xml

MD5 61cbbdc9c251df664633592ec1e31a92
SHA1 518cf664ff76b1888857407da606e585bb096d69
SHA256 4f3e740c31606ddeeb5b84c15e2b96852cc66d52be89a4ea5f9e07a96fab00e2
SHA512 7d021a9095a4c2e5139a892d3e87263eda584485a711a44dd359b35cc862aa3f7c9e98a9fb55c55d94dbf8ca577b7439007fa1c88bc7b8b67b420e5a98d61ddf

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\E4ZA5XWL\www.youtube[1].xml

MD5 2af1aa3734c7cf7a09861c77b6a1039c
SHA1 f85b80c4b583aa03b4d40b50c6671402d4ea03ff
SHA256 4b0c0ae77492d82a1b070c474dad008236703c98aa7d7a75456b78a4bc27599f
SHA512 2b61172d944a3e159c7b49797a253aac03f2c69454cad87a24b34ebb32ba3ba0b0aea29bd9031e12d3aec9809bb33f4bb8aed1e36f52b5d4ba976e7dea2e2e7c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\E4ZA5XWL\www.youtube[1].xml

MD5 056c2d0cb7c6c3204acc003c76ae0f0e
SHA1 ab6bbddd73400aa3460d016b04ec6ffc18860b28
SHA256 fcff4cc6fa4a1089010466074978d90e6da380df65e98f5e573d53bdc8681fb3
SHA512 1455b2a86cb8cca1b3e9241da87ee169b98c2c1716624d197cf17d7ceccd517cd986030e750b1aa26e474c7d78d77e302ee3c67f01c4024162b9f5fa13107429

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NL7WCG6M\Idool[1].jpg

MD5 e57924d189e7747924e2ececadf5d91f
SHA1 9304d20b2381bfaf974b1712a58aa03ee76b4816
SHA256 ff99bb4813e541fa6b09c95e1a99ef8da29ae4fb16b0eec50299f53455026063
SHA512 84a8fee1de19cbf36895a4b55b7c4e56a655be4f42bb276135316c49af30f363dedbefdfa50a3e2f3ede1899e1c4aa9049b7da3b84046b222b9246cba80ebcdb

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QXT16UYJ\icon18_wrench_allbkg[1].png

MD5 f617effe6d96c15acfea8b2e8aae551f
SHA1 6d676af11ad2e84b620cce4d5992b657cb2d8ab6
SHA256 d172d750493be64a7ed84dec1dd2a0d787ba42f78bc694b0858f152c52b6620b
SHA512 3189a6281ad065848afc700a47bea885cd3905dae11ccb28b88c81d3b28f73f4dfa2d5d1883bb9325dc7729a32aa29b7d1181ae5752df00f6931624b50571986

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NL7WCG6M\arrow_right[1].gif

MD5 4f97031eaa2c107d45635065b8105dbb
SHA1 42bda037423c40045f7852bdace0e657dd94ecbf
SHA256 fb57165d255438328c270b4fd85a6873c65f61a6ba64eedcd2dbade61386edf4
SHA512 cee33327bc5f5f34aa392ab2ba3df755348f1279ec10cf18da4119f3a5884b5a4304228b8c0fa2d35b81ed166874efebaba1503d5685cd089ba5a4e86898b99d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NL7WCG6M\share_buttons_20_3[1].png

MD5 ad9999106d5f550920b586e8e1704e5a
SHA1 93fd02c51166402a41f96509cd0ca3fb917877dd
SHA256 3829a5b2ade7cfc416c80b8f3df71e49e68672875f025d525223978f5cee3fd3
SHA512 de6552632f76a64c26fc0f27cce741fbb383d60c62a4999a79023d3207b0fab754cc975b4988b3f65ce481791c434d18d427ce3d98d7838ad0ed05a1d8125519

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QXT16UYJ\mas-icons[1].png

MD5 f1d1d5333a3a267d6f8a93391b8a59cf
SHA1 de8e10b4ed6e79ac6af6048e0ffd2b1578a6cb0e
SHA256 d45b8c80dabfbb5bf5d14bfd232b35231dacc7ba6e93631557812eb99d852886
SHA512 f4bc7130406520e996796187c85d02bc05d52f7e66a85ebc0dfe03deb0c2ab176be791108c0f88d6cd19a305ca4714de53e2d3501556c8a952a056231f5466aa

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NL7WCG6M\arrow_down[1].gif

MD5 3b2441ef107848e00feb754f18dfe880
SHA1 8098172ecdec9b8554172f028e91c7a30352bfde
SHA256 ebe34389aa08d8f4494fc8c0c7e8a90029e7092d9b857ca635fa493999716675
SHA512 6bd089121f9d60150ce194805e48ddca7e05337eda40413f0f7a9a4a7eb51ffb69ad04d1045b3a8bf9704c7e7bf6606703f1ccc431ad2f734fa4b3eff0072e54

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NL7WCG6M\batas[1].gif

MD5 5b5bc61d7b5c90d91dd6a9e681481e2f
SHA1 773779311ddb80233f5700f60e4b675f96c9c0f3
SHA256 dbe40fa96687ac16e7d79ce7d0cada9b5fbda6a3021a79c0681e8396211c04a0
SHA512 e3d8144000a16673bd6f2a7bf9c2385047aae4f1aecaeacb32a505c6964a701b7dacfeb91f5e446f2630e2e670b66eaff98fa7de53132f6156487f640b8e896b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RTD9VOXK\blank[1].gif

MD5 325472601571f31e1bf00674c368d335
SHA1 2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
SHA256 b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
SHA512 717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\E4ZA5XWL\www.youtube[1].xml

MD5 816b96593b31fefc967d5b028041d1da
SHA1 81e9040ef439bb0e69efc47fce9dcd31075a9c52
SHA256 7823291b69119adba3beae510ad257a5ee560432d69ee31d3d8a43198bd93cbb
SHA512 b82219f93299442feacd3e440a4ed3833bfb268eaf184e24bf1bf1ee5cac436286cd3f4f9a39c3979cf4cd618ebad33de13afb743e756deab348d97c85bea4e3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\E4ZA5XWL\www.youtube[1].xml

MD5 442dd350e83c8befdf2cc6f591201905
SHA1 0dea92e8df6887c5261daa89064948970df8584a
SHA256 83d1cfc8c0a393b3174773fc544ecb2b42b389695ec254fee3aabc169165b074
SHA512 657e91a2af2914cc1f391f404b5e56cfcedef7c46f23b04602e8b19e7ea4edd23318aab0004de3b05543dad51c35749530bd3448a5827b1924e940bf72a453fb

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\E4ZA5XWL\www.youtube[1].xml

MD5 3d07ce4420d9444682d875a0e8c6cdf9
SHA1 77220e92f4456928ac0c77a2926f709809f5729e
SHA256 1b9a019109c82a08780a8ad49198493b8bbb004952c36d9927c9111ecb4b843e
SHA512 9e009159e3807565a93a487d5a88d50ee25dbace63be93ff8267ec5dc65dac97634006b903db6c060ba52b12e98b35907eb2795001af1386cf43603373b36314

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NL7WCG6M\dnserrordiagoff[1]

MD5 47f581b112d58eda23ea8b2e08cf0ff0
SHA1 6ec1df5eaec1439573aef0fb96dabfc953305e5b
SHA256 b1c947d00db5fce43314c56c663dbeae0ffa13407c9c16225c17ccefc3afa928
SHA512 187383eef3d646091e9f68eff680a11c7947b3d9b54a78cc6de4a04629d7037e9c97673ac054a6f1cf591235c110ca181a6b69ecba0e5032168f56f4486fff92

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RTD9VOXK\NewErrorPageTemplate[1]

MD5 cdf81e591d9cbfb47a7f97a2bcdb70b9
SHA1 8f12010dfaacdecad77b70a3e781c707cf328496
SHA256 204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd
SHA512 977dcc2c6488acaf0e5970cef1a7a72c9f9dc6bb82da54f057e0853c8e939e4ab01b163eb7a5058e093a8bc44ecad9d06880fdc883e67e28ac67fee4d070a4cc

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W1IYPSR7\errorPageStrings[1]

MD5 e3e4a98353f119b80b323302f26b78fa
SHA1 20ee35a370cdd3a8a7d04b506410300fd0a6a864
SHA256 9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66
SHA512 d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W1IYPSR7\httpErrorPagesScripts[2]

MD5 3f57b781cb3ef114dd0b665151571b7b
SHA1 ce6a63f996df3a1cccb81720e21204b825e0238c
SHA256 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad
SHA512 8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\E4ZA5XWL\www.youtube[1].xml

MD5 de82865a703d3d885b7acb0008f9e756
SHA1 89fe2510d5c4e95d132b44bfcf70d3fd0286d664
SHA256 adee17d47ec29f2cb10d3c8458393a288e8515262f877ae6242f9ebba5c19a75
SHA512 d00d34b6a30a62c811bf59945fc12986d171e633e10d9beb9fae27af150929d346d45ca75ec70f366bcdff87884acc21411559f56b9b350ff9f02b3c918330bd

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\E4ZA5XWL\www.youtube[1].xml

MD5 c31c5ff71c28f3501728f53f60328abb
SHA1 73e3973454fdc745468a72e39ae3dfd7a73777ac
SHA256 b5bd43fd26da19f6f4bddedf0b20b668676168c3e87aa2deef711900b4131ff0
SHA512 44a8fafb2c99344b5478f1e7eb87d7b8ba1db7879e5b7809c78fa52f1e724c9d7b75635e28730177752fba1f1326bd204181cab05fda59d84990f4049ef1cc69