Malware Analysis Report

2025-01-18 02:01

Sample ID 240613-jgkt2azbnb
Target a47630dfc1cd588d2cf32765d3ccc2ae_JaffaCakes118
SHA256 85e41bb1cea95eb45d0ccd807b2211c50ba8b596f70ab430388d545471d0d3eb
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

85e41bb1cea95eb45d0ccd807b2211c50ba8b596f70ab430388d545471d0d3eb

Threat Level: No (potentially) malicious behavior was detected

The file a47630dfc1cd588d2cf32765d3ccc2ae_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 07:38

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 07:38

Reported

2024-06-13 07:41

Platform

win10v2004-20240611-en

Max time kernel

145s

Max time network

144s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a47630dfc1cd588d2cf32765d3ccc2ae_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1836 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 2588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 2588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 2588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 2588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 2588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 2588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 2588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 2588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 2588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 2588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 2588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 2588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 2588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 2588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 2588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 2588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 2588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 2588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 2588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1836 wrote to memory of 2588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a47630dfc1cd588d2cf32765d3ccc2ae_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe61eb46f8,0x7ffe61eb4708,0x7ffe61eb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,9442732118609814124,10794938634118359040,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,9442732118609814124,10794938634118359040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,9442732118609814124,10794938634118359040,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9442732118609814124,10794938634118359040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9442732118609814124,10794938634118359040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9442732118609814124,10794938634118359040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9442732118609814124,10794938634118359040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9442732118609814124,10794938634118359040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9442732118609814124,10794938634118359040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,9442732118609814124,10794938634118359040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,9442732118609814124,10794938634118359040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9442732118609814124,10794938634118359040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9442732118609814124,10794938634118359040,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9442732118609814124,10794938634118359040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9442732118609814124,10794938634118359040,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,9442732118609814124,10794938634118359040,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5128 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 konthaiusa.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.konthaiusa.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.200.14:80 www.youtube.com tcp
GB 163.70.147.35:80 www.facebook.com tcp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 142.250.200.14:80 www.youtube.com tcp
GB 142.250.200.14:80 www.youtube.com tcp
GB 142.250.200.14:80 www.youtube.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 i.ytimg.com udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 142.250.200.14:443 www.youtube.com udp
GB 216.58.212.214:443 i.ytimg.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 214.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.169.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 172.217.169.2:443 googleads.g.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 2.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
GB 142.250.187.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
GB 172.217.169.2:443 googleads.g.doubleclick.net udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56067634f68231081c4bd5bdbfcc202f
SHA1 5582776da6ffc75bb0973840fc3d15598bc09eb1
SHA256 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4
SHA512 c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

\??\pipe\LOCAL\crashpad_1836_JRNKEKOPQZXKIXHH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 81e892ca5c5683efdf9135fe0f2adb15
SHA1 39159b30226d98a465ece1da28dc87088b20ecad
SHA256 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17
SHA512 c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9d995d6a26f79f4f6902f651a9f16475
SHA1 4cca7c5400fb0b1bd3bb0476fbc1383dd71304ca
SHA256 e631330de17116b7f3100c0b72ab0e3d92490bb18b8db3db4096c44582f7183e
SHA512 54247a18a6a9882f0f1b9002f06efb35906d0489317c612034ca2c4a83cd12a20f91e560f0dc7cdd967d78e43aee89cc7855b3259a3439b832daf067ba9cb4b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\7e38b609-db27-4443-8eb8-b1cba3538f2f.tmp

MD5 7977646c00409d126a2fe185657af988
SHA1 a599ac03fb27affee8ef458f653024d856ee7226
SHA256 b6f4d2b38aba59b307646792908eb6d19681a9120f450198c462a2a4513a4ad5
SHA512 9d701b4704ca3b5204c26dcd38d74fa16a51355868e17b9aa6ab387602ad6c68892aad175ad78092b814ec17d1098a1fe6affca8a7072ae69015e71ec8e94583

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7fb94581d89add2c5dc94f03b1a9d734
SHA1 ae16b4306ce14b9ccb66794cfa7344e6308c550b
SHA256 6c3e0bc63713650bc1fefa1fb5fc144fd35349521ab23731f9048f6e92f3801a
SHA512 d93c0e5a21a466512b316528987ef6c437c69d045df11d9c4a5577d28fed2c37af07e2ee37e0fec89f26889b85a8f90e9477bb3b757f4b985f9c466e34efc4e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d14cc108f4b65e2199b63895671452b6
SHA1 bf0bf8eb8dbc8314e5ee3b387edb3a7e719562c2
SHA256 6bf5e72967803bb141fd7a77afe5f1476d8151d849924f069461824f701b9d80
SHA512 7c6be2fc49712259bc22f293da05b0934ec032eb2c6d7d78b921ce464197e4dadc73cd8be7807fac9f553fc15cb2b20aca93104798d07053ef8f604e3b38afd2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b163b13eb72d5c20650bf40b67429b2b
SHA1 217ead927fb5af3c3ffba782142ea8c62f4a7204
SHA256 0fb050f965ee60c20fb09a96e68b95fbd6ee0a5065e7fff2c1fd890f5529f878
SHA512 67480ca6d389ef9befdc8473e058014367f2d24d55db186f42fc0458d3688b4b0a5d10b82085112168dfd822ed6b44d39744c4e7c67babe49df63328d4b08820

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 88fb5856cfa8160001a95490c43c5c7f
SHA1 3830f649d8d345abc774c2ec67b6471b0aa577ca
SHA256 6404ca68959614d35806f58090f96ac8071c17cacbdafb7d834f23ea1bfeadda
SHA512 500e610506c6d14f048a8c477f52e287d4004ced089106cd1287351399a4539a1ad4cd1827067bc124e9500ac43f583766ff37830997883072ece9702911cad0

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 07:38

Reported

2024-06-13 07:41

Platform

win7-20240611-en

Max time kernel

119s

Max time network

147s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a47630dfc1cd588d2cf32765d3ccc2ae_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "13869" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "14079" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "2714" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "13875" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "2632" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "11212" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "14079" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "11212" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "14333" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6632" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6550" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "7976" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "11294" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "11646" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "14327" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "14079" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "14327" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "2714" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "2632" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "13987" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426179" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "11646" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EDDFA7F1-2957-11EF-B3FC-D2ACEE0A983D} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "14327" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "7976" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "200" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "14333" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "11646" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "13869" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6638" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000000b6228ccbec99970f60518ea74c8645ef8477c25e0ebe80c63237bab7fbd3950000000000e8000000002000020000000f6fb6d33c62d3203b891448eb9caec93d8b3381280eb18eb1aa1a25089c61477200000006a6f040fbe471cf2265f752cf62351287b0c25a6ecf300e9583c60a0688bcd6e40000000cc4ec1abb0b529b4b03a95e99aefb484b3104197aec9ad67fd10d5e7314a3e1eac44b55fa88d71daf0f5e2fcfac5c175a509c12fbcb41ce14f680ab85c8147bf C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000fabff1ce27779996a738cbd37a44498dcb715075c92031c3d267363aad5db110000000000e80000000020000200000004e098fb47052e5725c46c25ca79e7ceade5227eaae09810f958dc3841d459aa5900000001e555224880256bac0f6a1ae2de5a41bc53dc42985e8d24d79706256a1f2835f08821a2f0c18181effb75fae064e40c74ebc8c51be21ccd42644d3ea3c5c3d147f691929c0b4ee6615350edf14b1b821522a710c6e224938bb2151922e47f1e6545e0ba2770f05de091b66dc6e89b2272ae4f49c2b1ffea78d62465b3648a19c2f0d7912bb5085afc534d0051ccca519400000000052b641c03092a6877b18ca1faef1b1741f816e4f9340dfdbfc28c37ee0760b8683e0482e2e05f67d167eaf4f2332e0eccd1e1a6e0f72ff3f281addc49d461f C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a47630dfc1cd588d2cf32765d3ccc2ae_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1876 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.konthaiusa.com udp
US 8.8.8.8:53 konthaiusa.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.200.14:80 www.youtube.com tcp
GB 142.250.200.14:80 www.youtube.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 142.250.200.14:80 www.youtube.com tcp
GB 142.250.200.14:80 www.youtube.com tcp
GB 142.250.200.14:80 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.212.214:443 i.ytimg.com tcp
GB 216.58.212.214:443 i.ytimg.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 fe0.google.com udp

Files

C:\Users\Admin\AppData\Local\Temp\Cab3729.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 cb85f3fcf86ef0de7ef258539cae87de
SHA1 c73288fff07885a62f8c7033b348863ed3b8cad1
SHA256 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f
SHA512 dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 7101b5b99108265df7f54e57c46b111e
SHA1 665e223b3ba85438ff98c434a0bc601f5f69c1cd
SHA256 e2a12140fefdeb213c4dea7de6a33751da254faa819939e1deb2865536bb0c45
SHA512 f7fe5af965f1876ade1c3135a5743daa9ffe2e9411210b7bfc3b67d1006baf55cb6a21a6e7795dcb069c3be6ab468c8980f9ba6876e54ec18d481f6e2bc30ef3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 48256d26da2d2d00e713b8980eab6730
SHA1 414dd4b5cbcb7486460c6d4188140eeccfb0300d
SHA256 730299df65c264e3ef7d374b2d3ff0a890ca4f3592a73a3cbc485f5a2a88d231
SHA512 7ea3179a120dc30b0aece070218ad3b602fb072d8d17579765b7634f3a577a25d77e2a000fd43ffa93e0f8fdaa6996b409f2cc3a103a706f91e6c45b77d690c4

C:\Users\Admin\AppData\Local\Temp\Tar3789.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_89FBEB9EEBFF8AABF1EBFA20B87AFE7E

MD5 ce5457f123b0489fcec883eca2562a8d
SHA1 efc4dd19212c3004fb9576d66a34858a11550bb6
SHA256 cee7b1e650f2dd782d71799e029e96326afbbce5f6c7b5b67d98e147b932ef5a
SHA512 032a6ff6d63b23123e5f4a7440369ebe168b128ecc684f41c6d0f9ced8ceb2ad4a35420c9ae2df9d270fbd8227f7efe4ab8051914a018c745e0ff734b513f8da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_89FBEB9EEBFF8AABF1EBFA20B87AFE7E

MD5 60c593c796591612a55accb66d6448da
SHA1 816aeadcd13ae6c0829aee7c247b5dde70c7af95
SHA256 0a7ef74ec7fbf8eeee4907e58fe82af1928e84c8585a1684c3257db3ba58f40d
SHA512 fc0b1b8d6d428ecdeb395894b6eda967b75f1835a81fa436abb6fe8b3a0d89b5bbd45292bad2eb5531155b4da048ce579b57b59c94338bce58501d60c8f4b176

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LT06Y3\www-embed-player[1].js

MD5 8940a491297381a0ce25360e21b39bb5
SHA1 43d7a4157e78777fc024415969c3a7bd550a4322
SHA256 afc766cb1c4a339c40d24ad926f05e8b4927eed7532b876291d0bd19adc9cf3e
SHA512 5772d7e7485db888676e69cbaf4c88af01872997338bc61e8e0344d5dba208c2909e167d54d8edcb782e17d1a2b4e9dba955baeb0ad0e43ba932b3bf25ae7dde

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LT06Y3\base[1].js

MD5 cb463df0a090cdfabc77af2691141830
SHA1 e3dde6a1f5c4803e69839154013496a781137473
SHA256 e09e2e8a3cfbcc88eea12d0b17161e1f2c8c75f1bb21100829c09f9858db3f24
SHA512 099374f7b03a4635390b94525105884fa101d93a583eed0d92def7d2de3199d2bd57fc63d885e8e9af0863db40cf521d2fb770eb09400a4c6285f7c37ad88e8c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\KFOmCnqEu92Fr1Mu4mxM[1].woff

MD5 bafb105baeb22d965c70fe52ba6b49d9
SHA1 934014cc9bbe5883542be756b3146c05844b254f
SHA256 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed
SHA512 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

MD5 de8b7431b74642e830af4d4f4b513ec9
SHA1 f549f1fe8a0b86ef3fbdcb8d508440aff84c385c
SHA256 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a
SHA512 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\6QR94LQ6\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\6QR94LQ6\www.youtube[1].xml

MD5 983b8b89ab5c3c12cbe010de904c5aec
SHA1 1ec93020f2c54113fe2dc86e0bc632fe556206ad
SHA256 8ae44d03293a6487f60e01abdb69f3f85097e1907ba0725637b0c459914f5357
SHA512 409d52c052f6cd3260b907c6984e2049dbab8a2e4e9c71cb196af9d1b2c773ca5833e5845f67142b040a25d0265a4a6f93b47b5d974d31410bc519d995442fbc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4be333b8d2ad4a58e766c89c12088d3a
SHA1 a4552d39c9ac41a462eaec8e39abb03c4962d6f4
SHA256 5acb812ba75c8fc0fd56c886959f95ad64ae6dcf75fe65a4c31154da934f34f8
SHA512 b3bd50e03e79033dfb4cf658e3972d2696910181ed18fbd4652051bbf32eb4d8fafea2124e3ce752b4298696d97928c2ae1821e7b763cbb5a3da67def368f20b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b8f6716bebfd837fd65d88b77f27f35
SHA1 ad690176d5321f1a3d84106017ee2fe6b4c506fd
SHA256 20c5d16db3bedc08ef532bcd9854575fbab2b803fe258206829fdd52da7306d1
SHA512 8feedf7f59a80c77fff87780859421fbbfdc6fb532165650e3b28cf03d149fb8abb5b22e87ffde78bec257f83e53e9f8eb9c80669cd1d4cbe1c5f20d9af30d41

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 815ea757fe70454087a42e01c51bf7e5
SHA1 0a77ed1cc53f8f43a891bfe8a67194868a3b593d
SHA256 85decf84a88f79c994fbc18360503bc536ede3d02af365b5d804da5e1eb38746
SHA512 e35c90a9153cfe794893514780faa64f48774250d7f155d003bf1cfe568baee9b6d760fbbb1652909b9b3bfb072966c2dafe2640b812f5c8a4c5b743093b804d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\6QR94LQ6\www.youtube[1].xml

MD5 cde04896748c9a47e670e9cd328e893a
SHA1 b049addebd51c7aa6d0a5385cd6a14b7df902ade
SHA256 ef0b46293d126d259ec41ed96f5b3504b61db89bed0a3d0a5badced9ad7850eb
SHA512 80f313866af8abedbe26d104c9f4c760660cf9815e0e009f3d006fdcf076a06666e22a79112a947c986a58bd0eec21753478ab3e60ada7d93fb6d0fdb590b02e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 58932d2cad3f79b7374ec294b166bdcf
SHA1 0b54198bb8dc6f3a37c110c18c5d694e859870df
SHA256 d297cf84e010601230f9ff632d4b9ba2ce6d9090664929ac16b7129d9adae4e8
SHA512 070d1e2d22924756a3354391f7dbf1d6365cfd202d329caf58d24214e7913716ea8b6dd824b72c6dd3d645baa461bf28cca6056743718c1c933b00b0b9058697

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 47c0dae4f959c8db050d26428ccc6c53
SHA1 8e95ad39ae20b4b0414ac98480aac116c93f4eeb
SHA256 4314306cbc654d73ff4f6f2d167c4a504d8246586fa05403e4f4270eab106727
SHA512 87c5a933f42f2709cecc06774795ba35be4def5d1331c8cffc9dcb8c56c93c2e866b45c37cdcb2cddc2e4148d554d5ee5af8c09710d51aa5fa7650e0e7d265b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 10d815299a8bc694a5f7926f126fb702
SHA1 e85323ad46818db67b7ca89e28d8351af6cf73ef
SHA256 48f5bc5a1fc9ee7aa9fabe5372505d309091fffc3beb8f0c3be58c8dc04ed68c
SHA512 d7c46a4d12437b7ec363327acc0d1c2d0c163ede5c68bd0d43014d88d5c9f6b3ecdbfa8f89ef88ebba5acfcda2458f2433d3bf8f2f4073f6f1a641436f397e66

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b7dbd8446166db57d50e7b7ab636cd1
SHA1 e83fe1284265bc6f1de989e7b856ea869e20c792
SHA256 a1094739f790a54fab58d9294300bd243c1cfefca81672291bbbf7ee2986cb3a
SHA512 44591380c6ae26aa83b597b4102181deca018ad5d2412f8d810bc93df1f8b0b792295bdbe202244cb9cd2403c2421b38443e36acb21541eb3c11e9823e21ecc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 382658b005dddb5591a98c1e3ca85d07
SHA1 46d7ed9d411205bc35d8fb4894d63f38bd665755
SHA256 2282e1c59aba1e4527e321ec84c13752d52b38257d173a682e01ef70b7cebc72
SHA512 0a3ae9a6e5c03f0c7e614c2bf2252da30162bcda02e09289a993b0bf249b73c0814364fe8c543f37a469b732727c655dd59bc9ce7ad7839c7d552b0dd6a08e02

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 346b0b548e23b9afaea51ae6c2931c5a
SHA1 d9c0353d721971ef8a4de17c8c548ef4ad2bdd87
SHA256 254d75168ac0194421a7cafaaff66b77b0dff236691c665dc21daa7d87f59943
SHA512 5949e15c5bdfa274690b67f69ec27aedc021224285340bc94b132164ffb222f22ec0b73525b9215686a62f3b17c26397cff12e39decd822d6e2366a05b8ace35

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\6QR94LQ6\www.youtube[1].xml

MD5 63e94e3aee8142a8da43eaf8cef44763
SHA1 4adc9289a32add8135a72f0c6f98ca70f33b369b
SHA256 73cf91545c6bcdb45b03fe6a8d2e08cd7f5a05218f89b82294ad30a9a251fe76
SHA512 cf68f4dfa1de346f15beb76e8dbd8ab9cb0a83da46dff28dfadb6291a020b5f2e730203b39f7915884bb49aa6c6c0de5d78469909a80dfb4c23eff58007d2a7b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWTP8BNA\ad_status[1].js

MD5 1fa71744db23d0f8df9cce6719defcb7
SHA1 e4be9b7136697942a036f97cf26ebaf703ad2067
SHA256 eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
SHA512 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8DU897P\embed[1].js

MD5 14d69fc9da4a63c8ad5013b3d3781842
SHA1 e0272f8403d95fd27df22dff5fc014e2ab5d8a3d
SHA256 e2a5632fec9da56d272ccdea5ecfa7000dc70659673c52a11966802e37a2140e
SHA512 0f85c67ae8969570f6cfa4d265013da7d4820ea11349b11b886d480d7d78df5c6aa1e7484724d6b21421db18678d22bae6d478d3d0e35506673fd609805d1976

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\6QR94LQ6\www.youtube[1].xml

MD5 45da6ffc76d2dc8bb14001a040780e3e
SHA1 c4e84a784e3fd9a242a1bdb64100ecca88f40875
SHA256 05cccd143808ef391c2414ad2de4c260ec8061aada3adc9f58038ab36e11d4d1
SHA512 ad7d924073332c686e1552856b1d78558b17ac4573a1c80c490e88e577c55bc4cb72d2fcf02db72c777882394f34feb678b51f327b943a2b6810bafc0b85b2d2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\6QR94LQ6\www.youtube[1].xml

MD5 152743ee6a4e1c940a310ed809b146ff
SHA1 ab0ad6f9124e860f5efa0d3f885c31aee8590ea7
SHA256 a669119fb53a311d930be03092f7b6af09e534c99838db3af4afa61529d8479b
SHA512 b5d8431c7260815b0ed174fda38356566092f76dbd047f6f94e065b9bbd15cde37aa2a1db5476f787623b784f64b64695571eb94aefef95e2ea64ca7d8861bed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\6QR94LQ6\www.youtube[1].xml

MD5 54c015bc7375fd65d29ab9a0088a8470
SHA1 5dd6c2b1e1bfb3e7777804653b13c2e9d3530376
SHA256 514a2d74c3e102698c2d73171f10c173a2a505f4fc2860214ac6030e2bbd1ac8
SHA512 11e9bea055be6085d25d3617d00f2fb84e2b765bf23f5605ed66b844ddcc44f614cc90a4436485b49ae970cdc50c23c2ecb13f767c5d00544b32ddede7a5822e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\6QR94LQ6\www.youtube[1].xml

MD5 b9b9105f7775318f33b93b62f8e491ab
SHA1 8a3f8253b43a2c6eda5b9326400498eb5e809044
SHA256 036aa5c5df1d381de305470c5260d895e55de67902d70a989e9f6928291c3469
SHA512 d7c88c3bcb1461f7a05a10786eb81b50bc45d5da6285853d9d085cebb5e4b97960592e878f33021c87f2e4ee59fc5141357b09f0e7c99ac3bb1d5ab15111b6ca

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\6QR94LQ6\www.youtube[1].xml

MD5 5ed51dd78821d4a8fc1b26ff37b4885d
SHA1 d9f24df79a40f90ca4fe19a0afa5f712a90e3ae5
SHA256 4a3e40abc30a4f65f7a4f3698909db19f846541a1431e1a9db5413d14e8a7376
SHA512 3862a521949e2e936ff4c94c09f54b699f3fc33eb4149b57a610d30fc6ae0519d337311ef3838cb29146070084920e08e2b65de90a2dd7e4ec2c01b540a72a7e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\6QR94LQ6\www.youtube[1].xml

MD5 47be08def1a3a4202a185290cee928e1
SHA1 abf08846493af158e9b4cfa558c4ed1d3289dad2
SHA256 0192f8a36fd513f971a64c4aaab020223e64c61ee1e8ba54550438d19430bbaf
SHA512 0eeace9841f4fe846d9e836ef6a98af5035364d6a82c7540b0fd08809c44915cc5a0e99fb5db25f836fd6b0620371f6b26b60c1d2062827d8f9c42868d19354c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\6QR94LQ6\www.youtube[1].xml

MD5 9a8d00721c9c149ad32ae984fc2bb77d
SHA1 06a3a7826f1a2c6f56ac039ebd0a7711bc683e27
SHA256 ec2f9c38816daa41687008e9815388f482ad5cd7d516de223e633bc268eea351
SHA512 6d48aef163cb8fb6483692bbaffac1691d0d1ec7f850b7e3ac65b3e1107b38cb6ee9df374143391bbbdd67e608e8c39b00434dea070e815bbfc48bb02cb2c8d3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\6QR94LQ6\www.youtube[1].xml

MD5 2061a893e998a169e2a49fabe6339910
SHA1 836eca92a13c9b22122f8551365c95943632463c
SHA256 1247557a83a3a548395065d4296c120aac3fde7ca049f3149c2a76549a6372f2
SHA512 a1543e817b245735f5274fc0e079392c2939d53bb3245ed95c3cc9431df6e12d74a888180ee4d73e1245cdaa76f23485c993360585af18ab9214d4f48d917433

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\6QR94LQ6\www.youtube[1].xml

MD5 ac21f72f23cb78b27aa016746f5a19b0
SHA1 5863cda0fb0994c6af149ece002c18c50f6d564c
SHA256 e1d410e9c898b748308a0c89c6c1ba8e6806a0d5110cb1a5931bae52e8467873
SHA512 004598426eae92e9e2a0b4af41c7b4d6f8cf2aa225eb8f50eca4a779e414c514c2b36ecb1b5405ebb1e2a316f1d26224545585d6b736fec20eca2c8123be7491

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\6QR94LQ6\www.youtube[1].xml

MD5 c37085fd55bddc85daa9aa1873288563
SHA1 c3ba00de6c47ff8b142ab48815e5f997c5b3a715
SHA256 ef969976cb6626e43784dc5e5beebca9aa23a7d79d57cf9a7ab9d76934925cee
SHA512 d7191f7afcff8b7a0ed3fbeabfa3388936a274fbb933ba812c16acce11d75a1cb4abe8c1c6ad6e7f7cc8414173f3b3f53102066c5a718fec24a03a34e6da943d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\6QR94LQ6\www.youtube[1].xml

MD5 cfee27dd89700c7a9fa92637abaf62ff
SHA1 857f5c1f8068b9ac82293ea96453b1f2b5723b41
SHA256 c12cda447c77005b286f0b1e498f86e712a4aa68fd87a8caa49de1770b1430d9
SHA512 e65fe641d5dc9212695fe5fa565f64654e3782d2c255cb68672ee1235bacda45386a27f29bd138076b4681dc7bf9d42dfb6e95a6ad3ee8c8dbcce5a4e1ac0b94

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\6QR94LQ6\www.youtube[1].xml

MD5 a4e3c95bee97040be7cd1f4916ee97ff
SHA1 f444ddfacf0b39ab755d621c4f9c57aae638dbce
SHA256 b400f770c4f2fa8813dc8650a061e27e3e714b89b3b1befe36683f94b6b5704a
SHA512 443c847f31ba473afdcd8d7024edc97b8eb84670849de3380fae62cc3251a7ec590378620ed49ecb968e760f883b27a15655da2b5a11ffdc1a24dc4eb4bcd901

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\6QR94LQ6\www.youtube[1].xml

MD5 c2f747d5c9bfa7e810f9c9b317a9f521
SHA1 2939a36c3a869162cf3ef4f0375e50a9b2d4c8e3
SHA256 4973582c44b49e7abd58495fd9814c02ba84757f76c463e2669c6b0971e7ba46
SHA512 6aab203eb6c8b582aec9b655b08e599e5d14574a66dee4805e74a88054dd98f2369429833fb1f4b3201df03ea974d50dda47ea3781575b4d70c850ab5fa15170

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\6QR94LQ6\www.youtube[1].xml

MD5 add05b243de12ffd62bcf80dabbe4325
SHA1 c0b55e95cc21e50626ed259cbdcd74c5a5c9da24
SHA256 869bd61e2a85a001f477e18b2befb86f55e4991e040b741ef825b396fc577f4a
SHA512 49355a4fc9e6f37069f4880b77f70fbf2abf6dd459e03b8ab7489b1055f314b8ef126967301e2fd68674a317c447b3459d24c95dfd7f51b1d802f602035aaace

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\6QR94LQ6\www.youtube[1].xml

MD5 5129675f7f79ba660b7dd0f3166c78d2
SHA1 db0ba3474b61dda91a45519ac2d28a2bc114c23f
SHA256 f2b9672dcdacbfd471c23870909e848a3a6f90a52c6180f74a6393631e5cf0f3
SHA512 18fe86d65fb0bd1817aba915bf1c279ec8b039c5078267f214e21bfd4deba8ea4c64a9f976b66e04ccda4c42f9df5896a0251b09fc49c218c6f576b7ee626d19

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\6QR94LQ6\www.youtube[1].xml

MD5 879c1fc8fbe69bab5fa9b74c08a2bd67
SHA1 c4d230e58645415d1517fa0aae99160e775536ee
SHA256 a482dcecd2318e368fafaf7417d3cf8dc1d26e21da7165a8556351048d6b0bec
SHA512 7d4e92e4c9de5f2b8b787d4ee01568deb50e228f0bb63a505a67501abc5b53caa90131c7f218b7c2d067737a4a4531ae2c996094efded3767710ec3474e1decb

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\6QR94LQ6\www.youtube[1].xml

MD5 f2fe18abf73fb891ca96e37e59226361
SHA1 c260d705729611d3aeabae5690d9489cc0aa3bf6
SHA256 95d3f3f9d6212a10389e5913a067013cc76d5158b68195ca755710502306afe5
SHA512 0fd90e6b3c143ae6f25c2f9c35cdb8e4268d2f4c1406b1a1b96fc9cf9f9ea1c0e39f399eda76e57cf135c729206928392cf96a3f095f7357a75d721adee0d04a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\6QR94LQ6\www.youtube[1].xml

MD5 4d6f7532c4b63b70f769d34144e181e6
SHA1 2f018860d772b176852ee40d282f7c4941b5d703
SHA256 c9d4b4bbf505854490b6ffd681d6fe257d6e57e70344fec64dcfa39ca6344080
SHA512 a6da18e5bb22806a9c7f3f560e5bcad05c78f1411745baed05c6e0f4a779a164c158b9ab8c28b4d1450ba4a3c7518ebd667812697bb85199842b070529a1c14c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 975f9f27edf1ef385c58eeb69ad9a648
SHA1 5407c2294bc7ef9825ee2ed780bad6706917e4c2
SHA256 d10b31d1a1e1389f4f4a9beed79327367692478d1c1b9ffd19ec5ce921557049
SHA512 4a8a1dd1557c962f1b3f4ecefe934930aab8653a125638a75c53450dacf614cfcc6daafca7b3a509ea0dbb3a2a8d5648e4d41a28be335eb0ecbe0b7efcee4cff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f1791a3702166f7a4f2f25aa06fff048
SHA1 27cca2bda8641464671a3166867adb690cf641f5
SHA256 4b445c76e7705d9de5b3dfc53c149c8ba7c3acec2308b20eca6251e04faa5bac
SHA512 bc53cc10a690b9a60661dee59dd41dfee9b23c58f6a75274a6eb237f576e8e92fe2d4127c55f5febb4eb10f0e1f840c1ca51097f900e561797c4c25e4a0da77b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 561e99088bf3d6304bf877e28a5a1f63
SHA1 965ef96025c8dbd32a5d5753ff066d3af8b0003a
SHA256 e983cf8bf0591e84ae7729e658eaffba48460c568d22d7ee019ca633b76e1d97
SHA512 34ed8c15d74417f6d0adfbb9e5e00f1ec5cf745702438cdc3bc4b1d51ae5a597ae7e8906f05cf38200eff57a0e3b2ad3b12d4380148841165037b8f2fae49ef4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 51de586f21a6c04f606c8d7980d9e840
SHA1 953026dd478f443486c4b2f75ba16e9ed78b69bd
SHA256 f04d0dd91521191661f0ff83496df1ac4a238abad7926282cdae4c04b9894124
SHA512 00b5948acf73f2b290c4a643cd2e101681fed3da87a6f116243eb2c2e063c1805cd10931025c87efcaa1d860c527b7bda363b08ffc1a5eaab83a171558175b55

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 31f8cce43d4c68d02686b32322020cd1
SHA1 300a6658d46745a3cd8252dfec3a4b967fb8b052
SHA256 bcd1586b39f9f65be643ef07ac92e998e7c1db12bf85b47b04c15493d58107a4
SHA512 82ffae75aa3d72fe55f87fb3fc3d36842ffca06ba40c7699089e7b2cbc22828402f3243ed084980ab0097333cb47792eff15b416d3a529b185fc5e85a5491344

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f81a641d78d606f62e86fd33145f84e
SHA1 b1486d68a8f1e541245e587c9e8c8d22a71fe5a9
SHA256 d3456a310625039df8aa24703e7243e69197039c1b9ac27426879053d43f34da
SHA512 bd947b7ea3115e21f70f8f76f47ad721e250f8546d21824bda4e937f4b438a880148491f96422aba81c7e22d8f664346fb933972de7a667f6465370c69777764

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1dc27c940389e590f89de9f21ac8bc6
SHA1 e474931148607b6e4b8dd5acdb1844bbebfb23d0
SHA256 ec03a244724e1a755677189f1a00d89e053aaac9b29cc597ec4d3c3b436fbb47
SHA512 97879de0bfbbf2aac0c683b08d45854ad870cd99f333b5908b544c34a86e9a6184b8113d022f59b244ebdf0f0d38b76b24284dd3b0265f3fa3b3e63e7dc15fc2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 746a110d34a2752c079e8598f70f8c23
SHA1 6c33bb9742f75b275a70107573b397e5265d1867
SHA256 24735d532a146db9ce5aa01c62d2be6d0fefccb16e4288be471df4a1e8725626
SHA512 19be40a4711db115fa33b5489d57c58f67c3301e0a13ae3dc5bfa527245bf7ec4531b45f593cc50200ceaf9cdfae400c4e9d70ae50dbd640304e851be73b2e52

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 03d37f7a8c72f9c685ba2c92e914ffc2
SHA1 c8f0e410b27175b4aab19a91a33c9a5c73e00b5a
SHA256 099038f8555dae03d14ea05f299686e572b0e6a0cc68853b49c09c111129aac1
SHA512 9f8e502dfb2b4e8a3cb7ffbaf3fb2d980f894e3c30502cafe6f3c039dd98e8c92fe46983057a6c1f5bee44503ccffa424b8c37dfe6cf1784097846f271fe2724

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ee691310bd933204e29933ea99a5b96
SHA1 69cc02c4386f7cd76c74ce9af0576aad1eb9cc86
SHA256 aaf90b315d185a70a8eeb3d43405c3e51813c85f3096920a17777833e4d122f4
SHA512 8d80c2b9ed000a2f92ebfdeba0dbc672a4c41f7b0fb29ed57e1b4b40dec9ce13e599ac2af70a3179382e7895fd5415d1cecba63dbd09205d43d95b7ba62058eb

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\6QR94LQ6\www.youtube[1].xml

MD5 ade55e8550de6c0ab1377ddd4cc680b3
SHA1 2f0949319c712a226d99998c9d0aaee7a34f3a82
SHA256 918daae5b220a21c87aa47310315a7c8389e8f46fdf470a5c6bc1f48a58748d5
SHA512 f01f6086cccf5a5fee6cfda5fe6075f738841559749c01acb3ffd870a86e7d34e7e2f5ffc6bedfe8361a45c0bb0348c829d953b01a553547d11f6a6902fdee4d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\6QR94LQ6\www.youtube[1].xml

MD5 4fc1de69d36442cc6de17d61c44c409c
SHA1 4dc5cc3b60c5f4637f7597d0dc60c75902f79373
SHA256 7171fdbbd93da48c583aa137370ccaed6d8666d8dd7826b4bb66026f07d06db6
SHA512 016f275948475c999a816d59a20fcc0d482c2ba16228cdf082b68fd356d9af77589f4297caa5ad498a8c61cd064e629b76724620f3d8116894c4d181c5480235

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cb2bea8d9ad72a3a4ac543c204204ee5
SHA1 5d6d22f0a6b96deb2a50e56863a62d7093c4cf12
SHA256 38599b91c01e1af2e9d86bd6d117da8fc0e862668773d36817feb300c2dc9182
SHA512 c16c47f6d7dda4b69a99a1e2ca5ac09287d15bf74f09b50178f4a7bdabc46b9337cd77171b94b1d2615ae815d0358b334b51a1ff0abf37d28b83d41f64aa15bd

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\6QR94LQ6\www.youtube[1].xml

MD5 79ac8d8123c8c3c657b6a4718b76c5f6
SHA1 bf20874de52be012ed0339ee05542506bfb242fd
SHA256 472c51e6dd8dd4c8a30a7ea3ed7ccc6890c7cdbfc646b5733b1e564c0dc2c1c1
SHA512 586beb594096057aa7720290a26ca357df52a641ca260a7e09c2028f1a3ebdd5c05587b56066fa77e69c8e5f72c4f01428bbab051d77f8a7948ed216e738ab40

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\6QR94LQ6\www.youtube[1].xml

MD5 f2ca2fa1e85dfd096a82358e89219891
SHA1 d3bc7ac85a8c7287b51e3973573e178112bfb854
SHA256 a00dce21a3e83d0264ec757d7a570eece4f09d29fb254a64df17d6162f105700
SHA512 149f9be8820aeac3b6d1471590405bf7e95cc97fa9d4471a4197586c6f3f7c822edca2782ae97c959c325246f8b9e0d57554777c6e4ecd11bfdfa7769aef81b3