Malware Analysis Report

2025-01-18 00:40

Sample ID 240613-l8tmcsybpk
Target a5063a8b37a19a92ef7cce89f2f41e28_JaffaCakes118
SHA256 bc6ad1ff85a38c950b627fdb3fb7e57e153834888bea80111c07debb41501bc8
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

bc6ad1ff85a38c950b627fdb3fb7e57e153834888bea80111c07debb41501bc8

Threat Level: No (potentially) malicious behavior was detected

The file a5063a8b37a19a92ef7cce89f2f41e28_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 10:12

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 10:12

Reported

2024-06-13 10:15

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5063a8b37a19a92ef7cce89f2f41e28_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3000 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 3540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 1116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 1116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 4452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 4452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 4452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 4452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 4452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 4452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 4452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 4452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 4452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 4452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 4452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 4452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 4452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 4452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 4452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 4452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 4452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 4452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 4452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3000 wrote to memory of 4452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5063a8b37a19a92ef7cce89f2f41e28_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb41c546f8,0x7ffb41c54708,0x7ffb41c54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,16736708454767789924,17574177652460607485,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,16736708454767789924,17574177652460607485,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,16736708454767789924,17574177652460607485,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16736708454767789924,17574177652460607485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16736708454767789924,17574177652460607485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16736708454767789924,17574177652460607485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2524 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,16736708454767789924,17574177652460607485,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,16736708454767789924,17574177652460607485,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16736708454767789924,17574177652460607485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16736708454767789924,17574177652460607485,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16736708454767789924,17574177652460607485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16736708454767789924,17574177652460607485,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,16736708454767789924,17574177652460607485,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4780 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 cdn2.editmysite.com udp
US 8.8.8.8:53 www.aura4you.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 151.101.1.46:445 cdn2.editmysite.com tcp
GB 142.250.178.10:443 ajax.googleapis.com tcp
HK 223.255.176.204:80 www.aura4you.com tcp
US 8.8.8.8:53 driversnest.com udp
HK 223.255.176.204:80 www.aura4you.com tcp
US 66.96.147.144:80 driversnest.com tcp
US 8.8.8.8:53 g.bing.com udp
US 66.96.147.144:443 driversnest.com tcp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 204.176.255.223.in-addr.arpa udp
US 8.8.8.8:53 144.147.96.66.in-addr.arpa udp
HK 223.255.176.204:443 www.aura4you.com tcp
HK 223.255.176.204:443 www.aura4you.com tcp
NL 23.62.61.99:443 www.bing.com tcp
US 151.101.65.46:445 cdn2.editmysite.com tcp
US 151.101.129.46:445 cdn2.editmysite.com tcp
US 151.101.193.46:445 cdn2.editmysite.com tcp
US 8.8.8.8:53 cdn2.editmysite.com udp
US 8.8.8.8:53 www.pcgameshardware.de udp
US 151.101.1.46:139 cdn2.editmysite.com tcp
US 172.67.15.52:80 www.pcgameshardware.de tcp
US 172.67.15.52:443 www.pcgameshardware.de tcp
US 8.8.8.8:53 www.pes-patch.com udp
US 172.67.210.11:443 www.pes-patch.com tcp
US 8.8.8.8:53 www.garlandcomputers.com udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 99.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 52.15.67.172.in-addr.arpa udp
US 71.78.144.243:80 www.garlandcomputers.com tcp
US 71.78.144.243:80 www.garlandcomputers.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 worldofpcgames.net udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 15.197.142.173:443 worldofpcgames.net tcp
US 8.8.8.8:53 11.210.67.172.in-addr.arpa udp
US 8.8.8.8:53 243.144.78.71.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 ift.tt udp
US 15.197.142.173:443 worldofpcgames.net tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
FR 52.222.149.68:80 ift.tt tcp
FR 52.222.149.68:443 ift.tt tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 172.217.16.225:80 lh3.googleusercontent.com tcp
US 8.8.8.8:53 17.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 fullcrackhacks.com udp
US 8.8.8.8:53 www.sandisk.com udp
BE 104.68.77.5:443 www.sandisk.com tcp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 5.77.68.104.in-addr.arpa udp
US 8.8.8.8:53 www.a2zcrack.com udp
US 172.67.193.108:443 www.a2zcrack.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 108.193.67.172.in-addr.arpa udp
GB 142.250.187.202:445 fonts.googleapis.com tcp
US 3.33.152.147:443 worldofpcgames.net tcp
GB 142.250.187.202:139 fonts.googleapis.com tcp
US 3.33.152.147:443 worldofpcgames.net tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 142.250.180.14:443 www.youtube.com udp
GB 163.70.151.21:445 connect.facebook.net tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 246.187.250.142.in-addr.arpa udp
GB 216.58.212.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:139 connect.facebook.net tcp
GB 216.58.212.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 226.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 232.197.17.2.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 platform.twitter.com udp
PL 93.184.220.66:445 platform.twitter.com tcp
US 8.8.8.8:53 platform.twitter.com udp
PL 93.184.220.66:139 platform.twitter.com tcp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 216.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56067634f68231081c4bd5bdbfcc202f
SHA1 5582776da6ffc75bb0973840fc3d15598bc09eb1
SHA256 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4
SHA512 c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

\??\pipe\LOCAL\crashpad_3000_KSQKOPJSFCXRAHOJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 81e892ca5c5683efdf9135fe0f2adb15
SHA1 39159b30226d98a465ece1da28dc87088b20ecad
SHA256 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17
SHA512 c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 788f79c554878e98cd7c2f3f022503f4
SHA1 574b68a460c76223b87125eb1132b7873f5373f1
SHA256 9858b75bccf1f3850645442c65240e3c6741109c2f78a5ff02c25d20613b8a05
SHA512 5fecb43f2942939f66e343fd55bf5c66573a88770d7d5ab1e9d3d7e429ecb4fdbf4add8be4ef779befd371b63bd7b9bc664f446559a46010e938e22cba3bed10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 de6fd6121bd8b5eea0c36973b81af6fd
SHA1 4d378f920e4b4420b37f70f6375e731e887a018b
SHA256 183439313106963acb6100ad3cb502def74fc7a293ff7bbb935eaf70158e89c9
SHA512 b5d28884a79418a8261d4a981c84ac6323bbad53432b2ea9f5ad4efa2548db8c2d3ea54704ab832ba299b11a291808cbe3a66db15c72e45f2d722b3fd704e1de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 723f874d267865dc2c1fe8b82b634236
SHA1 78037ebeab0c2227e42daeb637a2bbb6d5172eb9
SHA256 920c4a23f03f28ac0329ae8380cc841e9c0b268ee51f630afa259a33af7c6b2f
SHA512 5a9855792268c0c9e7dc7bee38ad332b155fcc1b2ee85cce1901da159edaf626a05f88ff6773b95a25fcdf0491af50b99bda604a462d95a92b66f03a12aa0cbd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 87b96a63d7d15946823f2627300f5973
SHA1 5bcb1bc895cd0db6a635039339fbb98d8bb56af9
SHA256 0cf4e1d53901c6cf0d780455f2fceb9fd518bb6bad04f83ff2a6a38ab3c888aa
SHA512 c1eb599322eb7c07c68fbdd7cfa9a62cbfccb3e8397909dbddd31cda1589e1ec77e9a384a5208c36f1b6d659b69d7c5ad39ea28b06ac9e4ab8857f4bd317798e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 008fd1a8b4ab946e17312d25ad444485
SHA1 9443d2e00e3e0e00697e3ba4498b54c90708defc
SHA256 6cafb5414dabd2c718cb0bbb4fa7ab82964b0d844097fbbfae4916a1ba6da4f9
SHA512 b88b8d18375a77e8840df8a77890a54c08733cf7a4aec252245309cdc16ebb6ceb7ae6f617f38fdf14ee0417203c40eacb8068ef7b0cd5b11e3323f0245a6244

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580f7c.TMP

MD5 2356da22bc39f288fcf36a5348625641
SHA1 931e0ef95ddb57b3357dcd7b1f8cb459afad1392
SHA256 ed4d9bcc2d53e1ed0dcf9342b2fead44cd96d9ea9900a668f537217d767521b2
SHA512 2ffb1bced23bdcdb63c7d05166d9e848fbd9f641885e4b74bbe12e8d0278554c22efc06bef175ca037e0c2ae417c83cf6774223688954ae0721fc6a4a0027265

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 778d3f7ad54552a4f46290c0bef2e9c5
SHA1 cf5f3f19cd9dd5ca739fa835ec0332060e70dc82
SHA256 db4baac37592a3705af8929a8198b0cd3550b9bee425207a851084a4e7594a6e
SHA512 e59abe1b608ba73aad96489917c2387f36dc0f77d2a121f81ff848b1c6895e585b73d355c82b19498672624aa38bf5714bb6d1f1bf3e77dbf1b5897570ce1e3f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0ee7236aa8ccd483c7e7dc965397a703
SHA1 2340b0b1bbde25f808f7912bbb9a37bb07d7640b
SHA256 232afff43566588f8728dc98caa3a2eb77e772c5969e27207f8f897063ec2954
SHA512 a587595e537e0ab7817deb75c71be0738b4fb62a7e5fd08c8d4df35c598cef1be80276782909aa2807e375ad3c61ed90f975071581f780a89b5740f42f9eab24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 9d8ec1771d378964b3b7efa18a7a953c
SHA1 9237e1adf76c94dce252833d00b1a2532baab683
SHA256 2fd96879772d742dd38c71cb8fc45469ae3d6039b7f20d244b6ad23cc01c1dba
SHA512 767eb48ab582c6810450fca4c7e1a9e5a98f1d31475e70ddedb8ad5f6d602d17554e30306590d8ec148e306798489b3430162ed427d11017fa24b4f841ee1f59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 84439f858e16ee77c26a3e366b80d4da
SHA1 3124536237d92815f380ec60e598f16fb3fd9feb
SHA256 202afe200c0b939e3f8e213eaad6ea3284a64678b526a67c4ad8b88f7b904093
SHA512 fd48447de6f6bf3fe0dfc72ce1bcae7cb97aeaac33e5eb86c6f5c7b4c2f31055be24819ab7ffac9d633985f358404fd7a130221db20e3e4938bce0996bddf6a8

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 10:12

Reported

2024-06-13 10:15

Platform

win7-20240611-en

Max time kernel

128s

Max time network

134s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5063a8b37a19a92ef7cce89f2f41e28_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "15900" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "288" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3806" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "14759" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{763B71A1-296D-11EF-A72C-767D26DA5D32} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "15894" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "15894" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "17094" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "21073" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000388bbcfb959b12d53835c529dd3296baef5119c40b3d866f904c1fc554acf9b4000000000e8000000002000020000000ac4106f51dd47745bee806150a1d322a775c6a5b38cf2a7cba09b6cdff9e6090200000005c38ef1b0aad6013d1b2c27662f95890db2c6a5cdbb42e95f3e47f90408c16c040000000420da42ad71ff27ae8e3ecf6ab535b06b00f718fb2fee17b6471622464fd12de1d5947331bcbca0078bb95afa7532d8a0b800edb60a2aab30b9d0749217a778e C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000008e4fc26e52f6fcdae9a4cf61ed28114713cdfa2797cf22719e2920cee6398fc8000000000e8000000002000020000000122ef1588f88829467f4e0653205e7f31d5aeb6f12483e4e3ba106829557595190000000df47b5951c0e5b423ad58f8bebec744e28b154f327b1ff86a904c99de547e944e7a256d83880c0997891093efd5628fcf799ae73e0baae0ada70194787f6b676cef9dc3e9e1274aa226f651dd622f21acd1157243faac14b07cea810b45de3c55a7aa7d3e35a97852b4bb2c28b0dca07c4b9626cd3275675fca61eaa773f8f74dcd6c6b0ac46e4f0c9741f2ba9022e4c4000000053b374bd715a3c2572a5b923a2bdc37df92442d42b50ea6f684aa6f3f097ff96c03aac489123e3950d7fc44991c02290121afb9519d553964e11d1fb92aec7bc C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8083" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "31944" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "31944" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "25559" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "17094" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "400" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "3806" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8001" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "17094" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "9292" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "25641" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10191" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "14759" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "14759" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "24905" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8089" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8001" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "400" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "35341" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "35341" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "288" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8001" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "15812" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3888" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "25641" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5063a8b37a19a92ef7cce89f2f41e28_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1844 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.aura4you.com udp
US 8.8.8.8:53 www.garlandcomputers.com udp
US 8.8.8.8:53 driversnest.com udp
US 8.8.8.8:53 www.pes-patch.com udp
US 8.8.8.8:53 ift.tt udp
US 8.8.8.8:53 worldofpcgames.net udp
US 8.8.8.8:53 fullcrackhacks.com udp
US 8.8.8.8:53 www.sandisk.com udp
US 8.8.8.8:53 www.a2zcrack.com udp
US 8.8.8.8:53 www.pcgameshardware.de udp
GB 142.250.180.10:443 ajax.googleapis.com tcp
GB 142.250.180.10:443 ajax.googleapis.com tcp
US 104.21.50.198:443 www.pes-patch.com tcp
FR 52.222.149.61:80 ift.tt tcp
FR 52.222.149.61:80 ift.tt tcp
US 104.21.50.198:443 www.pes-patch.com tcp
US 172.67.193.108:443 www.a2zcrack.com tcp
US 172.67.193.108:443 www.a2zcrack.com tcp
BE 104.68.77.5:443 www.sandisk.com tcp
BE 104.68.77.5:443 www.sandisk.com tcp
US 172.67.15.52:80 www.pcgameshardware.de tcp
US 172.67.15.52:80 www.pcgameshardware.de tcp
HK 223.255.176.204:80 www.aura4you.com tcp
HK 223.255.176.204:80 www.aura4you.com tcp
US 15.197.142.173:443 worldofpcgames.net tcp
US 15.197.142.173:443 worldofpcgames.net tcp
US 66.96.147.144:80 driversnest.com tcp
US 66.96.147.144:80 driversnest.com tcp
FR 52.222.149.61:443 ift.tt tcp
BE 104.68.77.5:443 www.sandisk.com tcp
BE 104.68.77.5:443 www.sandisk.com tcp
US 71.78.144.243:80 www.garlandcomputers.com tcp
US 71.78.144.243:80 www.garlandcomputers.com tcp
US 172.67.15.52:443 www.pcgameshardware.de tcp
FR 52.222.149.61:443 ift.tt tcp
BE 104.68.77.5:443 www.sandisk.com tcp
BE 104.68.77.5:443 www.sandisk.com tcp
FR 52.222.149.61:443 ift.tt tcp
BE 104.68.77.5:443 www.sandisk.com tcp
BE 104.68.77.5:443 www.sandisk.com tcp
US 66.96.147.144:443 driversnest.com tcp
FR 52.222.149.61:443 ift.tt tcp
HK 223.255.176.204:443 www.aura4you.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
HK 223.255.176.204:443 www.aura4you.com tcp
HK 223.255.176.204:443 www.aura4you.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
HK 223.255.176.204:443 www.aura4you.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 216.58.212.214:443 i.ytimg.com tcp
GB 216.58.212.214:443 i.ytimg.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 fe0.google.com udp
US 3.33.152.147:443 worldofpcgames.net tcp
US 3.33.152.147:443 worldofpcgames.net tcp
US 15.197.142.173:443 worldofpcgames.net tcp
US 3.33.152.147:443 worldofpcgames.net tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab20AB.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 cb85f3fcf86ef0de7ef258539cae87de
SHA1 c73288fff07885a62f8c7033b348863ed3b8cad1
SHA256 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f
SHA512 dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2

C:\Users\Admin\AppData\Local\Temp\Tar217A.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f48dc288dfe6711bb625e3fbb586fae5
SHA1 7dbeea50878e368e256bcbee8a09bf931f1d2cda
SHA256 d34465d2fb512016edfabf094071ee3b94d69918d5b98ad34979b608f108d9d7
SHA512 87cb257a756c8a99865bd09db33fc0a54a2ce443d061b97e8c4656b55dc0b2394174e43b32a684b9013d879fb65aba51e2618c0cc9f5ebd7608bbee5a57682e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 51c2ca24fa5f505fc588586d873a424a
SHA1 3ba54f482e0ae93105eeae6081567a7ce1c939ed
SHA256 22dd16f44d73105a0ebe33ed345fad7b42907a2455bde07619ca106e2f193e6d
SHA512 75a31c48f831a543cb768d09b66ec788bbb3aaa1916b732b767808188cdb061f53b664f627136e91913107afddfa4528bf595f200ed667067bc66571e33e51fb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_89FBEB9EEBFF8AABF1EBFA20B87AFE7E

MD5 a474c83dff6568c8a1c600e7147fc8aa
SHA1 be6daa9ea0058907ab4c46b2f05997baffcf12aa
SHA256 1f97b3069d5559dd2b43a38fbe61bd7372285b0eb518bd4d6659ef7efbd7e208
SHA512 d745b34b3cbb59102c03305f23726dfe5421c48a574c7ddfd38b8bec85f8b19d0e8f03c9b56261a0ab2eeb52fcf970b6e598de420e65861c5e9d8ec75cd10f50

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_89FBEB9EEBFF8AABF1EBFA20B87AFE7E

MD5 60c593c796591612a55accb66d6448da
SHA1 816aeadcd13ae6c0829aee7c247b5dde70c7af95
SHA256 0a7ef74ec7fbf8eeee4907e58fe82af1928e84c8585a1684c3257db3ba58f40d
SHA512 fc0b1b8d6d428ecdeb395894b6eda967b75f1835a81fa436abb6fe8b3a0d89b5bbd45292bad2eb5531155b4da048ce579b57b59c94338bce58501d60c8f4b176

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TNPG4FQ8\www-embed-player[1].js

MD5 8940a491297381a0ce25360e21b39bb5
SHA1 43d7a4157e78777fc024415969c3a7bd550a4322
SHA256 afc766cb1c4a339c40d24ad926f05e8b4927eed7532b876291d0bd19adc9cf3e
SHA512 5772d7e7485db888676e69cbaf4c88af01872997338bc61e8e0344d5dba208c2909e167d54d8edcb782e17d1a2b4e9dba955baeb0ad0e43ba932b3bf25ae7dde

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TNPG4FQ8\base[1].js

MD5 cb463df0a090cdfabc77af2691141830
SHA1 e3dde6a1f5c4803e69839154013496a781137473
SHA256 e09e2e8a3cfbcc88eea12d0b17161e1f2c8c75f1bb21100829c09f9858db3f24
SHA512 099374f7b03a4635390b94525105884fa101d93a583eed0d92def7d2de3199d2bd57fc63d885e8e9af0863db40cf521d2fb770eb09400a4c6285f7c37ad88e8c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\25X2B4US\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TNPG4FQ8\KFOmCnqEu92Fr1Mu4mxM[1].woff

MD5 bafb105baeb22d965c70fe52ba6b49d9
SHA1 934014cc9bbe5883542be756b3146c05844b254f
SHA256 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed
SHA512 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TNPG4FQ8\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

MD5 de8b7431b74642e830af4d4f4b513ec9
SHA1 f549f1fe8a0b86ef3fbdcb8d508440aff84c385c
SHA256 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a
SHA512 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\25X2B4US\www.youtube[1].xml

MD5 0b27c5836c8001eef3cfd35aa08bcc32
SHA1 a949bc08269c69cadaf115a72c67c22b6a582797
SHA256 dd219943eeec18814853838c86a8289b407a76172040a8e2a2af077397c267b9
SHA512 17c5f678899c04a531af041598b213045164fe14188de2c9ab55d9c8bebf080c0579d3aa6fabd48f2b14392c32df953b1c942dce65ac56ee019d3baef9fd34f5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DODQ7AEY\ad_status[1].js

MD5 1fa71744db23d0f8df9cce6719defcb7
SHA1 e4be9b7136697942a036f97cf26ebaf703ad2067
SHA256 eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
SHA512 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\25X2B4US\www.youtube[1].xml

MD5 c2939d233e6e2f135a1c0af90db185bb
SHA1 096e410bddb391fcac195662fafe538cff50569c
SHA256 eae4eb7dc7471245d6efb100b9747027cea95e9b61a0388486b643cfd28ae1dd
SHA512 0034f7c07dba55c2d6abbc2a7c14b9505ee8d4b62b2819c9c9c498382d64eaf7456fb9e90f816576590329428121a2f1091f7e6e07f3aed97bf6511ead6af768

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DODQ7AEY\embed[1].js

MD5 14d69fc9da4a63c8ad5013b3d3781842
SHA1 e0272f8403d95fd27df22dff5fc014e2ab5d8a3d
SHA256 e2a5632fec9da56d272ccdea5ecfa7000dc70659673c52a11966802e37a2140e
SHA512 0f85c67ae8969570f6cfa4d265013da7d4820ea11349b11b886d480d7d78df5c6aa1e7484724d6b21421db18678d22bae6d478d3d0e35506673fd609805d1976

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\25X2B4US\www.youtube[1].xml

MD5 bcd84a4f97c82f0b40758e5fee6b5979
SHA1 02c5277c88a157311ea7886a8c559f7d9669f489
SHA256 68deeaf752b31f2de9f4d08f9c301f7bd29b590c64a39811e0c8c7fd6f247d3c
SHA512 40b174941cd55f648f7789fb92646d838dc96fc26e6737e07827c107231d4bdcd7b623db98b8e43da9ba6dbbe7914642e1a353f72bf98decd73c55b67c980196

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\25X2B4US\www.youtube[1].xml

MD5 0b68574ae411e4f8ad96fb61580c2941
SHA1 8a918af08b054fff02177a9c6fce33ac946c7568
SHA256 28e41400d7488bf5e02df9c106a5a29aafac755138a6625bbb7294e8a628c103
SHA512 7f7e5c572ca66cc7f52c2583b107da2ba952f08063dc135cbe1aba0190421634162e468d16af00e17ffaea78a41b17fc4d0f05dd3491edfb60c495a328cb4d27

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\25X2B4US\www.youtube[1].xml

MD5 f316064a2f747837d406af07e79071a9
SHA1 71d94266e85032b71408f60c2ea0fc2424313ffd
SHA256 e2d2e5f8c3db308904bf228373f7e981c25ad6c938d8bf2bc113eb187ac871ba
SHA512 ed9f19e1e73293b0ca246647aed54f7ba557f79bba345770be8547d0bb0f376d82f7b8fdb970cccf7b6b4937080dc9131fe0e203b94c13419023a57ea972a73e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJARS8CM\remote[1].js

MD5 122e83be4335ed0b6b270ff458ce45fc
SHA1 4cb88bf4d9efe3759b45d01dbdf258ab8b4147e1
SHA256 13bace7cd8fc970632b82a7f1614ffff8f8f9f8dee7d5072d633c4ad5f7cadc5
SHA512 188863a2f4c41b81179f8039874f989163a3c61ad4a6d766dc86aacac71f80add476682b6686f8c95f6be031ad78bf5767ca48544aa64ffd303f522888b558aa

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\25X2B4US\www.youtube[1].xml

MD5 316b64f414ffc7eab6f118e6ce043adf
SHA1 61b79cc531a6247cd2572ffbdbb70d06831296a3
SHA256 f6774100eab96e80523bd6c4e43691e29182b7b9f1c4e6feafa0e2af96c235bd
SHA512 32d3803e57367aa4b987dc4bded4ded366444fa5c2f542b65c5221282d3309dfd6d8824f55b2c51c599325eaf1ba259882a1e4884a07ca2c0d28a1c73ee59c4f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\25X2B4US\www.youtube[1].xml

MD5 d9b1cce0f6c6f8ee9af4c89de7d090b1
SHA1 63018dfcfcfc7a7671e52160a63f3a62fad6c7ee
SHA256 06d1d626d9028b985fe470a536fc565190c76ae9b611e252679417d58fc34eea
SHA512 f3ede42a98e26445da1573f4a51cd046a2d8b3b5ebe09e31e1928a90248a0af0025e3a67f7ce29d12fc5b81c7e244ebf51f27426ede88b84b90cfeac72a297c8

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\25X2B4US\www.youtube[1].xml

MD5 dd02a8335671e13feb42673e2dfcfc71
SHA1 3066df2f6b750464341f4f8ba2078a32bf677af4
SHA256 8a221294c707fffbad823977f4c398a0aaba89ddcae08afec83c10922196d48e
SHA512 0da76c98c56b630790b50e18057de8679f3901c7002736c67cf1878276abb238718b551f0fe49c073752e33615c21a332127c0f0cd07505f32b7e082dad24331

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\25X2B4US\www.youtube[1].xml

MD5 f65ac2b19b242906799ef7c834bed433
SHA1 8848502792887c670f8d493db0ea0fce7c90b1b2
SHA256 1728b08273a8c486b7e483440d5b124190234de35431d771bc69c1850942ef97
SHA512 fdbfdf63b1ddc2e958770a78c2495e7b10fc20c98def56e0abc8efa198e99bb185bf5d4c272325ff3ec464aaf0c8367bbdffb8d2f934889ab13bd415ab3d298d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\25X2B4US\www.youtube[1].xml

MD5 97ce6b30d251dd365f9d7e0c2311bde8
SHA1 4b0b444bf7cbe8c43fdcf9141d1652d1aa7f1445
SHA256 528d87dfb2b9e1e33f871f9232a245830d93a5cd67745eb0cb3de4ce0a685be9
SHA512 76e4bddc5af6f2e3425c1e113030161ec867d5d9ff4e27be9be2acb87fb052a717d97738ccac99179d835aaa24e0e4b812cdb4d1de958de3f2118d54f692cede

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DODQ7AEY\57wTYcgCL9-06Mjz4he5vP6_4afBPjLl2lxgmn3azys[1].js

MD5 856cbc9239ad5b22e09262a0772086b7
SHA1 f85c8823e31ee0445b52eaff81a312bf30a9de0a
SHA256 e7bc1361c8022fdfb4e8c8f3e217b9bcfebfe1a7c13e32e5da5c609a7ddacf2b
SHA512 9a57544fc353802c2e7b209a025b39a79ee646393fd89ac7d0325940853033fa661a252da81a0e4ef391d0c3b6365fe9f77a6c3f5f73bb41ddc14459c627b745

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\25X2B4US\www.youtube[1].xml

MD5 cd1e756108d78cfa42307803490d5c30
SHA1 4ee92f97137b067851b89a7ea8995d8c56bf815e
SHA256 a9e07d17829421222d7a044acdffcd5488c756cd515c6264950c0de17cc5a79e
SHA512 18d7813f4cf378d9faea4e201b43d27eb0ce918b9aaa58091778e2132eb6308e256bd422f9c5f68cff6f6c37a4f8e6e42a83b022c60aefb509ad8817ead20160

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\25X2B4US\www.youtube[1].xml

MD5 96eb0eca31467aee33eaf228c43f5d55
SHA1 81bef6c2184c5a45658c600c931cb959060bcba9
SHA256 19968512cda6caa34680d82f52b1c4dcbf5339a489ec6e9a9658194821c9287c
SHA512 0b3747e86eddda3ca289c45751a3c603c42f6068484404de0c97cbdb8401766db7ad7fb1b75c499e62b5a7780fb6406e5186e02e758e6b9022697ae50542ac75

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\25X2B4US\www.youtube[1].xml

MD5 48056141aa8e969b7dff2ab1c0f64cd4
SHA1 19545eddff1883b89449593d276bce347d2d36cc
SHA256 e746a35c1f4c6f61bdde8d98d23ada8a22e0d8e63ac517a5699e682ba39c7b48
SHA512 7339b636b89c02865fe5320a493309b9e4bdfd2b5ef113952d9c24fd5489214baf235360002363bfbb8df0ad55d92ea6b748a1fb217ddb7669ac648f8d987c9e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\25X2B4US\www.youtube[1].xml

MD5 674281bc4a12fe9c1911f1992cb8c642
SHA1 c8ebbc9eb85466a87b9552c66ec495767d7b1bdc
SHA256 f2c0f97d19e073914a2e777ea94443a9ee45281b52f1bb56a24f09a34f34ce1e
SHA512 a18029edd1cd0c8bcb86fd612b3d65be346311ffe9f444457ad7270959f3fd08e6aa392f93fc509d1916d56479d0d796f0d13212c67b3eb548ef798646f14bbd

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\25X2B4US\www.youtube[1].xml

MD5 23a1efc587b17cf23aab9f7089882f60
SHA1 2dd59f34688bf983b4723eab9619f33b0feb5f3b
SHA256 309ee4ccc96130f55d8c19c683ac04011d19b19cb58780657e9c62d3623857ce
SHA512 bc88c87bbb5f4fedecc93afd56299d81b522a219c1d1e0f583ea8dea646696956ab8d4e5bda42bc414818968f57ba7960465b8d084067cb5b36eda784e3a675a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\25X2B4US\www.youtube[1].xml

MD5 1d50c4de247ed7f3f569aba9f5989a3b
SHA1 941b0f838edd72da8a93d8fcfe15490bbd14c157
SHA256 45bb65f7d61d4bc5402a9eb2dc00ab9a83f34e510a8d7ef1609eb2c4135befec
SHA512 26896ab60d4baba6824609284c512ef749d708058b152e8337ab98557898cbea60de67e4eefbda08422e22d0578787b81ff604a7d32084cdb893c84dc1525ff6

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\25X2B4US\www.youtube[1].xml

MD5 31ee63b39ba96e67f66c8020ff9221e3
SHA1 b6d3cbf84621dc66db0c0fe136fd7c1fc2a5d22d
SHA256 081710616596e4baac36d81bae2c7bf6dc05d45f88d599aa616a77457bb52bca
SHA512 a87b8d4d1b448e8e4a88d475bbfe7d890ec3532e0ad8fa17c66c818681f34381eec1f453167135cac9ede085ef367b2f56e6ddac55c9996f72d81673ae15a7fc

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\25X2B4US\www.youtube[1].xml

MD5 ac2ac9625ff51e5355b90dc3e5af193a
SHA1 ebac5fa0647574d31daeb3b452d2a341a0ddf3fe
SHA256 9ecb34a36cd22ede491c7d1bf30af10d804733d9855ae0093823b0d594e35c49
SHA512 4afe50402518e59646268c7855a3bd3b5a23fffc73aa99f2c0e47e7bac6b2aa66867639bd64a0d5ab117ce9eb4f4e91abcb5bc516385de01346dc13579d4cc16

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\25X2B4US\www.youtube[1].xml

MD5 1d022dafe59b191d08b56dec7f11c80c
SHA1 a4bf6a35a30bd8ace96a2fc6b713626391292b53
SHA256 97718f454ed25c907c3368f2a6bbba024e327e0d475338d5133121698f25298d
SHA512 9bc98ce444e0ff5a51cc9fc8c51a597a63230efd1a8c2c80198d0d9d4e12b1185e5f07829190df53555f226be4c2d367c78f331f83d36a4fe743c86cffcaf5e7

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\25X2B4US\www.youtube[1].xml

MD5 e4498d21658e973976b071b3fcaec896
SHA1 08b4a951daedc24cb411d3f0105ed85c90edbff1
SHA256 0cf60b6c59d1b47b61994fa38c40c00cd4e943f7c4b6b53f7aeb76f76bd6cdc0
SHA512 855b5a013bbadcc030e8f12adf7ac5d399813521924e0342c4e7cade0f04811e230a6b97ed9e0386c8178d44f69021d9260dc3edc650e2be43090c0457979d95

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\25X2B4US\www.youtube[1].xml

MD5 b3d3e5bd2d58b48f441dbfcc69106df3
SHA1 ac8463ab3be5135bdd96033b77a735131cf0261e
SHA256 e58ace345ec62752484e3c4b34a12dbaef6d522b5efcca0d95731aa748226316
SHA512 01f8017c46f02a4f0671cf6bc80a67fa6fb88a49057ab4d5d0f05311fd4873f8f5bca3e98ec09b1cdf16ef6646bcb07624caaeb7032e4a995d54258ba5046044

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\25X2B4US\www.youtube[1].xml

MD5 2b3f35edd2dcc9d81bb821be53f94c38
SHA1 cd06e05a0bb3cc9bb491ff25b47159ef87c5c7ee
SHA256 45f2a0cfa8f0a89658f99494c34cdcefd3772afeb54abc64789f89ae78fb15c3
SHA512 863194fccc7daab8c337fb9856a949990149dc07be765b3193948f3296f5b9a2b25b5e7f5c74e12711ee1a5a373d0ae242206765a7792b3184393202dbd91f8c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\25X2B4US\www.youtube[1].xml

MD5 eb18b1b484c72c09b1f1281999026a71
SHA1 3186b0e0ceb4a7b88eab8e322c97913183d575fc
SHA256 3e782c617960e9790630861f55a2c2c87dac4813ac9df4e21951fd74792e600f
SHA512 b0448ca5aaf9c9bc96dec71c8ea3f80c6d2a850f583f49796126139cb8bdf0f70df82787f6ee41fdfb023d3fa2a6060bdea891250740bd4687abfc7cf65436e4

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\25X2B4US\www.youtube[1].xml

MD5 bf5cb36223c8ace2d3329ae59303baf0
SHA1 31901926c96e0f62a3d9b6913a232c9f063bd038
SHA256 41933f9c6c6c91690f274166e89f83fe2b20c837f22bbb801883d5893c1e37b3
SHA512 acedaba4d0eadffd9dffafc13d5d94bdbdb5640f3be5127bee51c5c2b8ac5f73cfb2ccce7fa2d89305f8b26365c24967a58139bfddcb148c0ed6e4994e944de7

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\25X2B4US\www.youtube[1].xml

MD5 ce6e2ae75a8b720fe0ae84656ebf1270
SHA1 368e03966423e40af20bbfd83134513546d78153
SHA256 851ed40385adda7c56d4da7c68c40eeebaf3fe087529103cd6f368403db22115
SHA512 8e9b408dc544a42a67bc65c79494f6f4700851a630a68529da136826a31f47a6112e42e6def30b675c217b9e06c3476262c4c801a533d0d1f9420bed2686136c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\25X2B4US\www.youtube[1].xml

MD5 c295b2f2a66cd54d0e891bb031d1fae8
SHA1 b083baf5260652b09f66f98e3492b38b4df5bf3d
SHA256 b4a178d71fd8490f05a942eef7d5d31384cea893730a265361ee4670a7069bb2
SHA512 3f0af3ace12c95903f85e9d007b6ab0850f6f58509d9c835c069eead13033439cf62def0daa27ccd0139c1804c7266689e5538192f8d29c5607288a3be3ba03f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\25X2B4US\www.youtube[1].xml

MD5 43ce359a2bb7f9041f7c24e85418d573
SHA1 e7523c3a8b5f9d1d902a4c73708281eab48a3ac1
SHA256 d65ffc16fce8cede243e28e3b8b398e0276c87142d392926384d683805f427bd
SHA512 37507b8c848cf59c0cec6954c8796ef60e7b12da3abba97094c9922820e1a82af65e9d90e23f686f551bcfc3cc16fd38563cc0f2c8c8141b68245c3911eb5769

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\25X2B4US\www.youtube[1].xml

MD5 b29703ca7b84f9018d36c5e3d2b15051
SHA1 5796b39f8d5cb0723c3a58f2359e129366cec9e6
SHA256 406e797e08beaf628c88f1d7762c7c56cace0f755845d3d67b97485e6fe27755
SHA512 64e0eddd021befd69afc5ed4523029025b6072593062f0cf52620f966f5a0218e4176eca0c2d7ea04b6cdc0dac8745cef725310cf5c66b2adbb12bec852da837

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\25X2B4US\www.youtube[1].xml

MD5 40c91cd041e10f9a5fd2ac2534f05878
SHA1 5ced4249e85a80a6378eb013c9c13abbedcb717e
SHA256 b97345c3074ec4413ef0b48d210978d2aafc820b33d486520c1804c831c21c81
SHA512 3015ad17f8357f00fa6e4272b824d6dcf27a2b371127e4bc8fdb7c70813404374b56d300139679caa0d74dd644340aac2edde499eb17651d431fafe23e24dc87

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\25X2B4US\www.youtube[1].xml

MD5 a60f986d26122aa02f9a76c15c12bd95
SHA1 3fefaf3a22d44f9187a10343ef4777357fb8be21
SHA256 340a035d9514c9c1f3f66dd631389200ff59cad0e2dd8208b2d60f21540959ac
SHA512 aef95f0ef549ef18097511e32ed98d03d34eea4c00a896dc772dcf3d00de6d23be06ed016cb515d0117008fad5d5ad67644eebcd9c2ce5bb8077b5dba9d5f4a1

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\25X2B4US\www.youtube[1].xml

MD5 6f5f82630c211c87b3f6d65bb11e1665
SHA1 e2f36ed3f57902b916d9125bb2d173eef15b7ca3
SHA256 d70c43f7fcfef03ce8dd7d256c5e62e9eec2f24273cacc39a7784ea4388fcd3e
SHA512 32b431b120043692eab0de74727b5c8e5bd94ca4b22a67db25d8aa15d7d247d39724f291152bacc71f6c6652a826715e170eb5cfcd35275f94ee6f588c7bbc79

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\25X2B4US\www.youtube[1].xml

MD5 6da42613a442fdf2e1ceafa856f739dd
SHA1 738ce9f560f1247e4d44cebec8754da993d53087
SHA256 6aff6aab4acdad4a968538ea28f3ef942efabf9941ab92437aaee357463bfeab
SHA512 4878181f43da1b8c54b0a35eb2641bc577a31e696d930bd68dc4657a415800257c8f386f55764457033cd9b2881763e3fdbf71703cb5890a0c143ad44c06a190

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\25X2B4US\www.youtube[1].xml

MD5 0a60410cd81fd7594db600cfba88809e
SHA1 ae845ed213d3b4e2e2f61841d7ad75e4bab46144
SHA256 2b93fafd2886851a0fa07c987a4e4c9f49c52ecc8225a8c0f222413b8c5513b7
SHA512 bbdb5ece78681cb0dfd14d40c2ae0c727c4d71e5ae41546f153a21a4146b63eb67f8edcc6e48b0107dd97f3ca4b37c4de783cff39fb09f1a14e053a7ce64392f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\25X2B4US\www.youtube[1].xml

MD5 2ec0a546e1b6762924087082f9ddf8fd
SHA1 fe4c39100ce6ec3b1cab1ee78f6d94cc7e296a29
SHA256 6dcdd47f8960f1eed1ab1103b993da8359dea7283a586908717ea36cf8a9183f
SHA512 215fcc9ccf2ede3c120fde50bbac7193e86b1da8e5cfcc7a0da79559cd17744dcc1d5339d604034c46fdf2e16d83ea355746f1a893d044f5a2f34a190340f0c5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\25X2B4US\www.youtube[1].xml

MD5 ec421ff1e42079e9e9f844f1afb8d1e4
SHA1 38d59f61a5ac34daf372512ea922e0a17ebee9a9
SHA256 b4c723fa6b5c83ae0f4e7781c3de63d937f6bcdb096960a8b8667b07edac0020
SHA512 c5b344a6caac336e7f5ac44ff0d595f4fa2b4ace34a8d4f8a57475e3a089bf9e58d933214d1e7d609bd66ed053f19d1ad8be950b00e059c0dc402b9c82c41cbc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c7e80c7b78ccc53616ebb92ab77d7d46
SHA1 4aaef0487290e60fa777d9dfab29e32f077b2b34
SHA256 7b2c9a62fadfc07bf974ca8813a0ab65466683db11ad192007ce182492d5e8b0
SHA512 1c688918af1e95f3ea4359473f207d39bfcc6dff9c366d523573881926e00068f9504c0a60fdb16660a1685ba2002e152e17e5acb41824d0bdf58a5f2d66eb72

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 38cb31bcb6c92836a25bb695f91393c5
SHA1 d60b6b4b1ec29b529d8f190de77c8a044dfa750a
SHA256 47ac69109badf3712ea6f169a37f7c8df0f2b9ae7a34b173e350ea69cab8588a
SHA512 08d82d9c70dd4e998b38efacd02579f26ac89ccaf2ec5fc0e3e5fc2909f195dd4b616efde4ab1fece74a959de2fffe074a753ee0d7afcde581cc3c62b31fd822

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 17380d054f9fce60f176df404580b8f8
SHA1 b0e8f29ca4cf67aa47f786a0e8e02316eb52df85
SHA256 77cd3b2c64384f002df3241c4e4c4a4266272b074874af3c53955751e5afa349
SHA512 f068fec0b4d8fd62abb9c2505bb2582f1a106fbd53d346cc147edc27514d845b4eb1657878556ef189416a0840a3270377056a01607a675ea49e006eab962854

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f256e4e49a34c5d68b612175c55aa95
SHA1 fa9e38b3d24d0b2f45aba194c983004e2d98061e
SHA256 f14ee9c30f1f4ee4042230bebe8e03abfca0bac87b53854d37fd6d8aa89b0a5a
SHA512 7085adb39deb2fa3cce6456b085554fda65caa2b31dcd4d1e7f01a06e37b6d1128745385da2e63fadf4348c371b6b379ad05a76406fea7d5e87943123e46386f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4eab7c247879878db5a8010a40fe4644
SHA1 15c12557845aff9e7e894ae561de2bdef3b641c5
SHA256 6249ec604adcc38e99384e00eb70c440d370164dc3d90110dc0bd42f0354fc92
SHA512 8dba49df32fc6680f0b5dfe1a5d54ff84660f60986dc00e11b955f025a263e5e7507331ce41a8256f69e45016ee4f7b732c5fc7fad97a9d0538a7e40e09327ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e1642026e536a7546a05b0c48348c21
SHA1 c3dd8b255e9204acfeb4e15f4c08f9fffb0dad0b
SHA256 c1cdc58984dafcb6d602e615605ca9c1d626d40a43a1edfe05fbf0b9944775d5
SHA512 4c2dd5cad8363b8917f290c0283f5044572ee00c19809115a7e6052c8d4dcdaf0728d666da042b44dc5ad360d4b2db39adab0ca0f3a21b2207e461ac9d006362

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 969f7c5208a05f5c51e6f563edca72e0
SHA1 b9923b6508bbb7831bf8ec3fb9c2c583cfb5471a
SHA256 b6c2250ef88e7b37c715e9677b65af420bc3b8aeb75eedf9882b296b876efc56
SHA512 44c2e54ff1e3f59d41cefb63c170d2a25740449a33a317575a3726653650cb1509f511b4035e444e30d5ed41bcfd351dcadaf9d0825c3bbce8d71800d047af91

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 64b8dc1a647c8639107eb54b8973b491
SHA1 fcb2bacdbda707bcb337e066e6327a88c7645e3f
SHA256 81c6be0d8034e651c64c686c42646a705a26eda954fb999bfa7e84a03eb0caa0
SHA512 e8a063f6e18311e6bfd15e2465917a93075ae82667f331e8085506ea46c5f3491ab2d5c884dbbf998fbbe953e0cd4a1481634124b64dd843ff136e684794fb03

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 14f2693d2ec5c2733942e50a386e307f
SHA1 966a957f30d5cb75b708887e7d515eebb62f767f
SHA256 09723ce843dece75670a87fe3fdd1fd6afa6e1f1a23890f9b7cca1ed5c0035ea
SHA512 8034ed916c5cf907f14cbda759b718cef85c075689f65fc3864cbd77ca55ad216006eb0f7f24bc791e445001e1a50966e29df196cb71765e9b45668e5bd82037

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1738249e1268604af6c5fec9a021434a
SHA1 e584536353280480efa7d42aef96783842eab8e8
SHA256 1d8a386d51e22c466bc16b19f66955fd16b49ea0f4792a542e96e221a3ff34fa
SHA512 e0157a063a81d8bcda73425d4aec5c31cca9438a5bec6339481b5a31917b2b75db281c9491cba7e52bfce3ae6054fe39533ed8da10cb61b453b2453a0ccbbeea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 251a2b075e992e8547a9f0a63237843f
SHA1 38f320f0baa4224ef33e01b77fc523dd3c684528
SHA256 228a9f1191d931c87b849fdb92b57b84bea0418e0111e516ceda11aa269fe70e
SHA512 b7e1e0cc95ed99f3c7283139b2545af3228ad0464d8094e84bafbe79f7214da8bdfe6744a452f2d61f4f5f08a5526961063a07eb3ba7539aa53d99dca42d59ff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a7ccec3cbbe8cd66eaff9754a0b95750
SHA1 f0d0fe75a3c484a6f3f10891370fb5dc717924ae
SHA256 ba6776de6789b24efa544bde765d216a2d5d3a76005bbe9442a02aa5ca8e76f1
SHA512 17f1e519d6aa1f8fe79513ac80c3bdc19046afd02ecced2a144da8c69a48faa243f47ef35e97019bbee59ecb16c60dd0e40d96bba0a13187280d41da48d8a48f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1edb634d47939c017cd88a91316f1fa4
SHA1 0227d605471ae55cf2dc6313f68908a65b0b03c9
SHA256 ac6615ccf3079da7bb409e61d2fd0cf8fe90c115152c982dc0e3e16fab258cb3
SHA512 5456a1cb32d396f440e5a76e2ceb9d975982568895be625937a74e202baa006f4a107b8284dcf4878a44752ec92cdd5a6dd76febafb94dff5bf49bb3c3e31722

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f0916aea51db2e10a9139984f7dbe651
SHA1 2a3ee401e317898ad688906a03bf4b54624ea30b
SHA256 9e5e83662f34dec792c15736f2184d0e0ae2c339c544a0419293849bacfe8fca
SHA512 de500fbccaf633f16b2b5bc11fd98ea7711cba304108eed8a198c1b4e49cf0ad21e9428cb3303e0cedd33ee7f44db4d1beaf5326a996b6fc44c02574f7ef8779

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 96cd7621a50e7ed5dbc93e10ef7fbb5b
SHA1 640cbe6e86625fc1309b9b63e13e85c86e8ffcb3
SHA256 0afed6b29dc8013791e72f5256e9dbf3e3552d574b1d9b8c6c42f75bba57b726
SHA512 322a25b2b3704e30fdf8a03d83048a37ead313f76a72edaa74f8db38d99ced2637fd22251788f2e31b2ea929b9e929cdc80fa4c989088a18fbc8b0c360727bd3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b92638f54ece62fd568054261caf9807
SHA1 aca96fa20238688a51cc91b5fbb8faf4e24cd3cd
SHA256 8c49f57cd7e378d5c3bd14d951cc6d057ae9454de66b845a7fff2fd9bc3bca8b
SHA512 ce31e0f3823db7a2522250866e97f8f0928fc0161c932dd198869066e7aef4da8e1a6ce4df1ddd4688ec8c94096f467b52ee96c2582311bb08c75c09150c0e16

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2a9c6fa3bf44ac09c5b16a78656bb090
SHA1 d88b557b70ebce4b6edde6ef1f1635f378527c80
SHA256 45468a8e6d199414157967c8966c23a64f03b8631b974dc0f98c7e0d18bdb30e
SHA512 a450ef50e3d6e078a411b03ab72a08c1f883519b2366fae45a310484da3b352d61aa61e0cba430e80d5144c70e817f377b1c5b9de377fc81edb2e6a4c4e57417

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1d158d38158502be260f553e7f2f3ccd
SHA1 0881a0aadd368ac7b2dbf67bf00cbc9323e85d6e
SHA256 5bb8ee1d52b00f7b8dc54df5d8f75b64534c2c4517515d02d5813a51c479167a
SHA512 f06bf95d34365ddf33c14a2d35f0519e80bd27cca0da3d4f323945f44975758906d627f0219c482f70f051da51fd02808e42f347206415e5335421d011cd3a0a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 545eb7b6eab3dce71a6d67020055b795
SHA1 c67ea39dcde41f0d71cb075fba708a554e99027f
SHA256 cb21509025fce439b1ed0b494545affe5a09348d77de94f23e4750c0c5fe9e07
SHA512 4bc4cfbe1e8dfa3b16edbfcad3bf2e2c2037e661810d0172aa576417ce8cc7d4668dba423cac0ae720737b455b0acb07811bccf26e6d3c7ef756aa987dae70a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 331ee660c38960c48b097fa282463c10
SHA1 e6ced6819715a56fbd1b64517148b2c509c1a306
SHA256 775412d4cd90bb6ab9c5c199f7a80bb70a02dfce807553563aa756ed8edfda5b
SHA512 46707a3872687c5d9453aa38a0a2ecca3505790878edbbfc7463aca178f49ca33eebc0381047ab2d9fa65539dde6c0adefc1b2051cf13bc0b2cd5a061aee3009