Malware Analysis Report

2025-01-18 00:53

Sample ID 240613-lqp68atbrc
Target a4e8dff617bf504de578dc65b352ef1a_JaffaCakes118
SHA256 07b8aebcbe55b1a6656e3bf17c689d01388583626c12f7109a16a063d44fc07e
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

07b8aebcbe55b1a6656e3bf17c689d01388583626c12f7109a16a063d44fc07e

Threat Level: No (potentially) malicious behavior was detected

The file a4e8dff617bf504de578dc65b352ef1a_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 09:44

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 09:44

Reported

2024-06-13 09:47

Platform

win10v2004-20240611-en

Max time kernel

145s

Max time network

142s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4e8dff617bf504de578dc65b352ef1a_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1116 wrote to memory of 5088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 5088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1116 wrote to memory of 3536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4e8dff617bf504de578dc65b352ef1a_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec8e346f8,0x7ffec8e34708,0x7ffec8e34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,2240251174599759762,16116797853015464365,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,2240251174599759762,16116797853015464365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,2240251174599759762,16116797853015464365,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,2240251174599759762,16116797853015464365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,2240251174599759762,16116797853015464365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,2240251174599759762,16116797853015464365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,2240251174599759762,16116797853015464365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,2240251174599759762,16116797853015464365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,2240251174599759762,16116797853015464365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,2240251174599759762,16116797853015464365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3368 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,2240251174599759762,16116797853015464365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3368 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,2240251174599759762,16116797853015464365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,2240251174599759762,16116797853015464365,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,2240251174599759762,16116797853015464365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,2240251174599759762,16116797853015464365,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,2240251174599759762,16116797853015464365,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5084 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 konthaiusa.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 www.konthaiusa.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.180.14:80 www.youtube.com tcp
FR 185.60.219.35:80 www.facebook.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
FR 185.60.219.35:443 www.facebook.com tcp
GB 142.250.180.14:80 www.youtube.com tcp
GB 142.250.180.14:80 www.youtube.com tcp
GB 142.250.180.14:80 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 35.219.60.185.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.180.14:443 www.youtube.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 142.250.187.214:443 i.ytimg.com tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 214.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.212.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.212.194:443 googleads.g.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.178.10:443 jnn-pa.googleapis.com tcp
GB 142.250.178.10:443 jnn-pa.googleapis.com tcp
GB 142.250.178.10:443 jnn-pa.googleapis.com tcp
GB 142.250.178.10:443 jnn-pa.googleapis.com tcp
GB 142.250.178.10:443 jnn-pa.googleapis.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.178.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 194.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
GB 216.58.212.194:443 googleads.g.doubleclick.net udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b704c9ca0493bd4548ac9c69dc4a4f27
SHA1 a3e5e54e630dabe55ca18a798d9f5681e0620ba7
SHA256 2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411
SHA512 69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32

\??\pipe\LOCAL\crashpad_1116_WWWXBCJDHWTFTECC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 477462b6ad8eaaf8d38f5e3a4daf17b0
SHA1 86174e670c44767c08a39cc2a53c09c318326201
SHA256 e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d
SHA512 a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1ededbcf-f345-4cbf-b3a0-375dd6482b00.tmp

MD5 e7cdef1673c46bd826a255ce63c23efa
SHA1 c5244e2bee343c2fd5bb7dcf425e7fb6464b1462
SHA256 b9b19085c162ec3dabc5d5670e6f70b5f845e92e40e8ffa85e3ebf0e200aabf0
SHA512 01944b0acecfa9720c09f85bb242769f043ab7989cacb8b05204becf3b9a3e032d8c9b485fe13d57f1e53d6d4fe9d241d859acb96fb337c53c009d40ddc6f37d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 dce2ca05683731e75dcba6fdc96ffaa3
SHA1 7aef83733aa736e2d999e7e9c493ffe4b21851a9
SHA256 306b1cff9f2651f9fefca48810c0f1e586449190d1e61295c67aa6e60bf502d6
SHA512 edcc8201cbbfdbc4f655f24e2af5b0146bb1fee5be71c418828c1dfa97e796b122530198e2d48284d54da8890c1ed78fc91c31c1365aa6dd7935b275ad11cf32

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ac3f7fa58ca8c7dbcf2d4457c333a1a6
SHA1 19254bc232b5862d9b9a36e3370e9a8d4155721e
SHA256 f54e983f00f359584e85d26fbfa127d0dc4e34627eb4d943fd81227133eaacc1
SHA512 7676cf55524682579135bdfa9a1c7b607c1cd11d49246122aa49ddc71719ae496d26be8c727484b4e49f2550954a700506720b8d2565132c4942ba73497b58db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6296590ae7a8deeafd6c48065688b2ee
SHA1 697fa054ef00ca6cc38f08f6e74fe6ff2981ddfe
SHA256 9cc74a4bd366b480a1dece098ca049af9c478586e649e697ca94eb663941b123
SHA512 2d754914b351b3fcfa7cd09b912e37d091d8889486bb6ec4e8f7bae6761e7fa549befd1ccc11657eab4cb1ae42a68a45f52a6ebdc1a0ee04f795e8d468a8b651

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 01ff7724922b742762db36168abbb2e7
SHA1 c994a53014dc186bfe60f64b056cecf5b6e767ec
SHA256 fb811d00cbba0e4013537c374b33f6d6750e052bc57ac51a0fc61046e9fa8641
SHA512 69146dddeea116b3d6a79dc5cfc396a56e2e6c51643f509c148db240050167d553911d865a7ffc17558ab30ae080647e2c29e7351d7b91a463f90ade8ba52c77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 11c182c3cd6233328c0f8bf4baa0e465
SHA1 97e6f56eb14d9a40d4f145c9e85b3b9dcd585ac4
SHA256 cf9e8fcce073351f8d1a59ba0d2e19d7c047fb5a3c8c82ac6386f5d7fe69de76
SHA512 50eefa4cd4f7b2761cae2e8cc09eba6855f54993ed7ba1a8f54e8996dd3ca31a4871bdad805f4c4835785bd0b1e92d690c649e374fe9abb85598fd24318c4f59

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 09:44

Reported

2024-06-13 09:47

Platform

win7-20240220-en

Max time kernel

125s

Max time network

130s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4e8dff617bf504de578dc65b352ef1a_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "3898" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3813" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "400" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10745" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10745" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000622eacc2a2638e4aa75af3a6e3e1b88b000000000200000000001066000000010000200000007b49214a2894e261b2c55d8d6541357d6e613b5c40e18a6e843ceee174f588ad000000000e8000000002000020000000020e35d615ccb8d7f4852491815d1cc59a7d377736536f04ebea674838fab69090000000329d0eb98e7fb8f7fe520399ea7f66fc81b05bc30cb7c4e1cafb071da5b536efe44e02f26e2e67e01b21d3d68eff4742ca06a1bf81a58b3bbdf1b3a7aabdc6a842a74beffae1de94c67b19841e078fe21f5b1393ae574934093487e36aa40c9b12f0e6e058f52f8586d855457f6db783d3d76f4fbc17893bfa1747b1d5825587d5b267dcc396bb076c65e4909343ae7c40000000c6130ed85507a72072b19fee3dd9d818e46cdc37cc0e4cab7265cb5c78b219cd9848ea562a3aa7632118fc78605e3f4c54c4eabeac75f9a3734bfd15c382f550 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8358" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "23701" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8358" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8364" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "13453" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "20294" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "400" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "3816" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "23701" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "13447" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "288" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "20294" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000622eacc2a2638e4aa75af3a6e3e1b88b0000000002000000000010660000000100002000000039ce6804c478c3c10699cc9c78111000e3b928112a228cae59413d77dd7765ed000000000e80000000020000200000009f82b04a08d83b293fe4d61a639d1b090cf555600ede6c63ed8deeba247d8f562000000069ec58ec2a9a88adefd3537a98eae9e320a62000f97790a1d59929584b74dc9440000000e6957eeacb3e69b892498598d87b3f7fd1e219dbbd48f3f4ec940b8225b5c70d33b64f22f2a18f4d18575763fb02f3ad38f7ce20425cfc54403373fac1ed9d99 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "3816" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "3813" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "13453" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "20294" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10532d8276bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "13365" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "13365" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "3813" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3898" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "23701" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "13447" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4e8dff617bf504de578dc65b352ef1a_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3056 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 konthaiusa.com udp
US 8.8.8.8:53 www.konthaiusa.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.214:443 i.ytimg.com tcp
GB 142.250.187.214:443 i.ytimg.com tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 fe0.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\www-player[2].css

MD5 d32700adacd5d982244c69736b87bedf
SHA1 813dfe8ce4ee3608ed3580113e3b82730ff03c85
SHA256 2c7426a5c6bf00c328c96fb01c89c3e23ba7791e87455cab5aa3b546942f1fc8
SHA512 bbe35704822e0a82de2da2890da6c06138514070fe93978823601079a9371386915431f98e613adaa9566112d728f5f0274b3864e8a0c7da538833383ea5d342

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\www-embed-player[1].js

MD5 8940a491297381a0ce25360e21b39bb5
SHA1 43d7a4157e78777fc024415969c3a7bd550a4322
SHA256 afc766cb1c4a339c40d24ad926f05e8b4927eed7532b876291d0bd19adc9cf3e
SHA512 5772d7e7485db888676e69cbaf4c88af01872997338bc61e8e0344d5dba208c2909e167d54d8edcb782e17d1a2b4e9dba955baeb0ad0e43ba932b3bf25ae7dde

C:\Users\Admin\AppData\Local\Temp\CabE5DE.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\base[1].js

MD5 cb463df0a090cdfabc77af2691141830
SHA1 e3dde6a1f5c4803e69839154013496a781137473
SHA256 e09e2e8a3cfbcc88eea12d0b17161e1f2c8c75f1bb21100829c09f9858db3f24
SHA512 099374f7b03a4635390b94525105884fa101d93a583eed0d92def7d2de3199d2bd57fc63d885e8e9af0863db40cf521d2fb770eb09400a4c6285f7c37ad88e8c

C:\Users\Admin\AppData\Local\Temp\TarE73D.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\31EMWFF0\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

MD5 de8b7431b74642e830af4d4f4b513ec9
SHA1 f549f1fe8a0b86ef3fbdcb8d508440aff84c385c
SHA256 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a
SHA512 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\KFOmCnqEu92Fr1Mu4mxM[1].woff

MD5 bafb105baeb22d965c70fe52ba6b49d9
SHA1 934014cc9bbe5883542be756b3146c05844b254f
SHA256 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed
SHA512 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\31EMWFF0\www.youtube[1].xml

MD5 806d84f96202fd47f1d44b81d403d250
SHA1 0dfc9fe256bd01aa691a9013ccd632c47073d71b
SHA256 9de7e55a457c9626d59b4bfcb0ef08182b2775540653256206ad00186e82ca28
SHA512 0144dab93aa4ae04abe0fc8560ffb32d98d3a2458912b64c3e4db59e72adb27b49185a7f1ec74b966b71cbb826cf8e47758383a256741900e78390adfceca2db

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\31EMWFF0\www.youtube[1].xml

MD5 9f40499c7712901da16792b5bccf7e4e
SHA1 0c76e39e05c2fe7a861bf0c628cb5e1086cdf099
SHA256 e7450bdfbd0122e75c7434256e4b35793146f26a00530b6cf9106e07eeeb6e85
SHA512 0508cdefca7c34833c09f2384b5b7b2a6ded5f7b13daadedbaf3873bab09deb8dbe9ca27e11802f4f3d4ea594744667883273bc8e28c5b3dba1c93f5d13ae395

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\31EMWFF0\www.youtube[1].xml

MD5 c31fcc0c6d178fd2969ac14e58a0bf7d
SHA1 8bf2d84a7160fc51cb51b9f73b060a3531dc775c
SHA256 f418fe111e01e0b4ff3889442db51393fdb27e9455e2d37eef292a4d6fe6a89d
SHA512 a26f29edeff17fe59794e926698fcc911dc529682b17e18486a00156a50f5bf12e906dbbb147fa43e8f450ed8e4e0aa2f530c13a5370127f37f12b469e30f4aa

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\31EMWFF0\www.youtube[1].xml

MD5 08f9c6abfdfd1ad898d6b3e97d779607
SHA1 69117a64a7f3d4952a82c5f5876021aa54f77dd5
SHA256 c0c877c877e5376032e705d37b7592e10907a65cd5655015c22c9aa4877558ed
SHA512 f0376d320f1013425149887fe8c66a02ff53ed8f8171c2535426378a209cb83b89529f12450e6bdb54be616335bd710cfb40f8762ecf8d182b7a49052ae7745e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\ad_status[1].js

MD5 1fa71744db23d0f8df9cce6719defcb7
SHA1 e4be9b7136697942a036f97cf26ebaf703ad2067
SHA256 eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
SHA512 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\embed[2].js

MD5 14d69fc9da4a63c8ad5013b3d3781842
SHA1 e0272f8403d95fd27df22dff5fc014e2ab5d8a3d
SHA256 e2a5632fec9da56d272ccdea5ecfa7000dc70659673c52a11966802e37a2140e
SHA512 0f85c67ae8969570f6cfa4d265013da7d4820ea11349b11b886d480d7d78df5c6aa1e7484724d6b21421db18678d22bae6d478d3d0e35506673fd609805d1976

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\31EMWFF0\www.youtube[1].xml

MD5 c88514e20b6b6d9e938bc3d449cd879b
SHA1 369f9bc2641c1bf7d71c96b0cb7aba91b56be613
SHA256 29ecaedebb5da007782a027e998633b44ce734dde2f38fe4c703f78625fd85a3
SHA512 2ad95b25e3abc12169a8673bf4a9a7532897b377053cf4e247de4ac2f702b5c631712f1c3e97c167e5d1471126603a69d1f4d724cc0c5a3d90fa97596d44ee7d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\31EMWFF0\www.youtube[1].xml

MD5 4f8553dd4f6ca3afa4575e83a362d7d0
SHA1 7705be6a49bd300846414ef369ae33b3921919e2
SHA256 ab44db8e37735a94227f032392366cfa888808dade1df07f31973e9fe8846233
SHA512 789df0c6fded490e311f0039973f975de6d652b7657d068cf488ede73127a1fde60101d233eb3fa890ef3d44a77fd6b164582664d1f77ccf1ce6d1ed0c2f20ce

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\31EMWFF0\www.youtube[1].xml

MD5 78432d48a1460d2e7667ce7be9dc4f85
SHA1 0501088477cd52cd56e4a4f1ab6fa4af5471ae8d
SHA256 b9668df379b59961c082830bdbb8bdc5244adf9f088e39823bba20c112bde34c
SHA512 f56b2d8c9b8609159187888cffa58a1dc45949e4da2d120d50223ed3409dd2379d75af844f0e00f6fef7a01317becd45d843eb4dae00a74cd029ee6fe37d3900

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\31EMWFF0\www.youtube[1].xml

MD5 560cb6bc826e01ac51db2103096bce27
SHA1 1c1852b8b2aa0dd01e7f3a26095086447bf3e909
SHA256 33b00c25fa1622bd3c96d95f4f946caa5b54a2624505d188fac81cebf6826967
SHA512 37b9716c6b790aa5cb9c74a7b4baedccb541f56cc9113e5371520a7d8244be1e9229eb873f7d0cc74739f9ca4fdb5cc4790244426a2a57709c44b0fbfcaf6438

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\31EMWFF0\www.youtube[1].xml

MD5 2b882c4ddd8be11510e6166366f56a7a
SHA1 380b664b14b42efe8505e72c0a5433c66eb01361
SHA256 171981169fd633593d316b6dbeb6ce4a9567bb36a411f8ee592a4ccad806245a
SHA512 4cadd3977db4fc6dea27251f289efae57b591c5a9af38ac0271786e7aa49168bcb1c5318efb20d4de077e676d1299b8b301cd6495b39e5ce26be39078560f31a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\31EMWFF0\www.youtube[1].xml

MD5 7149f139ab9ad7416fdb5d9f199464c9
SHA1 a2450e3483205655905773c66a38f8d2b0fd4d3f
SHA256 86a27781d3c26b139e2974212d421413dd7befb718385cacecd2d6349e9ff96d
SHA512 0d13c192ab68893680bdb5ad8d2b7fb0b9810663e412c12deb3d5a99d31b76978dfd122cc982eac66211dbbfeb1276a23b2f3de60d6adce47d81a5a6e681f6a4

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\31EMWFF0\www.youtube[1].xml

MD5 d6c998b052216af568f04e80259419ab
SHA1 d709ad6767301ab625ce40e77c35d2382cd39c7a
SHA256 4f331d8d960a9ca07b4064585aa0eadf88df4d5e1dd62441ade2ba889df3033b
SHA512 b10d75e292267ea0d1b2b8ba33fbdaca4e965e520af57ddf39f9f6296e2b10c5c07008f6a4fc15c036539f4bc66df7ade7fbee306538b69e18f6cb59391dac4e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\31EMWFF0\www.youtube[1].xml

MD5 d0ab648ab8ffda4de7ff32e1ddde200a
SHA1 068e442d331386747ca39890eefc2fa71f3b12c1
SHA256 8a8e33777001415b4d7618f5ddd6c8764607ecce8869a0e7c216546e582361df
SHA512 43c0843289675b5637911b8a08c67a7380d4f7be7a96fa73af1011e8599c60583ebb98aa4ee5df802a789e0af005a1ce5ee2c028b12c2e6466746e3c1dcd46f3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\31EMWFF0\www.youtube[1].xml

MD5 1a4fe32c003c247c01fcfb46d45aed26
SHA1 eb81d7b26d0d9e43539ecdb64965026fb68cb8a1
SHA256 d5021562c28b196f166afdfef994bab1bdb38d30f603419d5860205457309c45
SHA512 a1c330614b4839b46f13a680151db35560572f6c4a7eac1380ff7a11155c161690f54bf99ab3acb10066cf1857017cc32d4be5bf0545a41dfb01570487077a72

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\31EMWFF0\www.youtube[1].xml

MD5 8e38e2b3ede9408592bf7b3772ad87ef
SHA1 b78eb45b19e1898ef36429320cfbd744d3b6bead
SHA256 607ba35885f6d65fd06caf703970efed6d301773d14e5b58ffc7e34072e5fdc4
SHA512 5d3b57fcb4fe9038ff59d454b7f6bf48b56f9bbe84d525bb9f02d960a0f50124a86851393e40d4d28f0235948a79c1241c71bdc8aa63c52470225ce711ec90d1

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\31EMWFF0\www.youtube[1].xml

MD5 2d34941fa89c3e6dd76282ccac773810
SHA1 c4d7dae531008b9b9ce7525db82df90afe4a20a8
SHA256 64cfb7e42c474f92f5580e44c74bfff1a1a2d15f10ea24f3f271e4a6e31619a9
SHA512 410b4edb35c732892cc86a520b4b20001c0e37ca9c91f16035db0046b8020857ed7884a36dbb194821f70fbd6ea348be6706f96442331726ca78eed3530f5be7

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\31EMWFF0\www.youtube[1].xml

MD5 5714789b7ad3aca51b9913a81219f643
SHA1 09296b8407cb7db90d9fe529228aa3f0a9207d62
SHA256 b1cc423637f63cf71eb1ffebb4a6230a7f5bb8477167bc32171633ca5b92b3aa
SHA512 9fb3232cc2dd5b06e41a0f8614f37264273e3a2178bad4b43f1141ceb43d16c801a3ee1cce0b5bdeabdc31917a522716550cd5b3b02d7cf86eeb0405c4ecb483

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\31EMWFF0\www.youtube[1].xml

MD5 653ddace1d38e29fa79b9b1ce2bf7d66
SHA1 40e652f8a6b04402907d0f021f9436eeb8a5c6ec
SHA256 c0db152451a44d3e1e3da313534e10dd0936c3d2d7e461a479470e3ff3ac1475
SHA512 d57d8f2c9b6368e4847f67a683245a1f1ccc2b2d879f91bb7a8df87bbc9f521e5d97fc7d21bb2ec34e69fb51cb2f98e05512543d01a1fefbf24ae2afa632611d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\31EMWFF0\www.youtube[1].xml

MD5 56c9d4e00b303494711fbcefc6a15287
SHA1 9e026fb0c87b295826cf1918cd53d2cf02f7ee0d
SHA256 febd3fb2859213f526a5f72a8e3f6b4a88735293015d2fb199267f46e884af15
SHA512 d114bbe8bed866f2a83d28c2fb999256c339e923f023aa5ea2a3fb2f9a614d75daf12561173c25c94754690ec4e0bf04f40713d1f1fbf03b329a2c87fea06ac3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e13918c53c9fb7ab124386751e143a5
SHA1 ba1c36a577bf4f51e1ec9f9d532ddcfcf72c613e
SHA256 a23bb9ce7df9104b387e01b53f7ba79f8b1c3fa30d921a024c6b0b452a09e7ec
SHA512 5cee0e5ac9b32e4955c3bd9dc026827699b82056c60e8786ac6f02d65c36f353aabe498cdfe19a8e5b6043b004c6b1ba5bef010ec74708d54eae1438fb343f6e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b0be8caf53f38d13a11f853ba5436eaa
SHA1 c3be60e2eb71e2bab7c3168ff4ceec9fbe3aa41f
SHA256 34212995a5a0ed238b6e27904ce9116165159911131bf9467aaa8fdb5728a33b
SHA512 b9b724b3bf75b29660fe150b331e4993a4280a26abd4f754af90b1fd70769a1b13ee7de0072c62303011c4e2278caba5decbf0192a81f52cd2be6c0426e17e25

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d82b9369a897fccbcdeacc1c353d5f7a
SHA1 4c97c318b084e1bca200b219a61b319a2011bc4b
SHA256 57b67cba197eb1631d21ba5f94a6a967eb5994a81e9d56b159bf6573468b2eb2
SHA512 e07979961504379c6f1784db2d3ef11aa727752eb63712a9e6d90703486fe64e4ce094d9db8c3aae5068e729d6193f3a50aaf5d30c69cbc354af3ee4ab3b46fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b87cffee4705776408b2fd1a15208bda
SHA1 109fea8e696f464445dd5fa43671fd0adf56a29d
SHA256 18f0fad3082ba19561ca8422480fb40ffce4f166409173aa86ba386c23f8bba5
SHA512 654aaefeaa7f98b03479f45060ea4bbd6b37a215337ad19b26b392176f95b33302513bdd015f4159a709188b2cb30530d60e5cd2ec5456c2acf65fb7e58a57e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2eb370252490f51112c49cf83fa0e110
SHA1 4f2c9b7b2ea3913d0c537dc44305843cb4e65c40
SHA256 502b844677e7b24f25105688fec9914b96a9d3cfaedb6a6d0c415c4b9e847fc0
SHA512 4ce2d558f615808a41f0b04cf0dba648accf35900a72e5c3da86eaa0cd2e248932b8f534592693cfb713063138d3601be5a1a9dda0a4338697d6b5e7d68561f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0064cbccab1110261e32cf516ecd1b9f
SHA1 057609fc010136c04b7453ada0f08d6565eea3e2
SHA256 346ea917885cd8b67c2d4d9bba235177402475b037ba8ad7ab65837d0d352bb6
SHA512 f00bc2231e1060b8b08df6621fcd1a183aa9290fc2a30763b82bc933503b62a4ae7e0e85397e9d69e73f2ac005382ab1f129c3eecc1426594dba13bcfd468aca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5f85fb684df1d43afb835ad5081798fc
SHA1 126b58b2a00eaa946da41aede3f27174e5d529e3
SHA256 670e0cb18498f3bf79dfc7350a198db9023b40f86e9e950717e8ce8b213df0fa
SHA512 35062d96e0a532484a6a3ea92fd7fa11a1bb4ce740c7b27642b648fccf505e7ae8bc2b5e2019e8c9bb82c7f67e78e55186878e5800a25f46c62f7b6a724ef659

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e190694f4208500f34b2e80dce46b255
SHA1 e91488cc00be34645c018fe27faf2aaa1bf69693
SHA256 fd3d46ecb09da2c860a1a67bebe759973bb61c21c2bef2a16efc762316dd8013
SHA512 a88fd203fe7785ca0bb78a412cd86d64bc94a795ae5a8063a4219398cf65ffd8689007362e483d86c7087f1b88b591e6adb665b303e686dfdd80ac58ef71b25a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08b1706769cd4867a1520ed7ae54e134
SHA1 3427740db6d3d556dcf5148c98778fe4f0ba0a8e
SHA256 bd7b58f3ebc3aad46c09a39329aad116d956b8f240a92f5c5303d1e25fddc8f0
SHA512 5927845fdce1ea66bfc31a9b888c30eb0a3288903e31b87d36b3bd95edbd6851ec57748a1cdd6c887adbc7900d30855680b1b5ed12460b4c865b97c2d77b3914

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d8d1d6f21a037cc5876f89a0610ad102
SHA1 041d4816c19d126f3f0c0166ed1cdb25d3d9f337
SHA256 a99ff94186b5b3788da31bd7c776cebdccca7678bef78279f8ca43f25ef3e426
SHA512 a4ae25ce3b8226cd1d2688879f576fa08d746eec47ad177c0392428abae740ee0f605a14d4011ac34a66361719f070bd56ba160345d1269051f45a9106fe6573

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\31EMWFF0\www.youtube[1].xml

MD5 d8fa4e07e59eb8185ece1bf1c2c483d5
SHA1 8a2affeaf45012be7d6bcf3c8eece3533361172b
SHA256 bbfa107c2c84d90f76ecb65940bba6354603642549933f95656c68649f29c83c
SHA512 51d5d490eebffc4ce714dde518d4b5181e43b9550f5f6277039176453392f844bc0836d4b6c7806db26c9577208672f534b301bff8e3e8ed077a0ab8ee7a5241

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\31EMWFF0\www.youtube[1].xml

MD5 e0212ef140d510bdfccb9013998b61e5
SHA1 7dd41b395e5887781fcd190453655db8ac892de2
SHA256 bfe7c12060e97f743c0ce3c3f1d702bd0286272a27877dc636108571b6e20406
SHA512 e110bd405512ad9ce60b7f021d1b45ea2835efdc2489a61bd7b65562cdefc0fe4cc17a2784acfc98def576febabe80f806787a6a34e880ecb8334806ce911172

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\31EMWFF0\www.youtube[1].xml

MD5 94134b8476f37f5bb4204bec09e08bcd
SHA1 f568241f5c4a287563a3f9bef549689a6e426b0a
SHA256 891d5d6fef217fb07761acd72b910432cd68cba6bf0f089b5eb1c250ca778b9e
SHA512 cc0db353e481681339a169f99f68d150557911e480d4c2c8ac4e65a11bb0d2b212238de193e1c9c1d0d7e6a489e9fdc6db69de17ab2257eae9d2f466091c18b6

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\31EMWFF0\www.youtube[1].xml

MD5 ac2eda8b1e7b596f15f9c538ee4afb22
SHA1 1d7a4486e7f38e2d6ca2ca6badfb77130a8ac5b8
SHA256 fa3592fcf560e9de6b29eb3c5702ff0b8f36a18442f7100bc2a90d9e59cf2de3
SHA512 6a9ca7822a2b7ae827360490099e4676a071d4c4137f13fc68bfc36c1600a54a9cef8a2d09062a5beef89f68c5b9d9b9a1452bb69e149ab3ff44fdbf868bba30

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\31EMWFF0\www.youtube[1].xml

MD5 ce06e671a30ab0dd563f06710e101853
SHA1 c9e0dac6cd58fe64671ad80bf775d3dbc77d251c
SHA256 e07922575c76d5c7b6486428fdf1561352c9366b8fa10f00efb32e05a1862faa
SHA512 66975110928b4569e0a602899acb0a8f169a47c42d5294a3bf07588a5e0be5723b47c5667eb6cfdf08446d4136682733eac3848dc6aeab00b775e2232634046e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\31EMWFF0\www.youtube[1].xml

MD5 61a647e1f0a803e7579eaa7d57ab4076
SHA1 191f9029ad244f0f9b386e6881a79aa5d3cf5473
SHA256 2e5a603468e45726d8b9027f02a3b6b9fd65670cdfbb7633d6f5de82077e320e
SHA512 7349972c6ee498a3443299cc6972a82906aa9065843fe6cb3f7d5f6694ea9f1c8ba21fa6fe444c6aef8e0da072d948eb1059d338c9432bf7ceb0ca0fb5d74d89

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4974cd253e98a5b09bb52331f5fc0643
SHA1 54581ed5d1e7ec0a392ead35ab83c6ca8cb7f839
SHA256 c5f20aa78d0c5c2bba67d8fb397049ec396dcc67e42d4457777e5ac4db390a40
SHA512 d611bb0f96ce5186218fe1c21f510d42edc9167d11640368aa0d573f1690df6a3428f6b8fce33eba9fac366e47f65c7858fd3850292f9f5bb2a1609ef694705d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 998787392ee1b707265ba58692490ded
SHA1 12b8bea80e14c1cdce82c608a21c100451bd9e43
SHA256 b2ac8d62ffe466a50fac0e00d388d93dbfdf18d467a1dbeaec3993bffeab66f1
SHA512 92130252b153bdca872a3b31fa55316d5b0e82c33426cabf4b4cba120c6a073933c886e37bbd87391e5caca92651e2bd3d45615519ace6e5bc02cb4f0d089e37

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\31EMWFF0\www.youtube[1].xml

MD5 8a34a9fbb07b6e315e14d9139248ea86
SHA1 a2952827b5b7535566a8881ed65549db95a04440
SHA256 834ba21f42084606542bf054a28da9a1b9f086dee825e9bb45ea4949f2ad8ae1
SHA512 1fcb1ebf0890ebf565744ec3d4cb89ae6a239feaff613b922cdf38e09a18c901d56a9bd97a75341d922c405f1c30f407233e4d5ff35f31e9acd889a313d2e0d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4840348d9fe27777e9c683ad618a8f80
SHA1 9cf3eccfa6f82662c72d5f378cbe98ce4cf7af94
SHA256 37b5306fec5fc02e8c11bf368e97d5da65e953e9b59e6cb94fc4ac7853a14e31
SHA512 c67e0d9b776516f292cc53606bc7059ab833ad7b66fd89feac3cdbf32d49cdf16520b5e7fd3427e0cddb6bfc70c35c8525c17997ad3a9cbb9493afe37d36289f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 38a25c9f8e70d2ab3add78f54c7ebc3b
SHA1 1f346a9eb395b987c225fcab220e8b870f40f00d
SHA256 6881c082f12aa0286bb938d746312303ff85814c3bfc5ea08fe30458b31c9bab
SHA512 b86d89c32698898dac142d9482f29569d7ab0945bb413fd7f9796e935c36a1578809ba73d4178f42175ef8e010d6505a0d4285a5b0a15009727d27e9c3bfd201

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c4a6d5ebf5b214330b5bc880a69ad03e
SHA1 7b8e3637cd366dc66411e74606b1a196bfa0591e
SHA256 79e80e93fcc5c17ef830504dd33974a2e775b6a14777b86181a19086eda21dd7
SHA512 ae6565e8c235c87bc9c21383c7fe9be4a0e459c39fa727a0507e67c303f11f4d68ed675004739f38f79f4952254fea351f1f4adf1087715fe25e19f30c0e18d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ced335a3386983cea115b3f25f79da27
SHA1 e76406377637547aff9008ff4b1df311dd3576f4
SHA256 781b93cc27608396a2cfa9c15021b256fc8dc8a7a22c80012c98aa1c40c8da74
SHA512 970c0bcc220d3b7f23796e0c78b3f790d5094ffaecf1ff9e65aec198f7cd42d77a2a038a25b192417dd16045df6df6b39b7f1a6c9e56c38b2ffbb4a5b9f6bea2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7039947fdfb689a2af98dd9a66389ac2
SHA1 e5bcc80f75cc8321d5a78d21e5fa19bed7f086c1
SHA256 4c54cbab2d35f1140e9bd67540846e64882e2f99c1042b92edfbb83392831d5b
SHA512 631fac3d9be38cd14fbd35bd4ab0a4f3ae3346ad965275fa929cf145a5e30e2566b9b3c5b5b9cfa116f43fed46e3be4727e90553e5bee723652d4377db0aa399

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 597374312ade453cca3f56c15cb0f7bc
SHA1 7761b5e0b7f7c32958ca1142959d7d5fa02f5a33
SHA256 386609a3f6110feeb2b49b74eddb18223c514356a57a405488e6b6124d414c81
SHA512 7b34ad19bf9993a1ff6843bb9a776e8ede269cc2638335e421857a3e22d4a4a8fa7454ea57fefe59b8d1f143f5966d95eda89ea64609172a555212e2b4ae7f68

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f48022043624bf4e3766707cb22339b
SHA1 b08afa5fab39f9c4dd26beb1d770ec1d1efd6cbe
SHA256 4952e8098c625714d8fcd3226c0a7869c9244b377f22b004d83a0655f2de363c
SHA512 9547f3ffcb543a6969bb28da9a1d24afb210a18a03812afe3b9a6fccb698d71ca4909102975fba526c7177c90e42d7de0aba85fbe2e48e76d70f22802e6f6ca7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb69e3f2cf126b527213400b9bd18f2c
SHA1 c103500f63911a5e5ff4ff5e00e8a52ec7afaeab
SHA256 172cab740c823811f061472309ef32b5391108366eed705a368af89572a6eca9
SHA512 99aad9b8a46fbb64ebb678b42dede8bd5c88f11f4700da2fd1069afc6fd9835179197e80c8c8ebe4632e7fe4a432fa5a71a547a828e70aeada96f020529b0479

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\31EMWFF0\www.youtube[1].xml

MD5 b65b272252e2eee4c49e33767ff5d65e
SHA1 14ca2916e8305be76955ac208cd9899ab27d1b1d
SHA256 7b6d26fd4b3470363b2da4c1c0431d6f790ef44b0a0adc157238ab0ae98df5af
SHA512 d3468f7b7d3c643fd2059100e9c7c0d4d813a3e4ee16ac958ec8e2a550ade8d2df412c279b5f1b9cd83a21760f363ab525d33e7da62ad44109b26ef1155437cc

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\31EMWFF0\www.youtube[1].xml

MD5 63ca713b76aae715da4f9231118d5b99
SHA1 5433852f8c8a6d9d1c57a52e6b05c932a8f05ce3
SHA256 67c5cf7f86cca466b40a7033cac80bc3aec2cdd5373b062659d666a0dc5fa453
SHA512 4a86b64a696a3e228bcb9d66c754acbddd2cdde5f6e9bc2b99cb360efee58a9c34dcd3f497c934408ea37044be7db2af13d7fdf077b94a77dd1ca9bb1fd4d982

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\31EMWFF0\www.youtube[1].xml

MD5 49e2705a72514821a2ff3b40e6528f39
SHA1 f29e8dfedad6e8eab4a92eef310eb40be3aad7ca
SHA256 b803b0459b18c32bf9d30af7371c4835e60aa353138c398ed3abc7d4da5d4927
SHA512 bab0e1b3c7a78c613cc67c7fe342cafd033635010d91df26f8bb8b39b9096f9541784bd6512f51844f1e139289a48e8c44275512fda9d65244964f3df13dcd31

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\31EMWFF0\www.youtube[1].xml

MD5 9600b81fb1a1f334b46351898bc38755
SHA1 9ad9e4e6f886b9ee3316816a9c2173e064b4de86
SHA256 0cc09244e06a51c659368609bbff60b6beef037076e35cecf4449cdf74285a52
SHA512 59fdb78653fb9bc130799cec1e860e7a0189c132369b75e099bc607e0ee88ea7b19759d3dc10826e74d042beb192c7a9d94070c78a03c77d59677e7730af0496