Malware Analysis Report

2025-01-18 00:11

Sample ID 240613-qsm7vsvejr
Target a5cc9d4678965351f6211525e386ce1c_JaffaCakes118
SHA256 a02021a3be04b82c41e5fca351848c79dab8267e71f2ff5946460461eaa8c1d6
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

a02021a3be04b82c41e5fca351848c79dab8267e71f2ff5946460461eaa8c1d6

Threat Level: No (potentially) malicious behavior was detected

The file a5cc9d4678965351f6211525e386ce1c_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 13:31

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 13:31

Reported

2024-06-13 13:34

Platform

win7-20240611-en

Max time kernel

127s

Max time network

141s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5cc9d4678965351f6211525e386ce1c_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "13354" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3614" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "7672" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "3608" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "32070" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "3526" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "22331" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3608" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "400" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "22325" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "32070" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "32070" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "288" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "22243" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "28953" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "9468" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "9468" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "22331" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "288" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "3526" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "19213" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9468" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "22243" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000586cf3903f3cb3a470d32c236ed44304b1fc3db62d413f3218bb988b9903bd53000000000e8000000002000020000000d1fd2709287cdc78701c184143669bc7b418c6be0db50c4ca14b44bd62efca3d20000000e4eb6375fb7c232857ac705ce97db01d2a3f6a78f058a9e9b93a40ebafc09e6840000000f62f50c26767f8f2c5ccfe4511a387da86225339d1f22e50b0e7ca54600c9923839e962f31ff138ab1867bcf236c04850c0040c2f58a5f50d81bf37fed1bfb8d C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "13354" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5cc9d4678965351f6211525e386ce1c_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1936 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.konthaiusa.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.187.206:80 www.youtube.com tcp
GB 142.250.187.206:80 www.youtube.com tcp
GB 142.250.187.206:443 www.youtube.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.187.206:80 www.youtube.com tcp
GB 142.250.187.206:80 www.youtube.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 142.250.187.206:443 www.youtube.com tcp
GB 142.250.187.206:443 www.youtube.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 142.250.187.206:443 www.youtube.com tcp
GB 142.250.187.206:443 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 142.250.187.206:443 www.youtube.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.200.22:443 i.ytimg.com tcp
GB 142.250.200.22:443 i.ytimg.com tcp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 fe0.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 cb85f3fcf86ef0de7ef258539cae87de
SHA1 c73288fff07885a62f8c7033b348863ed3b8cad1
SHA256 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f
SHA512 dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 5545e494629e2b56b314a968036d217e
SHA1 f38219d5d50279327a731e8c4ca1ff28bdf6565e
SHA256 4409c530fe698be538eb0eda955f5377b1724e3bb2b22fde7f66b52f1f1f7400
SHA512 5130d52d112086a1b8e2aee77607cd58ea0769d1a6bee714ec45125e57121e4cbd6ebdfd590922819e16775056bd8476b64cdb8e3224f677a333d51608b77171

C:\Users\Admin\AppData\Local\Temp\Cab1180.tmp

MD5 2d3dcf90f6c99f47e7593ea250c9e749
SHA1 51be82be4a272669983313565b4940d4b1385237
SHA256 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA512 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 398bfe5f66ba2fe71451d783080b5e75
SHA1 2ac9d9751459bf1b0654bc46ba6dc63f0e571a37
SHA256 2b7b71ad1f9d09b11c7d5ec1c3374411760e53c4d8f6f3852709380ef6422046
SHA512 a25a880e1abc41264fd9c3472b617dc4dbe00fac4f2d1a935071b71d0678d3cebe90ad29d5a85d4b3ced293470b15576734bccaf918df6480b3a6ffd450a300f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_89FBEB9EEBFF8AABF1EBFA20B87AFE7E

MD5 9e6505fb45c52cb64ef313c527a71bd3
SHA1 73fc663552708c2d52c7dc755200508a93ae8cd3
SHA256 36f875f579d292f26650d8d095e88f3101b413cf2aa7586a3634e26bad5513b5
SHA512 a5ac5af4618b0b63115def891bb892d35c801e9e479d01a8379188e3716bb5acf8d93e0c64a8b069fde902e2ef3f2095f9022b66b6f8917cfb568f19ba9f1dde

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_89FBEB9EEBFF8AABF1EBFA20B87AFE7E

MD5 e8b5db0ae8c5fcebc669dffbcb065526
SHA1 a559e084ce3484603c8712ed5696c007daaeb9a0
SHA256 d32935080ef6d293c85f45a4d40c341c587dbd128396789f2f22100ca6c78483
SHA512 50e3a5d2abc5eb214172e14f0b2aa354ff793882fffaa1d140e8ed6f4ab9eaa6d37020883011facbae1e50e10c465178af574e8feab61fef9ea62cf1e39940a8

C:\Users\Admin\AppData\Local\Temp\Tar11E5.tmp

MD5 7186ad693b8ad9444401bd9bcd2217c2
SHA1 5c28ca10a650f6026b0df4737078fa4197f3bac1
SHA256 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M46YZP1\www-player[2].css

MD5 69958caec43c10f1d36a71ce83ac69e8
SHA1 d363274a0f568e4bfe98e978eae59441fc17a1fa
SHA256 d24493147c49a7b5d1a21c66aa87d11a0c976cd4e9392b89add880139aa2b1ff
SHA512 8a57bb5c5a1f7a91057493bad34133f7a2da0b7322ea84638a82e4df13045a584b11a0bc5beb90c018e9d5fecd323bc73cb35e2c322804ddd74ab0e4967bb84a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M46YZP1\www-embed-player[2].js

MD5 8940a491297381a0ce25360e21b39bb5
SHA1 43d7a4157e78777fc024415969c3a7bd550a4322
SHA256 afc766cb1c4a339c40d24ad926f05e8b4927eed7532b876291d0bd19adc9cf3e
SHA512 5772d7e7485db888676e69cbaf4c88af01872997338bc61e8e0344d5dba208c2909e167d54d8edcb782e17d1a2b4e9dba955baeb0ad0e43ba932b3bf25ae7dde

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M46YZP1\base[2].js

MD5 cb463df0a090cdfabc77af2691141830
SHA1 e3dde6a1f5c4803e69839154013496a781137473
SHA256 e09e2e8a3cfbcc88eea12d0b17161e1f2c8c75f1bb21100829c09f9858db3f24
SHA512 099374f7b03a4635390b94525105884fa101d93a583eed0d92def7d2de3199d2bd57fc63d885e8e9af0863db40cf521d2fb770eb09400a4c6285f7c37ad88e8c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M46YZP1\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

MD5 de8b7431b74642e830af4d4f4b513ec9
SHA1 f549f1fe8a0b86ef3fbdcb8d508440aff84c385c
SHA256 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a
SHA512 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M46YZP1\KFOmCnqEu92Fr1Mu4mxM[1].woff

MD5 bafb105baeb22d965c70fe52ba6b49d9
SHA1 934014cc9bbe5883542be756b3146c05844b254f
SHA256 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed
SHA512 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml

MD5 2f9946f8fcc5e09c2c44331639760877
SHA1 76f36c14c4dd7cc1ae2f455c0574d08115331748
SHA256 9bc35b743a770918821146168e3b7342c23b9e820fc58bea077e165906b8d0ff
SHA512 3039ed74943b1b5409a1ff36a00fd3bac2eb353e74e0e7bae4095cdf966667e5b0d415a5d0f8bf4dfa425874d7ba6ce32b2fc8d5ee5c9909ca7213f8065867bf

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6F0O117Z\ad_status[1].js

MD5 1fa71744db23d0f8df9cce6719defcb7
SHA1 e4be9b7136697942a036f97cf26ebaf703ad2067
SHA256 eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
SHA512 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml

MD5 ab8c16a5bcdb6de6fff622330e268855
SHA1 dc788954c86f7fc272f672f1753e41181f09edc7
SHA256 f5fd45cb59b177b278d9f3d9868f7ce50779b60dfa9c3900464e7b057981ec69
SHA512 3ed7b0cb57429af61c59ce485d847d321f39437755b54e1e6c777669ac59e181080c9613d5c9ad21abefa9e7b4486f2e231c86705fc284100c50281a6d0a3130

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml

MD5 56da5f3483ed4cc04c3619a85b6a072c
SHA1 58a697bf81e8cb00243eda5147fac6df7c41319d
SHA256 80b04ec7833075e0afa81570e99be06b6a3a48dc49d88b798ae90e06250be318
SHA512 a4ead6e30af9d84a604473ae773a69fd04b19fefd527bc5d2625f6134fe93e3b71d593c6f6eb819db3778277fa6f73079f7f533d0a03526daf0beb7390b10bb2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml

MD5 b45c05a2cd384d8a4eb0ebb314d932fd
SHA1 fc32ab4a6407cea9058e0bfddf018ffb149cc855
SHA256 3585fe1a41730b07a34de61328e3b2b5b117ffdebff96086db7e63aa828be7d0
SHA512 c9bd3d7ae8b3d1c1721673283f0521424f540460db69f2a109ad8d314a62d60281111bb3170e76724ec37557257968a94ba75a044eec16c82279c599d5eeb055

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml

MD5 bde364b47e5212c908dad3bd676cfee5
SHA1 1d86cec53f142e50a33869ed3a576cb9155a38a9
SHA256 f759f3c4ac65d810e4777dff29d1fecdbe5bcc05232f9f5e90fa6e329c65dcbe
SHA512 8f19eab1a8f2fec9af99b6c6c337b8b72577d30994b5eecf25c20eecafc721b3827fe799c275d605bdd79d7c92dfa8e4c9b55d525b72748b332d7c6d0ea80681

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FY3LN490\embed[2].js

MD5 fe1a5011c3a3220f32b6365240503241
SHA1 e4f78b28f19652327b60d07c154c57cb727579fc
SHA256 00ab3bc15602e04d00ac5de6b553c6914b10c62a9a6492e6c0239523d2d40964
SHA512 80282e77dd310060bd5e8add02a63cf3bd9b9f629dc4fc1cc0cbac801ba33f7601c1cdf1e62549b898de2fdaca24004f01061519ff39cf6360594f02576528fc

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FY3LN490\embed[3].js

MD5 14d69fc9da4a63c8ad5013b3d3781842
SHA1 e0272f8403d95fd27df22dff5fc014e2ab5d8a3d
SHA256 e2a5632fec9da56d272ccdea5ecfa7000dc70659673c52a11966802e37a2140e
SHA512 0f85c67ae8969570f6cfa4d265013da7d4820ea11349b11b886d480d7d78df5c6aa1e7484724d6b21421db18678d22bae6d478d3d0e35506673fd609805d1976

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml

MD5 047d86e1e32a82a7cf47bd0857199cb6
SHA1 d3322b3f583a19b3de3c01143434e171187ce99c
SHA256 4f5d5dba5e21cd87619e76bd32139d6d14e98d1fd6ced3685a16020adab41265
SHA512 c6b575b3d5ffa63f9b812554cbc543655999b06bdf3f539e7d09726103dc7744a159995603de3751fa8f1825112c325eb17ee07bbbb134e489320c7676810bb3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml

MD5 cce570a9ef888cfba3f5f6138128c06e
SHA1 33ef50bcb3eaac5ef462794d2f4472def4cb9758
SHA256 65d63d6ffc1ac6a8519d489e2ff247c4d061402ac6de6e04d1fc91b23ad1dd98
SHA512 406399a125847d1ba3c463ffad0ced978a8cc5530fe65b93eb7e48b9c7f0f5f0875e9ba54d126e5f1165c228267cb0ed2117828f0eea1fa182a83eabcd7f851d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml

MD5 a58563b61a16d4c0195225af3f75f5b6
SHA1 7f851c40da4b9c9192b9a623d56c84ec7ef913b8
SHA256 6d9c50ba1be03962e3c9c19d92e6003f652cb43335585259501f7c90066a8b2b
SHA512 72eb11855f8708885817aedf3c1ee3cc0e31ee8e1e2e7a3b525f094019764e12e734766c230bcf9e1e7d92728f7d73ea339b95cab13939363469bd8d47fee5e7

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml

MD5 0fd9af3d8c000e1dd283417f53b7a6f9
SHA1 3b95409790b87b0056fffa1d27cb32d9fbcdbdfd
SHA256 483e4eac4ea11b616ffdd55959f829cbd4e3e68bed5679965c571cdf6027cc1b
SHA512 3901f6f3cb392d3912b73d36a08937a84c1262ae68cc1c77bc6e9c32fcb4ba4f4213554f89b81b2990ce85a78b5b0c441d9fd127937b026fdbfef95c61afc05a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml

MD5 9c10f4d7dbd7863d445b86c3eadad7a3
SHA1 dc5c0bf1a6d302b1aa3d2e36a2182f7df4873079
SHA256 d16a4a623deebebe422f076c569dad9e117e9ddbafa286d522d350f11e6dd483
SHA512 9a0fa1f9f94151672b47ae12acb6d28728a119300f48babafe201b3261bc1cc9de620e140bb710f848cc0cdd10ada9dba4031c228fd0977247cbc713a7322a9e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml

MD5 876a40457be3cd2263c6f55a1be62014
SHA1 310d13f539b3ef778dbed8ee0ce7ee8275206cb3
SHA256 fe0a3ada9221dfc2ddf8969fc037c58c8d210a0656a4e405f7fe88c571a14f00
SHA512 21d93b02bd4f80de546f6a28ed1e4963011f4a8dfd45aa4453b8cef2b63a329815436bbd63da925a45208121188922a6c15d275ec2f31296ef2f45024066f58e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml

MD5 b82c79d747e461a8c1337b8dfd5b0ae6
SHA1 93fb72283433c762acc24255c20bce64c42368fc
SHA256 4b1242c8d175739b59d40db0e18ae9cda6e941d49dfd4e72b1956218c348b00c
SHA512 fad4ac162b556674b5fe2310e69256ad23814beefb3787bf3cfc1c222810b1569418118e1123c4bbdec14d8c889f495c829f8b65beaec46d50dbedcf7fec82f8

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml

MD5 a9861074b5de13c78e4bce7567384c64
SHA1 01698edf36c0dd1b2358529989c95838088fd99b
SHA256 8f27946453b1150e6ff7d359d1385b96689c1387f224f3ef773c80fe3e4a6933
SHA512 ef77a36538f402d7502e75cdab91b4b7b4f0d0ec2026d4257a8db5164dae54753105968f62b40726a973d9fe56e2708838a694570bd78815b96cc9ff15cb6d9c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml

MD5 f04d4b64229c708bf8de575229b74122
SHA1 5dd4d93f9896db670919fa70492b7ae537cb0d66
SHA256 85034c254686044277c5b1f7e9245f7d1eb259ddc53446779febe638289d312b
SHA512 d945a86bcdeebfc7ad2e97d5a42ef1ed4f87957bd29350085d34b34e4622ba8fb8fca7c6439d0538eb57133bf56e1c6c7d8db3cc8a9737070202d4a4ed56a4e1

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml

MD5 5541537462f2c67111c13ef31a39d2c2
SHA1 6c9f8416930133995d8c3da8b98e8b8b83c7bfeb
SHA256 ca59326dc939e00196432f377716c7c3b07d70fb66e53e92ebdf654416615bc7
SHA512 252d331dce12a4f40989c3a2c656e3d16f1ac8345353bf9b7e1fff5901e7bc7afda8b4c883445448dde16c32b616cb4bfae8d1742b80c85d58094e15cec8c252

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml

MD5 b0ab9d71c254361a2a2c3553f8bb6c83
SHA1 6c565d22f68eb5dbb9e10edc76efa67133d58de0
SHA256 29165fafc525c1c1d7167e66a8ac5702c69744f29824b21747b3c9bf11445f94
SHA512 d756490a10138ac694d4f5a11f06f6aabc1d60e328cbbac1cd787c2fdcb541782f8c8729684dbb77b2c1fae3bc682f384675b6e0396e1218f3a6813a0d24baac

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml

MD5 aaf7d9f0ed062c055d9046b85d423b51
SHA1 f094d700dbc8b7a1c45ffe43877648ad0670b0ca
SHA256 79b8757a7765327dadeabf9bd4467233713e05e18a45a367253603b39fe3caa4
SHA512 10bfa9115e15631e675dfe90c5e8ef17fa84be07d18b234989b0c8eda3d26619810b10b70b50143d976ee7cc4d406ec013e27593cb6f281d59302456682e6fb2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml

MD5 80f697881b0655b58ac1b0a4a898d44d
SHA1 4322c5e5f5f54ef56b346eb8d742cd903820eaf6
SHA256 63b611d89b919ccb1edb25f8427cdeb1c591cce8f4e03174f7973211a965ce13
SHA512 b563e28027b277f77ba5b035903d61de866bbca870f731f10a41717dc739e60764f31f49d82eb8dc9ef93d120909f43a2ecfc82d4acd86427465b595d0308b2a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml

MD5 d4c2a4211fa3928c79afd7906c1f9c9c
SHA1 2e7954a146d362fc47562d84f896b45fbe574200
SHA256 5232c8cedabe9537646fc3f574f24e1932b95570113bbd6424438d38736612a0
SHA512 4bb7b2c1a20dd2c2a66fd79f7a693a11dc1c04ae7965d47a1a8342d95b5fea32fa05f6f250af4aa2e2ca7309da4093ef3397de2316d93dee2331f16a7b6d27c7

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml

MD5 c6b3e96ad7c7150d350054670fe53ad6
SHA1 08164829a1f56381aacb329578c85152f9a7a3a3
SHA256 32f21ab68a5006c7481ce93f33157a06cc3c7b4928b1c6f7e26d032ea0a71cbd
SHA512 64d8fc23375d8eb95edc7566495902505ce1f5a529786950e8877d1e5477adbbed94864b2cb4249b0380112e1f6edd5dd241e1a55b645d8a70fc02f38ca8025c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml

MD5 b88ab5a0738f51d9b63b7ad1ee27f98d
SHA1 c10c1eeb9453b72d97c66e818e839718d3fd15c9
SHA256 3a085bccb9776cdb8827ac7121363462118d051d9b0b4942c8c1979a1b5a0003
SHA512 156eec2b12072ac11ea780a01ffbaa4bb7f2cd63c89a9e4ea35e38b53205d914f6ab44be5cfa725ffebd5015ee0c2e61f7024da5531d1b93d171361708235d89

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml

MD5 986887e4fdb9761dee044daec5746481
SHA1 83555e5b6242ed200c50db68b319117b5636cd0e
SHA256 c7f8e4df376d7a4b5f8fb045e239a63252342fcc4a14dc81e63f9d18e1ea8e23
SHA512 1c81a975d698ab71912d27e119e66bffeefd93a338366b0fc1b48a6be9fb5ea006f2b9593d40c61a0193d894265af0c6b58df05dd998be77172e5be8d74b4920

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml

MD5 ca2ad4ddd6918c80f9c9db5c7c362286
SHA1 8d1f78b8fa35643f05ade4811cd79dc335524f91
SHA256 16ace30dba6643bb225e84be4e81b20a97d2de28144c3d530557bfa9ced01dff
SHA512 01da8cc6fc714cd06011a2adb2d4960d211b379431b628780fa0fd4fc6719aaf7ff871ee06dd725a399402aa68d755e265f625b7b7c1b6d9d18f93fe80ab7227

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml

MD5 1210c765f7fb198672c7301f07a2ef24
SHA1 66dd3ececc31a3ab7d0b8ac99795b923e98b2310
SHA256 c317b60e354e1a7f3448c8718fa0191c53cddb5d5c510dd257e7b39cdfcd9ad9
SHA512 95cf1260a9574e525e2e6227ec2928c99379b1cd712234163f0868fbf123385dc728e3cd20dd7a3ed98326e2738244a8b72830e5c990e208a9c7b6f620b8a89e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml

MD5 cd705a09566c7bf583be353c27abc719
SHA1 86895f488a0c5c1f6b0b42136833997cf209e6b4
SHA256 9e2601096348fe19bf6ddd531ff33ce7efe8e85a116b08073bf6b30141d74bba
SHA512 22b5db1ce3c38e2ab37092c337d1571f396b208bb14ba6a94e058f6a021468d5564fd02be46ef3451bd835f2f5174ad339aa691e645e86f03b986b6dc15dd9c3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml

MD5 956df22fc541ce5b09e14fcef8065cbc
SHA1 ad97dd809c769f1e437a9716446fe8ea59899737
SHA256 480f9c828e687414aeb0a805c03fca709c5251aabd16b62d5e277f004b90cf22
SHA512 7ddd6eef8a4032653578e29ea4c16c6f95e6f37a4ff4780ebfee578963e5f1689a106def1c94f29d5ba784d761ec9d26aa8d21f1f25a4ac087af760be32cae53

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml

MD5 52f9edc8b12e440605a79612b0f76128
SHA1 ffc336f75f81727e90b93afe824d45ebe9acea21
SHA256 7f75d05ad21bbad84a46da1ed6b90f1370e1faef21c37abb2d719f3eb4c61aea
SHA512 80fa0a3a1fc620a0fcd132cf3d7b43801d570de30d47bc9ed39b6d3bbc2e9d12d91bc21efe6599ae12c539ad4145229d404dc340a699a92a4b570655c6aad33e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml

MD5 bfd084e7a7259cfe5daa549d98267e6b
SHA1 97686fa82435e6dbb0e4d9da20a73cc93941f95b
SHA256 b0ebf2e73617f164989b287d3c5e39d7bd060be0a7ec67955b10b260a10d2fcf
SHA512 092620f44fd9b66199baf55f2b1bab3c1f1458fdc1a1ec65ea151e75cab367519b185fbfe6b9158fe681d66b81827c0cb0874402b570d9e11e6f2451dbb6ca9b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 29e58ebb05829cc963da0908f773ea92
SHA1 9b510ec9b08095349aa8d80b73d611a9e21a322f
SHA256 e57158e979f621bd52cceb03ee9937f9da72134c56cc8a84d4864023458e60ff
SHA512 4bf8789f253e2b933b6ba33efcde7d653e1cd049bd800f61ddeafb08bf1d8bd40a2751408a31569854286b826cada3eb4aa570cb93fbbb011c31047b835b4cda

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 788a30caf878ce08ab9cda34bff867f2
SHA1 fe687fd1569d0d523d29efbf7e8453b509b4dff5
SHA256 cb64ca9380a89d24f8f3a1b9dd8c5e710489535c47c0a5936ea87bb5619ef7ad
SHA512 b6fe77956387f821845a031bfbb4ad034c2453ba67945f40e85614fdaf4433d1c666cb63b18455cfa3fe69d84425416a6f824d7b166a5998a888fa79dc85be1a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 daa4d185d600e69c76b6a93921cb8ba3
SHA1 4bf3cb4f6411d9dee349d1668254682411e903ed
SHA256 3f7ade0531cbd108ec89aeea5c8cf056ae1d3a8bbe02ec6051b03bf29d6e4fd1
SHA512 1922afca2ebc9acaf82dde5ade7cbc1f509ced397056b5d57845741a4a1308bc04dc5bc0d82bc35055d1c8348dabeb88419d32d62418714b9a281668444e1684

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f72497779204cb29881caa66aa6c577d
SHA1 37cddd4e4b66ef0f50246ba16bec9bb6a1abd1bd
SHA256 b49d3ce1a35d52db3b258bf781a47a7b9dba9715bf7a9fd3372a4a3ed951a902
SHA512 16726a2f93966b666c33a3728ce340fe46287da03ec1d0fe631ada11ed34a80130551a28228774f99868153931ff83a950027df8313a1224b4a90a9ced60f6fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 13cdd533496e0382e9e57c8cb6e97090
SHA1 3473d6fe28a96aa25193fdde185fbe110404237d
SHA256 3b5d566984886e935b3c33e85c9f0e7dc2793a285896b84960fd81d6548a30bd
SHA512 fbb4061de9524474c0a61f14925fb12d8b5e27402cf62eea2b915fb85c7efcf6a6303bd9bad116f5d5e44a68270be21764300d2c9cf24b072e288c840590dbd3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e6f16a5fb32eff172a073d0d86a84e6
SHA1 72aeef5ef2f09d178ec4e85ae9adc6139a967ee4
SHA256 8dd6dc7b190bba454085b12311057aca607e18928dd1b7bd28340753d85010a0
SHA512 7f1ef3660b1cdfc57faef963dda4ba452a2f0d5f3788229a380ea0eb39f31fa8176b4961b72693b775abab29f7c1296e09ec1215cf9a4a2aa382a6d76aefcd74

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d928013ad3d7d5014ff8f51ee40fcbc5
SHA1 40eedf49052bb807924f4e5642145b2ae51f973b
SHA256 6f31972045a275859c468ba2b69912ee0b9d93884d76385a6a93336a7a46f887
SHA512 4d3c2a831b9b3d267e5ee3f50fd487b948947a12583d21ef62b66b8baaae6de6f8b52896f4b01496a635c9eda1d5fdbaaaacb90c36d484df4b4078030e8a7600

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 806b06e5251b73146bdb2407bc45e2fd
SHA1 12a4e04ef1700bbb3e46b36bdb8799e9b0ad9fb2
SHA256 b9bc15a899717cd3bca20ae561fd0c04e00586246003d3d0987a9d9a56074f15
SHA512 f74ac984d4ac83add35424ff812aa1a29fe9557ca1a8b5d75d6487271e3aa26314315f8fc11d94434a040511426e1de8cc5b0bd008efd8137e4fd7d8f1f6b1e1

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml

MD5 c771a9563563084c122812ee693b2248
SHA1 d515ec90df417672a251400b08e1b2750346b3a6
SHA256 c99fedec2e973749fe5bf3b44c67bb5f2471287fe934bb7737061253e981acdd
SHA512 d9b7eaaf483322076dfa6bb35ea701dc017945f906e927daf056248f9bbfc94933ad0fcd8e1e6bed79e70a21b173f037eadf685e9a0e1a2c08399baa2898a8be

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml

MD5 82791d208aaa68139d5f4ededde3b0ed
SHA1 096f9f8fbfdfe58dcc5c71bc8f30ec68025ec996
SHA256 ba5e293966ff4b86f1bc21e370834552848d556e87074b80529c2c0d02f9fad7
SHA512 ce9fb1c5ad1c4545e69be0a4b085da77f8696f36cf09180fe778bb4640fd20310439b804fcd3ceca76df7af723fe5d58763abfa7295ca207ff93b04435b67c9b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml

MD5 a1834a3f49bd723de6ee9fa5e412efc2
SHA1 c095d66b1ad53dae1481496d03283dfe030be256
SHA256 cd214e5746d8bd472cb0171843ebc4214a1ac2e6149db6ac1f8c9c036009c1c5
SHA512 7fcf747a9be15c9c9d55df001e039d7b657bb6e72cfda9f9875f1491e29683b517e0ab6937f658344621a878e1099c9ee605a667a1aa150c9df8fe6a60bee91b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f66981e3ea03e2ed13fc7af97c4afa55
SHA1 afa8f6e59667cbca8494fedd89ae8f0ef25f8384
SHA256 82356c4b7b4c749316adbeec5bf69cc9afa884223692a2d4b3cc08a952ec78de
SHA512 8c519318a79723d76cfca84deef0bfc29eace77bb3a8d516972ba6419f44661bc1ac5308f6b0b5bdfe707a5bfe1dfeb3afa553e2c858cd91ad0d53ae05a2c828

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml

MD5 f5e667285cff47524ab54d86ea7fdef5
SHA1 96b7377bfb344d27b1b123103cec93cb710ff976
SHA256 576b4c81bf2bfec2a4521ac0159f48256cd9b53b3a5f98f56959a6b18fd60409
SHA512 6a552da10770c3ad406cfb1d28eace963c0350fc3fee3940b7ec089bbc0ae195d8a6df43908124f2214c0b430c2ce75823d1d5ddea46dd4b5f322a2b26022593

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c4f7de88c8c09da76de13ebe9f9cb751
SHA1 adecdf6bb7a49f0768684b15d21a20ca6304100e
SHA256 d338cb8312c2bacbf7830a3c1906753d40ec41aec412e74f5ddd15b48cc3c3f5
SHA512 bc98867377d2f6558c6ff49f5ce48bd9bd72bf46b9d5835c6bf817c85591d41869f0eee9cb302b492ac5bc6a4c6c123f6d0f31c77e7918d8be6a882054921695

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6935f37dda84ebed6c5f21f15861b80d
SHA1 ba398f346f58034bb626adc2164dd72ef3310f3a
SHA256 54d42ee1d59c90ea5b88c7acb73d59637b4d7fafcee074f5eeafee9df81442e1
SHA512 363fcc574d7b5bca0a6cb11bf0bc2a67bda0d75c900113fa00f8a2286677b9449a7fbb29887d46e9684233e660f8f18360f01df09c54702bb54aa036fa4af06c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 276750cc3305cb64bb4bc923e2a4c1d0
SHA1 93188e8b1da7fb80caec9c073fa618b4211f756b
SHA256 981282b664ba344bd086406f2ddc45e9084db504af13e129f23f6254dc4e3ebb
SHA512 0afc7d2aa306a7879a5e14aea2f5f675affaa3c45c3578689212c749d0150a48bf37d89c26b9e4cb0f7501c5754e186a7ad8ade99775dd1b3c08bf3c95a80245

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3da2c7952f53c16e419c074e883aac56
SHA1 76018929247ff774e9a260d74c528868065ba600
SHA256 9e276238b5628706675786e5abeabda99c7bf59a1f42bd2ce46a292ba7364e45
SHA512 a09b0df244baa411c8d561f852d1aad1af481c8dcb54d3db5ea893412825ef3a0cc2f042a9f3f3429593fa2d2999ce1dde4a526f27364a430d0f8ac27258ac46

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f8215bc67b7b40cfa052ea4eefbec2e9
SHA1 231a2d4191f7b8cebbcc4d8e2b3b486220f1b864
SHA256 cd15461efdf7719c36eea692b46cd9c900b55f4b9d7e3641542b574a2f6155c1
SHA512 1422893c97702502c62f92e66ff88d28819635b52421d4dca13eadd729e75eb4a55743ac4f61ee78238b4df913d3bad588c707b4d82179c5a74692515d6d49d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4f091d6174403fe8098d2512a2059138
SHA1 b31f3878a839da188c06e0030675a9ef873588e8
SHA256 89c91f70d6f7cb656f0aa211eae64b75d587b2fd191c7eda7941c210f2e818fb
SHA512 18c0ec9a4689348997f2fc77f696aa1aa26fa5dbebaccb22113aa630d19f158b0b75adc8a180926a206051690dfcce431f2001cbd3c5e427a8580b5701bcc15a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ca578b234716d75d1cf09d99dd351bf
SHA1 32e2fdd25bba07dca9db53a98b1755518b8becce
SHA256 b6d291218e0a4214b331ab6a8958bbb30098aace065cc18498895be9bbd816bd
SHA512 42502a294c19ae7c5edf37490cf15be93f667e57f424f0ce46cb04a1c0c2e70db721d7bb889a86906f61d455b532d5138516670d69696c2e18863c07c9bf9d05

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b96df708c94fa714edece85c5db8bd5
SHA1 573e7f034c6420a833f13bd8908b98ce8af087f7
SHA256 4a2f4865af2e160fb36c1998c6f2ab80381000919e35c3fe3959acf0a4a546c2
SHA512 39f6d3a32170e3a50557410f42487081f99ace070d38efd3f6adef29b27ff8bfa6ce5195cc75f0f80fc8d5021efa104f02cb8d473feffb3aa33a31064c04362f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e5cce29ab884230a6e8d29ce52d3e090
SHA1 040789ddb516eacdb985c379036939f34d85cab7
SHA256 d63c155212632d61e882aa2f89158d1531696c7b270d4a37f687757ec7184dce
SHA512 6bfc3ae0874f6ef60692f835162c9f235fcfbdaf0830a4ed8e5d057b47b33732fd0bf27f27c0ade2af156aea22b3283827a67d97ca279f0ca329634c9a75aafb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a733ef8012be59b05e1007de56df79bd
SHA1 ab54aa487b68e6f6dde5c53f954105bd6bbfa80c
SHA256 0d961a3eca3587e3258da4de27025c63a8932531fda2d32f039b06e6211b6158
SHA512 46516c1168323ba1bb71d67b51a1b548b88a4a3f69ba8e1ed1a95971a9a8db4219ed2186db0fdcdbc0a14ca87133e181ba28511a76b97799af6bbea677725a2f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa63cf3601a30cd6d8932316ed328750
SHA1 76b4f4c985889d66bf7c3dc944f52e4f775470c7
SHA256 51c0aaca1b336906b8848cad03aed83cf948345e4a1f94ebd8e56a5940e8e202
SHA512 147da38fa4e894ad90fc95226044cd98b9253e1fa59ce2557db1dff3e8619710f1edf15df2f2ea0b48ed76eb0a7090a15e380ed04e5fb4d2102fed9e0d82b2db

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 13:31

Reported

2024-06-13 13:34

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

124s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5cc9d4678965351f6211525e386ce1c_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3760 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 1652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 4800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 4800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3760 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5cc9d4678965351f6211525e386ce1c_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd168946f8,0x7ffd16894708,0x7ffd16894718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,12197245464236385116,17696474875434699107,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,12197245464236385116,17696474875434699107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,12197245464236385116,17696474875434699107,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12197245464236385116,17696474875434699107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12197245464236385116,17696474875434699107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12197245464236385116,17696474875434699107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12197245464236385116,17696474875434699107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,12197245464236385116,17696474875434699107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,12197245464236385116,17696474875434699107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12197245464236385116,17696474875434699107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12197245464236385116,17696474875434699107,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12197245464236385116,17696474875434699107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12197245464236385116,17696474875434699107,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,12197245464236385116,17696474875434699107,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4500 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 www.konthaiusa.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.konthaiusa.com udp
US 8.8.8.8:53 www.konthaiusa.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 612a6c4247ef652299b376221c984213
SHA1 d306f3b16bde39708aa862aee372345feb559750
SHA256 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA512 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

\??\pipe\LOCAL\crashpad_3760_OBYPOQMVHJLRKXYJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56641592f6e69f5f5fb06f2319384490
SHA1 6a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA256 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512 c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 49d6d768d4a182d3bd7ad10efa146e38
SHA1 62c7df3f8f23f7b9023718dda757d88b1f447fa2
SHA256 9107da7e9bac262cd56fa687e96f96b7868c205ae5ed9c2177259bca87d519e3
SHA512 bdf18280a5696de9f399e98ba028e5a72ed95bd60f0ee23984d1deedc055411b2de2d8a529f8e709f3b4d3bf83796e2fccdd881ac24396f61c42041e0ebb13aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 63cce0f93f46db9169248188401770f2
SHA1 e8e6c6acbdb55c7f50908b583ca4bb67338a0ee6
SHA256 a93b0d4303ac1cf031178dffce71d47e9c40109d5fac7a7435854ebf9514590d
SHA512 31f5eed6ca3f0e3e8ccd689a2d0827b1a38f0b14d44e75450778e3c060607bc77d3df0552d71d2803436817653a814a11e475b688d93aa26ee921d56681d0460

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b0e1d772af8729de088571ad30283013
SHA1 6377bba2646606f8a445342cef1308b6641e9091
SHA256 48e2f8ea5354ae9b37453df84c9e6f79205ff1cb8709d61fa4ae9b7e80632be0
SHA512 f5648aec4ab8f6545a64e0e9d03a5880a5713b06b2edbab3daef09583651fb1b66d760aa029db4051a8746eb870ea405f67a99be2407f065916b304b89ac1de0