Malware Analysis Report

2025-06-16 07:06

Sample ID 240531-s9nwtsdg38
Target 87899032fbdd0892e09c9a0aab9e969b_JaffaCakes118
SHA256 8da0c5888758941736d2848399f68d588506d224a28d4fe615b447bca9ee6d85
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

8da0c5888758941736d2848399f68d588506d224a28d4fe615b447bca9ee6d85

Threat Level: No (potentially) malicious behavior was detected

The file 87899032fbdd0892e09c9a0aab9e969b_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-31 15:49

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-31 15:49

Reported

2024-05-31 15:52

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

147s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\87899032fbdd0892e09c9a0aab9e969b_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 652 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 1616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 1616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 4696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 4696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 4696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 4696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 4696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 4696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 4696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 4696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 4696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 4696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 4696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 4696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 4696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 4696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 4696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 4696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 4696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 4696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 4696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 4696 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\87899032fbdd0892e09c9a0aab9e969b_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcdb8546f8,0x7ffcdb854708,0x7ffcdb854718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,5228017758996312085,6844149098725497285,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,5228017758996312085,6844149098725497285,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,5228017758996312085,6844149098725497285,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1520 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5228017758996312085,6844149098725497285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5228017758996312085,6844149098725497285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5228017758996312085,6844149098725497285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5228017758996312085,6844149098725497285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5228017758996312085,6844149098725497285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5228017758996312085,6844149098725497285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5228017758996312085,6844149098725497285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,5228017758996312085,6844149098725497285,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,5228017758996312085,6844149098725497285,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5228017758996312085,6844149098725497285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5228017758996312085,6844149098725497285,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5228017758996312085,6844149098725497285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5228017758996312085,6844149098725497285,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,5228017758996312085,6844149098725497285,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1992 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 lusterka.by udp
US 8.8.8.8:53 ajax.googleapis.com udp
BY 31.130.202.141:80 lusterka.by tcp
BY 31.130.202.141:80 lusterka.by tcp
BY 31.130.202.141:80 lusterka.by tcp
BY 31.130.202.141:80 lusterka.by tcp
BY 31.130.202.141:80 lusterka.by tcp
BY 31.130.202.141:80 lusterka.by tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 172.217.169.10:80 ajax.googleapis.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 141.202.130.31.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
GB 142.250.178.2:80 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 awb.by udp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
BY 93.84.119.243:80 awb.by tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
BY 93.84.119.243:443 awb.by tcp
US 8.8.8.8:53 counter.yadro.ru udp
RU 88.212.202.52:80 counter.yadro.ru tcp
US 8.8.8.8:53 mc.yandex.ru udp
RU 93.158.134.119:80 mc.yandex.ru tcp
RU 88.212.202.52:443 counter.yadro.ru tcp
RU 93.158.134.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 243.119.84.93.in-addr.arpa udp
US 8.8.8.8:53 52.202.212.88.in-addr.arpa udp
US 8.8.8.8:53 mc.yandex.com udp
US 8.8.8.8:53 119.134.158.93.in-addr.arpa udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 73.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 eaa3db555ab5bc0cb364826204aad3f0
SHA1 a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256 ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512 e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

\??\pipe\LOCAL\crashpad_652_MXNQBARIOGHQQRTW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4b4f91fa1b362ba5341ecb2836438dea
SHA1 9561f5aabed742404d455da735259a2c6781fa07
SHA256 d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512 fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 393f9b6abb79e842d0e3b0caec1b5872
SHA1 d842610b4e8bd7b7eda7f45805210517ff3032a4
SHA256 b2c2bb37caf45f4a13a3f1882f8e103e9e8d7379be830558681ef6f0f5cbce9a
SHA512 2fa6a8d1ed668dfd640ca85620d5139d07c9b704527491327df4055b07baded878cd19748f8fb4d56bc5e0a6aa515cb23fabd5a59cb5b7a2b7b1e0b3fadbc19d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4b48a9a3d123e74ef4d81079dacc8350
SHA1 6d13e97fa727a87c30b407eb7357812dc4ae590b
SHA256 217df7e3866885439595b1a1228af8b1b3239adcb65609d271fcc734f45cfab2
SHA512 6269b99f0867f7db51c3a0fb2f893471b12f3501d506e91e9a508664468fbe691c7a2dbcce7acb54434d985757f2db3682c5ca6cfec18b5dbaee3d8b4b8d6f13

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 344c819db54349348fca93c80aa1563a
SHA1 003dee9c85a21bc83c7b2a76503bfe92e0537c83
SHA256 dfa7c0b26192d952196c93175cd1f82458708711bb5231e317b1ac5c402c1b95
SHA512 daaa3a3327fd15a7501a634ce1c1cb755590a98b3f9d19311c90df1ae79c090219cfe1168bc579a5231e53890dc58aa63aa7f01becf199acecb8b67efb3517d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bfab72bcbe6f23250777e3cae73f2606
SHA1 32a732d84d10c43b7b02ff43b428b6f20389780a
SHA256 83e8381180b84dba07590842aeb26988853fecb518f7b743189d31abd55ca838
SHA512 7eb466a3cd4fea17e223616edef684b53bb605beaa090b052c3e0719774a6257e5bf118eda9fd7d07d1b4901388e48818ae37f1c3f0726b58301ca71606978da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a83dbd26622f5a56764316e7eb971acc
SHA1 6fd85b97968b690aa13aa839ebabffe461fea8fa
SHA256 6c3b6b75465b7d19945315de1b046f52a5b19d0e95b01df3860df0ccbadac983
SHA512 d5c6132937b26d9eed70d38e7340f5c5cc9b9296380aae2bfed3c60709bcbcd00970d380d7e0cc1bd2756dff4f484aeb3d0a9d383092a1b40c00176c4e6cd0f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b536.TMP

MD5 4c85df16fb5be746eb267d346b52de78
SHA1 558c617005ba637dbd850d9fe12b582e99cd695b
SHA256 bf834483ae1372a31b9e020306397035eff579f193bcbb71a0214ab580a8fb06
SHA512 8230e61db3cc467df8a4ed68c93aa3ba33bc4a4fc3ac7155b24851882f2d5a2e713ba7fb8e6b686a85af44066375e528bacdfe60d0c96d128af2cfb286e2fa06

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c280f42c54d3fbd41af66db5132b5e57
SHA1 650a0ccf591c82ddaabe8c12a56a4028abc3fdde
SHA256 0c51bf79c7f132f992f9cbdf961a92288f53edbf678c526752e97a2ae431535d
SHA512 1796d10fda2c92c40687285cb54cc707f7ca9e410a05a3ccfbf6eabf4232e55042a75b77f61457f58bfae65f4844db8ebe9d42501750d7349d698904a06cdc18

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-31 15:49

Reported

2024-05-31 15:52

Platform

win7-20240221-en

Max time kernel

126s

Max time network

141s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\87899032fbdd0892e09c9a0aab9e969b_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\awb.by\Total = "9" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "1510" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "12442" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "219" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "89" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "110" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "225" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "337" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "40" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\awb.by\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\awb.by\Total = "855" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "18" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "453" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "61" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\awb.by\Total = "104" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "331" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "325" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "614" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\awb.by\ = "61" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "325" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "12320" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\awb.by\ = "1000" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423332450" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\awb.by\Total = "1000" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "331" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "12320" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "233" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "429" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\awb.by\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\awb.by\Total = "61" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "447" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "18" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "646" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ff6bbc1ac901b40ad5c6b975e30e144000000000200000000001066000000010000200000007fcf100ea1920eb400405ce10734487a8517eeae008e1a869436de6ed266593d000000000e8000000002000020000000ba7ce893d6a0f374c0f30d98ce66d249391b0042111c0061d04592d76ca07048200000001c1b8308628705a34f94da9032f5700ca5227086d119f6dc1dd8709d889f9a9140000000300138a469eaec4ee921e7368a2e04af982fc02acae32d2f71dc22ed757e009550ae94757dd3f3ba92d6eee781c8ef96631a9057c07df12c1acd5ea5ac31975b C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\awb.by\Total = "136" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{64C04981-1F65-11EF-9CEF-E299A69EE862} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\awb.by\ = "855" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\87899032fbdd0892e09c9a0aab9e969b_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1096 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 lusterka.by udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 172.217.169.10:80 ajax.googleapis.com tcp
GB 142.250.200.2:80 pagead2.googlesyndication.com tcp
GB 172.217.169.10:80 ajax.googleapis.com tcp
GB 142.250.200.2:80 pagead2.googlesyndication.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
BY 31.130.202.141:80 lusterka.by tcp
BY 31.130.202.141:80 lusterka.by tcp
BY 31.130.202.141:80 lusterka.by tcp
BY 31.130.202.141:80 lusterka.by tcp
BY 31.130.202.141:80 lusterka.by tcp
BY 31.130.202.141:80 lusterka.by tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
US 8.8.8.8:53 awb.by udp
US 8.8.8.8:53 counter.yadro.ru udp
RU 88.212.201.204:80 counter.yadro.ru tcp
RU 88.212.201.204:80 counter.yadro.ru tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
BY 93.84.119.243:80 awb.by tcp
BY 93.84.119.243:80 awb.by tcp
RU 88.212.201.204:443 counter.yadro.ru tcp
BY 93.84.119.243:443 awb.by tcp
US 8.8.8.8:53 mc.yandex.ru udp
RU 77.88.21.119:80 mc.yandex.ru tcp
RU 77.88.21.119:80 mc.yandex.ru tcp
RU 77.88.21.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 mc.yandex.com udp
RU 87.250.251.119:443 mc.yandex.com tcp
RU 87.250.251.119:443 mc.yandex.com tcp
BY 93.84.119.243:443 awb.by tcp
BY 93.84.119.243:443 awb.by tcp
BY 93.84.119.243:443 awb.by tcp
BY 93.84.119.243:443 awb.by tcp
BY 93.84.119.243:443 awb.by tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 216.58.212.214:443 i.ytimg.com tcp
GB 216.58.212.214:443 i.ytimg.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 fe0.google.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\f[1].txt

MD5 b0016965a1fb667abf32580fe96a3a30
SHA1 b6979790f4e311abd3e5b0756ce79edc7c5b5f95
SHA256 a45deaecc878c70af266f6751f98e52695d0a24629fbc4b42d25c702ec1b0027
SHA512 99f7c64adcdd250daa05c5c2e3536904c0ed438f0a34679619d47f7a69a7e5e81d110425a791222c39408970534527d53537c09e537d039792509e0ba54d20d4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\css[1].css

MD5 b76ddb80a4ffcaa0d748ab0ce348e766
SHA1 677830b546fffcdc66cf650302f7bb1d092608d7
SHA256 b85725abe510347fcbf31c13165e0ff34436f6fe9956d5a0e68e41c33ab91691
SHA512 b67f661e84044324a8af3c92b129645fbf0cd0d9359cf7020f7526caf3d718809eaa43ef2d7be73c932428001f91fb5dfb9f6430d8e79092d1f8d66e753abf15

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\css[1].css

MD5 d1399c9e61371643ef62c66a3390706c
SHA1 7e50837ac0d83905c3bec8f0435e158e882dcaaa
SHA256 3bbf40a682fd3c0afae412c6e8503534e60f626697313022026dfbebff6f0953
SHA512 bd33515c0f72e668c03427e2a8e9c8916993b5ea9ecd59901257f9dd27e91142855bed6cbd74d1a4e34112cc19e3988544cca90312d01fffbfe07bb85b64f1e4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\magnific-popup[1].css

MD5 02bdfbb4e8a7572521ca983cda648465
SHA1 a8305cb2190573214d1187a2ad4689c3483f49b9
SHA256 bedfcf708d4eb8aa69f75e34183121fee89c8167559fc125f9b4e640d16973e7
SHA512 34531719d0a8ca0e53e4c38cf25d06aeb12157e4dd304c09bb845531ace757752683eb4e79a04a96ad988f1520a6191805bb8680f02269574ddab891d988f8ec

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\jquery.magnific-popup.min[1].js

MD5 b93d1f2e39d661695e10942e449a1218
SHA1 3ab5061cf4d7a2c9f15fb3ce53ba65c39c9f5669
SHA256 84d67810a2d6b8d796f974fc70e7d48debb43e8fd29831e97b3229dc9709b7cf
SHA512 e8023d72726b104cb72df46443593220470dfc834a44d4f3ac37c4b1b4beb377abbefc758e36f0a381d836a80451353a16fe5a69f2c8b982141f73eccd7bcf6d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_D727CFA7BCFAF501CEA426110263B756

MD5 7af261e33ae6f6f97edde108c3a4bda6
SHA1 28f84cc7dce0adaaf6f85bce343005817d7621a3
SHA256 e128b7e5e3668481748bf8197a834f5d013ec29813ee26c71c3a633bb9521097
SHA512 88b9a97d29201dc47341592275daa88547a472a9b6c80bff4bf6468ef14f701d366426553406fa9e7977f64d088e9880cbcb3231f8cccb4dad35a5e4ac47a9fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_D727CFA7BCFAF501CEA426110263B756

MD5 32f900fc049cc72bf4176ca814c7bf9a
SHA1 b5777073e136f30bcc2399c60214e96a57d8eb45
SHA256 f82448427a27e6f4934aac4dd78c6e1bd2ce6c788110ab99613dacb80a58cbbb
SHA512 febce1241d8533fdc63a97d6aafa26efd85d922295bc53a0335a34e404a37bfa2998c7c73c830c5bd93c755ff32fa9520d5abc30e46c6b3f204857d513631573

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_D727CFA7BCFAF501CEA426110263B756

MD5 50bcdf801bbfd9ea5e574cf77f778e0d
SHA1 60c9c62aa0ebcd06ec0106c9afd2331839dbcddd
SHA256 c08dcd48a123a0e3c189e987af51153a41a4c46bbf1cded547b050d0b21e8040
SHA512 5623fd457604dd5fbff62734b320a24a29d2f6c6c75799912d08676b5e0c7c5a777e5adb57a394b56dcf859ddce9a1b2dd072621b2e3f0179d181aa540bdf089

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\6RHOVMZN\awb[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\6RHOVMZN\awb[1].xml

MD5 7becde9659d68164ccb80ae5407671c0
SHA1 3bf96e75990cc25ec005ef304e1e0a9759a89418
SHA256 f795506579c06114aa3da7ce683ccb26df96f36f56831701d03a480032d6a86e
SHA512 4ffc2381363baff47775f845dedd17f7e1b30eb21795d2ebdb6ef56fde6da372708d2eafc6cc73c9caa06c31db279da6389c4500fc59fdd39923326d5b875286

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\7KWMUN66\www.youtube[1].xml

MD5 78309c87b268827dbdbcdf7a4f8513b9
SHA1 b3920818d3565b7944421c6fe802c8f473a38701
SHA256 18ab93260feeffea704e4b879239f12560b425751a51a809fa5a39186fa16efe
SHA512 f6a4dfd7e873fcd316bfceac90cd017013af26a4d3de61a76542ebbeff5e588d239b1ac1c5e1ae73195a7a6d60b306d93d9184d6db562db0269f652117615211

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\7KWMUN66\www.youtube[1].xml

MD5 1c05bca7e1b980d71cad1c4bf794667b
SHA1 c6c352d1c384e16fa1f8f855716eac7b79cf9f55
SHA256 2282e1a275e0fee0d31fd933d7058b2ed1bb86a376657a58631275179844c7ba
SHA512 8ab5903bc90ec661026b156b9a4c02bd3499b9bb1ceb45f3f4d281437253270c636248e0003b16834586ccc03a0a227a0ef96ac2f56fb54678af3c15416e9084

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\6XZ9YHBY\www.google[1].xml

MD5 aa38bc380f7e5299dc71e09ee780d5b2
SHA1 facdd5b3d6926e6fd79bf50f88f560b5510dcdc0
SHA256 cbd0f5d3629b5dc9afaa3768075836ae6ac7cc56cd7759b1e017c587055dc11d
SHA512 6347d3eb83bfe1c10f87a5e252c726af8d1c0c97642b5bde73c1b6b2cf5eabbf38e901f05eb98d4f9bd1227f2c85d83c65396e58e7f2860a41e6cb02689ca26b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\7KWMUN66\www.youtube[1].xml

MD5 f3204439123e7a4e24bcfc22521a3736
SHA1 7f1f575591eaf871adfeaf9d85f7250b910a6685
SHA256 9ac90389809adce0d005c81b0fef33dbeaed803046b911b5ac4047fbfeb20912
SHA512 473926c2fd079e5e179273b9c1fa5bac569399044fa8527c100c9b983b4e7ec184987aa6459fa8014b5216f621351ef397cc10f4ad3ee08724ed6cdda21b6c69

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\7KWMUN66\www.youtube[1].xml

MD5 31721e3327ced9c6f891d16e424f1c64
SHA1 ab2dd7ed5621a75489ceeef73203769016e58439
SHA256 30c27b015df6f55c92d8eb28168dbbe7b661a80f2b3a281dc7beff408ea7d4dc
SHA512 6c24e57855cc81ca8c5c6bf2d8d74b18b7254c67c8f3737fc36666d77b111607a9ebfaefd0248876a11e6433bc2fe12ff0cd85b3779fa9af11b7e63e9d484523

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\7KWMUN66\www.youtube[1].xml

MD5 7926819820dd762819ba7cb41c4c5697
SHA1 697682fa05776b3bf2606d9b9385ad151f11b6d4
SHA256 cfd913d560840fe8bd12edb8eccc7fa50dd6ac0026dbc1e87da07333cffb9aa3
SHA512 3c19e7ee1377431456ceb582ecb31f7b1bb5d21cdf7a63b26fd01734f857b8abfe0790868aa8c5286c58c84288d4080af8c011eac955870c03c5295cb5f5028f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\7KWMUN66\www.youtube[1].xml

MD5 80ff68288e538f961c0de4493c7d5564
SHA1 6421d6dafec294e69aae2106941222fd18fc3624
SHA256 b05aeb8536086e50f33cb7eed6b2f75b047ab40409f681b5cbd6696976318680
SHA512 65649d2b0d2ba2fb923621ea8b9566465717c88dc29a443e37a692ad9475504c6eaaae5af4f449fbf599f2253aafb6dae4fe885a21274956af02debb67cb9ae6

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\7KWMUN66\www.youtube[1].xml

MD5 11dcfd449a2568323a8fe5321cb1aa33
SHA1 efb73c21d3573212cac906a50fd666a6f5dcfae7
SHA256 c2309a0804fca731bd957f32807f8f9c41e1cbc13c65b4547c02c725d00bc28d
SHA512 4b8183958fe59b61d45b5ebcb359395a1efabc8e44ff40db8cf0f9327f3374ba2e78563e7c5ecfd23c1648ee106f5b90707b008400c9712f856e2f85d5ee424c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\7KWMUN66\www.youtube[1].xml

MD5 62e0b7c0d67eac7703255b3429fe802c
SHA1 6b508c80fcdfa47e717e6d7a8c5769f2bc162f60
SHA256 dcb8deb0b470dfc0b470317a194a41f3d47099674f3cc7db6bee01b8622ee048
SHA512 289b4cdbf1f5a1379a4a7826438b774adf0b7400d1a977708e05cacd8f8075b7b7cf24dddba924e5fe35a267d519a60a17892f2ba6d9cd29f99cc83de6ced7cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a2e8227861447edb8f24b892c1dc23b
SHA1 872fb29f21558024d0a02ccf064f18f24bd425f6
SHA256 616d597b787f34bde2841a6809316dbbd9bf6310cd37b18cf84f87c626da7b97
SHA512 f719077eae0f09ac6c973b1b8ad2c98cbe057b89cbf033c61b76f2ba826ef0b1d8c5920e0b680581406a1479a39788c31869dddf7b4c850fff46226f8042c282

C:\Users\Admin\AppData\Local\Temp\Tar517E.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\Cab516D.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar529D.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 af81340531a9d7e4aacdf02c91982bae
SHA1 7b96c93ca380774c19b0a5f8342fa6f44fc158bc
SHA256 c4b1beeb6f9d88482f984ac1001f2c9d5caad9763580a618c4198a9f9522588d
SHA512 945743d20c72f561ffa75c8a4880435854e5ef1f231f1ced77cd94a5ed527853c6c2740a2d6e5375196203c2e22ecf8bf32a5b0e28006af31d3c9b17f7de02ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a0300d3d50325e4c08e6928f3e902d3
SHA1 4172726d2db6f09d3f4c175aa858f9f163d154c3
SHA256 b8125f49b6fe6553010f953e772849433ec7ce6f4e77f20673793a31c32951c3
SHA512 f03a60586fc1ea50734ee8d110b78b5adfdfca457b5f089c7b9758fd8de220be25471875febe59d78c5a1bc994082a8625621a049a35f2b8b5f8f834d902fea6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc424f93572c3e70f5dd36999fb68d08
SHA1 27d947cdfc2634706f49c2286fe2992923b430bb
SHA256 c05c9c32619808e411675833fb7a9bd778e511b4ff257126f53d65a4ee2a2925
SHA512 dc60c427394897cc719e895b96e68722de9ad32d9e9dcc700ea4283774e77ee41e009eabae5c1e209ec399f634aa236c1aaf72c881beb9699e6b6313842283f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0d694bbc88822150e08c3ed05863acad
SHA1 175ccce04955b98acce4dd127e535bec633812ef
SHA256 540d4cf9e85d4791d4366f3e1f10a7e63750db20244ad856bf7139a54d454e3a
SHA512 30661dcf4461b8377a913cd46894d869d1aa2b534ebe26526805b1e8d82a780ece10b1f08a9019f3edefa3b6b00c2b809f3048271efdf1c2c1dd60ccaae6e7d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9cf2bf7b3a30ea9a698f58018d2fcbd6
SHA1 af81c5b1f75e7a7180c4553a57817509619d38a2
SHA256 7283d16d72a833c1c439b36dc8e0b38ed85ba4fd8fe97376229342312b5b1dab
SHA512 9a2da3a9dee524cad67d8d6077622830b73a523e0121c79e6620ea53b4a1eb82e5b7e93c67dd59f1951b45887594bb7d0f2f08c5cb7db87368d5127aa0d6b9d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b6911dbc483b2cfa1938e7a12e427dd9
SHA1 4abf690e8faeb573847ee17b2763c84b967c8c8d
SHA256 5bd744b6ec9631fcc8bca81515406926f60c44f98803abd458321c36cd0c0080
SHA512 1e8a02953143d1235d3fcb87c3dc5403e2b2a84917700a6ed645aa20c9578bb4d0573fc61e13a7ba453921eea764014fd9d159061099fcf828f0e21af51ccf2b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 316a5211f8d2691ce6d55714c676d86c
SHA1 ade60a3d9d6c0d54ffd88f9e3c0d65120405bc99
SHA256 e46a7050884624ef8a75b0e9a7ab4fff5772c76bd74507c17747ccfe91386b82
SHA512 bc0dbe91d79cf11957a4c95ac111459b7aa807a9bd17827f7f65472d8206d69a3e5a807751733f34715c0b9e55a6e99354fd45665a84eaa7c426820ac4d56e0e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\7KWMUN66\www.youtube[1].xml

MD5 664a9dc6db79f8ab3a2159e37c12f62a
SHA1 1696ca8a5a1906446aa15501c00062a114038e32
SHA256 a2301be1f706897715feb08ceb333333dbeb58b95b1c5644dadbb45a48a920f2
SHA512 eaf26547bbcc0f6e60035891838d0a3ccd3c7331a1ebb9b41aa6b3faa6b2da230bd74b089c02de8e8bddf82e8700b7cdb0ab67ebe01f5f68318e49a58e3d8fba

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\6RHOVMZN\awb[1].xml

MD5 6e2a9a63c4b34482e1c5aeca0dec855c
SHA1 9796109fc27c273cad32857806fcf9ca4a00453c
SHA256 d8803344ef1b1d8abbdf8894439a6a3ded2998e7619baeaa905cb21dca33daf3
SHA512 b186185573636cd9cf16b34fef242602a540e912d902ab1373cb24350ff2214130148526a9423d4d5da20e3ee8b766c82f84cf347bf5bace2c5c2619f9e7c42a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6db45d8f18dfef82482662006a467732
SHA1 f12e3b2c199521bc99ae2e2fbc2d4270344027ed
SHA256 57fd67ed24ed4947f2ed0f2eb5befa19cb622c1035b1aef2eedb72ffac4fb1e7
SHA512 30c4ad3c5b094eda9d14b830516546601feacd5d2fcb13d48a624b0049de174b1a0065c34964a2bcbf7c0893b169d9c73fe3cedeb58e09da31413d41477377cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 569319503eac0888fe30817cbe6d9123
SHA1 289d1812a6d257dc5f0f82b3370a5c37040de219
SHA256 2f0663d25fb414801d3132afb35f3fa539939f8d0af44dc89ca116014a726fb4
SHA512 95406166293843c247ac05aff79059a6f8f2d74640532bdaca1a1389ebfc1dae8e1808e3d5727d0fd3cccf7c1a5eaa218c2dffef4737ee467a7ff2ac158e6bbf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 289ef9b2b73dc6d78f9fbcb64387ffd9
SHA1 cb324a07782e88234735426262923b612398134f
SHA256 516ed80de279cbd8b9fb337db66a7d53ecb32709b617d8b6782baf994bd8bb33
SHA512 71304b397c049df79116caed9e82fcf4bed0475b98b9eedcf9e5e321f90d6314a7cb065c066dc37963d734f61b332eb79384fedc3ece2080628920d97e38958a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 21b3d109271d808888ac4baffca2b9bd
SHA1 3e405beda61faa3c01620e51db7bbc80fc12a85a
SHA256 f5a271655d8d4bb344093bd4560369dcead2a7eab49ff75db1c4350fc9f45489
SHA512 ee955b64f9ababb6318deb85f8683353a0942c6975556c4f45015f5eb9a2cfd5c0f0516fceecdcab638beb4ece543fca6bb8ece960d84392258ddd31199116b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 78dd18883c5df5522ba505ab2512c100
SHA1 82199501106ab911f18e10ac79798bd3bb886cf6
SHA256 64166cb6b34d6f3b74f11eca262ce1b42a2ecc74f6090d6034b5627a26aad0b7
SHA512 a2a2576a30bcab83a5c5dd9299b9639e1a3ab9e702bac7398f9853f68480677af2bc66e8953503d08a95222e1e6704a167f46cdf701ee83b5c60917638b2c246

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b112716e4a7dcc2cd21d83d3587ffdc
SHA1 cd49fe3900d6499f44d0fb338ca5c8e4f3b8070b
SHA256 d8bb36abf0028a84e561bbc68f14efdeca2977224b3aa4213ea2a94d7c54ec24
SHA512 2fb664d8621906143d4af31de08f53731fda321694b0ef4d8d3e9f27efb6db2a12b46d69934f45cc61eac6467904bb317ba9c627ab5359fa0b524e441f01fe27

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 6881a14acecbc93159896a57d2050127
SHA1 4be36af42073f062963de76e300d052f68feb989
SHA256 67e660c9f4efa7152573e84976996fd9873237a4a4c23661a93bb2f85747ea17
SHA512 3d6e0994f36eb35062f8e662f5a01be6b6bf662215532aa43012708314cd368b55693a374307a287083f7f10cffac730a24276eefaf19104b91c11fbd00d53e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b7b6210da1e65cad32c2720b80e83765
SHA1 f971243eddf99aec7fda4d9b0a36f97809bf9f9c
SHA256 5273fb6f558a84136207474c2a071c05f505da07a127a17d51c8407b6f3ca704
SHA512 7a01503d6358ac6917d8a17f0dfec2f2183c31b8a4132e78946ad9316324b86635519335105fa49d26149618e4d48a78637a93054528c9e6c9054a9b19e5ce0f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c9d5a15408d2e1a205c8eb9f880b5fa8
SHA1 b10c8dce099bec27660d436e21bb462e1dbdf12d
SHA256 6d1b7e874395e58cf49c885f404454ec1801a477ef5bef5cf4db2924d41a750c
SHA512 dc16acb8dec6fc10973ad92028dd0d2d182e6ce12ec3cc5d08006d4295cd3914c152c90ead4ded37a0a2f61ca1c5d8c3c333b25c83d2f35f859c7591a1dc7812

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c3e3f83c3ce301d4dba0c33f15611ab6
SHA1 ae71b2f83dd2b8d6dfd311fceec9eb6eef36f51a
SHA256 00f4e20abf72a3374bca9d3a6381a89034dfe9dbe95c38a0049f721ce1457d66
SHA512 e1588cf3f25d262ef836b8c155971d16ad994c6e29113eaea4e0ad6e8ab48a178c4b2500afac5a785d5b4ffb42f282c1fb5baf5431b43f358c28d177584c6df4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c7fc1b8c3e6907845f159857b11d4708
SHA1 3496706ba271684c683bb9508fc537a84a4db9a5
SHA256 ce110983ba08912241b2216b1fba3f14096d98644ad2350bb176b706f100e116
SHA512 c54e60b5e8132a8891d577960ef909d9227916fdac44202f71e82b03d6ecf07f73a7d28d556732c9a0c7fc484eb1bb5bb737c318209a70df72450677aa18a3bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 22ceae802801f38911200512e7f70ac7
SHA1 0c23574e99e71d2adda7304d24628650591624dc
SHA256 5101286aae16a1c5a223f482f004ff339e4f07b407c628adb87a8cd83946e0a8
SHA512 dc0faff2df5adadd3224ff85fff2428455b25176dc398b843bf9564971c511caf9b80ddf7513b091f0851865cc23a332caea3746348c5075cf870ab0fd72ed87

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 45b810c2177fac62c1247b162b479f18
SHA1 9df1748a4547130a6bca151b4e2c8b2b4e3b8ed8
SHA256 7ee582cbcb67be325b947ac306434d3c9a15bee6667d48a16cfa88317f4625ae
SHA512 dc67c84984d2d14fb75a4965d54d6edee12690d7c6436c0bce3eccb3c2ffef92e72c71918c2b5cbc0f8126beca2df61fa0e1eb70f6669927869d4fc86c77e49a