Analysis Overview
SHA256
679ecd2064eb0ed693a0021ddce92f2cebdcabb3e4a53abef6dc4eebfde3736d
Threat Level: No (potentially) malicious behavior was detected
The file 8b5b21be1362a377d7c5591bd43b5d65_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-01 18:25
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-01 18:25
Reported
2024-06-01 18:28
Platform
win7-20240221-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "407" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "16079" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6427" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "325" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3403" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "410" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6509" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "325" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "325" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8955" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3485" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10061" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8949" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6427" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{64E73651-2044-11EF-9F86-7EEA931DE775} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6509" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8949" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9697" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a1f7279edade6d4c981d85a78514faf100000000020000000000106600000001000020000000bb852617a480025f4cf9d5245fb3ec151e971402398e1f2f0654798aa8f98893000000000e80000000020000200000009c133b7d3c244de3487178d961b4068eb18bd246762c99f09d45341c758147d490000000815ddfabe072348583e40ce03d90992f21f9194a2342529086a2254084e7da9f95eecd8c0964caaee7d5ff9a9cb3b3d6ae70ede475a2248cb0cf9a2a01206025e46df417566fed5cc246ce9adef954a73b943607c1c2a9fa84285b4c1dc6fa8bf2fb77af7783427a6436b747260028ff68e7d69af2894b94bc2c2ad20b17c1b54f9e8ff8c5acd73eb802d269295ca87140000000a8d9ed95fb1be80741fcb0932d0cff596253aee93509daa7cfa120631e3df7d1fff880415faef17fbf02520064a5a169b312da546e1797edac1dedaded81eb43 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "16079" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10061" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8955" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "3403" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8955" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "3485" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "233" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "407" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "3403" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "410" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2168 wrote to memory of 3068 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2168 wrote to memory of 3068 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2168 wrote to memory of 3068 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2168 wrote to memory of 3068 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8b5b21be1362a377d7c5591bd43b5d65_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2168 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.konthaiusa.com | udp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 142.250.187.238:80 | www.youtube.com | tcp |
| GB | 142.250.187.238:80 | www.youtube.com | tcp |
| GB | 142.250.187.238:80 | www.youtube.com | tcp |
| GB | 142.250.187.238:80 | www.youtube.com | tcp |
| GB | 142.250.187.238:80 | www.youtube.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 142.250.187.238:443 | www.youtube.com | tcp |
| GB | 142.250.187.238:443 | www.youtube.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 142.250.187.238:443 | www.youtube.com | tcp |
| GB | 142.250.187.238:443 | www.youtube.com | tcp |
| GB | 142.250.187.238:443 | www.youtube.com | tcp |
| GB | 142.250.187.238:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 172.217.169.22:443 | i.ytimg.com | tcp |
| GB | 172.217.169.22:443 | i.ytimg.com | tcp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | fe0.google.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 367be39f0f0bd10ee528276085ebdf48 |
| SHA1 | bd2d8f3b91e3d0e5dcca4c0734f27ca4b0f257ce |
| SHA256 | 6568d4a4c638ae3fec4d5bef16d7f5378195466005a7d7de3667b501878e566c |
| SHA512 | 1e33cbeabbf89c1d5f5320be70459a27b2b4fdbbb4e5bd8fdcd4f4dea5b5b7761e49ca4cc72dd0a33423e4ce15353495eeef01472c7cb005c9d9dd4ea9d4a606 |
C:\Users\Admin\AppData\Local\Temp\Tar3183.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e72742edce812020eb6bbe72d46a370 |
| SHA1 | 58e118037eb00f77b4ab976938c1d084a4a53253 |
| SHA256 | a8520e7b3ddf9d2f0930cf986fbe0fc60f6995e4ef4ae5730de8920b90167595 |
| SHA512 | 33aeed3c659a0aea824bb6eb281c2144864881b23a1369936d443c8740b84f61c2e37df6ba6e2303dd0c4531b0c060658740f13a0739b5f079e106be1a58b55f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_DBD1FAADD656881B5EBDBC1DB3D60301
| MD5 | 9e69d6f92027bd379f7a9d0e196e0d07 |
| SHA1 | d8d27b21cd87326b10c390f90575830697655e76 |
| SHA256 | 8dfd868db1060adeabc40573ce48eb9265a830955cf74a234c911d215a099132 |
| SHA512 | c92bc98245cdd106ca01c546a333ed14bb0d7a2d8d776ee4885423d55530281dc2b3e19bb334310169afaf3cc10921f909c9af6250aab87065e1908421c462ba |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\www-embed-player[1].js
| MD5 | d2056f8d081fbfffcab81d61ea45b151 |
| SHA1 | 710243082f40626f64943ad3b656400f444d7130 |
| SHA256 | 49fa9b168cc8bbc037cf4498e31c355509e9b438b0d19fcf750b1c5fbd1efcaa |
| SHA512 | 530ca2c291c44d3d2b5869b0ae661ac047748a5cab50de280a2c8dbd26b52cdd71a906b3730e8a849debece542eb919462a8407ef2410acf28c57d2b6068cc14 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\base[1].js
| MD5 | 9178a954abcce420219864651c7787b2 |
| SHA1 | f874d3e998441ba6439cfd7e89514facde08cff4 |
| SHA256 | 40cc1692dd4d8e1c8ed29593ee222240494b872b734c0e31da4628014da7346d |
| SHA512 | 927bf88499cdd64ce32f3780a0cfa88b14fdfbeac6a237454dcc43ee5d56b04754a40dbcba402519637ba1a3b0f948a597260a74ddb0b316698a41559d8e1cd3 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_434205A76CE72E9356C6165EEA1227C2
| MD5 | 70ba25abde2bb3d00c945792c2a2cd13 |
| SHA1 | 0cc3695e5f835ee2d6f1a6dee387bb3cd2986bc0 |
| SHA256 | 543a20bae815d57d1f312a78a546522564e0ee5a0b1f35a25241c1f02e27a60c |
| SHA512 | 7bb0d296a12a6b5b8f4c21c8d2a00d37325079b7efc23ae70faf510e65c6d3eb8a8f3d0e6babdde3f6c1ef6cba6f2ee6c4cf6137a21becb749855fec43c0d55f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_434205A76CE72E9356C6165EEA1227C2
| MD5 | ae29264db2a46f4791d226f21213efaf |
| SHA1 | bcea3263efc011fd15a05ae9f8e8479f944f9bb3 |
| SHA256 | 090da2e999beed63a79336f73e3b7d2ab248a95a67394b769779fc1c8d7ec9c5 |
| SHA512 | 1092ec1be56b661d2cd92f7aac2efd4189eeb0e64f6d3e4c3376cea99fe69d999ba65398dcd290b410c2494ae64a3d3b11f9c9843a850b5d646e57949b4d156a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_434205A76CE72E9356C6165EEA1227C2
| MD5 | 2073a5141a7e550e98e74ef2ec4a0736 |
| SHA1 | 011da88cc2a957b70e21a95a5a282baa669001c7 |
| SHA256 | 4a21353792900b21bc661e2b430726061456845b38ba6b14024e18a9d10f92e9 |
| SHA512 | 7319dd66465caefcda81199829ba23b2441d3c41db9d636563637d48b9ed5f9eeae8606612c89e1524058a078a4b4b5822852d37161d078bbe2baa7ca88cf349 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml
| MD5 | cc02e21e2ea18d4ecfe934423c05a276 |
| SHA1 | 95a80db283d314a9f1db7614824f9963f11344e5 |
| SHA256 | ce0a88e633fb460e0cea4f96b74bdb3a77694036166f179cf93e24a375dc1ab3 |
| SHA512 | a5c6a25bb199a38e138d42a1e063e440746bad77b443b2525b169d36de1f49f0701239cf197b03ff9b1039c04f05ea8c3b1487c8d0e7f5494b6ec159e1f5fda8 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml
| MD5 | 8cc11d1923b7dabc075980a78f57040c |
| SHA1 | e3498ad59e4ef72ad9ebc20335893f4a7f5d102c |
| SHA256 | ddf22676cb68169cad1dbfe767e6afc9a2dc1e8f7c788c21787ca42ec11811c6 |
| SHA512 | 7cb5b4f975aeb2b3d42234eb8c4d58dd69f2ef4600dae639394f78c367a472eaf9b21c5d2df413995fcb28f4de4a5ddec5f22357e8e986e5679b12a9c97e8e9c |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml
| MD5 | 96682a5a02173a8fdbfae04de706fd45 |
| SHA1 | 42cf297d3d7922d94bb5ebb23d15e2a4f5cfefe3 |
| SHA256 | 31699323fdbb83f89df94e1d68c7cc9f979023ca7a03d6cc4c9d7d13d7b990dd |
| SHA512 | e44f051a2ff3a470bc04ad5d022dc761b1112c7619ed49d465ab4ce04789a1b65897bb73f143ac74e221ab3db6bdaad3842ae6cbccf5eab701bbf7ebaeb03998 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml
| MD5 | 03159f6995d8e4070214a8a4cb9bb4bd |
| SHA1 | befdd5346ca24e030eeb4ae9e9b7cb3e2510f2e8 |
| SHA256 | 9db09d48aca0d31c2038d672ffad70d36e82060d6e3b21aff79cd9275ef79740 |
| SHA512 | c1aad807ad7d0007fc32808b53940d9398f384b54bb284ebdca5437da225847d7941bac4d5b48762099f4e424e82e0b8335fdc254ac85140fdd5e4b986ebd7e1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\embed[1].js
| MD5 | 322e970509e24ab233b6c326a9339623 |
| SHA1 | 10e2ea809ae638d5f32385d05c569922ab19bc17 |
| SHA256 | 99cbd012a57f19a3fc1b412866ba13d6b9de2a5bb22449dcbf14ec0a88937000 |
| SHA512 | 8f8bdc9418feed04e6fc7415e9e57f0934a6b136b1a763e0e39f67efa47e004a8c3385105a1c1dd9fa48ada83ac5a2a93940f20a99d6d16722ae903c93d9817c |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml
| MD5 | d172187bbd799e214f2cbb974dfa81d2 |
| SHA1 | 9860f787cd86688f2ff4292b6150965c7f870468 |
| SHA256 | 99fd345a973a3280248c43cfe6d2e778155e7338112ef714f86b733af1d40602 |
| SHA512 | 72de4c7f3c875bd87b80840b2b0b1345c293df2be64ed99fb1e6551229a574e84980679d2dcb3ceeec8526eeb56aad0d6f10ecffd270b228da2e085783d322ba |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\ad_status[1].js
| MD5 | 1fa71744db23d0f8df9cce6719defcb7 |
| SHA1 | e4be9b7136697942a036f97cf26ebaf703ad2067 |
| SHA256 | eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9 |
| SHA512 | 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff
| MD5 | de8b7431b74642e830af4d4f4b513ec9 |
| SHA1 | f549f1fe8a0b86ef3fbdcb8d508440aff84c385c |
| SHA256 | 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a |
| SHA512 | 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\KFOmCnqEu92Fr1Mu4mxM[1].woff
| MD5 | bafb105baeb22d965c70fe52ba6b49d9 |
| SHA1 | 934014cc9bbe5883542be756b3146c05844b254f |
| SHA256 | 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed |
| SHA512 | 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml
| MD5 | 41ed9d410fd88fbcf40a0b04d83e41f9 |
| SHA1 | 0fb6d58e497bf22a92db6b7e59debdedb082e111 |
| SHA256 | 5cf1556e0be8c1da6456f2d918a5095f768fbf2cd15003869b652f02cc19dd4c |
| SHA512 | 3d3c58e7623266cd883fdd1970948e9109ae98dce908f638bf9b1d14cd4b5a184c48fb1f994b38a15a0ae1a0359d90f10865ebb3cfd5884fc6b16eb79d3bb9ca |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml
| MD5 | 5147e60225b74d598d10ff7220833582 |
| SHA1 | dc4f9309e0a2717d94b9ede4d0ff67d35827a927 |
| SHA256 | c826769ea567387c90f1059fae5e338bfd96484cd2bf81550cab23bb6e1eca00 |
| SHA512 | 42eb39cb29bfca852b7908aa7b0a90aae61bdece44bf0dc402fb18e11bdc1410c09fb812e0d54b3c38e5e1ccc19332b0872f5f205e05bc7c6d30ec8c18c89215 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml
| MD5 | 9c070e93a40b3ebbddc0372d9ffe25bf |
| SHA1 | ff5abff6c9d5224440f2801894c6122db053d57c |
| SHA256 | 058c94e719341216f6a3cbb1a2efceafe8d78e848c2017dcad327951631e7355 |
| SHA512 | 2a4f11b51d582de92cca2fc41661aef4b59ca311a56029dedb78b89bae84e56d9d47956d60056dabd8894f3cc30a1a79bf1f31f8e1960e5eb5bf0747310f5f1c |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml
| MD5 | 497ce22bc05f22481ef4a343c092ccd0 |
| SHA1 | 21e9a1cb3d4698b11f883d04f56c58f3ea2d86a7 |
| SHA256 | 8516263492bb5b16f9e112692a633e20de5931471a7880185f315312fa3c21fc |
| SHA512 | 978ef2979938d952cb535e76c75342838ddb30dd2d553468197a55652f3bfd48fd53eb06d6fd491b697ee6fb2c5ee8129f089d815b2ef65a857ec6b0375f52bc |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml
| MD5 | 46cc99a3b3bf48c4bd227ce034afed10 |
| SHA1 | 528f7cb555dabf7cf1a7b277f7b2fe37fc8820ea |
| SHA256 | f1480c3f9d3a3cb68f4ea1ca34099437c3aeee83ffa0b878f1c369b2f5d429de |
| SHA512 | 3b38176b8dadab8194e40a5308c052d0c5fdb71806afb733de173ade4fbe77d65e6996c8ccfb01180bc5f1fae7f071b89f3cdbc577dc02694aa9ad5251b305c1 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml
| MD5 | cb25e9f40da9a70a7291e67e6c8c2653 |
| SHA1 | 0e6f166b9d1cf80a83e2ad99c1badffe74a5a648 |
| SHA256 | 7b1ca9eb077d747ac906198fe6f9cc79744e6e8b86a716a07c7b5082179f4735 |
| SHA512 | 12b3aae8d65fb40259be0fb1e1dd4ba51d30fb649303257313454fa6cf96e98074d92c623246aa0b0db6fc45775efdb8cb46a8a30cff2c25bd0fbb7e32d75fce |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml
| MD5 | d28add882496835f80992c3f2cfce375 |
| SHA1 | 9c4d3afed75d7d530da92bf0e4f16b4b394c6103 |
| SHA256 | 7c36c9dac930b020c4e0c09ce817a7fffe8fe8face4eeb26cfc1b0ae7ef84f99 |
| SHA512 | 3f6f0c83daec659e67b77857046bcac6006575671ba60cabdf4f75e77eb22dbf1d597f20fd129da4813e180943e6d0ea3b15170899faff06281a6caa579ee6b8 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml
| MD5 | 0a86c5232323c0e26ddc4f14e6bcac22 |
| SHA1 | 5269bb8f5b87e26939b55425e189bd9020eb1b8f |
| SHA256 | 05d56db0e07b39b7d966f162dca5c8415a036d6e67b89d05e889a1c4be0d9762 |
| SHA512 | e96092807606ab669be22928cddb619e8b8d5f1bbb6a617deeb7a8f9591aeb4a9e6d5d8935120948c4751462e16206fb6d4d11e1e95ce896f8ac5d65efef3fd3 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml
| MD5 | fa56fd80dd9455aefb78869f8ed24df4 |
| SHA1 | f49fd07c25d09701674372b30a3824a5741736dd |
| SHA256 | b1068748b77463b24ccb1d34d05cc84d6d1bc3a175a593d9341a8c8350750e81 |
| SHA512 | 9b9c213e6ad765f99c5e5276da5f7fec228468db4b39d7f632acb1baddc4a649736e20484de0d3cb68ca54fb59dbc060589989f4fc775a0495a8485b3431950c |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml
| MD5 | 8a60b73e663bdd4ec609ae9068e8721c |
| SHA1 | d222c2b3e89ac1acaf544bbaae0a2d01c2dd3a55 |
| SHA256 | d8e8b27d3bd3933da4a72d415aec2263a47ac40f4104c71d682a810131fc00ba |
| SHA512 | 05988cf383de16d33055d87b827b6882a66d9e2d867dead3d0166804d4d2b07523afe4cbe1f421ce750011f524198d33fdeb35872b893ab2e31044b7eaec89bd |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml
| MD5 | f78b4b8457375332c16a925b7410fcc4 |
| SHA1 | d31390f325d911dfa34b711c4958950c598089fc |
| SHA256 | e5bead3264f1a559e3bf20e92c9fb08b99353482d597699f7f8e6229bfa28ebc |
| SHA512 | 9bd81e61d2c5caad6bc125c2c6bdf5ae1091b7f7e4380cdf3cc81161afd976e499d3f98d55ea09d05c4c609d1be098c03d8f738349dd1b17edcdcb6fbb2101f9 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml
| MD5 | 9030a3c1519757a6688519eee03f0fd8 |
| SHA1 | cd42d18784361e6c5261e94efa9df4c68360d059 |
| SHA256 | bb439e8cdc9091352f71a8f7070eeee9487b478d26f3b8e97c70e5843efd3a7f |
| SHA512 | 2002a6f1bc59abb9974a1f61e7d4f7662871e323804c15400466267ecd2e163f57b51e12483376f1e8bc4c1230109511ade66ed0f4616723a3a34542bfcbda42 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml
| MD5 | f96d33870d50427087a3e67602cadcc7 |
| SHA1 | 368c5b288bff2c7c3bf646789019b3197b1dbe3f |
| SHA256 | 077a5180658601a314579a71c1763138a848b67c92ff0d4a1f12fd6a21cff491 |
| SHA512 | f58c5a2ab43a2113e486fddc5279c02d028c7072d9a2007a630adb6d00685cdc7442303cbcca65307b897d40719aef38bacd173e70f8d898240b98cc689ae507 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml
| MD5 | ad66c48ed9aa44f52b8a299435f26d1d |
| SHA1 | f7418b1bba54837c327a760da43a9bf54cb663bc |
| SHA256 | faeae2bcdfe326b03fb05350161742b860f116d51dbd1d41fb4e993d8c4c52f1 |
| SHA512 | b3fcb116529b2e4bab9c3edd2051ab6fe7a342864ceb4346efc087ac4859fd2e213f1b52a7a6ce83a088e8fb226aeb620f5e056763abb47618510f327d8de84b |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml
| MD5 | 67dbc35aed71d345156ca60084eb3e8f |
| SHA1 | 02ad7f389d258be495c5937e01b0f1d638511eae |
| SHA256 | 37d1d6807e34ce11af1228357968ebc7aa47df049fe5930e98898412471a18a8 |
| SHA512 | 3f544b859730c1e8411b0c9ffee8f0a1f840e9dfa670ad40bf757d6cd14b7cc24876b920cca9394eac6eed98578cbbf15f69c5eade576fd23f535b8999d285c5 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml
| MD5 | 1be632b92046feb7c5b939ebd1b476ee |
| SHA1 | 3eec8675d77649a64cd24cc6f1d1d9114a2a6a32 |
| SHA256 | bb3613d35798b8a940c5b0907bf066ed072b8fd9b614a0a5562c58328bc806f9 |
| SHA512 | f74bfee4c178d797b7cee03d7c08b3cc1fe4f0b7c4e705b050a18edd97c94aba22d694efa69279aba97161d17a7bc4c48e349703dc0732636fca06e5a378d5c3 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml
| MD5 | d02c8284c49512d4bb2db1ad30aa4ae8 |
| SHA1 | 6e2e1bda5cec11aa8c9dd8d2596f383b2d313278 |
| SHA256 | a6a0331b3972e05d25a645fa5692ac50144f27cbbe5c406cf778a5594cb78c46 |
| SHA512 | 8e9a4ae837e20bf525f9fa6fe7dc9ba8bd9ffa31de2931a2edac00a59f0f911b3b5acc5bf3b52b720c87f3c1c985f801c64866c496e9a45a281816b330e234d9 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEMJ3IO2\www.youtube[1].xml
| MD5 | 2b78a499cd698c625060d5622205e3b3 |
| SHA1 | 1f30fab433b87bca4a28e180f2e39376f9d6aa70 |
| SHA256 | 974c8af8697d5b0914da115895b9dec55848368a5e1e92a574fe6d9b8ad22244 |
| SHA512 | a07bc481c991572270620bc998e0ffbd391d903255acc40808e764b001daabb763fbb96812643ae11c26f8d5e80bb0fd8a430c53d2838d1e64d9e956897cf159 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa2af1a8ead04043e54e2211d0b1d5ce |
| SHA1 | b1414762c3000574d65c52122edc52149f20ae27 |
| SHA256 | 44d4966673d3934e64be224b65f8d7d0c4e50bafd54b0f498975665b842ae4f0 |
| SHA512 | e81faa1fec080c9d1f8f10e3d537f3514c6b7ce10fd5968fc82ded217005ad009a3ef6edf15209db950a92eefac7d35e9d8962f1b76152df9c22fce4f64165e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 934260db62d1bb0d71d6b354ff515ec0 |
| SHA1 | 88863fb3b0ba190d759bd3a88c26cd372432c3de |
| SHA256 | e69dc28b3ce597064b44a100451868f124846549fac99e7284697ff637d9de9d |
| SHA512 | 7d9f62b81def77e06caa8dcb7990d28e9fbffc8cb691a35fe1a807157289fc0a54b518a28ade2991f2627a3552ae57ecb2549c8f91da27eda4424d77bae21fb9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e8b3894f0d44e226f4c01bbf9c7602fb |
| SHA1 | 1b1aa2389ec7617750a3d1dd30006e9ca47155c0 |
| SHA256 | 7cf46e166e57d35ac816993149bc36bedbb3f6dbc9b3695ad2b38b9d5f6870d4 |
| SHA512 | d8f9153a669b3a7e063021e01af4069683fe5aada4f4f343ad2c3258e4914b62ab980cf1c6106d63befd6992f1f43d21d63c53657590251bd29abcca40fd759b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc7c2810da09f6013761eae945bcbc37 |
| SHA1 | 1c2add223ef2f84545c8f83a2a2d03b0ecd3f8ae |
| SHA256 | 578d44a94a5a43de728bd8621beedf8f97d9d58d89230491b30611e398405aa6 |
| SHA512 | 87b58da309d098d223a9a82b8934eaf4e5318fb8a5949076c9eb7dfd7d9034b80547750f93aa87797e4ffde7b0e4911a9662e88ac78c594dd8162a9af3bf8757 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2d20233440ff28483f169d54da9d628 |
| SHA1 | 595e524e2b1d8218426c84fe019bd22c92adcd00 |
| SHA256 | b6ccc77c7ebea5bacd5b913746706994e26a17c8ee5b6079e81bbc26a9ee84a3 |
| SHA512 | 5647fc09c6ae89f7e33df6ee64c69426bff3c9903edb5f3cabae6e8da8f5f7a9b9095dbb38ec0e08cd07ad9f2f4b6c4d676d11343546fb7295ccdef016c17024 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5903ac95447508317b9490c9d0726dc6 |
| SHA1 | d6ce74926f05121ef7e9c7d7c387515cb7dbc0c4 |
| SHA256 | dc29ef8c87735367544f00ddf6b18ba316f9203732850bf3d60167ec7b8f6cb6 |
| SHA512 | 9b5931d208d5282c064817169e4598a920ac23a7869131755e8f13244e68d08fc6c5888b9d9ff83ba14f464723e571ef6204656e6d1a0907e6f56c4eb8896e6a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b3ab0a44c9e24ba66cb3ecff63f514d9 |
| SHA1 | 489a7bf89b1852ef3dc4e8bcb27091e9585f0f52 |
| SHA256 | 4c26d61013d63935b1305c828d552bca52067e2a81d13959b6f71a449dd349c9 |
| SHA512 | 6a83987d57cf478665c1856e132fdd33532452cf10e58e20af879af78830780e0003c61f81b1c0226286567fb32c5d6e3a969a80e89af3dc2efbf2f992c0d7b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 61d4a57af9ecee796d75a2b01f1eca40 |
| SHA1 | fd880ff50195e6be882a9779b3949608df9e7cf9 |
| SHA256 | a753dfd8bab116366f8cbe25860018f0e2d6b23ac05f49d445059cbbf5477532 |
| SHA512 | f001f8800c0129e6ec95bfe599949fc2e3c951876072c3b098e391f6dba3dcca3fbb7f1d4df33a863a9a4ec2c86219f93e4de652fdb24f15dfc54dcebbea715c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a2020eedc175c1507a40dbd4654df6dd |
| SHA1 | 882ccf4dd90608a60271665f03cc3d7e0f3b36c3 |
| SHA256 | ecb96d68d83552546e3fef439e1e42f310620367a7f349817582312fa99591ea |
| SHA512 | 1d1f81ee6d57737244180532115c28dc082bbaf605b3821ac42433f0936fc5ca07740a8841b58c397f3a3ae16a4f66f65a6dee615a9a6f0bf30310b8265255c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98a860e633e3c679078d63ad70358e99 |
| SHA1 | 5841bd606cb7f9a19032b52e1f8de1ea5a92bfcc |
| SHA256 | 18067771e2491ecf32afc4cf19ddf1fb3d9ee212ea1c4c2dd7d2e6f7a0e850bd |
| SHA512 | a7425ec669c6bbd9c0f275b6e6c555c3ef7aedd64149f06b1d8b47d17082e89502a06ad543a0e77223bcc76666aca1b3ad968cebd013f3e7329840bda226ec0b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf3fce5c92ea5019eaad4241a30c114c |
| SHA1 | 67eaed35fac25d60be5740d8efd57e58fccd31e3 |
| SHA256 | 9da14a3eb89b810539e613ef6802492996b87ade10fac1c4da279e09f484a249 |
| SHA512 | 27931b75eaf497bdeeb9447d88f92f0c2b1a0158e3bd3740833cd1c852abc24d7cd9505ed7b65831bb92bf026e4480355c6c18231fabff192ee6b238a4d22402 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | abaaec207c4b6be8b1918069be5ba943 |
| SHA1 | e4786f1afadf64ecff5d25967534954010940625 |
| SHA256 | 1119b46167a66a459bfce2f0d89610b0ebe4d350d7209b6b7edffd77d7b9fbed |
| SHA512 | e0708218ffce220d02a5e67dfa42645dea78c85c5a4c46f389bd02311deac436f697b6178945a7ffd06498652434be3c93f7bac88fa7e86a3825e940e5a66b5e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 63961b9a4bd32535bfcdb7222f0f5b0f |
| SHA1 | 388510d01225c9d8d741cfb794148fbf872cb8e7 |
| SHA256 | 3ccc1a96637d3dd9e97dc22640f079012ddea9fedcb769b9d3d89d3a0aaab91e |
| SHA512 | 650c3fc0f68ba06c6c933fc490b8e7fb8fe3101440af19e312f84cfea17977f8cd349dcfc2057c2135489ce2127369ab36ecf83341c52f2d551c7423f0435621 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e070bf0cdb0ed20ea3861635d65d06c4 |
| SHA1 | 000607bd9b6632c6ad86e84f3cd3c17cdb24abfc |
| SHA256 | afc6ea62ba90c020418e586794908840fe2ebe32da37776b5f69d934e7b6eead |
| SHA512 | 354baed7e4394951442e200072a07498ea4561b4f8baa0857fe9a76a297c1a448015ab0d996340326b89778f17ed80bce7ec20c153cefdde54972718010c7340 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 65bffe195b9b6c237fe56c91f73cd6e9 |
| SHA1 | ab3457b5e69a0d3f11a0b78a856ea92ef9d6f3ca |
| SHA256 | 5328934f38de1346d1cd0a502c8adec1cb4ec1cf1f174790fe9d505150e5315a |
| SHA512 | fd087272a37fd0886cb1480635f6fb1ce09114d97cbd7bb2f159b614a4655bc6479903ec73e0deabbee662733e261651b88378d42c59cf85a400a2742de42c03 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a9db1c67658bdd1e06fdb2862409e284 |
| SHA1 | 1b3f226cee025befe8b82073b1151fa3104907b2 |
| SHA256 | e59fb0bf7ace908f119b274a7ab65feb400b6d43017c42fdf4431e4c5e53737a |
| SHA512 | 7276f3f460d2b468b0ec1b774f93df63d635c431482e910429a70db9116e8900b5b83faf76fbfffcf7f9b598f42dc591c009468f98c139b76c467c91805a5954 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c82ae8512e450814b98d06de69fc530 |
| SHA1 | 8a370bb8a481862c1da6ab1680cfd73b5d416ab9 |
| SHA256 | b340fd308f0acb1d756eb8042051cd7ddc2f242998fe5cf3c8bad1bab74f7352 |
| SHA512 | 2e1038ee9f9aae60f13aaea5eda189bf894c5c4420dbbdadb51ed763682ddbbef82a7a3e12ce6381b627f2460e464510bfa719bb0c38f11faa8a0515d00e7db1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e7b8e8584a445d559bcc792656de5e68 |
| SHA1 | ac8f74a49763d63102efa0585798e0f9d3acf032 |
| SHA256 | 91063ddc9353b41cd5999fbe0c1b1bcea08bc5ee723fed72e8bdb3bb4c8c3295 |
| SHA512 | 7fff247846bfe4debb82efa65e5050e1ccd67c5197bd8dab5a174417a4fa4bfd0eb7b9d17fb0b7bf160d0c23d3d7a249ae700df3bb2eaba1a1d3e8b7f85feb9a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 312a5c4e4743c3a8dd1e5319629c9b99 |
| SHA1 | 66493dd19a727f1e2567129627c387de014a399c |
| SHA256 | fc77c514049875b55dece01ea90fd6afcb52160094641c935432da438714c29e |
| SHA512 | 6858647e0dcbc3992c2b9fab1202b05e7cd839188b8bd1f2448ab7e0b54c04ad63312cf30cd6dc861dc35a10c18c2a37c2c95b5b1371cdb4fa129f2afe87e62d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 73cd1771275feb2226e1c5a21ef061c5 |
| SHA1 | a3b3a73f72be8fa62097087b65796f2018655d20 |
| SHA256 | 5957042917133f4aacb49b95f9b11abdb330f9e8b93139b9d78f147467699f64 |
| SHA512 | 0b1c9dbea377dd74adadb539de0603bd28e629efa3bf0281dff13b5e44d4637074a0ff0bb63f6d5fcef9c6fa2a1b9b97c83c387b80d90c467608fd5d7f78110f |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-01 18:25
Reported
2024-06-01 18:28
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
149s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8b5b21be1362a377d7c5591bd43b5d65_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc2ac46f8,0x7ffdc2ac4708,0x7ffdc2ac4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,17626121625524553177,7708889394369773584,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,17626121625524553177,7708889394369773584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,17626121625524553177,7708889394369773584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,17626121625524553177,7708889394369773584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,17626121625524553177,7708889394369773584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,17626121625524553177,7708889394369773584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,17626121625524553177,7708889394369773584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,17626121625524553177,7708889394369773584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,17626121625524553177,7708889394369773584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,17626121625524553177,7708889394369773584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,17626121625524553177,7708889394369773584,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,17626121625524553177,7708889394369773584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3740 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,17626121625524553177,7708889394369773584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3740 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,17626121625524553177,7708889394369773584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,17626121625524553177,7708889394369773584,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,17626121625524553177,7708889394369773584,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5168 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.konthaiusa.com | udp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.187.238:80 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 142.250.187.238:443 | www.youtube.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 142.250.187.238:80 | www.youtube.com | tcp |
| GB | 142.250.187.238:80 | www.youtube.com | tcp |
| GB | 142.250.187.238:80 | www.youtube.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| GB | 142.250.187.238:443 | www.youtube.com | udp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 172.217.169.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.10:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.178.10:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.178.10:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.178.10:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.178.10:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 142.250.178.10:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_2492_MPUJKIDLWJSXWSFA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fe6f39515660b92a2631c2e570a156e9 |
| SHA1 | 065318a532ce0273fd6bfcae1315e62a42603c87 |
| SHA256 | c92a3e2ff1073540c06d9ed217da2278acaabe56a7e42a11c268d2cac6e96f6e |
| SHA512 | bdaf65b5f6b33ee18d940a9d006e66d529046e9493d92950c5dff784ad68ee05ad84c7e353b1ffaddcc4d4e246e46d437bb922243a0a934ebc53377cc747ab86 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 66231120afd943343a9e477511faa320 |
| SHA1 | 5cec0430c15e1bc17f4a28de5e4c991d14ed2932 |
| SHA256 | 4aba558e7b543dbf1bae57ad09067f14c5c44b6d449998e24adc954bd7fec47a |
| SHA512 | 68a13be629e5f7fd897f9c7af71214c21b626a49d664cb18951e83b7296ce66a920594178134dbe1f8b0467945856c934c5c2c087ceb9564890b18bb4106e02e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c4cb735b70461a5812d21a0ec4ca7ce9 |
| SHA1 | ed8a7e55b3c7dcd95017417b023ed9de7d2dd772 |
| SHA256 | 10464bc8091e0b7ce97c9cd740774825117416c3471a88ba81e9660a88e2d506 |
| SHA512 | 9b11eb377674db9cc920811d981a122173b81fd54548cc4d21fea378f38fd42ddbb3554393dbb66a3477b9e701c6149c8e5ec149b709da50ff4a406a191d4b80 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 87e26ce135cffcd0d0b07baac6067499 |
| SHA1 | 3315862c8b19afabdae7a4a62cceb0549af57898 |
| SHA256 | dbdf45fbc1905fcd9cd1f48ba90216540ca5516f8dbdd8aab5f27b2db9891028 |
| SHA512 | 5a431d8bbb9bf983688ba185d0a39690fe6d84c5e1a8b49f4afad2b19daaae304a79ed0c3fe9110e9c0d2ba8e133ba9773528a46aa313cafe372c0f3978ebb0a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 08feb96627e262ba9aa8eaa4efa7d7c9 |
| SHA1 | 71b7420d4a0894f0dd8809cdcf696f188be68cd9 |
| SHA256 | b0dbfeb4a01e7fd8e4944770ec6c88018a24fb71d63c3a7411c54507cabd4d43 |
| SHA512 | 0f1caa4cbd89d5c83a1a94019b42a865da7fb0ba09d3de58088c3b3106df805da46d904e9327cda8ddc418c7609e2f1c6c73cf4fd7ad036860ddd1705b15b311 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a0ad989cacbc492b4cc5ca59bcaf54d3 |
| SHA1 | 65f88a2f3815b97fe9851ac07de492ee45b01cf8 |
| SHA256 | 99beb3196ee4c0aec73da5735edaecadb9d708b535904471351df3fe59cb1d56 |
| SHA512 | e383ab1f139f5322dd62c54928b56bc68c0fb2c91bca253e02b6e6244660bb8084f7a9265e242bd670172525786cf5c6205fc9fe1fc22c25c6499f08d0798e77 |