Malware Analysis Report

2025-04-14 01:49

Sample ID 240602-2eh7jahd2v
Target 8fa7c4808894e4cf1d281b19c169bb96_JaffaCakes118
SHA256 37655dcb7b2451d791e7efaa8f775c040c6be1d92b3d7885aa7b730cc3626674
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

37655dcb7b2451d791e7efaa8f775c040c6be1d92b3d7885aa7b730cc3626674

Threat Level: No (potentially) malicious behavior was detected

The file 8fa7c4808894e4cf1d281b19c169bb96_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-02 22:29

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 22:29

Reported

2024-06-02 22:32

Platform

win7-20240508-en

Max time kernel

120s

Max time network

141s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8fa7c4808894e4cf1d281b19c169bb96_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "288" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "7921" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "18938" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8810" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8810" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8009" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000a40dd491207b74470ba05021e2c6c236a2e87c68533737a3452d417e03cff066000000000e800000000200002000000023854cfd116bb4c84773d866b425f36da9117350283ea70634819991e293cba5200000006cec0e206274d475818bba959a4c6934d04495a491ef5597c57a354bd9376e78400000006a6f6d3ed330dc998df249ed0dfb4ae427cca65c854c0cf18eb38ed9103c51c7ff04924fc95bcf8fc11104af8eebcd75acff10e07327ce5195684a9c2226cf2e C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10294" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "7921" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10267" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10267" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8003" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8003" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8009" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10327" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "18944" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 307e65963cb5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "18944" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "16721" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10327" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "16721" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10409" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8999" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10294" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000001719e55cc169fc8e9046ae14d95e454ff16da986e808d6f20ac4db50bdf6511a000000000e8000000002000020000000198c54b36f6abad2a5e7b82d13b0677aeadc742dd5751a3adbb047db9d9badc090000000ef94af580c47b9406a512f3469ba125ebafbcb011521e2aceaf57653f3f3d2156bdee1ed86cca943707bc3f886516175fb887247ca37a40f9cbf844a30ee141d5a590c23475b502c494c90b766500a34a690a2e64ae7da0994449b6ff2128e4e2ea0feae2acaa2c2941cac4f2ec0248c345b5404ae0f68d40221478bd52c955541c43edbb11ed439bc07b0b9c1dd816f40000000c09f6b82accb7adc71e102214bc657568deee207bd53d72d33f5fe2fcaa375368825256e6e1f038b2f59072fa9b72176693394118f278dde098dcd290547dc06 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "18938" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8810" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8fa7c4808894e4cf1d281b19c169bb96_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1944 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 konthaiusa.com udp
US 8.8.8.8:53 www.konthaiusa.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 172.217.169.46:80 www.youtube.com tcp
GB 172.217.169.46:80 www.youtube.com tcp
GB 157.240.214.35:80 www.facebook.com tcp
GB 157.240.214.35:80 www.facebook.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
GB 172.217.169.46:443 www.youtube.com tcp
GB 172.217.169.46:443 www.youtube.com tcp
GB 172.217.169.46:443 www.youtube.com tcp
GB 172.217.169.46:443 www.youtube.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.42:443 jnn-pa.googleapis.com tcp
GB 172.217.169.46:80 www.youtube.com tcp
GB 172.217.169.46:80 www.youtube.com tcp
GB 172.217.169.46:443 www.youtube.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 172.217.169.46:443 www.youtube.com tcp
GB 172.217.169.46:443 www.youtube.com tcp
GB 172.217.169.46:443 www.youtube.com tcp
GB 172.217.169.42:443 jnn-pa.googleapis.com tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 172.217.169.42:443 jnn-pa.googleapis.com tcp
GB 172.217.169.42:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.200.54:443 i.ytimg.com tcp
GB 142.250.200.54:443 i.ytimg.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 172.217.169.42:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 fe0.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar2A7.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y90N7XA8\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y90N7XA8\www.youtube[1].xml

MD5 feeeda74aed7062c4cf7e4e27144519e
SHA1 8b15d9e1d41e5c717285948c8b8dd2ec541d69d7
SHA256 41f75c6dce72ace462728df279f13574c026dbcb5e879e176b224976a6ec6177
SHA512 db621eadc0aef9d7728af19be7616acaf3457f3dca0bdb6b45215fac0f5e165faf74cb010e38f2d2a98955dc3cc53e1d62c9b918028dde589700bcfdd6c3d197

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MEFTDE7Q\www-player[1].css

MD5 6e076abc1095221e4e3e21dbd9d1db4f
SHA1 e908cc0f7829aea16b42d8fec6aad567c41f587d
SHA256 c7e69ec7e436426c5edb45bb5fdd943623f987ecfdb86413528b596e5b0888e9
SHA512 3ceb46ea8e5d5abca4a1a053f20b38ac6d6c9ee60594da54122f4ff09422495261dc9356d0ed0c240ba44324c37bde120a90655b2ea40556280df674ab44fe2a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MEFTDE7Q\www-embed-player[1].js

MD5 d2056f8d081fbfffcab81d61ea45b151
SHA1 710243082f40626f64943ad3b656400f444d7130
SHA256 49fa9b168cc8bbc037cf4498e31c355509e9b438b0d19fcf750b1c5fbd1efcaa
SHA512 530ca2c291c44d3d2b5869b0ae661ac047748a5cab50de280a2c8dbd26b52cdd71a906b3730e8a849debece542eb919462a8407ef2410acf28c57d2b6068cc14

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MEFTDE7Q\base[1].js

MD5 9178a954abcce420219864651c7787b2
SHA1 f874d3e998441ba6439cfd7e89514facde08cff4
SHA256 40cc1692dd4d8e1c8ed29593ee222240494b872b734c0e31da4628014da7346d
SHA512 927bf88499cdd64ce32f3780a0cfa88b14fdfbeac6a237454dcc43ee5d56b04754a40dbcba402519637ba1a3b0f948a597260a74ddb0b316698a41559d8e1cd3

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IO0LJX84\ad_status[1].js

MD5 1fa71744db23d0f8df9cce6719defcb7
SHA1 e4be9b7136697942a036f97cf26ebaf703ad2067
SHA256 eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
SHA512 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\52G8PVLC\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

MD5 de8b7431b74642e830af4d4f4b513ec9
SHA1 f549f1fe8a0b86ef3fbdcb8d508440aff84c385c
SHA256 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a
SHA512 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MEFTDE7Q\KFOmCnqEu92Fr1Mu4mxM[1].woff

MD5 bafb105baeb22d965c70fe52ba6b49d9
SHA1 934014cc9bbe5883542be756b3146c05844b254f
SHA256 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed
SHA512 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y90N7XA8\www.youtube[1].xml

MD5 21842823f9a8884d7856a7c2f20f4bf1
SHA1 4d07f98d311fb614ece8f88d2b620e6173c0366d
SHA256 ccd2532886e5aae7788fc7a790d43932b220711cda26e091b7e162d40805bab6
SHA512 bfddd32bde514c2b954d3196a4b65f7b1f27658ccc085a756efb95cd0e75ea340fd4e951017f3aa52f7c95aaac8ee8e8a8a38b2673e09e1b08f589a72b4a383a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MEFTDE7Q\embed[1].js

MD5 322e970509e24ab233b6c326a9339623
SHA1 10e2ea809ae638d5f32385d05c569922ab19bc17
SHA256 99cbd012a57f19a3fc1b412866ba13d6b9de2a5bb22449dcbf14ec0a88937000
SHA512 8f8bdc9418feed04e6fc7415e9e57f0934a6b136b1a763e0e39f67efa47e004a8c3385105a1c1dd9fa48ada83ac5a2a93940f20a99d6d16722ae903c93d9817c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y90N7XA8\www.youtube[1].xml

MD5 1ee8e2deffa89f688f4ab5f1c07302bd
SHA1 fc11f635bea3a65dc66c51c098aa43ef6cb0a6a8
SHA256 7df3e1c89b041c0e9bc45f5db57caf9e3bc0460c58193df24128618d69fa6519
SHA512 57c70da514c497b8adab0abf60a90a3e833da500bd4746256ab5b17b3c2e6219d4252e8020f5ec3468e97f335b1c57e2eb67c6e0ab835c985a6622f776a08850

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y90N7XA8\www.youtube[1].xml

MD5 bf22d76bdedc85f747dbdba2d9847bfc
SHA1 489a25511e6cf95206a1b19b5faacf75d9f419c0
SHA256 42152d50d020558cd02e36f10af3d71f058d849ed5d621f0fe4f079f93e0ef7a
SHA512 9a3e3371c6f4db8f26d796a25941fc2415d5e5d7e14fba8f04760d266185aa99f3cb415c3b5061895d1d437efa4d5772fba9dbd1843baba8850d34fcc3446e50

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y90N7XA8\www.youtube[1].xml

MD5 5175fc55b482b50565697ae24db683f7
SHA1 eff48cd316637fff498920b3e93c2c094ce0f72c
SHA256 702d7875a1f4c63595afcdd0a606af825793ce9975c5daa775c392e71f547eef
SHA512 ba2e0780a0fab06fb851d4a2a498a52318125a7788ebd7c0d944b500a31a9e7f21408762672ba5732378cd9de0e9cbff73cd240a3a23c2784e0b7eee4e123004

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y90N7XA8\www.youtube[1].xml

MD5 df0e3a621ca053b72201389345da3100
SHA1 a8be473368dc1d75559e4dca6de64d8fe4dbc10b
SHA256 68a59f6016ef4269eab0cc588d79f1636c3d28b8ba978dff431371e2b9474170
SHA512 ceddfb2171967764ead0345fd0d8aa5f48d05b12f3e759e6435c5b4f51135d60d419031e3c979c0ce7ab8630e22afabcd7b3c7e3aef2c83497c6a2a5a1d00090

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MEFTDE7Q\FuC5FHNNqx6hIMPHBLFutNLSO6Lu9zn3BZWWVNvRnX0[1].js

MD5 362511387771cc02e5d769462fbbd6cf
SHA1 70a77448643daa84347b0eb76ba64ab54a5648d8
SHA256 16e0b914734dab1ea120c3c704b16eb4d2d23ba2eef739f705959654dbd19d7d
SHA512 94874f96004e9bbce4b9c32c8941764a60e138614c348923869dc294601ff6c5026999660a3877708242df7f286c744ff7c6ab37c3e9f759d6fa95e52e29fa55

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y90N7XA8\www.youtube[1].xml

MD5 44749767f9d4755c5e414fe6ef243145
SHA1 6ff6ebad84b554c12a4636c62b402eef74b58fb2
SHA256 1569fb8dd5119f1e637e249b887ffc00af2c717cb087738111adbd92897d925d
SHA512 a53dd13d14dfa2febfb5e7ddf2efdbea5164e42e7ab789f04a27bbc95c87af9751fb02c7155863e95255861ff31463df78b49239134016c9622054d0d2eb78fd

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y90N7XA8\www.youtube[1].xml

MD5 542c11fb4958bf505053618f35cec163
SHA1 fb66dca1e4926c300196f6d61c9eb8f9b229dbdf
SHA256 4553982368707ebf52f05ef748f6207a3e444d5b8d774b7a548de73b341e8ad5
SHA512 6a57a6a8285521c6bccccc679823fad7cd0499e5cea788938c4eecce96b045a25b7bc37ed5cc4e1583ae2e01963889f499a4588a3b50363b40bd9c22ea60cee6

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y90N7XA8\www.youtube[1].xml

MD5 2bd063e7e11e91ec2765bdc3b42cf247
SHA1 43a7fc14df1d08f64f3332c703e54a03d6c30d5c
SHA256 fe61e9cfad44d9abf233bfc207df96214b2aaa18f0355be33215633cc56f64d9
SHA512 aafc6180d1642fa22d47bd1bc6c3236bdce88f84cde33d7b7c90a23c9ce4d0c46ba8987c3ee184133d882003edc4b3e4fdf2a9e3be586da4bf2ef15b763c62a5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MEFTDE7Q\remote[2].js

MD5 9a260ebfcd9283c905736047a6710016
SHA1 abf83fabe75adada9ac80f1ea7478541a7af32ae
SHA256 2bb23e82fc1dd04738a92658823f00ba143cade8c16ab948bf7778fa2707e352
SHA512 ea0664517a12754450d940f5dab26e14cd3b6e30219b65354465f13faf59649b709131836c660096244e3188f425de428ef53c1d21bccffcdb707f39479304d3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y90N7XA8\www.youtube[1].xml

MD5 61a5e64bdd052a111b00740def690eb4
SHA1 a43b7221b8f692052cf18487c43cba5ea0c0402d
SHA256 ede8eb2c6c57a041046fc5fa11c93aaaed2b86f2ec7101e8f879706cd62c8f45
SHA512 2e10363b9d6f034cde24e85f73eb588fe6841408045664e053d4139854ce5b85cc6c8305f077de3c0679596716b89d9417d9c692aba6e44639899e07fc3a088a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y90N7XA8\www.youtube[1].xml

MD5 f4d0ae1f5912fba88f868db00fbd8782
SHA1 c61444eb70d5fcea1c7452151d7bef712e826a2a
SHA256 5d0018e92302a6cd4f29c09d51b101df1d06666d9dc2f437cbd3a82f89c2b772
SHA512 43b09548036b4d9ea4acba1b3336cdcd0ebe68c57048a3b25e5a6135fdb1111038f25f4480e95aed4f2b8394f9d509ad77be988aa0a696c7afe111823a8b8e68

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y90N7XA8\www.youtube[1].xml

MD5 783ba10ede31c3a0b2a961e5cefea76e
SHA1 5d4dd59ab73d5ec77a60557cf235792f054067cb
SHA256 ef32feb073d98042fab7d875b0f6bd4c3fb1d981003202a45a3af34c694cc418
SHA512 2a864f6d4847e52a8353952e03c69d69fc63f389dac087569581641f6a980e932487618f6c63f9c08b4cf03a820803ee5ae4bcd146f5fb73e5b912df51110493

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y90N7XA8\www.youtube[1].xml

MD5 ad4bf40ef3f3d8560a9e4ca12f78b859
SHA1 1bf5d2578d2506c76025ce935a6328e7d338b1b3
SHA256 48fa1d7b0d3224a8ec08a68ebed3c67f3f80364057928726936e8fe2b9ca6a60
SHA512 4ad3e40170f9d159d947abd8a12564834b624fbd197c8875e51ee42eebcb5896798aa12d28112c4217ce12af7146e08346be497d26202f6d4ea74db9fcac5d0f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y90N7XA8\www.youtube[1].xml

MD5 8b2e5343fc4d199e939df87de1542f5d
SHA1 df68fbe6148659f76e7b99f66722e2d81ae390e8
SHA256 3f30ca0a1f3a0b17b381aaecf15dd1bf40fc37a3287c9d9b2243f8d0f840fb9d
SHA512 17cdaa292232586b8ad99906267f831c1417fe5e0b01e409316d260356961543e7c41af31e4c47dfd736566299a43d442b4a567fc3820657208856464b040f8b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y90N7XA8\www.youtube[1].xml

MD5 15afb29224e0326e2bc366f455d3a626
SHA1 505a54a5fda6c1b433c60a9441da6c6f5788ddb4
SHA256 2ed2b7e5d40c171fa83eecaad9fcb964a738c7869497a819ea589590ebfb14f0
SHA512 7dfc30d52aa15ac300f98565073ac0848d3afbdc4d5d08987e21ca05bcb146807b82013a454bc04f9ea9da600d5602ad44bb317ff9f77b9122e708aefb8c2a0c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y90N7XA8\www.youtube[1].xml

MD5 fa9ed3deeea6baa1d4877ed859ac7b12
SHA1 024183d1abcf7bb9a8d7a62d1781b7fdab47d19c
SHA256 f01c5e000781acbb46e2bfdedc58730f904da53649b3b3c3c98a7d83e7d067a6
SHA512 b6dc66d04d9caed5ee57e7916b8313d52848f3f97490453db73553e7398924ba046af7d65d71e55f6aee196fbf94f44113c445d8f62cb3d6dc25a433d7d7b890

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y90N7XA8\www.youtube[1].xml

MD5 b9fe86c3e9071d992b2541000b6a92c9
SHA1 34cd83d88d78218c875b180f6536a9877a834fd2
SHA256 03891afd72d0c157a15847893e2cffb067d4916d867d0d31186032e79fd26756
SHA512 df2ae61557e245fad7a37f94b29e8e66cf74e06c3dbad32e6f1f0dda77b3db8ce1492c46ee28fa20ea850f616129f25e9b619b546a419ed7de88c17cfc3c0ee9

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y90N7XA8\www.youtube[1].xml

MD5 fa1c0b687a495b6b37b4c2c358420d18
SHA1 0b177edbbf5831bd1d8f42377c0b0a42b22a6a7d
SHA256 c148343614055d8fe961ca38c82c6fbc2b082aaf4a8f846413b6ef094cc5d270
SHA512 006f12962940f214dde06eac758d4636e936d01d921dc24126dc4747cfb37d9aa3c8d998f4fac861c117c66aa83ebd5a04003ca2fb61daa8ee49b99c831faf17

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y90N7XA8\www.youtube[1].xml

MD5 e01b4371e39941dc373c898f71ec8765
SHA1 f2a8deb69deb5a9c2aa0c49fc92484c323e3f17d
SHA256 ea2e0586596dd48e9cda39da955b7bc23e645c464ef35251d8903b8f08fe6e49
SHA512 33d0a2c20366078e40cdc20b180242372d070873eb771cb98bec6bd0ab499550b82079021822c8966b2fc834f42f75f25f3fe7deff97b6f4f8ce6105ef6a969b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y90N7XA8\www.youtube[1].xml

MD5 74349aac3f5b64125b44cdb771556947
SHA1 3bf58ab6b18469b7da2c9c5c7c9d1f164547fd97
SHA256 a0bf35144cb35917fbf57b3b7a5efcaf5d86b5a9a4eb814ebd896706a2241f34
SHA512 65d54f620c8fcb0ca12c6911018d180c7d7e7dba6266b01eb5582a2d2d2009f8b898b8d820e3b86a316ac52e26a14ebf432515782ee398ef610acbe7c7dcb959

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y90N7XA8\www.youtube[1].xml

MD5 a163470e39177423d439a73bead754bb
SHA1 920087d0f735d2ad69d13c532bd0a6af87bb4ad5
SHA256 08775e4a1d7f2e12766bd5b3dd528632a4cb5ea10049591f897a1d21ee10f5b4
SHA512 6a2cc1dfca457a2523b621ba5b669a63e258d84f83bf0fc2a1710bf81fdde7054ec1d6552e1267d36f6fcedc4ad408e4db3280e8d6e728361b4e30da42d9db36

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y90N7XA8\www.youtube[1].xml

MD5 dd394d5b6a611298936edb2c66a8040f
SHA1 2a59409a2c6fd5af3dc47bca2edbf8d5d2ff9eac
SHA256 16e5299e679da18bc5b2363d41cf78587cef2713e128ecbace3684d0d6ba7f56
SHA512 8eebe506bb68ae79b2a184296766e108e96fd60fa2fe96534a945fa71cc59b6b7143c64e0195f7d06411afea02410da66f270e76c52723a632d42446dd6e3847

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y90N7XA8\www.youtube[1].xml

MD5 276a315ef92d12f1e4a675cb7f5aae5f
SHA1 6deb330dcb5df73454fb4c7bb3b16d8254281e1f
SHA256 2487c8517827e909c54880c3db97bd96365be5c482e4da79e8970ea71518c58a
SHA512 961e648fe81cf1fce1425bf569890048b0a5997e6a08a232f5e4d32cea644500a9b662f5d1658a9dfdecae88c130abaa99ed89009cfdb9e38c3928a2d8c202c5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y90N7XA8\www.youtube[1].xml

MD5 f2d4380a9f78147a511479e3a8f95e90
SHA1 d8c8a4ce1b6abcc7942af16fafc97c20b56b69e2
SHA256 ab5cb2f686c6df47655e3a54bd5e9a9a1f82ac8c68794d468dc7af219c7bccca
SHA512 fe64cd9c28475ff353fc878e7a3cc65f77ce52fcc13717e6dcfad61ce916547185cb152358588f0be314dc720184ee2983a5e62d5077600040cdfa6de93fa2f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 94c60064b7ab6e36260fef3734bd9217
SHA1 74e9e3913c037df4fa7baaf617e084f644aedd7d
SHA256 2c63350fce1438ff7fe9873adcd814585915e6fea87e2aee1104e859d46d11be
SHA512 06955d315d16f601cfcacc14bec8fef27411e0be096e8015ef868a35447ea59f388f657ad410efb0db0b9570020b62c694a367619018218f6150f96dcad87a1b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df28a16d00aca53b102becf7d886f92e
SHA1 3ac7ff26d6e781203684159831ca7aae14279610
SHA256 de022590bddb4c54a411ed00e23e543bfb1a59d1f50efe2d6c72b8439046849b
SHA512 52288fca6d61c8fed636badd751e4546bea0a46176b34bdeebb605211b3230a4f77fb9620866b5006a1332719f4fda45d899c966e8d6bafe7f08307fc1ffc4b1

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y90N7XA8\www.youtube[1].xml

MD5 5d84ae30b78a385877e6bec4fdd94277
SHA1 830da35b8fc4f848ce3311d7f6c848be4fdcd90c
SHA256 7099d45637826ba8fdd4d0e1cd96da5988336fbae8fbce8fef31663cacf21c73
SHA512 5344fa54ced4b076b0af47a839e3d2255da5b59f65b40a99428c6012bb7b1d21d77e5d0e418094f24214e17943404495705801a3aa1dbd7e67b385ceb61e0997

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y90N7XA8\www.youtube[1].xml

MD5 93635d8218435d96fe09ed540ded9252
SHA1 6797636da98410daeffb75fc6880ba0deacfeda0
SHA256 d2510e13d287aa9a21c6a2b818d35186f50bfd5ddb894340304cdd43dea340e7
SHA512 fa75085e1e616fd2d9572e2905ca8803609b3aa0eeb8771511a1a5e4c8cb1fb065806f1dcd1189b28e52d99f84d53d28844baa025c928ebc76c9576fd70e1f49

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2842eddcf864cbd5d22b125b89056281
SHA1 11856a6b4acb0b0523d3e4ce9a02bfabf94485c8
SHA256 6bea2734019edc746f342db6543c3969e0441ac2d8376d89c60ac563927961b8
SHA512 817774de357d5ff87b01b01bf5bbee7fc513bdd3f6e32438be2f1b2711ddd21c273e869636d79bbe38ab68b832333ef3d898faaf1088b51ee000cca8339af7a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e17eac2b5f9c10e6d4f269b0def3dad8
SHA1 ec7a91dd40a5f5f87d38af767776d378d6d291e5
SHA256 5339ecf6bb4cabe6b51b25cbafdb1956c8f1a5ab397df1195c50368a49d2e7e4
SHA512 be607f77ca4f131d5f3552aedffe0123f3c1cf2557382033862aa6004added518b216d55dac49954a23975fe044aedaa6154d01bb8a0a8fa9c255124c3820810

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f6cce07fde0d35a544c0c5ba4d595dd4
SHA1 87484d00560f0fa48e4667f01ff29779550b9f8a
SHA256 e51b34de88e2c3bac8830dc36d36093743f9b03d23ce8abfddfe623959af97de
SHA512 2740511291692a340755af2f75713b08a71f176c0c5f4141350230a08b93476475b1148998449d66b76f2fa71d393ca1bd60a3cd8eb151648f11078b7b46f325

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 28ed887723d6f17da187a0c927ec28f9
SHA1 79170170100ee1b2ca8b5dad817b0decca2e6f92
SHA256 a79df147c8f225e44834aafcb99e1c851ffee45029d03ee9ca7c04ff837bb6f2
SHA512 ec4a8992eeae55230fed52f95695c4cff18a0aec7f1d1fa2a23cd0beee56f91866da749619cb52b22ef6bcf8f0ce9bad5acd826c4a03f2dcc7f88632dc246103

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y90N7XA8\www.youtube[1].xml

MD5 25be1fd56b17416917eebc9216e41ee0
SHA1 950df3e8c8870cdf9beaef5b682844c82a10614e
SHA256 a719767642db669a31587b27e865e8fc9d05e1338fbd673ecb277acec583b7ab
SHA512 c6ffe183303f7fa54b910c1c75731308800ddf281bcb819e757e2e397b8c6761d67076520a52f273ae5fdb7e5a6bf6b17b337b32f1615a77ea0e2faa2ed1b921

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec0e4042365ab459a5bd93d81f3bae7f
SHA1 d9ae9227ccd838fa5504947dffbabf19c7e8980e
SHA256 34d5cbd6ae1d3e7aa3c7e36601975778831920d3ec70601df2790bf7cfb43b0a
SHA512 be4ce1b581489153e274b8edc7995133b1d376d87507462fbca52d0bc31450faace8b22f9e6f59d41f07f14b5c7f1699da64067060a73aedaf1601c8d29a45bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 544d95deb8c2edead1a6b859531a6fd3
SHA1 039c60f1aab0a4976b5e69a55b7d47e13c42390c
SHA256 0b37dff616a1d74c812288b48b4465f31755b50430606c227730560557d1fa6f
SHA512 d3b0b2503ab818b450b3a12c78ba7f7cd34ad925d0429dd2e2b6933b4279b0e47d2e443cec40ba345d19632e66dc7d78915790c7d1aa7249964c7d65e47ddee9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cacbeea5ae9ca8845f39689e1cdffc51
SHA1 836eabb21fbadcce407718baa366350c8b2238ec
SHA256 28c1f615d16d78b2a7ef5993566659364fc2ff1575651b7b364a9587ef26c883
SHA512 38905ffd66235a6b7754dfda1de0753d05c0178109224f2aabf228add479e7631011622c04e2c94c26b2a3bb02350cc6ec7ccc7aa807b8cb45598c31b980fbea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1d26f3dacc7806ad2caeed9c7ea82b82
SHA1 f5fa28dc3b7837ab16371cd968cbaec742697ffa
SHA256 bb673fbdd6c67854149d224e6a5723936f114d3c34f331711610b16141ae52cd
SHA512 a3296882bb0d6fe3663096bee8ca1cc77bcb40a5670e2de5c98ce8a77b6d26e8d681db7146d4b669ee332b7b318120112da082fbbbab4c57431c60f5a4d05499

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 22:29

Reported

2024-06-02 22:32

Platform

win10v2004-20240426-en

Max time kernel

145s

Max time network

145s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8fa7c4808894e4cf1d281b19c169bb96_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3324 wrote to memory of 1864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 2516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3324 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8fa7c4808894e4cf1d281b19c169bb96_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb042146f8,0x7ffb04214708,0x7ffb04214718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,641601321602874960,16245272415180729577,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,641601321602874960,16245272415180729577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,641601321602874960,16245272415180729577,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,641601321602874960,16245272415180729577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,641601321602874960,16245272415180729577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,641601321602874960,16245272415180729577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,641601321602874960,16245272415180729577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,641601321602874960,16245272415180729577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,641601321602874960,16245272415180729577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,641601321602874960,16245272415180729577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,641601321602874960,16245272415180729577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,641601321602874960,16245272415180729577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,641601321602874960,16245272415180729577,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,641601321602874960,16245272415180729577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,641601321602874960,16245272415180729577,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,641601321602874960,16245272415180729577,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 konthaiusa.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.konthaiusa.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
GB 172.217.169.46:80 www.youtube.com tcp
GB 163.70.147.35:80 www.facebook.com tcp
GB 172.217.169.46:443 www.youtube.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 172.217.169.46:80 www.youtube.com tcp
GB 172.217.169.46:80 www.youtube.com tcp
GB 172.217.169.46:80 www.youtube.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 172.217.169.46:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 142.250.200.54:443 i.ytimg.com tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 54.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.212.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.212.226:443 googleads.g.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.10:443 jnn-pa.googleapis.com tcp
GB 142.250.180.10:443 jnn-pa.googleapis.com tcp
GB 142.250.180.10:443 jnn-pa.googleapis.com tcp
GB 142.250.180.10:443 jnn-pa.googleapis.com tcp
GB 142.250.180.10:443 jnn-pa.googleapis.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 226.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 52.111.227.11:443 tcp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.178.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ea98e583ad99df195d29aa066204ab56
SHA1 f89398664af0179641aa0138b337097b617cb2db
SHA256 a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6
SHA512 e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

\??\pipe\LOCAL\crashpad_3324_DMBGSBLYVMAMLIPC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4f7152bc5a1a715ef481e37d1c791959
SHA1 c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7
SHA256 704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc
SHA512 2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 81b6b24dadf4e3d0e7aee50caa16b8a5
SHA1 833cb3a04dc8780c1e24e772a6a9b69c9b78b327
SHA256 0df74976ef6c05ec3e02cd0a1b0ef1f6fe4a45f4e8e87793e8c5dd2256e66723
SHA512 15288cd246c46bf315fbf251d2e784be62babd97c58196658c2a9d72003615e2ebba0041e918c52a4797637e85109a252a036f84f74ab231119510c88c3987b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 faaae734772de83ffdaa030090b31907
SHA1 39621bfa12765a218430b53d3e47fdbf81021134
SHA256 d7aadd81cb2b279a7bab58960240219ede04a2ce06507aa33f56250def6cee5e
SHA512 fbf4247cdabe7b2de5e750a9f080d6fd351d17354c90286f11b7df4949d3bd97fe8a0229bba979de81b53104d163f2df25b3cc4cbc6e380a6e672981f6661e95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4a3374df94ebf73d8c1aed889cef98d3
SHA1 55821d55662a2250e1421c7721f1985f84f70c95
SHA256 4085b9f1bf54977b344d600fed88ff34c26dafbc61d5bc3dafc91feb4b3cb877
SHA512 63b0cfe13e26af1c1431ad65b8fbf5fa435c61e415aff9000a8d0bf8f6ca8285d6897ab7e8f95ebbe87224804bc4fe5803ed29b61558bd93f219b0c9c7b5a4f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 995a5ef415dba9d0b1c835580ab2cebd
SHA1 98fff1e3254546129196ea73d73c13d1f39a5a68
SHA256 846a19b38cbeb819177b2c655336e2e8f98265389079bc3d1cdee83791c759f0
SHA512 15d671916e2266689d033a9df7885ad40eec152f8438ab4a736f9d7a66e866219b9932f30ec965e6079902b58192bb1303af73f5b602719a038217a10c63b8a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0d3a68ec142e93e1bf852536ffa2b50f
SHA1 c79fea4e5c9ad513209899defcb22b3180f9bbf8
SHA256 2017a5523d87ad5e94335522ca85fd9d149c40a0962be3c2a007733001f8871d
SHA512 9f6ab4955032e5dae56ac7fe014c2d48e943bbff0123097a7999522677e38f66464941e5ca92ff5e2283f09074db688efc8feab3908bdc1509f1a7b4e3912486

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d0f54db91c7cc8ffcd6d6903683db896
SHA1 d6b2c30b77a9b40735320dbae8e9785426a0e6e8
SHA256 40fcdfc2fb9f0dd6e5acf92c867d2493a0f08ec43b3a1c5bf6439ca5023e377c
SHA512 8b96bd31015e6076f1f10122f5f26f8b90a88543d993962c6abed00a2a9295cb7b19ee04dd4287fb5419398c884b3e4ca2bc6f2b9f97604246ae6e6c0f6984a4