Analysis Overview
SHA256
547249207a058bc8315e885764a502a7df83e5bae40bf8db90bd0008aecc5328
Threat Level: No (potentially) malicious behavior was detected
The file 91e1f6b9bb582395c7b615555e65fa89_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:03
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:03
Reported
2024-06-03 13:05
Platform
win7-20240221-en
Max time kernel
148s
Max time network
148s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "18151" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "410" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "410" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8944" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9125" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423581674" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8829" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "17594" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "9043" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8740" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8852" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8950" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "9125" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "9131" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8740" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "407" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "9125" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "498" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8734" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "9517" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8734" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8944" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9247" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "9247" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0b38384b6b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "9517" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b22e3814476eda4b93d45b3fb16904420000000002000000000010660000000100002000000017f55ed56c406ab1d317dd9a9108de3bd4a5b9b42bc10977a938eb758539b1f4000000000e80000000020000200000000890746b3ad5cb59d3c0e2b585f3cfeeb36c216840552eda6196ab85f6cf971e20000000a9bf4c4a03742194ca1820f910c6dfcfaa127d14f9106dff19e4b35c1d29be2540000000be5c4853b74a71a1871fe0332620dc7cdfa2dbf89381dfd9a278576ca0e0805c0d73e8c14d73da04d9941f117df9e43e0819d16320df52bff430c86f7ef7849b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "498" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8852" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8829" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "9159" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9241" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "17594" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "9247" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2292 wrote to memory of 2128 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2292 wrote to memory of 2128 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2292 wrote to memory of 2128 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2292 wrote to memory of 2128 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91e1f6b9bb582395c7b615555e65fa89_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2292 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.konthaiusa.com | udp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 142.250.180.14:80 | www.youtube.com | tcp |
| GB | 142.250.180.14:80 | www.youtube.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 142.250.180.14:80 | www.youtube.com | tcp |
| GB | 142.250.180.14:80 | www.youtube.com | tcp |
| GB | 142.250.180.14:80 | www.youtube.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| US | 216.239.38.178:80 | www.google-analytics.com | tcp |
| US | 216.239.38.178:80 | www.google-analytics.com | tcp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 216.58.204.74:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.200.22:443 | i.ytimg.com | tcp |
| GB | 142.250.200.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.204.74:443 | jnn-pa.googleapis.com | tcp |
| GB | 216.58.204.74:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | fe0.google.com | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 216.58.204.74:443 | jnn-pa.googleapis.com | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 216.58.204.74:443 | jnn-pa.googleapis.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1B30.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | e7360ba3f3f98d1a779a3fe3c5b15851 |
| SHA1 | d362fe038f79c608f05304b5b9dfc79b5f5613ab |
| SHA256 | d6afff651b5946feb500ebc7fc8012bf0ac2ff373bfc48ea9f1d0b29c8a2e105 |
| SHA512 | 392407c1c406645c8aae8c41fe004f6bbca6b3f3b6a568a9efc2f96fb3806eaacdbcd14a3dc326b1d2277fc0bed3d65043823df8b192b7c8692e687cf916312a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1C7F.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 13ed5e0369cedc64c8437eb9a493a981 |
| SHA1 | 880053c91809fef7b2a3d688143f554d5a05c0bd |
| SHA256 | 3560614f2f62c19498d2ad6c3b9fa8f232883167479de05e924a5a3ab19a8454 |
| SHA512 | 18b3c940a3b722b58c476af4141ab987ed9f7557c1e52f3f20548b2c209abd67c943761d22e20ed59c36d69f8cd911285aff7efdf2d20f51c35cad62932aefa0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\www-embed-player[1].js
| MD5 | d2056f8d081fbfffcab81d61ea45b151 |
| SHA1 | 710243082f40626f64943ad3b656400f444d7130 |
| SHA256 | 49fa9b168cc8bbc037cf4498e31c355509e9b438b0d19fcf750b1c5fbd1efcaa |
| SHA512 | 530ca2c291c44d3d2b5869b0ae661ac047748a5cab50de280a2c8dbd26b52cdd71a906b3730e8a849debece542eb919462a8407ef2410acf28c57d2b6068cc14 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\www-player[1].css
| MD5 | 6e076abc1095221e4e3e21dbd9d1db4f |
| SHA1 | e908cc0f7829aea16b42d8fec6aad567c41f587d |
| SHA256 | c7e69ec7e436426c5edb45bb5fdd943623f987ecfdb86413528b596e5b0888e9 |
| SHA512 | 3ceb46ea8e5d5abca4a1a053f20b38ac6d6c9ee60594da54122f4ff09422495261dc9356d0ed0c240ba44324c37bde120a90655b2ea40556280df674ab44fe2a |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LOT150MG\www.youtube[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LOT150MG\www.youtube[1].xml
| MD5 | 96b1a90752d043de6f593edd821728c6 |
| SHA1 | 0457535af66a3e0115bad1fc5dfe1926fb41ce3e |
| SHA256 | 9ae19fdfc25d06916bb0e60efbda3b054b52ae85ad91f15af4edfb2bffb17652 |
| SHA512 | ca99b2a8b972ad729e0f7f8af43c0e28559b9c2cc97715dbe45afb0636839d715ebfb07d2d3c6d1630f65c63ddb6a2dfedb3a7e1de940279403a2730486818fe |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\KFOmCnqEu92Fr1Mu4mxM[1].woff
| MD5 | bafb105baeb22d965c70fe52ba6b49d9 |
| SHA1 | 934014cc9bbe5883542be756b3146c05844b254f |
| SHA256 | 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed |
| SHA512 | 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff
| MD5 | de8b7431b74642e830af4d4f4b513ec9 |
| SHA1 | f549f1fe8a0b86ef3fbdcb8d508440aff84c385c |
| SHA256 | 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a |
| SHA512 | 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\base[1].js
| MD5 | 9178a954abcce420219864651c7787b2 |
| SHA1 | f874d3e998441ba6439cfd7e89514facde08cff4 |
| SHA256 | 40cc1692dd4d8e1c8ed29593ee222240494b872b734c0e31da4628014da7346d |
| SHA512 | 927bf88499cdd64ce32f3780a0cfa88b14fdfbeac6a237454dcc43ee5d56b04754a40dbcba402519637ba1a3b0f948a597260a74ddb0b316698a41559d8e1cd3 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\ad_status[1].js
| MD5 | 1fa71744db23d0f8df9cce6719defcb7 |
| SHA1 | e4be9b7136697942a036f97cf26ebaf703ad2067 |
| SHA256 | eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9 |
| SHA512 | 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LOT150MG\www.youtube[1].xml
| MD5 | 1823ca74f5974dd06252b1bcba0b6670 |
| SHA1 | e717ea81d8d3f00b0acfaaef598fe157ec82fcb5 |
| SHA256 | bb83dadcb9cc2df6f10e140cb71b1b2245ac9744503c637b5c7bab06c421f69a |
| SHA512 | 9f515ce8e7c5d24fe7ce77240998403da3d6f25ecfb2613748dcaff3b01d462dd249fe17c3d3581d87ff2237940b0026b22c5015385f619381b20ab3fc7b8350 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\embed[2].js
| MD5 | 322e970509e24ab233b6c326a9339623 |
| SHA1 | 10e2ea809ae638d5f32385d05c569922ab19bc17 |
| SHA256 | 99cbd012a57f19a3fc1b412866ba13d6b9de2a5bb22449dcbf14ec0a88937000 |
| SHA512 | 8f8bdc9418feed04e6fc7415e9e57f0934a6b136b1a763e0e39f67efa47e004a8c3385105a1c1dd9fa48ada83ac5a2a93940f20a99d6d16722ae903c93d9817c |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LOT150MG\www.youtube[1].xml
| MD5 | 8fc31fe8d0c3393acce49f7b2d086367 |
| SHA1 | 6cc7b6f63c8e3fdfe9e0e5cb7e80f7f5fbcbfaf1 |
| SHA256 | 61489e9ac4ca2de2903b809d14b08b1ca02262e262b6ff60ec680a11b4b3ca66 |
| SHA512 | d5a260374f083784b5ae98428920af3f86b8c32543d85fd5cc032c1d8a5971fe18c8ea8df8abfadd069c840c156017b74db47819269d3a8e5c862a448d10e19f |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LOT150MG\www.youtube[1].xml
| MD5 | b185b73ca0d5a7b854377b394ede2063 |
| SHA1 | 8a0a88f6ffa4bfbf2b03c15ff8e72bd0d5da0fa9 |
| SHA256 | d5fe4f783d7371659e6bf0845e895126e32991800622d7c16d48da36e877ebfb |
| SHA512 | c2f993eabded40115672077d634df9b48a7133b5a793e879adad7daa8239469f2052f0f7bc60a274e75c8a672fa0c3afb904266ea8030411b6cf9e31e70cba4b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NPBB818\FuC5FHNNqx6hIMPHBLFutNLSO6Lu9zn3BZWWVNvRnX0[1].js
| MD5 | 362511387771cc02e5d769462fbbd6cf |
| SHA1 | 70a77448643daa84347b0eb76ba64ab54a5648d8 |
| SHA256 | 16e0b914734dab1ea120c3c704b16eb4d2d23ba2eef739f705959654dbd19d7d |
| SHA512 | 94874f96004e9bbce4b9c32c8941764a60e138614c348923869dc294601ff6c5026999660a3877708242df7f286c744ff7c6ab37c3e9f759d6fa95e52e29fa55 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LOT150MG\www.youtube[1].xml
| MD5 | d67af9b6f65f7c313eed0fa372743616 |
| SHA1 | 9068fc70b4d976a481def5952460ed66381cdc07 |
| SHA256 | a3cdb830831c621558b407150ad7c61e06a95121ab3ea8e79392338d2b603bb1 |
| SHA512 | 98c89d8f54caa3a8e917e34f947fff5fc686d77a10ef22ae773b83c25976d69cee2f3799bfa842b04f983976083dec3227da6dc83ceddd4c8a8c2a13d72d55e9 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LOT150MG\www.youtube[1].xml
| MD5 | b9201815232ebeaf4f523059e8df6181 |
| SHA1 | 8b4d9ded44c48dba3f305d46b56f4036d6ddf2a8 |
| SHA256 | 8fd71f8df4b33bda97864e50cecaadde1ed62740915f1aaf58c3b48b51b65f88 |
| SHA512 | ef65d1b5cb30f0a7d63aea9c74c26b12c4a6b73de4ba647700d868bc7da43cdaf348ff8ceabf7ef428590187f66238f885769923100a6d4d714451adad85e89a |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LOT150MG\www.youtube[1].xml
| MD5 | d69b868ef133542fd6846485a824fc76 |
| SHA1 | 2e4dcb9786802a56d175d14794fecc3ac5e387c0 |
| SHA256 | eb8b273c04774b759ef7590139bb64d1150f9e738a5505ad5d22932432a011b0 |
| SHA512 | 612e471f0de0df18d81d1c59307b7a653ed15781c3e0e334c140b1f31629004290792ce2c3d2d9d8cc56e96a0dcd0af7136b92d640f63543bec0a6930b167405 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LOT150MG\www.youtube[1].xml
| MD5 | adedc4e52834e7b5b38bfb67d558a171 |
| SHA1 | 8361039afe48d103fdcb9f917e467d941f8f6362 |
| SHA256 | 0e23b0baa0ee0bead0b863bd7b8eca6ba1405716aef3f75a51860ade327e404f |
| SHA512 | 20bd4ad3bfed8933963fd3109c4b3223d709fcf745ae2d6abff17c7e0788727e250bb50e1e20f151ade2dcad4d21ff7d35413ebcb5c14e27154714861d3ad0d7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\remote[1].js
| MD5 | 9a260ebfcd9283c905736047a6710016 |
| SHA1 | abf83fabe75adada9ac80f1ea7478541a7af32ae |
| SHA256 | 2bb23e82fc1dd04738a92658823f00ba143cade8c16ab948bf7778fa2707e352 |
| SHA512 | ea0664517a12754450d940f5dab26e14cd3b6e30219b65354465f13faf59649b709131836c660096244e3188f425de428ef53c1d21bccffcdb707f39479304d3 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LOT150MG\www.youtube[1].xml
| MD5 | 4197f7b9e191d4689b40397a21f69378 |
| SHA1 | c5e66b87c3f0808df063d792970e61e40f5b6007 |
| SHA256 | 966d5aa20e2b035d4cbeed576482a66baced3b1ef42f1b22ec48267a9fb6b0f2 |
| SHA512 | f0bdc840617769c2ef239159c3328a593aa80688899d5ae67fcda6baa817e3cfe7e1df45f2715bcc6e033a24d07f7238fce94784b4f9bdf54b5adfdef744441f |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LOT150MG\www.youtube[1].xml
| MD5 | 07b745e510b0908695e0cd96a05d59f3 |
| SHA1 | 555fe96cc972fec6821c25125f5a1cdb55346319 |
| SHA256 | ffb67e396c357d12cb65e9847798e58e5bb796bf30af68d1c739db860d8aa733 |
| SHA512 | 2b50e0561f3a4672aacbbd5481b44e07e9cab0cfc0da87e3c86b6c65cc0584c99e6599641f4c591682376135138b726cb26684631a45f231e667211676483fdc |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LOT150MG\www.youtube[1].xml
| MD5 | 4be7073efa958db9172938b7114489b4 |
| SHA1 | 675a6df3d5c2167090f4096820e45b6f3e53b715 |
| SHA256 | 96d41bbd21b38aad4c8c57b03741ccdf6bfd620ecc82b7b97ef408331bed7f81 |
| SHA512 | 608b5af03edfb274f1576d80a9e8e6a74ebd396dd000348c27b8775f518f6b3c38d8a956555e31e68e2fece8241652feb121329de636a3b181a3593652cb3e61 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LOT150MG\www.youtube[1].xml
| MD5 | cff4f55efe28bc6da26ed914a7ad9c3a |
| SHA1 | 63097b8774a377f6029e46b17c86f573d2b90be9 |
| SHA256 | 6dfdcac8993808d6e003cc88c80f241c0947b93dee515fd62f3c7ea504bdb40e |
| SHA512 | 720b16797696265c119f1d0dfcc74b5c01b32ceb7ded7233fb1c34d738107fe4cb177dfb39ddbd69a7dd63e6e1ea9ec35993530afd20a5bb8ed1e08aa7309f1a |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LOT150MG\www.youtube[1].xml
| MD5 | 120152395eeade4a819d398a10da9922 |
| SHA1 | fc20fb7ae3d515307bf0b99cf44d51d96b3ce492 |
| SHA256 | bffcf1ef46727fda5251c918301b32017ee06ed30be1584f112d0de22b8fb48a |
| SHA512 | 0699510bf3b06fc874240fa45a86623cd8db6b0b09865f2f10557db7b38ce54feb5578cc1606247cb7094ab819c1580725ad25cf42e079e36f77570815fc79fb |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LOT150MG\www.youtube[1].xml
| MD5 | 174bb364558e5877d237f954a78d4d3c |
| SHA1 | 60814eadbd74f69401c7f1e866e4b01d1bbed5b8 |
| SHA256 | 23e0b668329a9a0ea30e7bd00957d5861155620c8788bd6cb83155ead334208f |
| SHA512 | 48db9d6d19adab6c9cbec7d15eb733f567c3113e02bef27101747d7d4dc03f13bb28ee7e116443f6ad4bb750770c758497aacf3d6a1c126362494a0d1e15fd95 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LOT150MG\www.youtube[1].xml
| MD5 | 397b9cd4a5ca794645d4b40726dda508 |
| SHA1 | 89f698b80055a360ace18bdbf13d30849bb72fa1 |
| SHA256 | fa2022f40c9092da35d5fd659a27c96194e71b61f7a57a4c3ed776da138ff0a4 |
| SHA512 | 3e296ac8d3afd8c12e14dafab67f54881fbb700091a6dde249196a9a36460bb65b4b298eaca81ede2199088e9402e66a928c4a68b161c2fed4430cb70d3c22a0 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LOT150MG\www.youtube[1].xml
| MD5 | 8e67c0f6e2d9562a9b5a52bfdd262e76 |
| SHA1 | fb41b08ad39dbc75fffc304eea48e566eece914d |
| SHA256 | 3c8ad7f94143cbbf2a0c710f1c4cbc7617bad89774de815dcef0c506cb1ceb40 |
| SHA512 | b63bbc861579d971406c663a143b8f621c5d21bcba32f5cbe29df77c9bc96fc26c54ef694242c81c89d68e61e31da1f1622dd07f6d5e38538dd42e99ff6cc510 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LOT150MG\www.youtube[1].xml
| MD5 | 1fe05b9c4932ecc2435af72c08d01b9b |
| SHA1 | 165345b861b80e709c56fc0f8584e0d20fcce579 |
| SHA256 | 98434423834f935032a83267879405bc36cc7ab5e197fb1c663b6104e0ead3d6 |
| SHA512 | 3c3d7c036b8d535e7e0b8135c74b1860e0eb03462811cb160e575f79b6a431ac14392dc986c4bc07afccfba286a8e97306fd1d710175590946cc9d5335c9626f |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LOT150MG\www.youtube[1].xml
| MD5 | 306be34d893c0041b7e90a1223c965ec |
| SHA1 | 6b2ab704728c2f36921ff70b2eb8018c59080bf4 |
| SHA256 | 17bcea5026bf2df9da5696dbf2fc88819599c62950426fa5a1a210cc7dca4b98 |
| SHA512 | e6ad15a148549a3721edfc47ab44b0319561553bf838e992c20ba63d9e942b299172ee16bd063dc6b2500b7f1e10388209e63904b619b82486676ee271d6de74 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LOT150MG\www.youtube[1].xml
| MD5 | dc8683373815c9bf50e829a635180824 |
| SHA1 | 01b9b50104f8b007436b2cc9a0123e9c9ef9c235 |
| SHA256 | 8bf6565143d8b5e381fd013e0334273edbdb0bebc54f4bac0b0177cec1c328c9 |
| SHA512 | fcfc373c19bcf4679261ebdacf45da57a96dbc998752c651e333ada61e4b45f4203c4ca587664eeab03d9cf6ff53689e1b0dca6d9964ad6e90059bf6c18c971e |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LOT150MG\www.youtube[1].xml
| MD5 | f70b72815e86c3a8ff44329d29d633c3 |
| SHA1 | 6455507f629effb3f6ea0d9268befaa66937a840 |
| SHA256 | 412dad426de014fded3b14705c7d14bfd6f692cdaa1f4ab338ff964dac586baf |
| SHA512 | 64d5944fa8b0fe9a3d9462db3eb7ee2cfaa18345272a976d83db36e45675a0e2cd9c393939f86e431405df6e76ba5e2b562b01835a779532f883eef50863e054 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LOT150MG\www.youtube[1].xml
| MD5 | d71b0dccfe0db55a1a0f85873cd48c13 |
| SHA1 | 453f8b0a79b8986a5f812af7647a124ddcc3c66d |
| SHA256 | c2c4a8013ddef470427caeca48d5ab7c3c462d795844ca3aa47f08f4aedc4af8 |
| SHA512 | 157c85a51cb47bdbd400534a23afec1724a559cd44b6cd9076c3eaebd62ceb32072283b3a5d51e0b8a5e4683d6068a5e9c27c5b37e8dbf973fc54b21a33a0797 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LOT150MG\www.youtube[1].xml
| MD5 | 1d63b81e84a6ab5a31f51d99593d7c14 |
| SHA1 | bc339a6a97d0d53c439682e62a3c8e4f83ff1e14 |
| SHA256 | 1a6420f9bdd432957dc049a3d5f5885816cf3662a66e29707be00f8c56350c4f |
| SHA512 | c1f3a443b40d317ba26d34cb6e44b8cabbf7549e08a1182b6e2523ac3ded635273859a5c54c3f1edd3d16dddee38cbc8fd7c5c75920d2a6461eb246f66be9354 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LOT150MG\www.youtube[1].xml
| MD5 | 7fbc03289506ad6cf493bf3c8a45929b |
| SHA1 | 54741eb4db633a7589f0b5ddf7e12df5c0851239 |
| SHA256 | 0a7a5d9b30c4f41256b2681297d58db0a8b1c4d460955511203d6d5a3d3ae506 |
| SHA512 | e992d28924cc4b21913406290d8ee8a9dda6343727e14603be5490672bcc91bac10a6711c9dd33b1182437c3b73362dec1de77c398fa2355f30ae145045bf819 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 167bd29bf44468a048f2c5b0518a9adc |
| SHA1 | 6864421f3a4c1c666c408e47b4333068e443649f |
| SHA256 | a458595ed637c7202a95934c6d3b7f6249f7cd35078de6911615048acb567c0b |
| SHA512 | 9e44c995ac1e61838961311ff8a611a9732fd37a000d1e286d02e9ff3ac514528a704b0ef95fa40d4a297d7ddc5a6ede760548ea0f07edd4c350b3f2d6408f18 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ba7b01f058063e99b42850e3f2d8cf0 |
| SHA1 | 576ff6fbb2565b46e2cd768e64821b521fcabaef |
| SHA256 | 985aa7a3b0b7218702fc1256e6de75232714f582d727948f4a01fc2e9c425eca |
| SHA512 | 1262ba9592f664cf50e29321853886ee10c353e986adc46a1762c36a91638bd7eccff84f4d1571948821e3b603a180dfa6185fea5fd0fbda9db06fe9b1c8612c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d74b290bae23653953f9436a5636edd |
| SHA1 | 388eff4280db030fca1e8f7c70d235dd71009254 |
| SHA256 | c1a42810453f6e3d7db2a4cd0218c7fb18ad5def34327430b5243c36073dd497 |
| SHA512 | 51cec30eba7eeec7932fbd643c1d701cf3ed9f6cce686ca5937161d2c62e0c7854bb2e9af16c4aef25249138847a4de9d5e4bb3e23a73dafea8573955c76f517 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d1b13c3e8562a9721c2ad04802847d8d |
| SHA1 | c03d04876bc33128a1f5c477649db5a58427c942 |
| SHA256 | fa8d41569b74e0d51ddbb4cd227ff9911fb2c41773552f1567710eaa4a450cff |
| SHA512 | 1876d60a9e3e15063105f5a4bef455b35ab4136921a697f7e5fa81f73341266767ed9353299392a53eb988e00d14a8eea366923db3083a7cec2c1060f4ad5d0d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dbd6f91c5bc1d1cdeb2f464ae44326f2 |
| SHA1 | 8486381cab10c577a673ab0482c267fc211b939c |
| SHA256 | 58c463eebac7108f3f53af646de20059f30ba285a2c02c3d940ca4db018fb35d |
| SHA512 | 3b7afdd1ae7dc5546427ded6d094c0c2d0e53bf009109db1bd799ef302c7d129fa61aa69000528285fd7a937b8b37804d833a8271c24657f28bc3da4f84eb881 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e05db35d88e6eff5e1117e1ab97f42e |
| SHA1 | 815c673318b2e83f89347a523d276e0fbe1efeb5 |
| SHA256 | b786c11873ad3620e87ee9901cfb6b0a4c89de065e2660c10d22d8b4d95088cf |
| SHA512 | 2ab5e1652d05cde33b5fa0ec1fca0b70858aed259a9d659e56add2579606786100c8f02a5e9ceed4660442163aa7cb5c6ae619f79f0c77c1097a8f087007373b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 668af55b9b31a2b64ded36f6dd8277c5 |
| SHA1 | 514eb0ec20512679f48459e224e3fe310f0a6880 |
| SHA256 | 754d8524d082b529e9bb934c9695af20d7095cd1cfc92ffc5aa5408e68a11c14 |
| SHA512 | aded323b76acf76999e9ad0b95e8429f1f33c5e4228a1d208efedb60915ebf16d95769a4204d827f5e4370ac1b86b11d021a74fd67c5b5c1277fb299746c07d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e2a477d57aec33639253c2ce7e2daba |
| SHA1 | 9668d06236b45e3282bd7a849535e64eca68264d |
| SHA256 | 62c2ff12bc2cbb1c3c235629c8f3c1e73fd0c0830287a6354cfa245ed92379c3 |
| SHA512 | fbb48593a35dcc5f2c48e04dfeadc40d82580ab2fccfe25495660649c559661d7bc032f73ed0d5fa7ed59a811a9522b820bf29e2693e1823fac7c8a86aef6313 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dbd15565d0d779af8f132aa2097acd88 |
| SHA1 | 9faa038bc1b72f04ab02c98ccd2ee67636228f36 |
| SHA256 | d5b80ea8507bdd085f6d8e23567f03b57e06ff5877da8d7d71ce4040a5612443 |
| SHA512 | 91095ef0b4cfc83cbe01fd575eba1a3b7c370470339b260e0a6ff0f9527070333fc2fc6921be6f426f7726f8b24fe184eba2aee01b8d17bf5b1fbca7f1a35940 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 796477de878ccc76bd6be6a3ae442e0d |
| SHA1 | eb582aedbcdbbf6237e8126994b2b86432627e14 |
| SHA256 | 0b0b8bee10eb887a04692439cbe3664c119af883921d577bc992b33d5c388ef5 |
| SHA512 | 52c4ac63a4a7b73321ef87815a540d6ffd3278890f66ee542645fd34fa43a92ea300a17cd8a353f9abfce7d0bbbdd3a32ab18b5c19d632f2d7442572d36a19a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dff53af1c121c354deb7a2e083378f49 |
| SHA1 | adc60c0ab8460a30e7695ceff0afe9133c734d0e |
| SHA256 | 01049fb4c6b03b5fff14be0260dc73df91e1fca0f2cef36eabda9b19f5e67734 |
| SHA512 | 156457a7a3cc3e997db2a518fbcaa219c4c20abe65b3ece1bf8f439ce87be8aaee686d1ddabe6d6d74106ced7ea4c31c26d57537dc10b2b102811e2e5536141b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8bece2305e585b7f661cdd7344fcbf6 |
| SHA1 | 5217e7ce993cf2b40f37dbe751d4f68b0979c7df |
| SHA256 | dc21a54cd2af0243d49b01ed8cc6f6c37602aac404665fc917d6176065c2a88a |
| SHA512 | cd528443bfbe79698b26e22ed3bc3fa310ed9ad5d3696f699d38f2269a6e75329c10540497a60eebf82eeed8fd25f30e4b2a774925a60941135fecfb330d651e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 59d081dfdc2bf51f611aa1c29776029e |
| SHA1 | 25ee13ed6cf39b170252d63579ff3822671d0539 |
| SHA256 | eb7f7f121b0db14f1bc7af40fb52117c8b7e37881dfccea897cd060c4e507725 |
| SHA512 | b80759922de4453ee0846ebacda30704aa8a6f3b96bd196ffaddd5a2948d0f900cf4a07bd2d0d01a7d30d7f8d9f424de4d1ef8ff0f1a6493f29ae7da52461db4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 570cb5f9cd2bb6934f5012e4bc951d82 |
| SHA1 | e4a20d2cce94fe17c161c9154494c60ae1e9dc84 |
| SHA256 | a53aaca481cde104e6c96c357f88ba5d897c1a086985e891096971f6230346bd |
| SHA512 | a02855f022cf202dc1455dd52d8cce3e34502da7bd86c3e1662acc143d2358d14f03901a4b56ef6c77173cc117f454e4368e5f467e234f95fe52fb9f61ae8d3a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 972cb175e5f4fe871503a4f9310950b6 |
| SHA1 | 9776ba70050db65a1651ff97f25ae665deb0e4db |
| SHA256 | 40e225e318e54810e7652db87b0e024d5448566f04f4e14506b8bd81624e5620 |
| SHA512 | 3bdfb3abe16a82f99d6e26fe86ff55975d43e70c417e41c8609a4966de8434801690c641df4a09a6c2b1d178d383cf30c44d86bbc662ab5a8b5d5d273782b401 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 11ae42dee240d25594d588d9dd2b95e8 |
| SHA1 | 4d0bed3aabd3ad5caaf3877f9b3c8823de1ca198 |
| SHA256 | 52c9cbb4dadec571c98e4d8f0cd329ca1226af5b03ac49c41cb4b6c656519c90 |
| SHA512 | ba285a1d9446a1bf2a6fa4c0fa6f55ec3f6a913ce0a3bb03dfc96edc4fd23c80ca7ddeedf34772824fdf568065bde8792ac495690c02c20ae775e78a99e23d73 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | baddd72bd0daff215bd112ac700f2612 |
| SHA1 | e75216226e3666f04a2f14a05b4d137827ca42fa |
| SHA256 | f4500d0b8506aab541e98198f4410a70c6465b5251092eddfb394755f533af22 |
| SHA512 | 6c14cc7b632f26982ebafdc2e180980e12b2fa9893a3b911a780701928612c883d0885461c6803478dbc4bebcdcdbeecbaacfb05d2b09611bf227fef7aae54e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 73cef3bb485ec316ebb2d44360754327 |
| SHA1 | 49d8d6a9d6e4510e6e2c95f7b864faa3e555ec93 |
| SHA256 | 9ef420ec9980c2828ca50e784221813db44ee8845705464835561e841181fbfe |
| SHA512 | ca10834fae2c6b909e0bdd14eddea766806ec70a3bd6cbada09cfc067e6b9154930c1d32c8b9332da6356008d0c05f167d7c55b13b330e4d72a83420f0503b34 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 7fac24fe0433659beaa51758c8b286f0 |
| SHA1 | b17846c52cf78cc624e5c45ba60b0ac67187c423 |
| SHA256 | f2284d1db37b0e5fcd6f075fb271817a4609f7a5176eaf5d8a5af0601f5680de |
| SHA512 | 9a987ce19f7bb8c0db13a5f9a53ba0e3f0719df40eb4eeae9707799aa271e11b32d9c120eb53637c78f3bcbd3c382df47b5f10027e1c633000407d67b6bd90e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c0b660ca7f7532e86c26850a58d7e6a |
| SHA1 | 1c8ebfd9cc2dddfae30691655750eafea7e8d1a9 |
| SHA256 | dbfbfd27e26567528ac3ae3d2ef4f6397cf8fc106957d72d2abb9e9023560c7f |
| SHA512 | 24a8028c89aba148c6ebdf2bb970f8e709029b514e0637a157fbc91a60dfa41347ba1a5d64dd118403b0f2b5886d38e87649909a9459bb5e8b6db38a5d705394 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb4e077da7b62fea47750b86c0568804 |
| SHA1 | bdde18e444360cb0d0baaf39f68258f7edd0952e |
| SHA256 | b633723ee8d10a65c04392083900812fe22fde05e8c558c4007ab2319aef0859 |
| SHA512 | cce824657a10c5ad6ab4bdca890763c4d1cc540e232ee38559ac6aca42f0064acafdb8e31c598d72707a427574208adafba285e69d022c603cfb87544e02ac2c |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:03
Reported
2024-06-03 13:06
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
143s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91e1f6b9bb582395c7b615555e65fa89_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdd03446f8,0x7ffdd0344708,0x7ffdd0344718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,12533258798269233557,16866577815997230420,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,12533258798269233557,16866577815997230420,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,12533258798269233557,16866577815997230420,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12533258798269233557,16866577815997230420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12533258798269233557,16866577815997230420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12533258798269233557,16866577815997230420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12533258798269233557,16866577815997230420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12533258798269233557,16866577815997230420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12533258798269233557,16866577815997230420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,12533258798269233557,16866577815997230420,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,12533258798269233557,16866577815997230420,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12533258798269233557,16866577815997230420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12533258798269233557,16866577815997230420,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12533258798269233557,16866577815997230420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12533258798269233557,16866577815997230420,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,12533258798269233557,16866577815997230420,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5548 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.konthaiusa.com | udp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 142.250.180.14:80 | www.youtube.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 142.250.180.14:80 | www.youtube.com | tcp |
| GB | 142.250.180.14:80 | www.youtube.com | tcp |
| GB | 142.250.180.14:443 | www.youtube.com | udp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| GB | 142.250.200.22:443 | i.ytimg.com | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | udp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.200.10:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.200.10:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.200.10:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.200.10:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.200.10:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 142.250.200.10:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 52.111.229.43:443 | tcp | |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 612a6c4247ef652299b376221c984213 |
| SHA1 | d306f3b16bde39708aa862aee372345feb559750 |
| SHA256 | 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a |
| SHA512 | 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973 |
\??\pipe\LOCAL\crashpad_2284_NQEZPMKQGUIUGHCE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56641592f6e69f5f5fb06f2319384490 |
| SHA1 | 6a86be42e2c6d26b7830ad9f4e2627995fd91069 |
| SHA256 | 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455 |
| SHA512 | c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | df3208f69c92130fb60afc5f22376ffc |
| SHA1 | ebf7e26257c07af97511848fc35ace2927b4f821 |
| SHA256 | af4f1938f5d270ac7ba027ed65ea91c89cf333ab03fb8105dae749bb62d3bb59 |
| SHA512 | 1893bb8206dbe114b63d7a6b83eb11513bf3a5e7154eb34f1a62fb3fe7ea7dacd9c7a6d1f3057637c3f0a5b0892df01c493d36c47ebc15fd050877e461b37e2e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4d3969f1c3aaf37a0bdb60e8d045c041 |
| SHA1 | 743b38e150b9a8fd2e4d394251b2c28d8c0da218 |
| SHA256 | 4ddc27b81a5237787a3bfe8b0d21b3710f075394dfffc4119e68d79020ceea66 |
| SHA512 | 4c882ca17ace8460acc60ce062b078f7113e5bbf0c6ab023026027540efec620cc6fe59d9f4487785359d766a060b71d667ac19cbf9137ec81e5d352bdd05f06 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dbcdd1cc859020a1afc872acec0f4c99 |
| SHA1 | bcfa5708af16793e9f82c61fc84e8f8c7db8c15d |
| SHA256 | 96ffc2e3ea1fbd4609dee0d5d3c37e08d790e99c480f1ca9ed474c6e93dd23d9 |
| SHA512 | da2b9a28abfadbc2efd0b9fa9067098e26c2fe2c6b075d6f959b4dc1bd7b892876d39ed8d398ce431ae535d0c5fa622093e139bc1608da23e8bc037496d77cf8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | be2cb145b5c36a767a412e2a1b5b2b07 |
| SHA1 | 1eca4fc77e4415caba83f565868ca8bfb5181c42 |
| SHA256 | 8648df7f76faa51835f8ec1c60497f4e8137c36e8981e843ada51364327ec59b |
| SHA512 | eceffbc2761c92ed119a71b2a9c2ed11dd0e6a36a70bfbee36b6469555020e58d0bf1c6cb3cc1ac05c7448095925d61c14c5a6cab9d9d830804e4d5bd45a6f41 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5bebc8dfd9fe6700b5f7ec20ce142512 |
| SHA1 | 073ae4acc345143c70c9cdec794daa982d67e986 |
| SHA256 | 21bfb6cdc2dea8d0589424f60510eadfaa9815d72d09fdc35fda2be283719610 |
| SHA512 | 00ba2172309ef7c9a5d57b3911374f32c5ce29a6b8d046a90049b938093cd873191b95baa756eae8bfb7928f9ab1a690fa99b72a5d8e533cc5a2320d6eaf0e83 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 933d3cace09ce95068fdab71b89df0a6 |
| SHA1 | c155971a395afee39ab2cefa42cb88ea1b453fe7 |
| SHA256 | 797be76aab9a012036b7d3a60bd6e083dbe4359677683513df402a7efb795eb3 |
| SHA512 | 8754e4fc9ae4ea4466f6c48388c1ed1347b4bc6487bb802eda48721b446171248632a8090476eb40267fb8664e8c6fba56eec2a5d9f97d6e0dcbd703ac055124 |