Analysis Overview
SHA256
799e9338eebb65044fb994b67d6cd21dd4d9dba5188ee518d5ad64641e39ea5f
Threat Level: No (potentially) malicious behavior was detected
The file 91fd6af4838305df847961c0ed58f23e_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:41
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:41
Reported
2024-06-03 13:44
Platform
win7-20240508-en
Max time kernel
128s
Max time network
149s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "29358" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "29276" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "410" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423583961" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10745" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "19287" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000007a83f03afd000ac5b39e38583525e8bde38e2180aa5593b4ccc8b83a210576e0000000000e8000000002000020000000320bbddb584efd6c6b4dfa9a1c4304a8ea1333d283fe29b16d32096e66bd4389200000006fbb49c54ca845e1afdd34e4f2e5d7817aedaba401c4006c25ed167ae29903644000000096064d03a816cc92e2331b7dd88a82f6c4f71a8355504443c54633c4d20cdafffbf4b86b8c651e5c6518c50d7fe383af98921400af9cd2f602ed80b183082c31 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "19763" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "325" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "38641" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "407" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "407" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "29276" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10555" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "233" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "498" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "492" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "29276" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10555" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "233" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "325" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "19763" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "29623" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "19287" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "331" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10827" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10745" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "19851" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "19763" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "38641" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "9774" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "233" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "29623" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9774" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e93610000000002000000000010660000000100002000000090f1622fd108dd640aa0723a509da10dd870effd5cc2e265c741cb499bc9ff0f000000000e8000000002000020000000ebe08dc3e0099f31957aeb88f9e8846c50f7df283a883cd4b8a3ffdf6e8e4b8c900000004a2348c38880dc12699aa07982153103a3c1bb2f010c00e116553cb1b44478d2c80ec7e55f46b8c94524495980ed76df3294146579a256890a9acfb1382472c83e084c5a705ad8f1068f097af0a523956031eb001bd00d0c8bd1df5112ab3e4e4e746a0581a31386c0c8bcc8f2862f0e5bc598eae3e936269362d19708bff2cc8a76dbb89ac8736986f5d4e20a3c0d7b400000005048e860962bf8de454c122f00fa1a8c5173047c2221d21bd1a978cc8e83604225d469abd548f77793eb80fecb7ab5d239fc3b99ca468d308f5ef5f5200dde08 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1084 wrote to memory of 1132 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1084 wrote to memory of 1132 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1084 wrote to memory of 1132 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1084 wrote to memory of 1132 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91fd6af4838305df847961c0ed58f23e_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1084 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.konthaiusa.com | udp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 142.250.179.238:80 | www.youtube.com | tcp |
| GB | 142.250.179.238:80 | www.youtube.com | tcp |
| GB | 142.250.179.238:80 | www.youtube.com | tcp |
| GB | 142.250.179.238:80 | www.youtube.com | tcp |
| GB | 142.250.179.238:80 | www.youtube.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| US | 216.239.38.178:80 | www.google-analytics.com | tcp |
| US | 216.239.38.178:80 | www.google-analytics.com | tcp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 216.58.212.202:443 | jnn-pa.googleapis.com | tcp |
| GB | 216.58.212.202:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.212.202:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.200.22:443 | i.ytimg.com | tcp |
| GB | 142.250.200.22:443 | i.ytimg.com | tcp |
| GB | 216.58.212.202:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | fe0.google.com | udp |
| GB | 216.58.212.202:443 | jnn-pa.googleapis.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 3083df1e8addcea6a6385fdcb6f849b7 |
| SHA1 | 4090bbbd3ee10bf27dff7ab2b67e70a8d021aa63 |
| SHA256 | 6fe013e9f3b3a7915c09d7ec9ee4a06cb049a73a3219d9f9b9e836d9daf6a2a2 |
| SHA512 | c0067e0abfba468f161462192775f0a7d752c6b80ba1fcd6bcc3ef1d862d6b5cb7ae14b4cfe3ac5ecb164780d4b1028f889c31b0ba22033b5735a1b25b96f206 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNCIS1YI\www-embed-player[1].js
| MD5 | d2056f8d081fbfffcab81d61ea45b151 |
| SHA1 | 710243082f40626f64943ad3b656400f444d7130 |
| SHA256 | 49fa9b168cc8bbc037cf4498e31c355509e9b438b0d19fcf750b1c5fbd1efcaa |
| SHA512 | 530ca2c291c44d3d2b5869b0ae661ac047748a5cab50de280a2c8dbd26b52cdd71a906b3730e8a849debece542eb919462a8407ef2410acf28c57d2b6068cc14 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNCIS1YI\base[1].js
| MD5 | 9178a954abcce420219864651c7787b2 |
| SHA1 | f874d3e998441ba6439cfd7e89514facde08cff4 |
| SHA256 | 40cc1692dd4d8e1c8ed29593ee222240494b872b734c0e31da4628014da7346d |
| SHA512 | 927bf88499cdd64ce32f3780a0cfa88b14fdfbeac6a237454dcc43ee5d56b04754a40dbcba402519637ba1a3b0f948a597260a74ddb0b316698a41559d8e1cd3 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OZBL45ZB\www.youtube[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G17BROQF\KFOmCnqEu92Fr1Mu4mxM[1].woff
| MD5 | bafb105baeb22d965c70fe52ba6b49d9 |
| SHA1 | 934014cc9bbe5883542be756b3146c05844b254f |
| SHA256 | 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed |
| SHA512 | 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNCIS1YI\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff
| MD5 | de8b7431b74642e830af4d4f4b513ec9 |
| SHA1 | f549f1fe8a0b86ef3fbdcb8d508440aff84c385c |
| SHA256 | 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a |
| SHA512 | 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OZBL45ZB\www.youtube[1].xml
| MD5 | f264a3c53fa4f501746845cb6b56331f |
| SHA1 | 2e33ae5317181dd13d0a2d28ddb3966eb904a932 |
| SHA256 | 89d90ce2257d3b5afcfc068df8e8f3d9e0308327dfcbd6e6513ddd33ea1ae0d8 |
| SHA512 | cae426118130e36ba416928f37e5ffd31984ec6314713f4bb8bbd23194be684ba843163759405d3d6051ac93c3ece9a88b215a3cd4543ac3a4085e1d5d9fc027 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OZBL45ZB\www.youtube[1].xml
| MD5 | 604f44ba5b9119cf2a6949aaf99fe7df |
| SHA1 | 7866c7adefe3afb1070b2ed42e0a500be53f7e81 |
| SHA256 | ad5a9b1bfa026d339391cda2f3674f0aebba3cdeb96a181ea37cc6c0a83b51ec |
| SHA512 | 33adb9755aaffb21c4d80cdba43cd3ba6ef2412fc048764b4d81f455843c6f399eed339296301d53186da927385f3c8ef1cb7786a90072687f08022041be6b3b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8SD872Q\ad_status[1].js
| MD5 | 1fa71744db23d0f8df9cce6719defcb7 |
| SHA1 | e4be9b7136697942a036f97cf26ebaf703ad2067 |
| SHA256 | eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9 |
| SHA512 | 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNCIS1YI\embed[1].js
| MD5 | 322e970509e24ab233b6c326a9339623 |
| SHA1 | 10e2ea809ae638d5f32385d05c569922ab19bc17 |
| SHA256 | 99cbd012a57f19a3fc1b412866ba13d6b9de2a5bb22449dcbf14ec0a88937000 |
| SHA512 | 8f8bdc9418feed04e6fc7415e9e57f0934a6b136b1a763e0e39f67efa47e004a8c3385105a1c1dd9fa48ada83ac5a2a93940f20a99d6d16722ae903c93d9817c |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OZBL45ZB\www.youtube[1].xml
| MD5 | d0550db9c187fd170973f3430869afc0 |
| SHA1 | 0f00f95c2494a7a52296d2d377a6d161fb79d566 |
| SHA256 | 4fd16960ae375a90e7e4859279a0766bd390ae483be156122af891c07c486ff1 |
| SHA512 | 785d948ac4cfc395bc08653049628ffd3c5b0e953164bc583a54c4e07587952b32f7830816decdff6bca7d9728d251c82ca2149fe436aa6f4f97f639ae296882 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OZBL45ZB\www.youtube[1].xml
| MD5 | 6456104c7d20132cf90560ccbca3777a |
| SHA1 | 44e0434ec68e34c97721220c87b502a2adce7528 |
| SHA256 | c0dc73557642ac30c11b9c731ad4d1271019cc307646de76ccc813adb08adc05 |
| SHA512 | 8c39eb2a4b95c8a4c6a664f9d630404a93d313ae438b1cfa10e4c0a24affb553a9364237f11a3380a95dead0dc08a4a5a420a8e5e116826dea585d1c966ecfe8 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G17BROQF\www-player[1].css
| MD5 | 6e076abc1095221e4e3e21dbd9d1db4f |
| SHA1 | e908cc0f7829aea16b42d8fec6aad567c41f587d |
| SHA256 | c7e69ec7e436426c5edb45bb5fdd943623f987ecfdb86413528b596e5b0888e9 |
| SHA512 | 3ceb46ea8e5d5abca4a1a053f20b38ac6d6c9ee60594da54122f4ff09422495261dc9356d0ed0c240ba44324c37bde120a90655b2ea40556280df674ab44fe2a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTL9DZJ3\FuC5FHNNqx6hIMPHBLFutNLSO6Lu9zn3BZWWVNvRnX0[1].js
| MD5 | 362511387771cc02e5d769462fbbd6cf |
| SHA1 | 70a77448643daa84347b0eb76ba64ab54a5648d8 |
| SHA256 | 16e0b914734dab1ea120c3c704b16eb4d2d23ba2eef739f705959654dbd19d7d |
| SHA512 | 94874f96004e9bbce4b9c32c8941764a60e138614c348923869dc294601ff6c5026999660a3877708242df7f286c744ff7c6ab37c3e9f759d6fa95e52e29fa55 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OZBL45ZB\www.youtube[1].xml
| MD5 | f55517359d605db1e9f230ded03e1ab1 |
| SHA1 | 933232fd0c76f039370bf37d5dbbe8b4d057495d |
| SHA256 | 1ffbffe8359436b04bf5b0303e9d4b44db259d8a733b475395518d7e3a162c1b |
| SHA512 | bd61f210eb66dbbc0f56dfe5b9465a8cb6e78d4a396cbad9b3ba0183100bb5fb9acae79447b648102597ccd0c9689de1e18a01d8ac77d7ee55f9b10acb7c78da |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8SD872Q\remote[1].js
| MD5 | 9a260ebfcd9283c905736047a6710016 |
| SHA1 | abf83fabe75adada9ac80f1ea7478541a7af32ae |
| SHA256 | 2bb23e82fc1dd04738a92658823f00ba143cade8c16ab948bf7778fa2707e352 |
| SHA512 | ea0664517a12754450d940f5dab26e14cd3b6e30219b65354465f13faf59649b709131836c660096244e3188f425de428ef53c1d21bccffcdb707f39479304d3 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OZBL45ZB\www.youtube[1].xml
| MD5 | 30c8284e26752069b3c523973bd398b6 |
| SHA1 | f23912a84f585fdef710cb8eaae62b81459f60f8 |
| SHA256 | 472d76d917568ade5b29e167ead593a53a7eb1034fc0ed09084171650b31561d |
| SHA512 | 63944e4597fc48f44730a3ecffd3412e49cabd536564edd9ac3ebf62210a834fc493da0f84a9b76405837ed9542af60c75419e59986fb5909e966c57fa6169f4 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OZBL45ZB\www.youtube[1].xml
| MD5 | 2d818d739aaefb7c791b1227a99dbd41 |
| SHA1 | 3693839799ab90d2d9c2af5e0ea5ab5c7cca00e6 |
| SHA256 | 8be902d8fd5ed6daf60f2f58df0ad8fc86f83ff975898d0a7704474b51345edb |
| SHA512 | fdd18be7cadbc020e510f8818049999606a269d5fbae0318178ad6d24a0a2bebe2dba203b4d94900561f85591e3a93781ab8c0f25d86739ab187eb33561b25cc |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OZBL45ZB\www.youtube[1].xml
| MD5 | 778cfc9e90fdc03b4e50c24e478e73c9 |
| SHA1 | b54beefbecc4f3461ef01a5fae0eebcca2754c07 |
| SHA256 | c4aaa0aa7dd1e44997a84de276cc571f01e180e2fd63c39933ae389ece98fc6d |
| SHA512 | 2cebbc2f3b3308017b0127cc3c11c80f990619c417d7df22dd35ccd915ee575aec518d550dc151da68e7dbb72048f276db92d043a701eac2a2caaef309b078b1 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OZBL45ZB\www.youtube[1].xml
| MD5 | 3c8fdc0c8c3d8f73117973b13b765f6f |
| SHA1 | 06825cbdf229f5cb7d4056bf6438bdcdb6eaef2a |
| SHA256 | c383703665fca70f0d6a7ca231d5ec26ef91ad47bffe8d99108d8d2f72479efe |
| SHA512 | 18d9e2e4aeb117efcf8535a73b4d7984e4755b7d25498b5564e1a6741520a7c71096f4fe9db2ff622fb496e1b4fef5c5b1946e993715db2605f47b84adc282ec |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OZBL45ZB\www.youtube[1].xml
| MD5 | 96f92999768221e2b961eb1829158335 |
| SHA1 | 7e5006fdc701f326b6f529bf209d895c4d2f0d70 |
| SHA256 | c5200e983bc569079d8abc3bf2207b00ecf69c10fd1f8fcf4f31080e98d0ba68 |
| SHA512 | 49a6a7c2408ec6dba9f477bece9c63849d18285a7f45000c01fa6076a252ae9d540db208529ead27a1606aec78199525cdfafce9024e18de5770b6225d5107fe |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OZBL45ZB\www.youtube[1].xml
| MD5 | 8924a83802048fecf07b675dac591fb1 |
| SHA1 | f5b51c5f5902415685961fbfff20739cf31a6275 |
| SHA256 | 3d801d205347956e52aa7fae5d449a191f86bc73bfa55397fa5a57eb56b69f79 |
| SHA512 | f0a3033eafece415143a238799a47f3a4db3136ca5485e638fbf9b45f8ee0e468ca9fafeab2d02387e50bb269edc31169221acce8c5ce3b34418ae2082c5c0ef |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OZBL45ZB\www.youtube[1].xml
| MD5 | c025b7ce85b2dcd8198d75fb074b5093 |
| SHA1 | d2203fcde7ecebe8cc6d7c9d25174d2453236d7d |
| SHA256 | 6aebc348af588775e5c18959f736706b164307732dd1906f4e23dac4ae999d14 |
| SHA512 | cfd208a1bd870bb31b6bdaf6df0cbfa60fe2ffe4d379861e66a07e6688bbc81aa2a8795e7c3c5dfaedd8324844f64834c37d9198f084cd7995b17f662461f3f0 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OZBL45ZB\www.youtube[1].xml
| MD5 | db5d320176add7ae26e666381c54835a |
| SHA1 | 0491f7140cd4fb5bb896a538e91163377211aaba |
| SHA256 | fb1a72c2d654c7b3e3fb2be5d365176e4abe5b8e82abdf4a9b22833b25601c53 |
| SHA512 | 10f19d8a9371e7c7ac398822e2ef7721bef74f46ae99f6b8e5fb2df2faaddb7eb0cc688a0dc097967afe389c1c03518691b2429f6277bb3eccc5b62d616e91f5 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OZBL45ZB\www.youtube[1].xml
| MD5 | b5fd5bf2658128bc699ff5d8687b9a5c |
| SHA1 | 5f346e107942577d14def6c04c8c9c6355bc6fe6 |
| SHA256 | d3b2986a3b2b5c8e15b38f12f85defefe7642d938e6c94fab74aadb3e50b00a3 |
| SHA512 | 898c064494c1dfdfe91b50ecd71f5eb4eb96be89f68429afd82beb9ec47d6c3d9e7ff18ea21e483e106c4328447980d583e00e08248992358a88ef0b9cc2a377 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OZBL45ZB\www.youtube[1].xml
| MD5 | e625ceedae24d1602ae34de27f5328b0 |
| SHA1 | ad0cff76e5c6c29bcc008f8bc571dc62cb194b44 |
| SHA256 | e1e1b64fae3931be100ff1a4460a59cf8505a9d14aebb563e2e66065bbe4f2d2 |
| SHA512 | e771817675343fff2911ca6ffa7547f85195f5f140efa64abb6e397c9162927ce27a8f558113f76dc8c7bbfbc2fb1a6d1d7a3b8dfd74ac573cf15214f7363f2c |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OZBL45ZB\www.youtube[1].xml
| MD5 | 5025eef11d3febc1b0035ea1979d355e |
| SHA1 | 9e5b1b8eceea128b46fbc67545c151f16c4f2607 |
| SHA256 | 4daa1628d03afbfa3c29e8c355156f33b4215c04685063eab624eae4de6e37ed |
| SHA512 | 48e1ce423cd01d3b8906e719300ed5a8571adc8111d59bd45a7fd906fa40c2f1247afe04ded55df41c403fd1370bbb56ab5c5191403df6c5215c4626b2c91c45 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OZBL45ZB\www.youtube[1].xml
| MD5 | 142a1c6cc147eb83a2ad7b1afa818a2c |
| SHA1 | 21118ae0499b219bda60404ef3262cbf204a019a |
| SHA256 | 49de72ad0c433f8204fcbc77d96b09ec7d27515d94b9f3466dae1a1e28b1319e |
| SHA512 | 414c89aa001600c67262f17288d7526feb92780ebd38be1d3be9b3aff88aa7f2d77ddf043a30ce6754db49f3e44515ab4377316b8d38b6bbf1c2f4cacdd1e12f |
C:\Users\Admin\AppData\Local\Temp\Cab39F6.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OZBL45ZB\www.youtube[1].xml
| MD5 | 9304c8733d49f9e4cb1966d9f03c0214 |
| SHA1 | 09ab3218a34511f765d3601f9fbac51c5ab3c0fc |
| SHA256 | 74ca566644ea4fe2134028b12083c47e32ea66f6218e99ca12d86322a5c6d844 |
| SHA512 | 9a60759cae20c6d7562929e3d32cf8207e602082178ff61c85b8d2f4a0b52e0b4d31f5e02734cc94f7d81241000e72da3c4318715dce7c7a3516bf4950bbadff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3AD8.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OZBL45ZB\www.youtube[1].xml
| MD5 | 86d98b6f95ac30aeba54c7a604d8f7a6 |
| SHA1 | ff25d5ed91d3b5e4fc1dbf94bcd7d17022c3b0ff |
| SHA256 | 16a9d111d38e6252459b4358789e270adeb345fb5868d3d6a5563edcade9589d |
| SHA512 | 2024703b8e2dbf126caea448113e45c3f211ce1082261c51b9077cd4af2ade8874f2531534e8061fe07164bc0ba6b309cf0cd276f9db3ec93155aee71d4129a3 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OZBL45ZB\www.youtube[1].xml
| MD5 | 206b83a1bb78e31992e44e057ddfd8e5 |
| SHA1 | d34ea7277fde4d6756abaee0172112d164f8499e |
| SHA256 | 3ed43ca01841cb19ea120e77600606d265d907c2fbc514308a333ad2fc6e0654 |
| SHA512 | ae890d24ea954e019d4c4f591ba593f701aa909a7b9a1461ab8d84169cd7192136e79a26e19e422b020927c7b24fb67b8cf08a35fa4f5d3c5dae9e124437111d |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OZBL45ZB\www.youtube[1].xml
| MD5 | aa81265d18bdbf3afee99d61fa640d16 |
| SHA1 | d83d0c4916bd0f0e3b35ce6169a1466eb228b707 |
| SHA256 | b859836bf517bd5feba185fde515f4c5a6cf4541207035a8284ccd2120db5ffb |
| SHA512 | 82c2a1fcdc4a315eb230929744b0362db8cb2dc8e9b532ac4c953d45bdb03f81104788af95ce92ba69b15967b312ca96a96e1c8edafba87c40b7a51180b78ac0 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OZBL45ZB\www.youtube[1].xml
| MD5 | ea2c8c87f380d6b01f0831ecee5e3cc5 |
| SHA1 | ce7a2fc701d5b828feeda75d6b1b1e97e1b52ce3 |
| SHA256 | d9808b1b00e4d4f5bcbf56f796d09722349f9eade8bd01b10e255295124b3a88 |
| SHA512 | db985260bc30a2c3b05bc32b8e8c50568831d71c7a0c3edad62ed84b01aa6c914ba37b8cbd35bbc0574083cd558c35b335c6456834daa2a7bb0ce29c294fac94 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OZBL45ZB\www.youtube[1].xml
| MD5 | b016df598f556f5eb35e9a3f7a544432 |
| SHA1 | 0caf4183ec7499c9c7bbd20d0ecf1595af9d0412 |
| SHA256 | 9e166960e474023b21334f1d9ed5922a2dfb4c9ac704ad235fddcc0bf81f8b0d |
| SHA512 | 49469534c41357917d32f165478c3afdd28c64d91d1c50f294893637546723b5145177002bd91e6bb5385045a4be9e51283679f1a70022d59d455faa376120f6 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OZBL45ZB\www.youtube[1].xml
| MD5 | 9efd403170b69c6729d76125a351a983 |
| SHA1 | 734eba6d54b037e32b64b44eddaa1b47ab2be605 |
| SHA256 | 60ff4a4617bb650a9907aa50367c9982c82ca19948b0b8a8dcda49bc505a1438 |
| SHA512 | 9b860a0e02e081449e79df19835967311966d9ed39532e9d69e84b03fd62b80e537e4099b8d18d8152a0a9b9c298d611bcdd8496756e5b40af471ced27cfefbe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 583bc1cb37b1629607a3ad66cb43b0d4 |
| SHA1 | 1963308e81b93baefd8e2252b4c3e054f878ad73 |
| SHA256 | d55c50eba79b7caeb0afe6c8f15f25f418655d94b0aaaef2b58e4b70d4baab72 |
| SHA512 | fae44116bb88fbaec14667dc7dc9b96027a30173252b3a4480e9c819ae6ce5a5ce67a80a1bd1ebfcb7aef1e523d6f887e9d99e95c450e319179391ffd9c4e106 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fbe368d23fb4f955b5f47ff01ca9bbe1 |
| SHA1 | df8599599b9d00c615a90db3656940f9af9a7568 |
| SHA256 | 977671b641b8938c50bcdb5e1adcb3a213918b598fb0bf85cb13fae3edf52523 |
| SHA512 | bb151f630801dec470ee9edaa917704f54782d0d2551a3a1e485e7d8f7de5757f498455d1999b12fac6487aadad87a99efbce993a760c4b1aa67cfb346fbd089 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2a859958c514ca5b50096269a4236e3 |
| SHA1 | 7a24609f921ef575c6322e103409e6388411abcb |
| SHA256 | dec756d7fdf5b4c96e94e46dc9ee53a997aa98d33fde3316e083d682daa40058 |
| SHA512 | 8334768af49212dde399881f3fd51a3bca6afc1311ac12e20113c293e3c7455033591ff30e486839565c66c53d05ec5e00f53c209b374e8c117d07d60fffc621 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 615be76bb0f0d703ab9fab4898ca5ad1 |
| SHA1 | 129cfb428ee0b214f7f5e7e437c0531840a9badd |
| SHA256 | afb025f9e54d5aa79fcc47f3dad50d770e4df1a301c4bce4e104539e477c0d2b |
| SHA512 | 02c467e17eb0cba78197721173d77784f8d6945e903276c0daad297255f746643b8424f554ab3b6c678ad3238622248b6204d0f5c16d3ed301b4f21d379dcb0d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 211ddf12203c6f9d96cc71793942d815 |
| SHA1 | 6194a499beb6bf8848cae542b369a8691abe2e64 |
| SHA256 | 8bc5033bad69ce66301b3d4513c5b2fe73bcb9adb0a7d15d6e219aef37b2dcd3 |
| SHA512 | 5b4e5ce658058846a651fbef2f4f56ed87423cd2f68b43e9b050f655aa9c80c03a35f3ed4e39e903b418ce77f76b07c3c910a6872d2e17bd8fb158f8958f8fea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 429a894937ef3dce96189798f73b608e |
| SHA1 | c927f10ef8a0dae2cd64f510dec2cd67dc2ed23f |
| SHA256 | a0c89f5c394ca91150683bb24988c1464942a8ca95c6bbcfa4688fa5b367429e |
| SHA512 | 682938c1780fd1637a04da7f1c076f465b54d3ef3ddb583bec2bee147e4b5cf5b78627767751e6e0dc8b9a2bb5fbdc011590c1133524c0ff6ef24465fc00d643 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e51da3eabc4a043e2500c8f47a5dbce9 |
| SHA1 | 664307e8468a26bdded2306494b302bcb8d0dafd |
| SHA256 | d0129e6fc7aa922f039d50e3b5733bfd061237b1bc8bab4cf7b568c80a87a7a7 |
| SHA512 | 42cea8767a6082d9dfffb7c6d1cd2666caee618fd7ecd9ccdaf21ff151c0e7ba8363945127c4f29ddd5d190e6353f42ec61bf7460b6804190a2543b76f89abda |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f5834460d540197d84d19adb943dca49 |
| SHA1 | 00c6988863374a0c6b933b43e20ee72f765d4a09 |
| SHA256 | e8a98e93a056f3b4d934b0e8c97031800b1f4553f294bc91ae992dc5c857de3f |
| SHA512 | fbd8837d2b28ced38781541526d72389afa28c86576e98db47d0e58372c900a2e7a6a9c700085c1523298629f3aab989e2334a84bca4b27fbc39acb87299d166 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b11d55685514dce797cee9c4b003a24a |
| SHA1 | 09eaea5f0e40632a254b7bfd7b7b44f9788470ae |
| SHA256 | f261a621f97f4cf276bcc9807ef91a6c3b563d334201b335658a55d8cda68d03 |
| SHA512 | 51a5333f05f79db777af96fc5c94e7fc2d9ae43cdaeffdb2992748cfcb7e298a63201bdeb46b0074affb362ac66c2f0a71917fde109ac37e3f4e22f7180da662 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8443e09e216a6743868b3443278654bd |
| SHA1 | 8c589fef913e0cbef084fa8bce9c189cfd7ed846 |
| SHA256 | 971da1439b2b8c12ed71b9b25340ab2f27ce23cb5d71202fbfa9975e96a3a0c6 |
| SHA512 | 92a4aa29fcd64a33328c3a75f579bbb989d161088633b70c083268376b96bc571a459d01488babf11a2907098dc0f7caaaac1cfbe21aad81d99027aa646120b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf476b181bbf4d298ad4a80506db0f26 |
| SHA1 | b81c259986385359551aef2e072307979a854578 |
| SHA256 | b0b45b3e91c2e453152f14201aa5df6292fb380a258c8a4435f72e4ff2a1dcdf |
| SHA512 | f58fb87ef1f95ada9ca1db4c699bc275bd0fa59819cbad3dce57969b8e985e8936d3fe6836c20b7be26db1c20d6950104cf9271f79143d905fe402d218733ebe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0772dadf3e0fefeb5a33b63148e992c0 |
| SHA1 | 0ec7f39026b066f7dd6970e6b1a216651cf67545 |
| SHA256 | 05b41ab4c15dcd881afade0da07d080bf412211f9c6a95cdf593b94cbdfddf33 |
| SHA512 | 3408454d779d73edccce49a01a033532a57072f2362311c28b676f704a21d6f501f1994e034b25ccd44d7b0576a98466d4e8d20908b74f6714a0e6c0a65fab27 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ef6ecffd5770c3c039353d9378b39d3 |
| SHA1 | 6a1ba05797e4cb54198d639bfcb63dcab8ee0729 |
| SHA256 | f8d3a22605124476bee8f1266cafd8acec48d92553bccce4461266cb60491337 |
| SHA512 | a0396719dad7916147907e59f1e388374b2c099b6f2fd00372a64f558afd99b7456bfb6a80e957f07035bfa46663fa543065353a0dec51681fc01d2296ba6ef4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad66f2f6d2bf9f6856305c4233338efd |
| SHA1 | bdf1569166a455299e25a558bb7d4429379e3db5 |
| SHA256 | 0449b277f2f285d479ee58f7f7f3bc99794c1598b38ffd625e16389879156efb |
| SHA512 | 1446787d694439ba84a82eaa488f2c6650ed21f0eaab337b35ae8d9b189a4ef48bd62af763d946ca868187516fd061f39c75d76b38f771ea1af92cb11344f8f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b665f8296b32c891f8d20f9eabec0e85 |
| SHA1 | 07d376aa74cdc0f200f0f55c8b939860c96f90f7 |
| SHA256 | ed736680433396ecb6197f84e0eca18c5a13946c3e896230a802422ed4f9df7e |
| SHA512 | 355da500ce96f628298874b6d1627b3b077bd946d1b0e7b59eb643452571bea96221e12025bf9326318c4762654d6fef6c48e4b63a0416d1ef0dd93c9de3cb04 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 306ebc2ac207e88730911718e7f7d4da |
| SHA1 | 3c614722d33584d23274f5827cad7543402e6a2e |
| SHA256 | 197a758a19eeccdccb0d42e9fe54663096879ab471b91ed7a83150e653841c11 |
| SHA512 | 7f72cb5939ba0ae14363737a610ea6f548fc2889e8d46f35c96b4208972d817a2fa92b099cbeac7fadf756911cd2d07438dbca45255b7c66a9eeddd9913454a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 12adaa30a3ed45f880dcb6e1ec0bc268 |
| SHA1 | 8a249f85591a03902018caa353d5c1c5dda1af68 |
| SHA256 | 05c3f861612370642c341b372d59501ceced38be1ae3b9d84639f5edeeb53e14 |
| SHA512 | 8c175723ad4865ac1dacef4cdfc2068a403b4c89972f1780d2af9ec4a48d8ec1dabd853b25f5ed87eba2b8082003ca2dd44ad9f99b722880e23dc18a1af8d7dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e9da5e92db0dc2bd69a4d6ef3dd17bf |
| SHA1 | 290dc1b80730357138fe7202824561c78c84fda4 |
| SHA256 | 63c3fad197df345342fea4cc0d2ab2871b118b538465d08c7fc656b39f99aeff |
| SHA512 | 2ac04de5adeec82fa76ddb3125e380d91b1c12599da6cd0a1cacf316ae05945c6f6b8c267aa8ff820ee02f516f242b707e0c2e990c5c822c3aa0fdb79c49a6ef |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:41
Reported
2024-06-03 13:44
Platform
win10v2004-20240426-en
Max time kernel
147s
Max time network
149s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91fd6af4838305df847961c0ed58f23e_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff2ca46f8,0x7ffff2ca4708,0x7ffff2ca4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,17482296376826214001,17609784508459443794,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,17482296376826214001,17609784508459443794,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,17482296376826214001,17609784508459443794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17482296376826214001,17609784508459443794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17482296376826214001,17609784508459443794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17482296376826214001,17609784508459443794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17482296376826214001,17609784508459443794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17482296376826214001,17609784508459443794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17482296376826214001,17609784508459443794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17482296376826214001,17609784508459443794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17482296376826214001,17609784508459443794,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,17482296376826214001,17609784508459443794,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6092 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,17482296376826214001,17609784508459443794,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6092 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17482296376826214001,17609784508459443794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17482296376826214001,17609784508459443794,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,17482296376826214001,17609784508459443794,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.konthaiusa.com | udp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 142.250.179.238:80 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 142.250.179.238:80 | www.youtube.com | tcp |
| GB | 142.250.179.238:80 | www.youtube.com | tcp |
| GB | 142.250.179.238:80 | www.youtube.com | tcp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 216.239.38.178:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.38.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 192.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 172.217.169.10:443 | jnn-pa.googleapis.com | tcp |
| GB | 172.217.169.10:443 | jnn-pa.googleapis.com | tcp |
| GB | 172.217.169.10:443 | jnn-pa.googleapis.com | tcp |
| GB | 172.217.169.10:443 | jnn-pa.googleapis.com | tcp |
| GB | 172.217.169.10:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 172.217.169.10:443 | jnn-pa.googleapis.com | udp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.22:443 | i.ytimg.com | tcp |
| GB | 142.250.200.22:443 | i.ytimg.com | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | 6.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 94.65.42.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4dc6fc5e708279a3310fe55d9c44743d |
| SHA1 | a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2 |
| SHA256 | a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8 |
| SHA512 | 5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13 |
\??\pipe\LOCAL\crashpad_644_YVEWNPRKRGFBCXFR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c9c4c494f8fba32d95ba2125f00586a3 |
| SHA1 | 8a600205528aef7953144f1cf6f7a5115e3611de |
| SHA256 | a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b |
| SHA512 | 9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9e4112dc8951eac4873f7c9cefb72e27 |
| SHA1 | b27bc2378a5a4efbe4d6fc7d173153cb953d1f6d |
| SHA256 | db179c26a4f681ce5be10a26d325bf1788811e9685fdaa0fd868e7716848609b |
| SHA512 | 2ac360943a06fb0cb9dca2773d0b3842919514a705b74cfdb824ab4c69e61fa09d0e3c31c08020adb20ab2a43abdc493d561bf67693a04ed6187dc1ca10201d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 08183c0af42d60bad6bf760477063d36 |
| SHA1 | 991cfc7db9430b5e7925e97d9e8d2bed6e93cc70 |
| SHA256 | d10b4429a32c37cbd4e5367c9458413fca9bbbc47e9a275115bc891fcc9b87f5 |
| SHA512 | 24e28de47d56d019eaea29dfa3a85c3a52d1e5de4ad1057f1376bffbe14a5e6fd5024451bb12e5b7b0b75b9af69aff6964f7847d0a0f3cfaca67f29ff8ffd00e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2257326a6c0ac024c4c027fc36330e1b |
| SHA1 | 259d9c10e1767ad8fdff3ba833c5ad62be96e821 |
| SHA256 | d9270f113a9676c5bf3748e05c8362f50dd952997af7153c9bd097a807cdbb9f |
| SHA512 | 9fdb7d817406793bb9ad169cb54353c03c200e5d3d870caf31dd2cb3eb320bea21e97f1e62def0b46e9bb845afecc1e0c7782468a1ce679b809982cfb566a90e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fd6f648c2cd50b36e3a7c95048e4158f |
| SHA1 | 01c1479e8a2c32a89e433f2700cde40352840155 |
| SHA256 | 9d38a989ac768d2df8d3591ce656a0a34888c380073d5bc8f233235c8f8a79ea |
| SHA512 | 57e7dc403e6cfcbd79d4542a54ba00784a4f99788e05192c56fc85f6efdc29afc5a0670b22ff93df94ee749000ef59c2dd015f4b4e21b6739ae05413984432db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 77dddd95c86a2f77949d768adf243240 |
| SHA1 | dcb3f22ebd2700e3b711bfbaa7ec5e3c9f35b40b |
| SHA256 | f342adb2354b05122b85ae60804b35c5772678675b1740aa7bc9cdcc337c4cad |
| SHA512 | 33029b48427eb4ebaddcb0fedee23458968b10530396599bded328c3ce88aa404b7230aaded74315cbb3f0755d25992c1643f1694c85abb27691a9967aadb9c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 48cc6c4b80675641a6bddbeec730b299 |
| SHA1 | a75d636c916c94be5a6b9c7576183d4f06b9763d |
| SHA256 | bbe75292322272ba2907aea1e301d34e56230eb90ba0527459557163b8c529a4 |
| SHA512 | 23b2b09180f993e3b5ac745418b989a345f54ea0e264e86d2ef0ee39142a38cf56f998d8f2a7be12042b0842882661c2ebaa0ecb81d4f9eb00e1871ebaab1fdd |