Malware Analysis Report

2025-04-14 03:24

Sample ID 240612-slem9atcml
Target a11c184d40f4b65173c5020a189d189b_JaffaCakes118
SHA256 8d827a05cb99a57189525217db5993a76cf071b1b7e99da8909557943a162a58
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

8d827a05cb99a57189525217db5993a76cf071b1b7e99da8909557943a162a58

Threat Level: No (potentially) malicious behavior was detected

The file a11c184d40f4b65173c5020a189d189b_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 15:12

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 15:12

Reported

2024-06-12 15:15

Platform

win7-20240611-en

Max time kernel

120s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a11c184d40f4b65173c5020a189d189b_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "7677" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "288" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "400" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "9948" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60735229dbbcda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "7683" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "400" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000f6c85694a386e7bce4fbdbb863c83a006b04bfda53a4ecc03c0f48d3161ef570000000000e8000000002000020000000340cc959a2350690c569c07e514d8a5c2da64fbc51716022063ed2ab8e4ca0d490000000016e621898433854dd427a0741d6a52878990959a533541091269b33bb5e121cf34df006d22fea9e5e2b6cca40b0d95c3137bd51d84e8a66ac7c38049a7b53c20495d05f2c95fb4d07b618b75a3dff3f9ef941c22ccfbcd9fc3d98ffa3a78084a4eab4be870b21d73daf7f8137749e9f5a6b47f1de6be9184111dd8af959a48fb5180a8d2a46e770a559f4e53ba95501400000007cbce018bc9997c1e5534cf3177b1d5c857f5ded4c26847b8873006dc1ef2a78f44051a4f276b14d01ccaf1508604560e8e37fd4880b207bb86cbd3bb2226964 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "288" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "7683" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "7562" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "9948" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10242" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3111AA31-28CE-11EF-AAA1-627D7EE66EFE} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "288" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9948" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "7683" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9746" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424367020" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000d9530a8c434f124d4fee699594fe734cf47d381d97b0062eaf0d0afbc8a91265000000000e80000000020000200000001b6eeb81c422661f3114cb7e24664926a73bf0dc25a1dbaadf86d5f45370cf7b20000000b40b8e005d6c764ff6eb9784cdc6f2d0ad2c7a5a3d00eca4690ce70728def6724000000085e162e0b51bfcf75e05d4246c5f86c9f2a9af5dea87e8c0b74bfe41078a7033e9bf3d858cbc4329652de44fe8082fced4685b4eb3c681fd53c809535b90e143 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a11c184d40f4b65173c5020a189d189b_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2372 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 konthaiusa.com udp
US 8.8.8.8:53 www.konthaiusa.com udp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 142.250.200.14:80 www.youtube.com tcp
GB 142.250.200.14:80 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 142.250.200.14:80 www.youtube.com tcp
GB 142.250.200.14:80 www.youtube.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 216.58.212.214:443 i.ytimg.com tcp
GB 216.58.212.214:443 i.ytimg.com tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 fe0.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabCCA4.tmp

MD5 2d3dcf90f6c99f47e7593ea250c9e749
SHA1 51be82be4a272669983313565b4940d4b1385237
SHA256 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA512 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 751ceb110adb6ec6525563e3b544615f
SHA1 668c4799f735dc7d324010b8d1505bf33663cdb7
SHA256 0f0d10d010cb5023231e0886d364be57ac61d91978fa34963414a8442ba7d0ce
SHA512 a65a7cf3cf263ffddab908f9ce46ca4aaf157fd4d6881df70f61406926bbb8992112de6f71eabbadceb94b2bc4abcf2d63f164f62844b4e4652c02d4d61f8acb

C:\Users\Admin\AppData\Local\Temp\TarCF3A.tmp

MD5 7186ad693b8ad9444401bd9bcd2217c2
SHA1 5c28ca10a650f6026b0df4737078fa4197f3bac1
SHA256 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OFTGYNX2\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OFTGYNX2\www.youtube[1].xml

MD5 80ca11ed2eb6ef2ce4b11423706b3cbc
SHA1 c7aca145919340464b4c7d40cd34f48840d7f60a
SHA256 184091afd5e9a970835f85ca16f02cb62f59748d9f3e3f182757e9b67b0ae116
SHA512 caf903408c7297293176406da4c923d3d124a62def5ceb8287a22318d06578015857c9f1df195206931fb994e7129efb3d028ad863cfebbc586f3e3d4e08e0e5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6F0O117Z\www-player[1].css

MD5 d32700adacd5d982244c69736b87bedf
SHA1 813dfe8ce4ee3608ed3580113e3b82730ff03c85
SHA256 2c7426a5c6bf00c328c96fb01c89c3e23ba7791e87455cab5aa3b546942f1fc8
SHA512 bbe35704822e0a82de2da2890da6c06138514070fe93978823601079a9371386915431f98e613adaa9566112d728f5f0274b3864e8a0c7da538833383ea5d342

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R54TGSS0\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

MD5 de8b7431b74642e830af4d4f4b513ec9
SHA1 f549f1fe8a0b86ef3fbdcb8d508440aff84c385c
SHA256 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a
SHA512 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M46YZP1\KFOmCnqEu92Fr1Mu4mxM[1].woff

MD5 bafb105baeb22d965c70fe52ba6b49d9
SHA1 934014cc9bbe5883542be756b3146c05844b254f
SHA256 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed
SHA512 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6F0O117Z\www-embed-player[1].js

MD5 96d68f40492ec6dc50850df320a57f6b
SHA1 58a61845be050e4250834de3b0910753b49c93f4
SHA256 144c131cd9805a29c1b3b4f0e2007cc26de65bd6ffc7e33748edae0031c903f1
SHA512 6c0fbfd787ea532eccd85d278adfcac4016db7e1bae459e1794767a6d015f4fec3e2939a9bf51e1d62bbececf0fc0eab25aa950d716ec3c352b1861cb3ad6ab4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6F0O117Z\base[1].js

MD5 d0ce66befdade82bb7d0897bbeb3c7b3
SHA1 a8b4f3197bf359cafad7d360681a6273670fb905
SHA256 32b638cf9466cf241be0d7137c07ff73d864bfbbb338fc495eac64a59f39d984
SHA512 f1a033dde6b3fe6d8597a589b7e3fc5635793eaa60b741b9c2415055e5ac76856b26a90dd3efcefbe980b15e341afd28a466589686bdfabc4fccde43d13a9bc4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M46YZP1\ad_status[1].js

MD5 1fa71744db23d0f8df9cce6719defcb7
SHA1 e4be9b7136697942a036f97cf26ebaf703ad2067
SHA256 eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
SHA512 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OFTGYNX2\www.youtube[1].xml

MD5 ad6c5bbe7c2bc3951b760848f6cc5da7
SHA1 8ed6a595b88c4b9c221f86c7c69d3027ae467c28
SHA256 29c8a66def3417e60fbb100b8fb65ccb61ec9110be125a9c9551a28102cd717c
SHA512 f1cacc531a34c55dca3d8b6d8926fa60592059525d5474ee7b4b3ebedb9026fee560c5777e8f557e48be5dc598c15849f2af3c373b4c96b54bfeb9be8867ace6

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FY3LN490\embed[1].js

MD5 fe1a5011c3a3220f32b6365240503241
SHA1 e4f78b28f19652327b60d07c154c57cb727579fc
SHA256 00ab3bc15602e04d00ac5de6b553c6914b10c62a9a6492e6c0239523d2d40964
SHA512 80282e77dd310060bd5e8add02a63cf3bd9b9f629dc4fc1cc0cbac801ba33f7601c1cdf1e62549b898de2fdaca24004f01061519ff39cf6360594f02576528fc

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OFTGYNX2\www.youtube[1].xml

MD5 825d67fc7fd34de0bf8cd9cb5bec26a5
SHA1 c30b121a19dde98fb3d33f67117e59096937b2b7
SHA256 5bdec7c3c07422314e80087a3b7bda4cd8fc25f47ee64f939a2f1b08044e782c
SHA512 4b484441ba4d8e6f861f7b23925acb55f4da7286f0a4b19815f92515711b33c39dbdb2324106784fddd5d1e6f01d7d5b8ac76ebf1319b8b067a6e453fef8a474

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OFTGYNX2\www.youtube[1].xml

MD5 1a26589a555fa7b6e9b15f7a9c66654d
SHA1 fbe2cbe202c2dfcce5dd46e4a54d1046c0ae32ba
SHA256 d24072f9d9d9f8e12c15579c544ba1300703c9d844162f139d6b0639964c9186
SHA512 eae827ea62347b9ce56e9d60d1681f643e25fdde89c4427a0cfc5f3225df2817ff31db1a29489070a3878867a48201a2080bc8198a484b8af70d1caf8c746b75

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OFTGYNX2\www.youtube[1].xml

MD5 50d8162682d2e03418c92af58f0464dc
SHA1 6a207b04a7a2b79c1854dadd038bdb5cd3748652
SHA256 486b79efcbeffd1ea35a9ce9298e65e242d9870e697bc88ff409ae873c8108f2
SHA512 dfd9f229bf8e2c7a2cbdd9d077a28ef0a518a06f7014cf2f3cbc558efc48b2e6a170b754444b2ed47cd2429b051b498d94f2e5253354aa905f85890b59b9c6fc

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OFTGYNX2\www.youtube[1].xml

MD5 fab8121c1c307a2d4c0b275c4c35a90e
SHA1 4982973f3c553856d9511d3a7372a8f2d3e7eaa0
SHA256 75aefa4f7eeaa9c3350a02e56cdb9f60bb0671feaed9238c107b5057324d9c00
SHA512 80c5c2179e7adeafc8cdf18cb633f3dc88980c8e7c755fef6c4dd220c3c075285506c51c58755ea7f77e57dd7f908218549d9205dc59106c60ddeb8179c9d16d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OFTGYNX2\www.youtube[1].xml

MD5 f84bc088379497f63041ff96f354926b
SHA1 995100d8a9de5408f2807d82a1f0fc5688c068b7
SHA256 ebc73e9d36ca9ba4892cd7470db2adca60216e7c06b2adbce25ced7d0b24cf84
SHA512 a9108c85f14f7fdad22e3068a96a6b2e0ee93e5d8b96b403000ed2cade2c0fc4effc3ed24acd5878ae6d3f0fce928e438ad3f5211fe52a03ef0647d69cc230d7

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OFTGYNX2\www.youtube[1].xml

MD5 49270e312124bf7ecf81584d2654ca29
SHA1 3b646eb49cd3a1a7e418dcd45ef77ab61ee85370
SHA256 38f5e9a7bd7b16df69a714fc53592b52c5a361281bc0638262e064813071d7fb
SHA512 ad87423486c8b2955c7651fbbac4af454ba986b15f5a7f4d3ed90c256e084d77c7d30c55f72a4289a261848c54773b9752e32c4e361965cd8a915c2088643896

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OFTGYNX2\www.youtube[1].xml

MD5 b961bc2c1d02b99233b1459a27ad4d4c
SHA1 a40c18c5e17be788a43d2629dc22938beb67de24
SHA256 a613d24162b79eecbeac7093072f937cdcaabd654273f18ebeb2b0aa0d5f9346
SHA512 f60fadc7502117b4c07f63c85bd6a7f2b05bcef60c59d1bc4386178e4ef41e4b9927b7c04b1b25a4b8cdc44f26f63086c76679dd0c3e8251d89e94cbdea15a51

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OFTGYNX2\www.youtube[1].xml

MD5 be54f81809f67015ab4968def2f56cef
SHA1 023e2aa5c322a635b4ca55a3a87cf54885b0a2b8
SHA256 f57cf697fdef49c5f32129396dd88eb8c6333079e9495c149d9b71e8f4614695
SHA512 d46054439021446e755b58800e7a3f2a64836ad234db72d0f114dbf2d3c96cd3ad13a0185567a43b206fd8b3525818894ac7cf564004cbf5bfbcbaac5dd67e04

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OFTGYNX2\www.youtube[1].xml

MD5 13f13937a34d2ed77a00b50aa962d909
SHA1 589b6469133b83ab6d7c1ffa6ca6695191078614
SHA256 a37ea112b945ceac3704e460b6390a1494891b0fd3d48f4d0f62f22d4e5c858a
SHA512 5b22b0b9b3ca72a70e41af7b4059694a8f981dbdb772f8177fbacd82e9cf6cdd3bad4cf28a6a988b8f2ef5060579c6fd3500d2aa1eff7582974407878ac7db1b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OFTGYNX2\www.youtube[1].xml

MD5 0eadf9cdd4af946cc3adbb4a4f449790
SHA1 c200a91dd263182b1882482993a5a732db58eacd
SHA256 ffc78412609951a0c4c96c23637199dd72ca12561ed911855f7d3b9bf1ce3380
SHA512 f7f6360d2d318c83a95efc3fb1f3dfa67cdfab748093935941c827f95d4d64715c4b643e3e67cbdbd2487564e16febeadf6b17b167983ffcbb875a4930d72e31

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OFTGYNX2\www.youtube[1].xml

MD5 3685ed450b500d2e7b066a929b151370
SHA1 4e343b73c6f18a512dbdffec5504ed63f76878d9
SHA256 ff66b03f07be0dcd406220f7c178f1878df536231495f491c0aac8bc23a5b258
SHA512 78db439da9f455c537b3669a8a0e42969e39703a7629da5dc0beef1bcde927515ffebf448d0921982f229fc85362f4a6b8e76d7c4f8317cd1e10b29c307a3158

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OFTGYNX2\www.youtube[1].xml

MD5 12f964ba7057a0a58582ae2dc9c06f94
SHA1 23b7141dce8536a42083a6ff3631f2cde336d6d2
SHA256 59a2d79dde28b68f206cdcd2587231048269ffa789f5803eb88f5a843295699e
SHA512 d4a086bde544fc9ba764d2ed7c67f40ea8ad443cec55bafd4d9e86b7d567235602c8b0fa34b4850be156c80d7ca09a97c733f9c5061a01d091f75b97d2bf1437

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OFTGYNX2\www.youtube[1].xml

MD5 fb77b40b8d6b1625d1e7071fab6c646f
SHA1 e73891e1b94aacd082077dbfc50f020373f91da1
SHA256 3ca196f2d6a5ea9e7ad7b53852dd667eefdd2e822fa8cb0bee23d7277656648b
SHA512 714a032837c952f0ae2ce94d781342c57af187e94ce3accb30b4077396afad7fe1de52873fe5ca3b059d34eefc5c74a499f88e231ffe8d9135dec73243926ea6

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OFTGYNX2\www.youtube[1].xml

MD5 8f488b9195896033c10e1b3473a917f7
SHA1 443ed7e60c08b4ee0e33f33d88434fc8d2d7c4c7
SHA256 acbae5c78e54acd7cf893cd30ad4bf7c99d5e24230440956e8942ed0bb906ee8
SHA512 80f42317dbcafb6420ad9284e309429e78fdf2b3272d52c9e02dd174d3734e6f69ce04e826af2813d2373e5724a643336aa13cc41f10e2b6987fa39adce371f4

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OFTGYNX2\www.youtube[1].xml

MD5 e5962d9e5f1f4d22e0eaf3e5f1327e8f
SHA1 5b876afb5c09b736f349673a069a9524234bf20c
SHA256 ea1c01cebc4d003725c15b7c9a20860419aea70b1bd3a47fa8ce78965f66e637
SHA512 4040376f42f477ec6b8ffe618a9be932f31189bdead40bcb513b444d23bec01db0d83c131b1218234de52edc0b09b72936769225fb02a6c068d38798874546c3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OFTGYNX2\www.youtube[1].xml

MD5 386831e746a14ce84dd42dcc4b9db8d8
SHA1 43addcbfbcc33b5747cf1bbd8ded5e7d782bd428
SHA256 af8c361ca8b97b81cc7f2709710d12813776ce03e3d7424e188d53829d5ff743
SHA512 a3b839bb9d728299a760cc68db514c2f3c0c5ed5603b53be52e2e63bb6a24d3e9d1fd1ca53f8e6afd39ff8b32b86d6b6c7d5e33dead797945056dd85e6508c65

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OFTGYNX2\www.youtube[1].xml

MD5 5c63dfb80eac8cc237c90425f5d3ed3f
SHA1 2d3389b25073e9a478e6ad946ad8a5a633eab0f8
SHA256 23acf5ad92edd7c8ea99e3c23a96fc5a6ff7b321225a1ad6c55bccc2ccdd4208
SHA512 f5676e08d77712b47ec433d375da4ae7d760af877c59efde279fb2a6b4f3754ba53e4664d0c3c86bdbcead2f4787d4e8c49eee0f18649c5eb770d2cbb503cf79

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OFTGYNX2\www.youtube[1].xml

MD5 d0de4b85bd47afc84d2ffa34be87284c
SHA1 22734af1a6de68fc108dcc403647ffc1ea1051da
SHA256 04063fafb6bc340f2b3d7ea255cea6bc980b0db1e751cf07f50d1d6b3f0e5fc7
SHA512 1f32342ccf6e2a907fc0c0908799d68884bfe59733e4e74066c67f7782fe37c865b9627062e82361050ff3844f4c76b28d1175986b0e30a838e3cc9ea96d5b5f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OFTGYNX2\www.youtube[1].xml

MD5 e9fce64e39ad4ec0b7b0fc63df85ced9
SHA1 b3346b5decca6f31481d5ac519b5634842ca69a2
SHA256 20fa829054b2c8ec4ef642cf5880a39487276ad2078c2be6835d846bc6d97e30
SHA512 f791dc086c23f2c11ec7c74e4c1dd0600d1b30b6e677741a6b29fc9d7dde67b998d653727d04d356d4c723ad0ebab1a5e2e8f8be162d70a006f48e22458f18c0

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OFTGYNX2\www.youtube[1].xml

MD5 e8c3fb2020f22a7491f6fdb9d34b33a3
SHA1 bbc6d8d13770a13a0082296bad9a5e1bbb899042
SHA256 d7b1158be8cf1cc89b87db50042d45e609d6007c1acac00be0d7f7467ead391a
SHA512 7fcc075151b92d8a04575385177658b88150dad7a8e74c6c5f9357aec9df77ba2e937c6c2a9756619377976f0825d29848daed75fdce2eec1c67c54e6293d03d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OFTGYNX2\www.youtube[1].xml

MD5 82ed989e5bd87f69c596d97e8b8f31ae
SHA1 bf481ed71a26560c686feb3c81e0f25b29251ca6
SHA256 760ac4b5dd549f71e245f7467f3258abf12477bf5faa040eab77c4b48f7069ac
SHA512 b393f4dabaf66dc610399b10a4f7c16329fca55ab28ed3e1afb75a2b94a08ac670e823adaec55ceacff23179f5e811a21591ed6453a35feff7e7c38fc5d5de00

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OFTGYNX2\www.youtube[1].xml

MD5 fe715855a0c33eedcb9551a19f52368e
SHA1 2d58dec642f1eedf0eeecbce765f4f5290b07ad9
SHA256 fd3fd8909a1c82eb8022e13f0a607d69b747de232878372ba914ccb3bb6d9b46
SHA512 417a25331d8d31e7b4aa036a09867ddbd75236f4be1631da5a22dce3af908fda4ee38f93676d87ddda89ad5db24c872a10cfc446176b3afbb7fe3c250d57512e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OFTGYNX2\www.youtube[1].xml

MD5 489b56f2e2290d3c819d3c5d89d95d6a
SHA1 72040bdb32b824da9f9da566cc4bb30d525dac75
SHA256 5232d5d11c2ceb642636ec0cb0b116df38da73d9fc20e09d020b0a9d2bfceaae
SHA512 10739aefba051802812db360ebc7d624113b53c02a5c9240add91f67b20cd2b6b95abe9b21d6fdbf515237f8cb0cf6ebdab30ea81d1eb3eb1d9972bf26ef5882

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OFTGYNX2\www.youtube[1].xml

MD5 9c0a9372c95edc846eb4d3d819d6bbad
SHA1 0cd5b8bce6377657733a7b7c78139a2ec72c21d4
SHA256 cba45ebfaee14550085eb68f3f75d79f13d6e664cd0c42129e7f76533b52746b
SHA512 c2648e906ba76e2ca8db012aa0b3ac8c65b7593dc1280a689f6328941ad764429c01ec576962f72c661dbfbe890e615636d7916b5a1fa7a34bae0b94a810a938

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OFTGYNX2\www.youtube[1].xml

MD5 554b7120d62177de3430aaf001e0467c
SHA1 7907a6e91a226b54eb9afa8afbda4815fd7e0c4b
SHA256 91a4f924f26c69e79678a0d5070f1a1b3f587f155264c495a3a80b1110b3e130
SHA512 b2502091e07cd7b58e9faf9a0bbc09d56704754c064646aa40f8b573cd30541aa37b91ba8fa263b7735ea51b83994a3279c05d7cad7bc5f7d249be48d30983e7

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OFTGYNX2\www.youtube[1].xml

MD5 22b2a1dd969b831f621a3d06208ea1d2
SHA1 640f4b1174c8f11222e62f1d5e8b435e099a6811
SHA256 a18db358e927f4541e031282d9fcee873eaa2a71d455b03e2840e76bfaf59d56
SHA512 94a2206036d26b54d50a217d283b4b5e1cd8277eb2654b65ee0bdff78fdcbdbfee8e596a41f85beb7f6df5338d61c5702e0b40bc21d4b380533a9b56c0d01c9f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 64e750860e256f152da13c98392bb5aa
SHA1 80270ca09f04a23834fdb8c3082c867e337762e2
SHA256 8eb96a8bc59d9f735c907bc1eb354e009e15d53b3d674b047f6c9a1e51afb75a
SHA512 70cd60e0cc0853eacdef2591612565376b1d964229e2d2b599ffdedf6166b6b615f8d304bd807c5f76e06299a4fae051dc1ba5fe1a38d087953b1a30c2014bab

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OFTGYNX2\www.youtube[1].xml

MD5 a9bf652b2baf21e60a761ee68acbff76
SHA1 c3a66fdab5240955d68b739415c51aebb7fe3e08
SHA256 6b5c97f903bea94298dd58f6be097ec0bb8d9d57fd6b3c96770be0ea9b038163
SHA512 5107591dd25828b5c5f230e6d093d8834e463ce9c30baacfe157fbd4155962b90be2b89421576b5110e72400e65af64d0e0ffe5ceada4addee3ad0682f16a488

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ebc6c6bebd5ebf788d1576b2102b9c5
SHA1 a8ffc434be39aacb90cfe4260e0dbd1c50b2516d
SHA256 05802359ac13bd398d96575d471a1bb6a1cde376f91c2a5900fc12fcd446d4af
SHA512 2bd009f900e982ee70e3007814a335c1cc1d26b081cc8d6b87c1d7363130d3c63c2540c436f67e99db67d877d3a10c49d43982dc1b735b8f6562679d48731674

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 560b3aeca6dab61755c6ae7f1945d791
SHA1 7815bae4af0c67164e30bf5e016ff5c60fc686e7
SHA256 9aa6b3ef557490bf1d68c560be60f123889c175d14804049d5ae446e6ce80168
SHA512 044adf170d8a3c9ca2cc29b5000e8cd2e93cf2beead35dfbab227196de6ab54a4b0ebe7479c4a6feb7397b4bdb9c55e961542c75e8ad7848af966cbf4713847a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5f4bf90bb056c4bbd0df13aae9c306e9
SHA1 bde55647ed0f1603f4cd4b590b39f343d981f9d5
SHA256 5a03fd10efebd1f38cba09e49cf43ec36fe0f180bc02788dee0697e44a7353bd
SHA512 832c494e7e4e4dbbcd2af598114b74d0812ce78e14024271f6f9170467f9a0bf8a6f25f695ab3cc182739d2a4383e33f581e9556a61f3490bac350d1bd8d3702

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f2353ab8c59cb139ff99d25019babc8
SHA1 ee2d914fbd453f3d9b97718af6b334577aaa5854
SHA256 6da82094ea776719c35b175b47ce471ed144b9cb85a82f1513513ee03b377aa1
SHA512 9e7ac88c70cac2e2f8ca4d5b83ecb6216ef22e6a05bb69473fcf76f6e334b09f050d94bcfaa85bf584c433f8f0f3b4bb9d518d0c3248204cf2fa4f361e86e5fb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2be19043af83a552dc0656839ab76579
SHA1 bd83d48992b2d90e67310cdbabe37adcc3d46848
SHA256 b6dd5643e118bb077bb79fc152239b3fcc60b97f6291687ee47da8db316a30b4
SHA512 a24aa2c49704c0a8b47ba44faffaf39d93491ac7b98307edcef0449678bbad3b2e1854d3750381d9861a082c8362ce4d46eab798ec8c322e02471b6ea22cb225

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0d2d41791682d15304b7b49e1368c069
SHA1 5005e33103b2776496e7a7cfbd4efb50f3db3337
SHA256 6a214fa6d4e592e7d72a66c8effe3f402939cdd5e2b969e4540528dbfeac8357
SHA512 cc45dfa8ed9ead244c231512ecd3be53707372e5d7532cab7f0f50fdb633c76389df1453617849b580991d5f7fb62e85fc84923ab1433b7f2f4f80f1ce2318e0

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OFTGYNX2\www.youtube[1].xml

MD5 e9d3c9ff385a19c762c80bb5f1b708ed
SHA1 6b518dc6de00a2a4f3283d350aa0e0060b39dc88
SHA256 d6e408453cefe06103896cf17a1405200257b0f2289ef2df76f17b4e206a2e0a
SHA512 1ee094d817c47c42c5aed85bcd94ebe577c8fda42907936d58acb82000cdc5cd963eef499521302aaf7354f25492194adecd42bba92e5b4c16d5154b0443c104

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d9d4d76c6ca9121c6049c698d256ec55
SHA1 0fea0fe0847a7097d5c05ef598ff0882e5a07005
SHA256 9402fd176f23030b505b051c875a8cb09016a9a100f0ebe5867c81f3cce6862e
SHA512 2a1d5ea13a2e0fc57bd75104eebd48adfc58e783cda1d13173121dc00337bdb829690bdf5dbc7f119639e82fec1271497150614a5b1d25025275e43cfbdfef6f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d5b5b6d1d363ee22c55c300b50ee612
SHA1 8d8cdfb351c8192f2cefdba55a7f071e188c55d7
SHA256 516efcfdb2365d3294839679471b78d51a4599552ad97b76527d9382e02e39c9
SHA512 9e96963c013b20389700a57c225ce3ef1e0e24bc11babfd62bed04cbf05e91e43a9a51762ca8be3debb4058a8dc58e39d1d58aa2154f5d730ed1f4008123adb6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7d1f3d2239e4c1f6ba3f87ac5fc043ab
SHA1 40d2ab5b7ae32f734d99e15d8a67f18ab07a249b
SHA256 e185fec67f12ea97463800ed524724b575263710790ce2acb1ce929109e4e0eb
SHA512 afcee16ca106bf28efae08d4c2fcb844439c8deb15f91b067cc1099ba7cd1d37c50a9780e02a0fcf48da2f9db2d0317e10c6b3908a932b20eaac9c0016cbebc8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b06dc174ce60f39cabf2decac771454
SHA1 cd9b6d9bfad7b54042d2d6176ba7f886a091ca13
SHA256 f94b223e0fb27d154968e7bbe10768c1bcda8d7f09ee9832ae7552c61fcf54bd
SHA512 084c56de9aaa7207681170df6c0a954ec800e4e8e19e96add8cbd727579eac9968e3c464997d2b1b150e611301ce5a2dcf6d881ba7aa5f1443e7c8e3fbce27c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ac617992c958b4ee527a93b7b2b5beb3
SHA1 7e593bd7164fac5158b0ba28fc86ffc4ad971d1b
SHA256 2f4df8aa98835e2d5195221888986457a2b5267d98d36d53ebe72cd7b3d07f71
SHA512 c6c6a4fc472c81d0b8f7461cdb960449ffd647c68d1138a87448ed94398e317668aac6499f6cab187a3756669ed01d4e5bde9972cc296a0631a89e602b831aa3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1464899c80c73697c911e4b21cdc2ef6
SHA1 beeb5f89608c31056d7f8c0dbeb51a1f2f82dfd0
SHA256 7e2805ec3ca1a1a70f6349d3b4bdeaadaf775d2b9b847b13fcb871f27c115a03
SHA512 1d185b95d189f95116091ea88a671483e4fa84c1239e208453afa5f15ceab56de8549eb002542ff300c8f35ee63f973f6322a101e9975293dff4ca7fa3a69f84

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e42f374a3f7fa6b399321241d922e36b
SHA1 34c0cadbaa55e43ec0b62f081b84bcaed4d0cf71
SHA256 c5845019cebc7b2b5d3f4e7d263bac8f7ed0b60f3934a13f3f24031e9c1ba79e
SHA512 81815ddbecb88f233296a692584c55b2c779b7e88c4df8be7740c38b5497de6f5ceb5e4231b2bca8bf862709e6e67d30036a0743bc9fb334e8f5ef870b47af6d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc7e91ca2f434d0478e1d51abd7367fe
SHA1 70d2615de38b853aae572ed2c6a742d20628d6f3
SHA256 fd48ad7cdd499a70cefb96d81202d50c7d704412456eb6d068b870fec70d3491
SHA512 917fa0ea82cbd4106ae463c981b6383e856fd7c638b7c47e381139154f5f821a8fc3a7f40058150512e85a79e5f7c1f5b3d99754e19dcfae8ee65e1f00de1956

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 66dd789ddee963b5e5381c4b389aa680
SHA1 d6802c42d75635bf1288d14acd469bc8d27297ca
SHA256 d1f6b515aa04c7ee64202233ad350554705d1349bb509666a828bd753e0a44fa
SHA512 9572e2928b334f9fdcfd43bd849bb87d44795a117938fb22b3254a70563b48db83ef1d400986813bf2f17b1648f5320d2b643acdaca17e38fbafa23c1b43316c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 69d94879b8fe8b8dd59cd95b57c356bf
SHA1 f08017d10f71b615152013d0fcc2c1f69a487ade
SHA256 638a98843b69e168c3cd3fc68b1617cacbcd8b0ecac45575cccc0f304f09e29b
SHA512 abdc4afd1b62b047b938ec6b57992ae2b5e818103c16a6f8753f34bdd44f75f913a1c8bd25b0be755f9bf1157387a9648a58dc731110a8729f2bca3f2703ab2d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5092f270adf0125de71af51618ae30dc
SHA1 6e9504752afaf79d5432f86c854a9c6bfb35b8d5
SHA256 e41b28b8479b8e0b7e295a653add4a82707ab1f8430db34af3cadbc5d4444cb6
SHA512 cde837f98b8ad2a153a6c3c64e11389cfdccd9ac0d6e33792b5855d3c1f93c36fc8fed59d3195a455864a727c0634020a9793ddfd2f7f177fc5e8befc592f7a5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OFTGYNX2\www.youtube[1].xml

MD5 713398edd0d35e3c274695ac8a6de3a8
SHA1 d45f750d552713a5645bb2e70b0af68455ae0ccb
SHA256 6b1ae458f628f3c265bf5729ca44eab27f316b4289da2678bb41a9d6c0e3f0fc
SHA512 7adbe7a48d17efc331e05fa28bb0ad806ac5878cc4b8ce9868a6bd89fb5bed2e326555715029e5fc1c2922545efec1377e6399c8be23a0a71f19f254209de88e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OFTGYNX2\www.youtube[1].xml

MD5 0f2ca74697c5c7acce3350ffdc0071eb
SHA1 6e005ed5c035de338c932e0a28fa14ed5218047e
SHA256 6ba31af9e2757da67610ea86e3264d509de2080fdae67fecf4fed0917e010136
SHA512 26336067de24d7a725118610e42c5f48cb37f2e4bc05bb43fcb1ff85ba2482ee03ec2a1bb9304a100155628e6f043914b160f583096cbc88a1f03774919c764d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OFTGYNX2\www.youtube[1].xml

MD5 509deaf4f5cae47d066e62018fca068f
SHA1 8f6bdf5321d609ba16580449f1e6179fca8b19cb
SHA256 f344b1de260ee150f571d5e317f9a07c23ad49ae6a4456f17fd1b3aea54c4219
SHA512 5dceeaf4cda098cf68a1251ceeb9ba8524832d6e0a8a4f938592e3684cb5fe052b2cf4f578aba9bcc517652d64c3687e26be73a8d8aa250dac1b538672243afa

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 15:12

Reported

2024-06-12 15:15

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a11c184d40f4b65173c5020a189d189b_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1980 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 2472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 2472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 2472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 2472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 2472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 2472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 2472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 2472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 2472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 2472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 2472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 2472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 2472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 2472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 2472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 2472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 2472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 2472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 2472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1980 wrote to memory of 2472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a11c184d40f4b65173c5020a189d189b_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x7c,0x80,0xe4,0x78,0x108,0x7ffba6a246f8,0x7ffba6a24708,0x7ffba6a24718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,5549592355165337797,11556667011011555800,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,5549592355165337797,11556667011011555800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,5549592355165337797,11556667011011555800,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5549592355165337797,11556667011011555800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5549592355165337797,11556667011011555800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5549592355165337797,11556667011011555800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5549592355165337797,11556667011011555800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,5549592355165337797,11556667011011555800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,5549592355165337797,11556667011011555800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5549592355165337797,11556667011011555800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5549592355165337797,11556667011011555800,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5549592355165337797,11556667011011555800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5549592355165337797,11556667011011555800,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,5549592355165337797,11556667011011555800,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5356 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 konthaiusa.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 konthaiusa.com udp
US 8.8.8.8:53 konthaiusa.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 612a6c4247ef652299b376221c984213
SHA1 d306f3b16bde39708aa862aee372345feb559750
SHA256 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA512 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

\??\pipe\LOCAL\crashpad_1980_KIWEPHSORHIRYQMT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56641592f6e69f5f5fb06f2319384490
SHA1 6a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA256 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512 c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 440a41ff4788836e1960e06f54573dc1
SHA1 d3ed565c1b4f4d6d9a79005cbe9efbb452847d73
SHA256 a518b148797113ad5a446e258af3d66249eb261fd315c04d090a86f33272d22d
SHA512 1f78db5aa3809a8690f92c26dde7ff0706dd858c7da5f37ccda6fe9189a9bb720b3577abd8c2906b66645ac208687a9642115fc1aa916e122104baee30347e32

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\24432766-4e80-46e3-b7c5-e615b9676995.tmp

MD5 ddd3e7b8abb3ec6c0c3db4ea3602a260
SHA1 3374c114ba53de3ea98acf6355e35ff3e24f3a85
SHA256 8c57ca781d1cdfb8ebb53e848c30f2c6c66a339d0e94b9b4d15cdef5d7baf4b8
SHA512 49626b02a2c7ee9833f08da9790ab7134f527e10458e55409a11a2f09e038e98e8e70ce08aa7cea7a9e44194346d977c81c7761660a8b9b12b4dc4af43e61176

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 204240e01e0c1b849e9a04af4256fe68
SHA1 ee76daf9cb0c98ef7d18c1d7319f5d431b674329
SHA256 4d4f3d771c377360f91a10d4003d5becb4f25fab9aad2421ea689190650710ee
SHA512 907bab9bdb59410622121e1c6c2c6b5d6f1a552be6bd47f1c2d938c91fd48406a4ef6b632ea912897bb52d6f7ff5454e47e52d1136536b9edb51076f283371d9