Malware Analysis Report

2025-04-14 04:37

Sample ID 240612-vq696sseqb
Target a174651c0bcf5a6308cc81ec3f6f4f84_JaffaCakes118
SHA256 9f876143e0b5ea09b52580458b376e214146554d0dd21ea54f3796c0fa83abe0
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

9f876143e0b5ea09b52580458b376e214146554d0dd21ea54f3796c0fa83abe0

Threat Level: No (potentially) malicious behavior was detected

The file a174651c0bcf5a6308cc81ec3f6f4f84_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 17:12

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 17:12

Reported

2024-06-12 17:15

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

125s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a174651c0bcf5a6308cc81ec3f6f4f84_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1552 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 3920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 3920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1552 wrote to memory of 2580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a174651c0bcf5a6308cc81ec3f6f4f84_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8fe9b46f8,0x7ff8fe9b4708,0x7ff8fe9b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,1921945799154074226,8581112664805132016,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,1921945799154074226,8581112664805132016,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,1921945799154074226,8581112664805132016,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2548 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1921945799154074226,8581112664805132016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1921945799154074226,8581112664805132016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1921945799154074226,8581112664805132016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1921945799154074226,8581112664805132016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,1921945799154074226,8581112664805132016,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,1921945799154074226,8581112664805132016,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1921945799154074226,8581112664805132016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1921945799154074226,8581112664805132016,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1921945799154074226,8581112664805132016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1921945799154074226,8581112664805132016,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,1921945799154074226,8581112664805132016,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1844 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 konthaiusa.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 konthaiusa.com udp
US 8.8.8.8:53 konthaiusa.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4158365912175436289496136e7912c2
SHA1 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA512 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

\??\pipe\LOCAL\crashpad_1552_WVUVBWPYGUSYPPXB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce4c898f8fc7601e2fbc252fdadb5115
SHA1 01bf06badc5da353e539c7c07527d30dccc55a91
SHA256 bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA512 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b6715c6981bc8bd1173fc6435884cee7
SHA1 3219b35c6dd965086e3fe07978b2ddb0ccdbc3a5
SHA256 9b35360a7aea40ae993ee4bf97d4f3e316bc3c3aaa69061bebae0fc1b26a1974
SHA512 92cbeb767d436710c19db7c0a4b1d72fdd7e9b7db8d32d83c8314f2d8b33d59740b5f335c0ce09fad32cc4d2f2e5acc1bcca4a66d52d280261c4a9d57b6a8217

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fdd9f5c73052d259f7380dcedb907a54
SHA1 eb88d88d11e043e880d2b602270c2a0baf9ffa23
SHA256 64ab880381e683a4e2ad04fa8ea5d10663ec9425beef65c00987bde2d47a123b
SHA512 811333855d637530c85c8ceae86105c3a505e124f025a33df69b02644560cc5e25e2e3947a11bab5ce131ae66f665b33caf9dc7a2449a86e0207fd8df9e06fa2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f96bae1e7d7cf37f4b0a314487a889c6
SHA1 82d92dadbbffcd43dd5c3e4165ad8b2245c3a401
SHA256 2b8d728dab8e80dddf3511333bea35634aeab74b74c0b1560fa06eacf6373844
SHA512 17cae8e43fc63ecdfb8b67a216886011f2b4d83ba6e3a62c3f7b1074a8930bb2c2e28aa06fa57c45a9a5573e35b7c1c2ef1acdfbcaa1b5f667220f96c7cb9df3

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 17:12

Reported

2024-06-12 17:15

Platform

win7-20240611-en

Max time kernel

133s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a174651c0bcf5a6308cc81ec3f6f4f84_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "18628" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "18907" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "28468" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "37916" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "18710" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "37916" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "28468" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "28380" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "28164" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "28380" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "9945" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9371" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "18710" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "167" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "18628" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "167" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "9453" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "400" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "9371" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "400" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9945" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "288" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "28164" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a174651c0bcf5a6308cc81ec3f6f4f84_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2024 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 konthaiusa.com udp
US 8.8.8.8:53 www.konthaiusa.com udp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.214:443 i.ytimg.com tcp
GB 142.250.187.214:443 i.ytimg.com tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 fe0.google.com udp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HBO960NE\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HBO960NE\www.youtube[1].xml

MD5 f21cb1623b15d94eedc3af2eb847f27d
SHA1 6477bdc8efabf432d75632134eb08e5d2484539f
SHA256 28d81446727c5b485d234c14a0cac74119b1cf59a0bd426ae8353dc282411f03
SHA512 8b39a9add207792edeafde846675055bcfabfcba4be8d1c6d2a2af81d752575b3285b10f2ecf315e84d3cba1962d4d674c513d75fb7b88f4683da6ed4aaa0bb1

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HBO960NE\www.youtube[1].xml

MD5 bc5f6c9b800f2a1608fbf976cebc029f
SHA1 5a2ae52a5fae2ce426bbbe0dfdd7734037968b49
SHA256 ab16c7d0e15855940bd49b5a6d1c06c2c9581e7e5d0fedbf86b521748c8cbca7
SHA512 c001d9b77d82390d841c16d9f7850328575b937ee033a064dafd4b140d23a058ab5daeefd9f3b968873c17efce11494dbbaa2d9b719faf02606548c898608e68

C:\Users\Admin\AppData\Local\Temp\CabDDE3.tmp

MD5 2d3dcf90f6c99f47e7593ea250c9e749
SHA1 51be82be4a272669983313565b4940d4b1385237
SHA256 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA512 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

C:\Users\Admin\AppData\Local\Temp\TarDF03.tmp

MD5 7186ad693b8ad9444401bd9bcd2217c2
SHA1 5c28ca10a650f6026b0df4737078fa4197f3bac1
SHA256 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HBO960NE\www.youtube[1].xml

MD5 5a4ff41db1663c7679fa633826590488
SHA1 4cac922736c8ef1fde5f450fbe909e3064ce9ae8
SHA256 9dae7482b47e329ba7c8a7b0990a5230417e3be04acc13adf54318cbf209fd90
SHA512 79bc520665d3b70caa9d07b3da3fc3a7c26bed6e03e4ee71832aef0409fd83d9b1b0a289ae5221f9f30d6066122b2957d23fde1beef934b0e57288c6c521d0e9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6F0O117Z\www-player[1].css

MD5 69958caec43c10f1d36a71ce83ac69e8
SHA1 d363274a0f568e4bfe98e978eae59441fc17a1fa
SHA256 d24493147c49a7b5d1a21c66aa87d11a0c976cd4e9392b89add880139aa2b1ff
SHA512 8a57bb5c5a1f7a91057493bad34133f7a2da0b7322ea84638a82e4df13045a584b11a0bc5beb90c018e9d5fecd323bc73cb35e2c322804ddd74ab0e4967bb84a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HBO960NE\www.youtube[1].xml

MD5 77fd4c71012e00bca3e0cb3d72968010
SHA1 089809ef9ea2d3edfb398c01fba733310e994563
SHA256 f6faa581b819585d7dfe7bddb1e3f53934c351197abcd1e10270210c4c3eca1f
SHA512 526fb882e9c65bc34e72dfbc5f453534cdf766fe710253fc6293466896b95095e6fcb6001c1959290d8ad99a4e88a19fd496a8558a0985b627fb8f5bf3f61113

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FY3LN490\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

MD5 de8b7431b74642e830af4d4f4b513ec9
SHA1 f549f1fe8a0b86ef3fbdcb8d508440aff84c385c
SHA256 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a
SHA512 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R54TGSS0\KFOmCnqEu92Fr1Mu4mxM[1].woff

MD5 bafb105baeb22d965c70fe52ba6b49d9
SHA1 934014cc9bbe5883542be756b3146c05844b254f
SHA256 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed
SHA512 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6F0O117Z\www-embed-player[1].js

MD5 8940a491297381a0ce25360e21b39bb5
SHA1 43d7a4157e78777fc024415969c3a7bd550a4322
SHA256 afc766cb1c4a339c40d24ad926f05e8b4927eed7532b876291d0bd19adc9cf3e
SHA512 5772d7e7485db888676e69cbaf4c88af01872997338bc61e8e0344d5dba208c2909e167d54d8edcb782e17d1a2b4e9dba955baeb0ad0e43ba932b3bf25ae7dde

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HBO960NE\www.youtube[1].xml

MD5 a93df7e33e9691d8cf0c8891f1a08e51
SHA1 255631b9fb470b01889c6b1c79c568ece57a05c7
SHA256 ee704ae21aca8fd2a6435d85a7be4ce00fb5aad8d909b91e8f94014e69e08c8d
SHA512 48d1adc8149094ce1c80daa816ef10886a9ea4c709d562b2fc3c60c24cf705ffe624ce45378c839e845fed2eb0dfdaebcca61c0f7db8356c362f62f47504e0fc

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6F0O117Z\base[1].js

MD5 cb463df0a090cdfabc77af2691141830
SHA1 e3dde6a1f5c4803e69839154013496a781137473
SHA256 e09e2e8a3cfbcc88eea12d0b17161e1f2c8c75f1bb21100829c09f9858db3f24
SHA512 099374f7b03a4635390b94525105884fa101d93a583eed0d92def7d2de3199d2bd57fc63d885e8e9af0863db40cf521d2fb770eb09400a4c6285f7c37ad88e8c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M46YZP1\ad_status[1].js

MD5 1fa71744db23d0f8df9cce6719defcb7
SHA1 e4be9b7136697942a036f97cf26ebaf703ad2067
SHA256 eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
SHA512 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HBO960NE\www.youtube[1].xml

MD5 26506b4b31796bf69211a464966e4fb8
SHA1 e9cf5b506e4d7a2438fce2b340ebb8518f0a8740
SHA256 4f15c0ab42d63263932b7e3d0c96dfb3a3d87128a9f72523ee7cdb40865b8e52
SHA512 d6d4f3f3647e1301ca848225e4e391bfed1773bb4045e6e3c1ca1736ce7415c4409eaf7d7824a3269df05509c684a70927f8a5ef14084b1eac18b32894fa3b6b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6F0O117Z\embed[2].js

MD5 14d69fc9da4a63c8ad5013b3d3781842
SHA1 e0272f8403d95fd27df22dff5fc014e2ab5d8a3d
SHA256 e2a5632fec9da56d272ccdea5ecfa7000dc70659673c52a11966802e37a2140e
SHA512 0f85c67ae8969570f6cfa4d265013da7d4820ea11349b11b886d480d7d78df5c6aa1e7484724d6b21421db18678d22bae6d478d3d0e35506673fd609805d1976

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HBO960NE\www.youtube[1].xml

MD5 76dd3d569e78be2fbab51ce385628717
SHA1 a41584ec76857a7c1931fcf9a4d976afedab117a
SHA256 0248b5f94e72a8f28e8159a966119e35cdfca86f87cc2cadb5fbbd2c1ab0279b
SHA512 eb4770e127900d561b9637ae27b765c7911f2aad732f2a75b9a6158401936a0a30376e33f21710eab3f3f428c72965a449943b1e4cf271f32b187e74054510d2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HBO960NE\www.youtube[1].xml

MD5 9e20ca8119822709581c685287eb1538
SHA1 6c195b4efcd53f2d634655950f2887285da65eb6
SHA256 9b3ea8bf4418b08530ba699cbbf873ae5b8af1a34c9303d973edbcc430be8a66
SHA512 9f7408830a41de1c1dd04a5581f0240ffbd41727e62012399cb3fa4b9a64dfac2ee0ea43e1e9a49ccd6a61bb9766bfddce2ef1e5ec3769715f0526cf2eb8fb88

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HBO960NE\www.youtube[1].xml

MD5 6e7415854a2b955606ed716604cb377a
SHA1 7e53ffa0332bc27072732fe15e95a2821529baed
SHA256 ac2351aa24c150dbb409f8212552b0a97c35e8b5ee5b59bba6e802dfee2b032f
SHA512 f8bcd8ee4e5bf0a3687387eb43ffdb21ab5807fc3f169945bce9fcf2cc0fbbd7928f3f5643bc3c53bec9bda9e56675aff9229b29e991612e300df22241c42c6a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HBO960NE\www.youtube[1].xml

MD5 025728ddbcabfb368bafbf444a64723b
SHA1 e2592649c671d1606e3d68b9c828b5005aa06114
SHA256 a6ac7f78f01a55d99a18bebeb16068027fad9a9019cc7058674678748c097407
SHA512 a442941abcf42c6365ab3920ebb47b5f411998e09400ed02ec997c521d513575d00069eeb783658c624205985fc9342ed68a8de0cbff4a579ea0f65c91612f2a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6F0O117Z\j85XBmD3K-auBXRuR4gFy-YbXrRwDWE2e6ZsFqyJZWU[1].js

MD5 c31f785afed7c3bd94e48286a26482ad
SHA1 f66156197cf74e58d6e0a327e8a1e6503fe63374
SHA256 8fce570660f72be6ae05746e478805cbe61b5eb4700d61367ba66c16ac896565
SHA512 8932b515493774d5587a01fe6d3fd08c404fdb694219898ee32a44ef00cd8773ceec0f46af1fb2834211a64a7eb698ed6d1ee7edbf70e80593997ce65113a6a7

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HBO960NE\www.youtube[1].xml

MD5 0f7c7fdc927e81828e8428243d8430cc
SHA1 18681efb6398fad5fbd3c62612df3693009c6824
SHA256 e3cf86a0c38f8afeadcd479682f6554f0fa740af77ad8e23d45027992e36d6b7
SHA512 8d642deaa307ba8853b41f093250c9f54ac7d0a435a53e97d58ae1c357d07cc9dd020259c0eef0a54f4c37f322975946acb99d14229d9b9dc4dabb99065b4f18

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HBO960NE\www.youtube[1].xml

MD5 86e5f679b7ebf8cf04ca1a00b8d45293
SHA1 259a21b5bc1d5446e6cec5b28cfad7de70e7b4d5
SHA256 b30875090f6225dfb5c12b579f59942b3cf83d1452e5ced514a0bc3627f21826
SHA512 bde15e15d38b0aa12f8b956ada15aba255b7083fc799d2c82f1009a1039807480fd6736443b1d237cc144b61135e863837fdcddb8cfe8d059f658bd415091c24

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R54TGSS0\remote[1].js

MD5 122e83be4335ed0b6b270ff458ce45fc
SHA1 4cb88bf4d9efe3759b45d01dbdf258ab8b4147e1
SHA256 13bace7cd8fc970632b82a7f1614ffff8f8f9f8dee7d5072d633c4ad5f7cadc5
SHA512 188863a2f4c41b81179f8039874f989163a3c61ad4a6d766dc86aacac71f80add476682b6686f8c95f6be031ad78bf5767ca48544aa64ffd303f522888b558aa

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HBO960NE\www.youtube[1].xml

MD5 a44e9204b8f3d8e4bbf0d6e17b6e8ea7
SHA1 3142938716495e8d0ce5e0df3810c612583ee043
SHA256 f99ee914f422a2b7e14e31362784f4c98f33a061e14fa753dd2c65fdb655fd0a
SHA512 a63bc89bc78952935ccba04c2b32b55d70ec746994fdaf633860a38a160ad94c7160c6595abe03d3ac9aa5410215feee71ffc75ad0f6369980e95884bc674c4d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HBO960NE\www.youtube[1].xml

MD5 578dc8f0911e48acaf14912eef29053d
SHA1 c634615ddaad2778afa97455faac9e41d190dc14
SHA256 9a7f420f7d7b59402dcefd25225bfd54cb6a523267dc36c95355ac17362ca45e
SHA512 76ec679e8cad16f3a5cbbe469b7d22f88fce7e7d8c882f970dcc1627d1edc9b7622e6cda34de808ba4b2fcb8bad1fd7b4e0421bfa51d7b1d7247c5f2377a4f61

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HBO960NE\www.youtube[1].xml

MD5 af3c8811f4f7a91537e33207db1a8a42
SHA1 995edeb2226133194cc0b38caf376926580094ff
SHA256 befa59c973e6d89fa41f1d7d8fbbfd31c3299a7198c477b7ebc5f19acc3f19d9
SHA512 1da9ead1e0b64e19c97adca6f863c903b72065d6b56e5c2e1ecb00de78a48500139081bc1901af95ce29cee372ebced1874ecf06a93f21ba38d4bd4ca6ee5077

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HBO960NE\www.youtube[1].xml

MD5 cd6027d9d8382e5751a4ed59014d1f03
SHA1 a73772dfb787ba41cdc14e5d08542dd3e547c8b9
SHA256 478827ffcb98386f2d1a2f475f330a3a548305f47d0915edafb32b7cac17b44c
SHA512 0a4f399fc1ad8fe5f4e34b61a6a83e64923938218ccd04fe9ef648e0bc5223e27d602fbcbd753e50f0b6993c2a5ad2b685736a034ff4050e4fa0aafdace4e691

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HBO960NE\www.youtube[1].xml

MD5 503f6086de6a6735c771902b01eeaad0
SHA1 5b4f4aa6c688a601c4a5f4c6a1029a719579d9d9
SHA256 c72aa60086a9f6edf043d7bdf362ea80f450e8d0adbd0750f337e867c246186b
SHA512 d6a554a84072feaeaa6a50e52a9bbe680c77041f57bfa8ebcad2015f4c9464f980cd1a6c06750c29d478bffa24f35f1352b6f368d8088de4f8f8b61d01084d94

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HBO960NE\www.youtube[1].xml

MD5 ab0c4af5b854e202e524379510929f3d
SHA1 1c12830c6828f87466311f38dfeec29e39111fb9
SHA256 12e7f08c748db81e5a5ad26c48de9408db64cc61034d7bb1fb59a5ad0160cbb1
SHA512 b1e04646eb43f449550c7465c2336eb2e1be40b7b5738b72c2a18f2246d5da4763d52a9d8ebbc237fd8f27871fa5f544ae032d4fdca06d25eaaf69604f053f4a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HBO960NE\www.youtube[1].xml

MD5 1764c71388fbfeb508a2b00207f32d86
SHA1 f7cb1abd933d11281c266c9114726ba82cddd122
SHA256 c2022eabf915a7ec1b31760d2260d2ee4544bf7f2eea05b4f0bd9703039df9fa
SHA512 8702287334426a9bd84b65e414190b7115834294b263c775103306e777a63a2d2f63e68d8291324e0f8a3d9b1379081ce48d45991eb21a2795f9311ad3e3c06d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HBO960NE\www.youtube[1].xml

MD5 078b7c5435d56ea8fecd74f7e42f4713
SHA1 4e3afde2d8f52c94b4bcac49009a1feb6fa26e16
SHA256 7135cd9aacb8788c3bff6ba7f09c56007e8ca9bc1cde5a35d0c39f5c709117a5
SHA512 5fe02f91f245f65d07cf98059aefb13b9565fb3c6c258df78bb6fa48a4034110fe93eb5982bc69202a1ea267590a8664c5a4cdfc808d856580b5129b38674796

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HBO960NE\www.youtube[1].xml

MD5 2b083c27b1e4fe9c26f7f2cde66a2107
SHA1 a327d7f46fcdbd5e8e8708c8a22b463e3d70d9dc
SHA256 d90d38c7c321ace3c50a46f40e73df65c878cfa55de05bfa05e821aaa0c2bebb
SHA512 ab8ad4e567fd24bcde4d3a4e1b88b8dc8312897bf4d6838beff9dc4bbb69144a5286ee264a8ad657c37800edbc3ab413dab983fd5dab5b86a798b862acc27364

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HBO960NE\www.youtube[1].xml

MD5 6c8c02defb1121dd6f5e1c7918cf0e65
SHA1 9a3a19abd80c9a3a99723478d9388ca9199784fc
SHA256 dc202cf7ff297a75d53ef3a091dd4de8b635a0600d81c4fec6e373bc0d5997a9
SHA512 dd4ab530b7394170160e3a139229507cce3cdcddab775654f261ac618f10e60c39711bcbe07a6ff3f7aa1bfe0c9ce5a8c6ed0522912004cb73ed49f670f6644b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HBO960NE\www.youtube[1].xml

MD5 1f653439f4d8ece065f754eaa106204c
SHA1 f6044e3cdccdcc6195edad303a7ab3e1f71973a2
SHA256 1c4677505ad973a4d438ed44df4b91c75b173d05201fa117ebbe70bd5ca5791c
SHA512 11e9dd23f9b50d2492d1eb0295d9ce1b0e471a4b74c78122fe2e18419c24118f182b0f55b8df50eb2e3e6cbd8e06dad30176245769efa611701dfebaf9b793ca

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HBO960NE\www.youtube[1].xml

MD5 80d58ac88202bc1156eb1e06920dac24
SHA1 f81a279ab5c18d93ae5c6852dbe0c761684da764
SHA256 e397ac24ec3f56bbcbc9785e56302394d449493f6a3f9d5dc80b11762233b409
SHA512 b20e63d1de7a2384b65043701fab565c14de3c3507ae7c43641403732944d4e0bb37466464441bbc1ae709d7879abef02526148e67b4db8c75f629b973fe6961

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HBO960NE\www.youtube[1].xml

MD5 cb14af3a7d33dbc6be80c1fcbe75ddfd
SHA1 62ca88053bcfe7ccbef22fcd835b5d5f212651d6
SHA256 c3e408643e8b231b48e363f8167c218084c171a90257833fe2d9a43871b006a6
SHA512 bdfe5cde65ddb0e294c69e537ccd2049f2f6c10958169882d7021d8036469b5bda1a0df113fb4bf6191c9da59a3afe2c48ac556bc41f6158fa37f3984d047c38

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25f720e383cd127c979b6ead946064ca
SHA1 49d5ca44649f540c6ace79f91191edbd255eb7ee
SHA256 0a22d8fe38ba10d2284b69a89dc7dab41eca75b0e67614aa930941b1b971ee81
SHA512 f3f23bf91bd7cb8b52955f190b9f5c52c6681cad036c4a13dc4797abd8a71285d6075d370e900fe1a0d8540e7892c8df98600842b4f44f78e813c68c9329d9a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9517e3db130a1aa79b46c573d31afe43
SHA1 c1c8cbf002c4866ed264c3519b7f5e07d6ca492d
SHA256 11c4f016a72392f01a82ec5e39ec90e307b2ac989e673c52b283522047243f6c
SHA512 116831bff919a7b68232662c5a1c0d958dfc11b30fa97573942f4905e8928f003546a4e71c04378ee202470d18d0ea89e300de78c057ca940f1cf91210653108

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 47713a870bc2ebcdbeb3761f08cc2295
SHA1 f3c7bbb24e5ce891eb7dfbfa32f0a54ef91baabb
SHA256 44543fa16ef3654695e00ed47f51517e1ae5fe2d4d67db748a963acb991b0784
SHA512 206a59797664083e9a5234df2fb0baa1c8ff376c01d31ddd87bdf0f9904e36a14b5025eb45aaff6814d9f59fa8bdb5714fe33387467ec522eb6304846c9f0924

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e1aad017941ed327a3a3871ac6f047f8
SHA1 71a603e55e6de0b638ad850fdb8ab827a3bf4350
SHA256 49e70edbd3aeff9e2d43207b06e548ba1954ef31dcd6ae11ededc1141e161fec
SHA512 25fa46e52022672169da6f5b45360201900caa694319ff5cdbee2b40371b92905bf109b0276ee3993a761a6342a2971b8cfda7ad9872edf545f97c5e5e1c80d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 319d8caf49e57d3d4925ab8084722174
SHA1 d770e050e1057fd116e29dff2b8fb23f789abe8e
SHA256 7777fc09cd52abd5443334eed2906ffc62ef4bcc9d4125e029128328f793ea38
SHA512 3a1b97787ad0286649668af1a6b4cb5a98abccfbb04f8a18744d10cd9194736eedab2ccd31d872bde250fec2fa3f967b1668552c75ce5719c4f7d0301fed4eda

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HBO960NE\www.youtube[1].xml

MD5 98b95f9477478397765029a7b81804bd
SHA1 ec452690ed5d9eb6496b1b50d492095a58b4b5e8
SHA256 934b8d7aae0017f5a6e71ed7f04e9abb11aae59c5b60abb087287104a65543c8
SHA512 e4de13d7d2ca5a8756e449af99a7c01c327b7859fa5e19a00c7e77912c0a90ecf8b727811edf50b68341ecf309c607ecdd4594705a5c5710d14edd2b86785175

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 756939157f2ed22357a65368b0422a51
SHA1 14ba5d218321a3266591b48ae27dd1c65e585f67
SHA256 538607e9378228bd9b6d3342a46361c7e5fd9f8e8b778b80d27a8ac9420317ac
SHA512 9497194a0dddf798a8f423a44a4ab8c41bb8f0af4dc185205c7374b4d144ec043f93ab0871eb86027fbe26b5c31eabb0a1d2695b77dfdb386033e0e66d8e1dda

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HBO960NE\www.youtube[1].xml

MD5 5cd60ab9eb76312a42ad413436a1b8f0
SHA1 aa011bf3b2277219347f79f068233d48c8d51ad0
SHA256 172e5685ced7a4a626b94ec8a344022104a12d47bc720cd33c9a2ea3252204cf
SHA512 79217861ba04a7f24d61b7b68d6345fef63695fc73223159222f284d1cad4d5b699524df77ad3bda0fb4733961ec790a00f173efcef99479ae408c9e6f9ff711

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 166e3b79c21827b8f09d697f671fa8fd
SHA1 5b7e537f3ae41621fe12651b1d37efeee39ac42e
SHA256 1b7c84d6268155bb0acbc75451c6fa2da9582f394cd36ec02b657acc11871108
SHA512 924bb207cb41700efd7409f725eb45d9e5489f4bc9764af9c333f7e450a83206fbb94a39371edebad3e8a29080db949cf9d7d981f25973abe87365941765ed4e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e1e32ac2a0b36f1f7926ba5d95714946
SHA1 13a67e0ab8679e6db5e4d9ad47556427a9c68662
SHA256 f84cf4a8f03c05e7574dd3fa4c99245ad09adf2c6c0521bcc225e7be6d4601d9
SHA512 d1fb192afb4ac1f43dde9479b7a426638d4fdb23ceea94f05d552041405de1608e3666104882060d7aaedbe362c8267d7395d4b4f46b4f91ce62bf1c5b4cfa74

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e7be998221a594d640a517ee82b7a071
SHA1 6d3bbe57ab4b60251227e2c6ede51ec1d92c1c4d
SHA256 1323e15acad90ffa8862daec0ff2aa1003f716b4b610b0db5e81e3fa343c1d80
SHA512 ef9a483ef5c10919e50e01a980700a349501c7747ea19126231f5cf530e5e5acb588d2577f3b179c1d0b3c7eab6f3714a0fca88bed84cde34da009af04ac957c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9bd60f46da2bd769ad94f197e393e572
SHA1 2b5bfcc0bc5dde6c2fe19e6fb163362653fc417d
SHA256 8ec91f49ff54060e111a65b29ed7809f902388f532a594b364d6d1ccf0f225ec
SHA512 c12826536451101f502ff4c8f9309894acb091e823744f79afb8f3b9ac84a42d4936c2dfc4e5ada41c823eebe927cfe02b858fd251a2c80b94e2952a1379d214

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b4d2addea144449737d1ef587489c191
SHA1 a54ac60f2183379cd1160b38f2bc746e9789123f
SHA256 108d7fe1d296524a75697f9bc7d8ca5ae82b5bd99b695ed55cfd05588cbdcc9c
SHA512 ca7aa79356c2cc3bd5a27b9568691d3e37e1da471a5af0a74fa50e67484ae1320d3106341425ebc78703b4cf48a2f19d894b016d402fafe0f3202dfc8dad8e06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2e6b0a8403da71d65ec188e48c2fae2b
SHA1 83e66acc561ce48f84494086889b63a5c454cb19
SHA256 c38110de7e9f6e60cc513a1ec23d885937d7011e4ad35c868c4b4fff2fbb1760
SHA512 fbf1ed549143c561fc7ed2c91505b379a50b52ad214182013af9a02516917817aeac9e4b1e5633ba342dc72de79496d014de183b61f81b0c5b6c0254a1fccfea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bd23f477773842c039bed9d40a804c43
SHA1 c40347262ee119327b60b628883048e2648d125d
SHA256 248e1df6cc59afee797e3201d3eb22bf159a6d417bd834a6a36115513d6d09cc
SHA512 8662c71100e827c6cdfe5fca3b5b4fe4539d6fa9f47087e10aae4f3cd15067bac59f9c39a630e90979a516af5649e12be7453feab460e80711b9cf9438e6cfb2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e5f363784a8cc59b109344416e41dafd
SHA1 4f3b4213c41ff7121aea6dd718d6ca3a521c48a2
SHA256 89ac55a2ff5584a33d5ed330dc2eabba82d15fd7806d9a5cd5e16730da110a65
SHA512 c4cf8d2e1fa2070f1bfcebc59e2b861f556a6824c08dc6de99061aa11787fc41c964a7344c69cae00ce170c085a016be3cb6c85bf5a266eb23dc9a379a24a63b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e84a7cf27f3a746fa788fdbcedef3464
SHA1 81e5f2d46966daa0832d3a8aa1bf8d609922a171
SHA256 5d5a72db18edb26c1954972e962667427e044524489eb2c90feb4b1de46ef02d
SHA512 c6fd165e7e0dda9bd88e39e8b9e816daad0c7ff96e089c42e4a6f2bf9aab0b4bbbb0fb77025c171323c6e6b3c8fc29c2271856b514201c9211e481b8fe650205

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3eab55e60aa5ce5a3611ed629b4238ff
SHA1 fd4b8653382bfeaad99834e021346d5c788fd431
SHA256 80cb975fddaf213d802724bb9a0261cee031102fbd164f4873a4aae3c8b9e9f8
SHA512 eca745e87874c78d732acad0f8eabee10a7282a6cbeab50854900f94dde0b3d2c8785a6d37158f5f62ea02d488ed5e1a4aa52e394dbbf570f63b32673a47efdc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e2caf5bfde7a1fa7279d3a0abc0fcc2
SHA1 052fefb9dea7e8a472f6ef0fac6ddb1f0cdaa1a8
SHA256 21bdc70d917fb3c910d52549b47538231d266cd09172eab9f56f152ace5f9f7f
SHA512 8ecc17424b775805485a825d64706a4b0573c72dc02ed4b9785350eca50cd78e62183f45f0130dc261dc61af0df51ce2dc874df157cb35bb59b591363341a0c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f085a789cdb713d2491149e0218ef123
SHA1 756bb5e61f6660a3041f202636c49eade0a79e50
SHA256 098b4257b0f0d249eaaeaedbbfa86796953de32fabb88e2cbb71907b3cb0523a
SHA512 4b0d83208e36f2505add4d1c8e639aa6e4ec098f8d96feef1600d0f1e3863587e7d3523eb3de0e6ac5b86e6e590ae0475472b33347c2cfffe21d8edab3254676

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0cb61fbd9d993bff5c6a4cf189a1c390
SHA1 3369ac0f973bbd6618a8d3fb75c396fdcdc40f8f
SHA256 7def8ea65d9e6cbd169a8723dc916a04be03a535ff5ba1321e451cc442d911a0
SHA512 edeb6d5ad6ef7037f4b0399cffd0fc2297892408852bcdc6f944652f79ef60064eae2c27b69442fe3b2fc9a94a70b7112e908335843d1682f13e61d5b241d660

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5230b1ded2821ba672bde57031da601e
SHA1 e135cb602f5062adee952258cb2388f7dfe435df
SHA256 a645ef5bf02277802366fc7c17449d06e02e06d63ed2e22eefc1d696cdcf29b4
SHA512 48e02cb285fc8ab71fe9e66ba3d94165b765e6caab803932355c095ea9d3bd2705a94ed3e90d32f444818e9a9a759212742f27371001169865c27f1ac2430b1f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36b2c60f152a0bc5eae38eb59e87af59
SHA1 8309230c80c57a888e2b48dde2b0da9f74e879ed
SHA256 c3ee60ac5de9d96a1314cda127a0cbd3b236946a9d95018851eea1e7f91cf89e
SHA512 4d971b65330d5f7dd451f4400468e193c485f890b748f86649781bbc0094d651349d4083db87df6635fa8637635fd1f9210c79ad4e2bc935573d26fae666f6f9

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HBO960NE\www.youtube[1].xml

MD5 b3e5e44c5bbdc52330276da176aa2173
SHA1 5f5b5962910b63c23229ad799cb06cb78a597be7
SHA256 af4411872bea08d68141cb027d23b008c546433976f46e85050e1f4f293d49e9
SHA512 e5648fc105efc9ab3fb91183042440d5a4388bbc69324a45ab3246279d146f14f763d50f87b2e3fdf60576a4fe5ae462ee2345ce350daf968c9438e2b9e2d2e7

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HBO960NE\www.youtube[1].xml

MD5 61fc25dd4851f95482ad96bb2421e91f
SHA1 c0e6ca06de68b778685cf34e0e00746e5dcf4896
SHA256 608fc1f73f7a05dcff03114c90674a36a132d0f07bcd595295ff029daceddc1e
SHA512 2d5afa91a3984888500cc4524dd70866a6ca50f10b1d369fe7197e81cbc25ae4ee031de409c9d2c88a33f7694608791eafc19e6b9b028d37a0b98faacbc1efcd

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HBO960NE\www.youtube[1].xml

MD5 830692a9ce45b7c0db8b5b6551967562
SHA1 2490b94cae4046aa7960146c7e7948e99ba464ff
SHA256 3c05d6c7859f753381f6bbb60edf3603291ec00b5f63d5ec6f9024ed23906e79
SHA512 212c39895363273cd217d107f1b1edbe8fb8ef5e944a3333ef345fc6d953069bbfbb940e995cbf529a828239f90c0259ce9f1776374593de540a324102a44c90

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HBO960NE\www.youtube[1].xml

MD5 3d1f00d2f844c0e0b353889482510072
SHA1 af3a8f477287f710a328b15b7eeeff0d4f0c1ae4
SHA256 b39e8cd0edacec0ec95de70046e10add4d19bb300b6bcde526763c12ce78a152
SHA512 1b289926f536ea1888da39664a7abf32113ba51304bc9fb55799ac0b6e449b5db11af032e652482581360909afe865f701b5851496b3511ae74b0b962cb59e51