Analysis Overview
SHA256
a8b50b31a247ec4bfcfcd59d3c2aed53671919d5733d9bb62e0b53c645e71e85
Threat Level: No (potentially) malicious behavior was detected
The file a1d38290757608d3a73eb2d42b5c9320_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 18:48
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 18:48
Reported
2024-06-12 18:51
Platform
win7-20240611-en
Max time kernel
121s
Max time network
129s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "29377" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "38358" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "492" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "233" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "19421" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "38219" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "19421" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6B865F81-28EC-11EF-BDE8-5214A1CF35EA} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10081" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "18923" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "38446" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "38446" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "19333" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "325" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10163" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "47891" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "38358" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "19333" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "47891" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "29377" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "29459" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "29377" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "47891" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "38219" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "18923" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "331" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "19333" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "38446" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10163" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10163" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "29465" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "38440" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "407" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "28967" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1868 wrote to memory of 2428 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1868 wrote to memory of 2428 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1868 wrote to memory of 2428 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1868 wrote to memory of 2428 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1d38290757608d3a73eb2d42b5c9320_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1868 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | konthaiusa.com | udp |
| US | 8.8.8.8:53 | www.konthaiusa.com | udp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 216.58.212.206:80 | www.youtube.com | tcp |
| GB | 216.58.212.206:80 | www.youtube.com | tcp |
| GB | 216.58.212.206:80 | www.youtube.com | tcp |
| GB | 216.58.212.206:80 | www.youtube.com | tcp |
| GB | 216.58.212.206:80 | www.youtube.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 216.58.212.234:443 | jnn-pa.googleapis.com | tcp |
| GB | 216.58.212.234:443 | jnn-pa.googleapis.com | tcp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.212.234:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.187.246:443 | i.ytimg.com | tcp |
| GB | 142.250.187.246:443 | i.ytimg.com | tcp |
| GB | 216.58.212.234:443 | jnn-pa.googleapis.com | tcp |
| GB | 216.58.212.234:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | fe0.google.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 660b6e28b38ebe7e521064e60113fffc |
| SHA1 | f2c25e9f931876bf6834191ec5b409f47f869129 |
| SHA256 | 3e203426c4aa1403e940966905320c612ce4006cc87e03eb64058eaf6d402433 |
| SHA512 | 96868e652d5e0c25b4d0f0ada20d345115f0c6fda26d3cab724c0c1867386d2dcedc408c51f776b7e019ce2e22755017d99bf663cdd9fd0d88b26182c6434bcc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 9c5001638091dd7c0c7ac0bbb99cf711 |
| SHA1 | bdeda59bc8b84b0094c5d6dc9aa38859d58cf6ca |
| SHA256 | 8853e503327b69aca37a72b6ca85be3554ba5780da259af9b347414c209ba733 |
| SHA512 | 92edc8ed8e8fddb7e821c0b9cfca2731d54b0f0dff82ebe0d7d1ee9c993b51a50f44f8056034a962de5d7247f39751b4132a7542d48a45141794b0cbd2da6d37 |
C:\Users\Admin\AppData\Local\Temp\CabEDCA.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | f28732a8753254749b3803d41e358e08 |
| SHA1 | dde8edc6f7c05b4557e6a532e42a58301bb1aac4 |
| SHA256 | b3a93b4db56f21b549406bb76ea8441521a272e30103613ab4a392c009de464a |
| SHA512 | 204cdbc8d323636a987d30c46bfee21500602264932837a4bf184974afec0b1a3c5033c3e1bbd0a336908c018ac4e3ea428f18f08ac37e82e30bc9a368a80d53 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f7eb8999461e21fbc25a5f87cc2f1dd8 |
| SHA1 | 2f0aa65253b8465c403c32eb11bfc3e11d1e7263 |
| SHA256 | 254d8c5b3fe143bb6c3b2594d38abe36b38de0b5ee9fed8c9b34ddf860b27ac4 |
| SHA512 | cf909e3acfc801e765de9b939bb71c3dbac0ccdfae711626e9fb5647ff979f1dee324a8e529448ec3d0409fb7c32208f3a0be9404010f70c607735a2c912cb82 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_89FBEB9EEBFF8AABF1EBFA20B87AFE7E
| MD5 | aa98d848fd2f0c3373b5f85ae445eea8 |
| SHA1 | d891ce4c24f0d1b817f1503dbefa6e2223e096d5 |
| SHA256 | c1aa56bbadf30caf25065b1e1a3174d418a03df203800a2f49fdc84736635f4b |
| SHA512 | 6f98ae665ed77e6c620c4eb3e67ec18d2b74bc4526a41d754f0c4c117b14aaef41d72e1de23f492f8140b99e5c92f3db510b09e6dc30666b6f4d5c8f17d7da1d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_89FBEB9EEBFF8AABF1EBFA20B87AFE7E
| MD5 | 60c593c796591612a55accb66d6448da |
| SHA1 | 816aeadcd13ae6c0829aee7c247b5dde70c7af95 |
| SHA256 | 0a7ef74ec7fbf8eeee4907e58fe82af1928e84c8585a1684c3257db3ba58f40d |
| SHA512 | fc0b1b8d6d428ecdeb395894b6eda967b75f1835a81fa436abb6fe8b3a0d89b5bbd45292bad2eb5531155b4da048ce579b57b59c94338bce58501d60c8f4b176 |
C:\Users\Admin\AppData\Local\Temp\TarEE3F.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M46YZP1\www-embed-player[1].js
| MD5 | 8940a491297381a0ce25360e21b39bb5 |
| SHA1 | 43d7a4157e78777fc024415969c3a7bd550a4322 |
| SHA256 | afc766cb1c4a339c40d24ad926f05e8b4927eed7532b876291d0bd19adc9cf3e |
| SHA512 | 5772d7e7485db888676e69cbaf4c88af01872997338bc61e8e0344d5dba208c2909e167d54d8edcb782e17d1a2b4e9dba955baeb0ad0e43ba932b3bf25ae7dde |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M46YZP1\base[1].js
| MD5 | cb463df0a090cdfabc77af2691141830 |
| SHA1 | e3dde6a1f5c4803e69839154013496a781137473 |
| SHA256 | e09e2e8a3cfbcc88eea12d0b17161e1f2c8c75f1bb21100829c09f9858db3f24 |
| SHA512 | 099374f7b03a4635390b94525105884fa101d93a583eed0d92def7d2de3199d2bd57fc63d885e8e9af0863db40cf521d2fb770eb09400a4c6285f7c37ad88e8c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R54TGSS0\KFOmCnqEu92Fr1Mu4mxM[1].woff
| MD5 | bafb105baeb22d965c70fe52ba6b49d9 |
| SHA1 | 934014cc9bbe5883542be756b3146c05844b254f |
| SHA256 | 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed |
| SHA512 | 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R54TGSS0\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff
| MD5 | de8b7431b74642e830af4d4f4b513ec9 |
| SHA1 | f549f1fe8a0b86ef3fbdcb8d508440aff84c385c |
| SHA256 | 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a |
| SHA512 | 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml
| MD5 | ea922bfa8085bb45ffcf8d9026c54e38 |
| SHA1 | 70945149330d89342bc0a5d3a95005ee45422c17 |
| SHA256 | 57187194cb51169c83b03551f428849f0443df1dd4cd83cd5349e4822beb83b9 |
| SHA512 | 6a2114083dc551575f18ed899848daad0c80bd8c2fe1e29ec0321090745acdbf07c72b8e2be7e10f13be217cd4c88481b53e7c194be407041c209c738a0342f2 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml
| MD5 | 462c4f0897a6347337b6b92fd0cecc1b |
| SHA1 | ff8dd6816e848f5aff740d3cb5490a65a8c7ad19 |
| SHA256 | 5ba18eca7e852ba6b16e194c01166db995836456d46204ebafd1165c5e65199d |
| SHA512 | b957507197c2747b92a081f2a86e313a43fcaf5d84257cef85536ba0d525262c7202bcc779852f9cc5ceeac9bd3e231b256bfd37ece2842f6ef913e11dfc324f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6F0O117Z\ad_status[1].js
| MD5 | 1fa71744db23d0f8df9cce6719defcb7 |
| SHA1 | e4be9b7136697942a036f97cf26ebaf703ad2067 |
| SHA256 | eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9 |
| SHA512 | 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FY3LN490\embed[1].js
| MD5 | 14d69fc9da4a63c8ad5013b3d3781842 |
| SHA1 | e0272f8403d95fd27df22dff5fc014e2ab5d8a3d |
| SHA256 | e2a5632fec9da56d272ccdea5ecfa7000dc70659673c52a11966802e37a2140e |
| SHA512 | 0f85c67ae8969570f6cfa4d265013da7d4820ea11349b11b886d480d7d78df5c6aa1e7484724d6b21421db18678d22bae6d478d3d0e35506673fd609805d1976 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml
| MD5 | cbdaa35fbca5f330dab19e8250f9dafb |
| SHA1 | d087a72c1ede8d139c0fbbfa09fd504c80638843 |
| SHA256 | fcdb5de7664554e2ce6a99d915ff00512c6e431f90b8534c206567960f5aa69c |
| SHA512 | 62957a46ccc5d2cfd2af37fa2e1f73a604502c61dbf0653d701f0865bb430e9b710872bf78d2257db3470142fdb744a0a1b52131e8a2c5da4e27cc93b6b365dc |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml
| MD5 | c0d9cace0dd7b16b0226350d4ebc8cb5 |
| SHA1 | 235482758c5b292e8acba113b1084ea46481fb18 |
| SHA256 | db5bb587b0c37f4c67e1cc3c79ef7eb98b451281d824d0d8afbe9b205ed81f70 |
| SHA512 | 36edb83fbf14fd7ff4aa62c9377019e5f14e42ce0934ed8b478f2a2a06c399485896a38844c7cbc78ec017f87ea8ce73ee4ae1f469f1a6c0e65dfc1d231b7b16 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml
| MD5 | 91114753a568e9fa053e9fd42e97de6f |
| SHA1 | acb5aa145cc7c6a210ab4729cd7fb2c3eb09e5d1 |
| SHA256 | 83f4b452a05f25964e7105dab42db895addaabd9331a4918738f6c96d6ed6bbb |
| SHA512 | 65979ed8c8879961fc679670a9afdf03a7964a50998ef2992ee9a4d07c7cfb3557faf71f1bc28d270d45b53ac4d7753c6c943c25ca1704690b6c7fed78c0acda |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml
| MD5 | 06757bdb6e8db5f2a389a862ed9acfd6 |
| SHA1 | b8b6eef800cb6111fea8362a4370f7749d18dda7 |
| SHA256 | 6109a8fbffe1db919c38b79ac73cda83e119c7fc65ed04f6344cc93a628dbbd1 |
| SHA512 | c30a069e2b1cdc736c312937c939f92ea10cb044e45d5638250aa7ee10fdb4d179a5f926c98ff20f67094aa30d378f8b6c6ed2b53ab228fb3b070052b70dac03 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml
| MD5 | 5f1d614af38db19fc954210df0f859a3 |
| SHA1 | a8502f0050167ca32e64a158ab57bf667ddcf19a |
| SHA256 | f1150ede1fd55e004405fbcd902a72ca77af46ddbadc80947fbb81747ca5ac22 |
| SHA512 | 1f6f3c7ee2ac7642aba721b2097fda711abdc60be405fe9c611686b99a1009d28e6e4da496ee54d8f221af373c2b392fc7fb1967d2e85104a29b006cf167b060 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml
| MD5 | 2715fddf2d628b742fdb222ff2011322 |
| SHA1 | feaf57aa9bc10bf5e659305c80a0ffa8a41f23eb |
| SHA256 | 809f3d8166ccd3bccec33de8e378a643e935b3250d4dfa3f7f2e2a26f7b1f47c |
| SHA512 | 8c6389a7364881308e00e33dac4974405d36317ad25462f8bdda1c070a07228b98724ad33b23971c60077e7066e2b187f70e77a71a709ec0947d9e05f68f4c64 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml
| MD5 | 74e614d75c527276f2fc7d4c8568385f |
| SHA1 | 69d9e2914efa02487a8aafbba9f49025da9b5074 |
| SHA256 | a5063a22139fdd515b8282580c2afbe8c5831f76323e62e53403d68b69d7b3f9 |
| SHA512 | 283b5ef2631a8237ae4f52140a5022a910a3e5991e69c4aef3a5e42a89031b3d6cb7834a520f43a777ae2655dcb6f49155135220cd506bbadc6b1a8b3a51c705 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml
| MD5 | b389aad20510f53a85c2d17b5cecb4fa |
| SHA1 | 6615b7b58d30967d70b1a595e746d55bb7d13496 |
| SHA256 | cf4abf2254f513127f72535c25e9327ed40a5096a9f0758ffd293ac07d34c862 |
| SHA512 | aae89b3eba320cfc7aab77644d021d3374ac656e7de76a5ff1897f708600b3455c276200a1a78899ba4404c7aca5423f17dbb1f7771ec50d81d09c380e38eb1a |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml
| MD5 | a6016fd9b91e1ca68e48a9e6741f812b |
| SHA1 | 6363fadd4d9ae4b76a19c61fbc87d3ea7d77ef0b |
| SHA256 | b8ac82456692c04dd05cc32b8e171fdb6c0f1b69f9de743aea8332edf947fb1b |
| SHA512 | 458fc5f0ea0dbb25893cd616b85bd49e1ef60e6ab7bdec11af7ac6afa4c11271c2d0a40d81e304ed727a0ab1793c85fc1580f7b1690c0c8c1a91ccea4e0c4fbb |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml
| MD5 | 2baa0e29117cd3086086551a255c4944 |
| SHA1 | 1e1e579d47a03b939aef2f9b3a9c20d4a9b72b5f |
| SHA256 | f8b61d9edaa61a7ff28dd9180e9dbc6aee88ac9974821f255809ae5f1ea73ee0 |
| SHA512 | 0b0f80c19533b66861bd26ded3b3ce3260fd1373684959670e22bb79f1d6a6e78c991ab355d1d2e415aecd49bf25de0ea4d0d9d997f3bdfede32baa3aff8cb12 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml
| MD5 | 011082aa41269180aa50ee2a08d1301a |
| SHA1 | c3b8540a3ad0a51a83cd9bbb6b843cbde4cd7011 |
| SHA256 | aa601bee0b7e866b260d4b255dbdc4e97444279ab4c0e03abaecd46cb8972b78 |
| SHA512 | aaa79c167139d34cbf8f1f7d5d2cafc11bc151dceec7d9258cdc47b8753711e15748189c4d12e32f52ad8bbb0599520117ea29773b70d85e5a01b9b92c858a0e |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml
| MD5 | 26ba9ad8fec9e040d1d1183d4ce1150d |
| SHA1 | 34939337bd52d494498a51f5bfa0eb21304f2c37 |
| SHA256 | f50576f5e6578b81a108872e5ea041a0ace3f55ea08019315274b9d7c0e27b87 |
| SHA512 | 407c14c0c1c94ae0e1ccb74b3c83111d2e03901f4963a870f1714a524099a1bae096e4ddb535946092cedfc27f124917aa690d026d44e3294d0ea68a081087f2 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml
| MD5 | 5efe66b0bf17144848c2716e0c74e764 |
| SHA1 | fae308e12b98cb4c6d17a376caaa19659a0a738b |
| SHA256 | 09673ab127a530ea0f36f37ef40ba0cc2d63224f94a9f8332ffc55ed536472f0 |
| SHA512 | 323146d986dbfd3d49b3fd5c327b49b35e9c0a208d92734fb43a990634477249e77c5c6adf5725452e86d28dbf1a719f64b6d3550a54b69ade5f88c31d989ddc |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml
| MD5 | 8274fe7cb8482a9bb5c4286a22285ec3 |
| SHA1 | 7756dbde62a86700695b98c8592e42ebfceb5c00 |
| SHA256 | e160a60b2431c9f207561824ef4a02fc3103f9e8509f2375912674dac9ae4352 |
| SHA512 | 09eed5f9a357b21ea6d503abcc91dcb5934dead09cbd30a0d5bd18cc2d8d61fb9464a08acb1658f01f535f36a289f715536df32ed3d2ac635937397d0761830f |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml
| MD5 | 44e3b360d5ea6ccbf984adc4cac7c985 |
| SHA1 | 2824aca1fa750dbd5f5394f2b8dbbfbd1cfd07c1 |
| SHA256 | a4ef64a722c428d17f35ff0a5098841becea2725978f58ea9b78822781b72ae9 |
| SHA512 | f8f52570f0c92ca11b5f1631b85a1492dc7efa43e2964bcf4a5032593a084842f2f1b043ca87fee089ff92bbc8a31a834f27b26829f51272b4b78cce2992e7a2 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml
| MD5 | 924a3a04f5281675b4841d7b546b5b6f |
| SHA1 | af19a420cf04a4eb30e3cec0594d8b6c395adb8f |
| SHA256 | acb94ac0331e038aa04249ec6e2723bf11a4cec6f9585ea5bca011430a7cadcf |
| SHA512 | 39c66e244f146289700ede71988f29b60ca15fc68ba74abfd4c37642d9511d988955c55003ab868540b90db967ef909c5f1e71412e35d3d899dd91199c192d0d |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml
| MD5 | 70a14dc52da61df7793b31be5bb66540 |
| SHA1 | 28537d96d78e3e082792ef0423bf3daabc62ea55 |
| SHA256 | 02db878d0efedb418cc6123fe44a6bcbbb5b4df03216053f5784fd1881deaf1f |
| SHA512 | a517fb52cc80e350487bec9bd0515d582f2117b634d0a7c78e147b27f18f5abb2dfb083b5fd8406a7248b40a829afe5d431a24be082cc0a9330518be9e555e5d |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml
| MD5 | 17693e4a0911b8fe28fa3cbd3f9ff832 |
| SHA1 | 30fb3cfa9c8117b8350ea6f0b2ea4ce43baa38e8 |
| SHA256 | 87ea6a1b1ab7cd8a7f611de61406af496664c1db665ef874393c6b3c81c70280 |
| SHA512 | 5874a3d991cc5b5ac3f270ca39308d4e9c949ddb5f9442cd3228fdd7ef25564d23f57c4e9cf68fe43db47f18db3f337fbedc1578416dc96e4ee70cc1adb4471d |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml
| MD5 | cd8b626d6415e76d954c91c3287d5689 |
| SHA1 | d1295f6d9f467a72492632e4af5512af14b269bd |
| SHA256 | 27281e01d5bdf95cafb8f2d1de4a1a7abe4c25d80edd19d9a8c0702120cf8fb6 |
| SHA512 | 7ef0fc2914e2d32da21201b42f5dc838eedf56e289c8e403f7e4a92b7c288eeb34ca488a06dfa7d47488fab89de1addff8f83c9ffd0cc94c3adf009bb3df42fb |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml
| MD5 | 8ef06db3c679663804e1e73d839792ec |
| SHA1 | f77dfe81a9243884207c00672bf348d150a49313 |
| SHA256 | 5abd3ecd7fe0d7f5f7067e545c35b032014e50b8b724f9b6f30a566c7521f25d |
| SHA512 | 9ad7a637c82bc59843453fa59a1cfac54841fed346edd3898a31a6840c0ff2d3d3a517429bee7e27dab6b05ebf6150a067cc0ef48aa4e529c57d6ff9e6b31d54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e04bf0969d7c391eae7334b0a01b903 |
| SHA1 | 017ed81c76dc846448cbc1b53894bed089417925 |
| SHA256 | ad251b3e074d1e2e58310f1f1d303edf66e3a5fe20e5ab5578f0c94f81735ee0 |
| SHA512 | c8cd65056be646b7d28994cde62edc01c40cb992641dedf074d1612fc793980897f653ab6c8881c83a71155684c8f047282bc5b26310fdf080cc69cf350f6152 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f29252ce637d264dc139a4e8ae505e0 |
| SHA1 | 8d801b814f2486620ee09fd76bb2d105f90d2664 |
| SHA256 | 6e4e35bf38c682b248aa027da2497eea42ac1b5618dcaa32d09ff45ddcaafdce |
| SHA512 | 0384f42f1272d8abb8bbfd46954fcd687f80b308050d65e0c5ceeeca66553e1c68ed0de8271a416d43174a8f0655af06e6018387692d6a150d876c87e81c1852 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3beccd3044478f594f32293d5caedd8e |
| SHA1 | aa24c37bfd695c668b0be56a62220f347397725b |
| SHA256 | d0459b73756cc1fe662b95e6539996e7fdc9a789f61589938b48a9f833184ec7 |
| SHA512 | 91884a8f87dd86a6baadec824e91e7e2264bcc3a83ac724b954c0d78c2efe66a4e83b7d08c93fdf334029158567b03d2f8e53faf1959637520efa023c3dd2fe1 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml
| MD5 | e318224974791c9eaa874b67b38280a2 |
| SHA1 | 8d41ca4738806a8c517533a88044ea7e4b300908 |
| SHA256 | f929a7ee0c9dcfcc12f0f0395e5642eb394c7037ff662231a2d92263e690aeca |
| SHA512 | 20b8f217781322bcadf8476482f41849458b5bea6525b2df14672c371e32b427ad6dcef6ff539df7aebb986bec50464af17a11961a4445a984d4ae4ebb4cf14b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1347c60c2b8ec7476504866979c3aa43 |
| SHA1 | f488599c0e24baceed9625c321a20ceba9d529c3 |
| SHA256 | 871ab58c10c8843560cd585a51a0dee95030b40a893ee420fbbc4a0c23207ffc |
| SHA512 | 82b34e94a274c387b5b49e948ed1e55b868ecd7c920f5090058b1b3e146ac657f903730a37dee0fcdc1c17c71c450b6dcd4762a8571ba66760b5173dbb76e1da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f2d8fe881dbe854076b816b84b74f97 |
| SHA1 | 6196b3840286410e2f9deea709b77fc40d7e3c6f |
| SHA256 | 174431204e5f93ebf18a32a2194632552ec582f7c08eb8aa2a43948526eeaa8d |
| SHA512 | e610ddeada9b3d8a1af7a569b2158b5bbbe6bf224f7b904dcf588ffb0a927e13b867d361c281e479fc852ba09ad17df207cb3985ca33aa506aae5bb5bb4071a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39451da6d1d51ed9005b6c9a0e158929 |
| SHA1 | 925c89ab9773e1352c0b148bd5bdbb97271522c9 |
| SHA256 | 14a660fcf1ad83032890317754a5ce2ed228dca33afa03ad96a0a87f9adf22b8 |
| SHA512 | abd0d7e1efa7fdcdd136dccb52355c153deeb55754f5b884c84410af69969ea3bbec64fc08bcda9ae6d5ae98241512e0d031c092f751957b850af098f1ebef94 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec50ac1f55bfae290f8906c2e1ece1e7 |
| SHA1 | 26833a914e73c5e2d57c85196aadb11b4317fff7 |
| SHA256 | ab43a385f2f787c748a0b9524d98dcb49f2ef7f92eefd607d7dbc2a706046df3 |
| SHA512 | 959c77b4874219d2d26960316b058da24a496f0b92d52231c30edcf62ed50cdae6c4394c35bca8025d55f3e7c60dbc8c34314ee84801bab6b3f62a5c638259dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e607a554cd93c78c21c7727cab51c7f1 |
| SHA1 | a38b2302700ef08e9359fa0ba94af45a0960804d |
| SHA256 | 48607a0e54a632e3ddf8ee53353cc70dc3b8fb03b1c10554619d0fe967ca7a90 |
| SHA512 | 4bb4a565ce78bfa29d2469d39037dede1052a879754f7116880e6a6de7df9430a819a00bd267bed163482211d35a6dea1eda27f9cce5fa3f24819242e71d788e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 93594d52c880f5ed1dfbfd533f52f997 |
| SHA1 | e22fddda2c262241be7a545467fbf3d7236cdf64 |
| SHA256 | 87d11351bb3d49c7faa79108797aca1ab08fdd5711c2c4339d6e154d568d630c |
| SHA512 | 23d4ecb48a7c4ff29a333772416f4535910156ad2b79cea9103c0b1e2e6561f141d7106a4473cd8730920f6cb433dc15a06e23d44c426fa97248f00757200f5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ee8150a7a35f2201f0cefbb2fb2a0b2 |
| SHA1 | 41eb2e2cebca0a14eb019feca62c515d3a30fe9c |
| SHA256 | 62f66cfd95c9f12ac3f35f48e5e83084c8c8e948e8abf33bd49fce7a6aee43ad |
| SHA512 | 051451775dc9906d7b7789075b2c71e13c0747a64fb7c44dcdaef9cc24d068f5bdb3938ab4fe3d97554cd2668ac653b75fec72134bc1cf8e0f8c2ec7daf00301 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml
| MD5 | c3ba1cc6c6e5c5cb1abb8195a0c70004 |
| SHA1 | 0f2df00f0e51dd0d04e9a215f8755dd4362113d1 |
| SHA256 | 1c45fee2a201f530db03791fb7b3e2288f559f95282f8c8d3bd7663000ca87ae |
| SHA512 | 74aeffd0969c1ffdf573d540ecf22ebdd9eba59c9c1ed6e0484f1ec23321dbbcc228f7a40ef7caf3ba8300cfeea30fe20038d6219931a83dbb62b53fee7be0cc |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml
| MD5 | 1f02ffdc3ace9502367d36e48fd9aa32 |
| SHA1 | fac8277528c0addb5e463d7277bd7a04ce75d41b |
| SHA256 | c066943f0ff4fc14b906db0d1399755fbb39b0c5577f7829dbd42f4dd4a6af5d |
| SHA512 | 92dd90cce7c6904ff0703bb6af45932e4ec07f30c6c65140f254393e49ecf8d7f72f129d7da02542c9d6324f09ad6116e82bcdfefbd16d4128a4c6b4bd6ba67b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f7d4e06eff4a6222cbd3bf35841aeea |
| SHA1 | dcfb0d69bc60c7a9a9b64a142224e7a75cdade47 |
| SHA256 | e6e68bfea4cdaa8135b41826ee10d2a955936672bb8ab847fc75ae5aef82781b |
| SHA512 | 2d1fc950555c48903bebcb05fd3d1b5067d2948a25435233b8400e9f56758622a0d7ddadacd94d3520b14912919f6ac191ba3c8b073b4bdf30de3fd0dfd77c36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d7bc7e69b68e158cf18e73f1442bbb2 |
| SHA1 | 217ebd4040c9490cad5210480f5318ef03f53564 |
| SHA256 | 89892ae37ef91ee991063f3a39f8866620e61f1c4a535ba64b185f6b63f9c26b |
| SHA512 | 8fcbceb00c0c2cfc37ddd406192bcd95d6cfedf52dd5e0776a0d07c652a521b919f0accc6dfd622273e7420888b8195412aa8c7d383ea39b59b374a703455c3f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 33dfecd141502cac46a06a755dfe1644 |
| SHA1 | 331780a1a62d17bba1766d538e83da1409067f36 |
| SHA256 | a96196fe05d293eea9954a20a31f61696efbf1122d70e6350669556ae675cd27 |
| SHA512 | 6a03087c725b9b81065c6d3998acb85dd52ea89e978c9ef16caabb5331a262f623f17e6b389600b7f53dc4367072f60707bb7d987a01669b48322b0eed453156 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a26191bbdf7960d5eaef02f737866b7 |
| SHA1 | a8f4411e972171c5544efc25f1b842928f9e89bb |
| SHA256 | a8d17895695d0b871a25225b4b943719ae5b9a54f17653737b55264d6d9cffd6 |
| SHA512 | 1232d2e8b622d986159b718d4a6c556ea39c4df3bda1f4feb392c431c8bed0c7966bd21e4b1238b58026ce8de5c26eba55b82c40878563d76e7af0d4bda9ec09 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a21cfce54bf07529a208028d6b459890 |
| SHA1 | b52f7c9a933b6afaa556228c6826ed16daa9aae9 |
| SHA256 | 325f388dd0994147bdc37db39e5ae986a6c541324fac47d0eeb83bca6a3eb5fe |
| SHA512 | 7d2b30a5eee4df938f37ec1b553e70e8eb2f0dae8c15d9b4585cbbaf51fbd18a872608b79fcfcebbe6c8af1801cc223b9db7c59a4d4aa6d09d62c0a0af5a175f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0cef93c2583b7241182d002361db599d |
| SHA1 | b014ca77be8b97c9d7c2c94dd3402d7b840ccce2 |
| SHA256 | 3814a322e3725d69b987470d6f18c28cf5f47c57778727f69a5a7f1a8ed65b28 |
| SHA512 | 2aa0181f7e8646628253c28ec3d5d6b94a3a99ed11cf5fc5979c1c799d5fd2ba329c74b4e6b418968d753cabb43bf08806d0eeef52c685eff0acd05e4d731b89 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c1b157eadb0f0f1129dcb8ca37ce5ea9 |
| SHA1 | dbc98fa9e06a25711f9973e66b7e160ded5f0a5b |
| SHA256 | 42388c903da1a6771be32319080683ff25ebcf9f03ee281ade67cf834cf8f0fc |
| SHA512 | adf5e637e6221caa8b7bd73acfc3e0c7554eded9c291d01220660050886777811adef52cdaaa7d60df6ae71ee6363b886ae9ed7b6c437d022e03a10b1b181dc9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3516c3ad06432c49b22a130cc7c47fd9 |
| SHA1 | a3596cf4c972c780f4d9c10f2105b1e9da92084b |
| SHA256 | bb377ae1b64e321d7aef75382b26e387c8e4b46aa657f38690440a93e4f1bad4 |
| SHA512 | 4ea5a57536c49fc40888fff004c33b39b97f48f58e63a0a330eb7e69e24fad43defebd0c682094bb5815bd45ab224cda81b2a4c31c31aeb555d7bcbacf4e79bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d6e78b0267be70532cfdb5374618609 |
| SHA1 | 0fcb7997af3eb960c9d4e164dbbd9108592492e1 |
| SHA256 | 3472dc5f4257af1e1d51c3368e147d49325f6fad2ddcc57741c8aea1ecc40573 |
| SHA512 | ba1cda268f560c13b8d30ce94d8c34f147c21300bcae47a7e181ddfaf62dec7947730c1e50ea7c6e8741dd133f756fd8829fcf54e27192e9e40857dceb296035 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4672752fb43e69703cb99d6626a1af76 |
| SHA1 | cca2c867ddad50cc4279169e151680513fa70d27 |
| SHA256 | b5c9819cb3f5c74d0d99e0c07df2e94b72d24b90e2be370af13cf4d6ed5f6175 |
| SHA512 | 80b9bda8db53383c858456d6888bc6bcd88a1cc4aa75294b670ae811d44145b30bd1be70c35cf0b798c98de480b322b4a9d8375b6578f79c444d3221f8fb8719 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml
| MD5 | 64cfee92c29ce74379c643d93bedcba4 |
| SHA1 | e3cb6237e7adc5e50444ce3effbd252e33144f3a |
| SHA256 | c617f6a1d42186f2a83b04f826e258fe375753fee69d8cb92d1fe17190b80765 |
| SHA512 | 9f9fd2751d5bb589ce0cd528da90051f4e49b03075df0bff28e384e578caf9310218579eee7588cfce261af4fe6028c3327d3076e988e85d0f1b6b82d52a7197 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml
| MD5 | f283e0ffaa32ffc15383b34a5123ecdd |
| SHA1 | 2b0d9bd58911d4ce5d37d6cec609ded608cb7105 |
| SHA256 | 0dfed9c70528203f2ff03cb32ccedf15461a39fbaf755e81f0cde0b481c46c59 |
| SHA512 | 77d58b650ec3b440b9a20e0ff98c9a9c9a2def0d0a340013828d3b0000b8692dccfeb165bf9b92f307e3e807f0f46af382cecd312614bec73989192e1ed4cac5 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml
| MD5 | 3469a7e446422b6dc98ac1aa409e21e8 |
| SHA1 | 2b60e96e239327d8bb2ea08c45ef5cc5dfdb7793 |
| SHA256 | 91402928a9b1224421b07e2607da564d8d23c497d31f6818c8ddbddd39523b24 |
| SHA512 | 221e11e9d42b948b2dd4a583d1c0d08d675cb4a6f2acf36852da7cb6b0ef4efefe3c1b2c21c2eb0376f093e808f18c4b22699256f705f85c39a3575c80c760e2 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ELHQEY1S\www.youtube[1].xml
| MD5 | 96e75141f4fe575b8ef3e1a71a7bb235 |
| SHA1 | 0e82122412dbb7dae3faf6e2b2ba53f03315bffb |
| SHA256 | e222a271d9f491a59f95cf9d9e977adb56a66147ec3a6d0c6c6a171eaafdaf72 |
| SHA512 | 5e76c393a76b291bd96da10523e1085caaf98db9049a936879c6e224d4020d0bf5fcff672dce199ae63d7ee055d4cf0277edd7d7e0c14b923e959daee32bd8e0 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 18:48
Reported
2024-06-12 18:51
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
141s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1d38290757608d3a73eb2d42b5c9320_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb58846f8,0x7ffbb5884708,0x7ffbb5884718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,8341137223165182305,15357403521606901114,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,8341137223165182305,15357403521606901114,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,8341137223165182305,15357403521606901114,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8341137223165182305,15357403521606901114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8341137223165182305,15357403521606901114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8341137223165182305,15357403521606901114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8341137223165182305,15357403521606901114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8341137223165182305,15357403521606901114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8341137223165182305,15357403521606901114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,8341137223165182305,15357403521606901114,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5724 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,8341137223165182305,15357403521606901114,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5724 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8341137223165182305,15357403521606901114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8341137223165182305,15357403521606901114,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8341137223165182305,15357403521606901114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8341137223165182305,15357403521606901114,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,8341137223165182305,15357403521606901114,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5152 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | konthaiusa.com | udp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.konthaiusa.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.212.206:80 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 216.58.212.206:80 | www.youtube.com | tcp |
| GB | 216.58.212.206:80 | www.youtube.com | tcp |
| GB | 216.58.212.206:80 | www.youtube.com | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | udp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| GB | 142.250.187.246:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | udp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.202:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.187.202:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.187.202:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.187.202:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.187.202:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.187.246:443 | i.ytimg.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 142.250.187.202:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 6.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b704c9ca0493bd4548ac9c69dc4a4f27 |
| SHA1 | a3e5e54e630dabe55ca18a798d9f5681e0620ba7 |
| SHA256 | 2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411 |
| SHA512 | 69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32 |
\??\pipe\LOCAL\crashpad_5624_OBNERKHBIKHIBWJY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 477462b6ad8eaaf8d38f5e3a4daf17b0 |
| SHA1 | 86174e670c44767c08a39cc2a53c09c318326201 |
| SHA256 | e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d |
| SHA512 | a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f5c529c2201829253ff7d5aeb17799ba |
| SHA1 | ad8a8ec65a4234dd5b744a0b3c1729f4f95ff501 |
| SHA256 | 5d1a705dc7351585b54cf833671dac46dbbc2d1603d9469b7d360b4b0745ae98 |
| SHA512 | 44c619e55ac73887afd218284ad31cae94fac6c128ad178db2b78853d4bad628428d9efd1f648462a0aa2288cf56ae0acb3f95f68fab3dd25e24a24b9329e1a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 94854f39a19277c61da6bb8f641b6785 |
| SHA1 | 839ef9069756db933711e98d404cd50e94be6af6 |
| SHA256 | 68b91298daa4ffb28abaccb7cf2c05801374a28857f72b5393a0b004a674f2e4 |
| SHA512 | 9d2d6f75d288e98b2a3129448b6679c038a76b50a73c31ecaaf94673198326069c72a6b96937d3a78ac41916f9fbbb6c608d0cecc9f43d6766c5a1c90593ea2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fe0eed72f224df284eb401c6f235b108 |
| SHA1 | 164a8de91e86905be4ffae99de080059f30f29a2 |
| SHA256 | 649fb736c9734229c0f368ea5087e1e3b3b1ec02c17b52005ac949950454e0b4 |
| SHA512 | 23d91fe8bcfbedd4e1fb1f61590e574b30fb0b057c6deddf38fd24a62d0ba6eadf3de4902108d75085c96305bd1f033a4ec816e1e18da7a7d1a45e0e00d8429f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7c384ebb9f7ece17051e0eee3482b3d6 |
| SHA1 | 0aafb6e04ff4387c45f1bae1011d28ad63ba17f7 |
| SHA256 | 37daaa428d07fc717525aa496676c8d8869e6418050979fc42daf245d564a5be |
| SHA512 | 28e7ffb5dff9fb528e3f54cfc73aaca090a0c825906a7b60cc0a239e53607c1d4ecaa309b8fa3a40370f58b557ab3f47fd61ae4b5e4ff58eac82e577bbb83cd6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5f5dfe51256b3611792063a41bb6234f |
| SHA1 | 6021e3fce37bd6580053260c791003f27fc67706 |
| SHA256 | 08f47775a6cc5fd767347bf51ec3d1e65f2f420f4056701b2694d132b3730c45 |
| SHA512 | bd674f6d8c3aa2616f8b3af563135455305b3cfb7f9302ef389bae5e5b8d687155be4692bd015d9e78dd9e7313637e1a4fbb98197fe8f289867090d912767626 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8e29afa459f14faf5b120a237f330ba5 |
| SHA1 | 600a4cafee340dbeaed6b523ec9d37271a1376c0 |
| SHA256 | d3d6f1d301e243231f99a481ca4d1ac3c49ad14b3119f2d5384d9ac15a531fdc |
| SHA512 | e661299ff4e8bc5629d46202af1fdab7cf94eb396f18c1a8c59d6978ac8d86d1ab63bb195e27fc0b6563594563bd58ea9d52dafde1c06ab030de333b0f361873 |