Malware Analysis Report

2025-01-18 01:05

Sample ID 240613-g9y61s1gmr
Target a4363679d660d94de2fe3164b6f0c42a_JaffaCakes118
SHA256 ef5e6f25fcb025a736fb78124726be0b4e7952cbf3b8835016cef620552e2302
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

ef5e6f25fcb025a736fb78124726be0b4e7952cbf3b8835016cef620552e2302

Threat Level: No (potentially) malicious behavior was detected

The file a4363679d660d94de2fe3164b6f0c42a_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 06:30

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 06:30

Reported

2024-06-13 06:33

Platform

win7-20240221-en

Max time kernel

148s

Max time network

149s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4363679d660d94de2fe3164b6f0c42a_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9765" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "19299" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "19299" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "7996" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8078" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10145" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8084" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "288" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "7996" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8089" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "19305" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "19217" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8084" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "19305" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "19217" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10145" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "400" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 306353565bbdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "288" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "19413" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "19305" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "15886" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "9677" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "28953" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003fa9bff03de6da4abe62322c9825cf50000000000200000000001066000000010000200000003cf95c5ad273562a874ba0bcdc73671c18428695b0d5443abe5720c50d953431000000000e8000000002000020000000c72bdac501a774cfa62639a9c805d704a137f86ddecff732654a68ad539f7f2320000000d84c313585d85d7345e75df36f02e9931dc181e724a8ea287ccaf32f08f2f4544000000095f95e73c413af574dabc5d84346961218d4dd096610edf044755655b462602707c88c7f5338fb8dd8f00d7542f1670a72fc255907b2a0cf4007a3884abf2295 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "19299" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "15886" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "400" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "400" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4363679d660d94de2fe3164b6f0c42a_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2872 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.konthaiusa.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 142.250.200.46:80 www.youtube.com tcp
GB 142.250.200.46:80 www.youtube.com tcp
GB 142.250.200.46:80 www.youtube.com tcp
GB 142.250.200.46:80 www.youtube.com tcp
GB 142.250.200.46:80 www.youtube.com tcp
GB 142.250.200.46:443 www.youtube.com tcp
GB 142.250.200.46:443 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 142.250.200.46:443 www.youtube.com tcp
GB 142.250.200.46:443 www.youtube.com tcp
GB 142.250.200.46:443 www.youtube.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 142.250.200.46:443 www.youtube.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 172.217.169.54:443 i.ytimg.com tcp
GB 172.217.169.54:443 i.ytimg.com tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 fe0.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 a1fe49c10cb5bfb12722798ec93b16f2
SHA1 6bcd1f74b68ef0921df930ddba143c34687a4628
SHA256 845a9ffa51a0fdbe4432b96f77b082f4a46c8607dfffa43969e3f15c0cc771f3
SHA512 6a19b9d30562d586462595b997440d806f05c98fa72fbb1d048f64e970ced7e6a737424fbbce5af289605544b881cf55aa4087d6cc0ba9ffff99ed15440f8915

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 cb85f3fcf86ef0de7ef258539cae87de
SHA1 c73288fff07885a62f8c7033b348863ed3b8cad1
SHA256 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f
SHA512 dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 d8d27fe2ebfe505231e9508064686396
SHA1 1bf4fea6f1f6fba2e68f72e5414313e4d7a30fdb
SHA256 807fd3df568c8b8edeb81f77b3c4a6c9cc9226b9ef8de528242041c7c2fd0330
SHA512 b2f905a323b10ab52cde21303f31f19dc50162c24d369fb925aad086485d2dbfd0bc1ccf104bfff9ede38c96e70fc2fb2bb94209e4b709c4a67c2b5381f25ee5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_89FBEB9EEBFF8AABF1EBFA20B87AFE7E

MD5 60c593c796591612a55accb66d6448da
SHA1 816aeadcd13ae6c0829aee7c247b5dde70c7af95
SHA256 0a7ef74ec7fbf8eeee4907e58fe82af1928e84c8585a1684c3257db3ba58f40d
SHA512 fc0b1b8d6d428ecdeb395894b6eda967b75f1835a81fa436abb6fe8b3a0d89b5bbd45292bad2eb5531155b4da048ce579b57b59c94338bce58501d60c8f4b176

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_89FBEB9EEBFF8AABF1EBFA20B87AFE7E

MD5 0aa655f4a2f7b099062436021ef6c615
SHA1 6b719ae6249db1190150a19170a0ad876e6e6a9e
SHA256 523b0be9f93cec7a52842dada7e552f8b840d4eb757cb261d5276ddf1a9b61eb
SHA512 8d49aa2f33ca680d101125be98007d28110c5073c97b46d0e37bac08d185786d04926a4b783f4b7ef6ff5e1883160e7584261747f5506d46801a2293fc3fe164

C:\Users\Admin\AppData\Local\Temp\Tar1C4E.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 481a84fe622c7e25f774b3072bc2eec3
SHA1 f0def3a676104339c4e85de776e618072717434b
SHA256 07c8bd16f2efed690293960d7725ff463f85ee9fb13cee19d5d6810d1728d95e
SHA512 f20508272c7951ad1b9523b12b4cbc29ff9886909c1b269eeeaf56b487313433b2ba5ca87cdbb135cee9ace3a100f3d16c405195b2b9c8f2b9691d943ed0a8d2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\www-embed-player[1].js

MD5 8940a491297381a0ce25360e21b39bb5
SHA1 43d7a4157e78777fc024415969c3a7bd550a4322
SHA256 afc766cb1c4a339c40d24ad926f05e8b4927eed7532b876291d0bd19adc9cf3e
SHA512 5772d7e7485db888676e69cbaf4c88af01872997338bc61e8e0344d5dba208c2909e167d54d8edcb782e17d1a2b4e9dba955baeb0ad0e43ba932b3bf25ae7dde

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\base[1].js

MD5 cb463df0a090cdfabc77af2691141830
SHA1 e3dde6a1f5c4803e69839154013496a781137473
SHA256 e09e2e8a3cfbcc88eea12d0b17161e1f2c8c75f1bb21100829c09f9858db3f24
SHA512 099374f7b03a4635390b94525105884fa101d93a583eed0d92def7d2de3199d2bd57fc63d885e8e9af0863db40cf521d2fb770eb09400a4c6285f7c37ad88e8c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QW26ZQO5\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

MD5 de8b7431b74642e830af4d4f4b513ec9
SHA1 f549f1fe8a0b86ef3fbdcb8d508440aff84c385c
SHA256 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a
SHA512 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\KFOmCnqEu92Fr1Mu4mxM[1].woff

MD5 bafb105baeb22d965c70fe52ba6b49d9
SHA1 934014cc9bbe5883542be756b3146c05844b254f
SHA256 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed
SHA512 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QW26ZQO5\www.youtube[1].xml

MD5 a3cde876c02d3dbcc1c01b508e3ce3da
SHA1 b07ea6e78e0126bd7278a25f5a70e1326fe3823b
SHA256 ca762567ef52ec5af9e7b5615e2f115a27876382276058c8bb0d17c00700f290
SHA512 5323f42f9c1cdc5f2eab132688635ca912e00e8b3728dff6ed1f4d3e01a05f359840e8f09f58905fb8e7b83f4d78fddb24fe275c70f8e42d357a6f0f2275e34f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QW26ZQO5\www.youtube[1].xml

MD5 7e98f6300ed5d5ee66cea19474688e43
SHA1 c8eb27273a7829e8f9474ecf89c70a0757091374
SHA256 db89177b8d3949a75f3e18adaf2d1b6389fff6b7c76488d4b17f771038060747
SHA512 5b9cc0cbac29a583d8f0afa5491427b3c73a23bd19ce1ca7282d0b444d8a370a9e2f053053d2613f1980263b80204fe4574b9937d773b18f6e5b3e7626c3f242

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QW26ZQO5\www.youtube[1].xml

MD5 6b564d002e28f76bf3a489f272424b8d
SHA1 141bf0921f0fc981e9089b2a7812f11571f3d936
SHA256 03fc3369888707e008cc6ddc6ee6df98f0b2a635bf7c2e578bb78a9090edb5b9
SHA512 8efcb860826e04b22a2ecd6bb0e43593cc4be8c8481caa5e0ebc80c4a2640ea6fb5c046673fbc77c4310682b58aa9fa34473302dc6d51ced5b6f4bb37c9fc273

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\ad_status[1].js

MD5 1fa71744db23d0f8df9cce6719defcb7
SHA1 e4be9b7136697942a036f97cf26ebaf703ad2067
SHA256 eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
SHA512 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NPBB818\embed[1].js

MD5 14d69fc9da4a63c8ad5013b3d3781842
SHA1 e0272f8403d95fd27df22dff5fc014e2ab5d8a3d
SHA256 e2a5632fec9da56d272ccdea5ecfa7000dc70659673c52a11966802e37a2140e
SHA512 0f85c67ae8969570f6cfa4d265013da7d4820ea11349b11b886d480d7d78df5c6aa1e7484724d6b21421db18678d22bae6d478d3d0e35506673fd609805d1976

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QW26ZQO5\www.youtube[1].xml

MD5 2caa0158a2503d623ae24433f5b1ee7c
SHA1 80412687d57570790c7c10e9f2016e72314bbdf1
SHA256 dfc41ea275d918695095b6280a7f28e7e7a34b64542d9795a39350fef32358de
SHA512 7e704c5253c45219bfd20e10733677278604d5919bcc0ebca1d8be3a80266fac058ff1934a5f046c19909a7948b6293195f4f2ef4839d3274bbcf4b24fc25250

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QW26ZQO5\www.youtube[1].xml

MD5 f325aca02a250dcf435a9bf6f4fc72d7
SHA1 f6a5b5513319c78dbfdd99147f2896ce143a887e
SHA256 0c1acd2f69511627c090b3bc5f3b26577bc4b925a724c54ba9752938acf7d9c4
SHA512 6f29e1fc15e30b025ef98642d6499602b2f655a66fa6d1f1ce6861c310ac06f7ca673714478e5ef52f5af879850976f8668766966d7cb299a3361f3128928dbb

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QW26ZQO5\www.youtube[1].xml

MD5 9eb09e6a529938d22098b3f15d8fa892
SHA1 a5c5747bb05926b29bcfe9ff192822955c1f4569
SHA256 af4adf4880707ee007dd8ac3a4564964ed5e409898e39966192d3e1890fb73c1
SHA512 500e2dbdfe1b06591cdc6856825eac0362e87efb68548633ea3b12661731e0f7a9afbdb44a0e7d25062b226ce4fe3dbc590d1541112b7e8820038f01e7b7a891

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QW26ZQO5\www.youtube[1].xml

MD5 0ff82f4ce7781e4496976ee2b343058d
SHA1 9e26e0ed78d0f90c58d9bb72024b7becc69e1973
SHA256 5015a9e4c9a408741401cdba8002799fd61a4656f64923606361509c24ffb9fc
SHA512 eacdfe3d877f3513a058818541ac84211e93848f8deb7ebe5061e59bc3ff79e3f4fdbaab0d4d527e5c801abbbd1d4366d5fd7623f1f101783b9d67323e9d3f59

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QW26ZQO5\www.youtube[1].xml

MD5 95ebd1e95a30069199f3cb58ecc02eb7
SHA1 330d4b37fa0ad4649a5201c385200a5b4f95d96d
SHA256 5b0289c76de23f4f999095ff0cf87cb0c9fc2b4513038bcaa3c18cadfc08441b
SHA512 848323fedb4cd219dcfed2e59083747a5270824cf807b092c4e5d0fd1a4c259698e6e5e8008e289f04cc90a6a0197ef1f3c3ae24d3065c3c79322bc05aa3c651

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QW26ZQO5\www.youtube[1].xml

MD5 c626c83379223aa2a867f46ab05ecd86
SHA1 225c60d3c6a14ab95e0f338262f4ce7882d52c96
SHA256 215d3b8509abdfe9e364ca013f83fd5824c574dcd9b4687c4dc973de08e7d154
SHA512 ec5ab6467a5d4a227e1806ea1f5d049d2a79448d4bf858d9b36ec8b2f9dc37c5e4a5d18f4642efe0082ad3c20de37048ef4969afe13e2a347d111aa388d77451

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QW26ZQO5\www.youtube[1].xml

MD5 8d84277755c6a10bf55180d4b9725ba0
SHA1 ea2414b73c993b2311482386bdd29f61a6177030
SHA256 dca85e512e9c562d963afd15a682474336d5dc17ee27601bb27daed122bdf592
SHA512 6a1eb058e7c4ad3681d4056c4d7d6c5b8f5c4714306a22df8e5a1831d5659cc25fa7c332d8880c9c1d9243c3235bf3364efc9934c160f089b3563f29f7155188

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QW26ZQO5\www.youtube[1].xml

MD5 0d0079248cef8abf6b3fc288f8b6baf2
SHA1 99ad4be09eb270ad1fd43c02d682e24cd131ad76
SHA256 cc28775435a84f3f2e85b3ec9ac76350102cb3dc19697416825ddb2ac164ca80
SHA512 eac7160877f4fea5bdb2c1aebc11179952ddcb6743d4aae4d6671ddddc2e2768d80b6a9e26ec884d80a4d0b20a55f7236cf7fa2b6d67671f9ecc604243d1c6ad

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QW26ZQO5\www.youtube[1].xml

MD5 1194cc883a3cc4c5def232c1876612b5
SHA1 eb7c8375295235ae8b1e4840a87f63052ed11edd
SHA256 f66457cfd925f78eb36d7bb1b016fba123e52741c6f740aad8aee20e308f4134
SHA512 89ea3f9ad50979301ed5219a8ffb2d1b46bc8882e1fb390051dbd8477e174b77f07618182b77a05ea018c52a629b10a6dbd7d8e23ddb4fb79c6935b09c1c0e49

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QW26ZQO5\www.youtube[1].xml

MD5 64e5c71bb273a7b668538a67ec70fed9
SHA1 540b3d3c9a2780100ef00d4978c03ac8e5badaa6
SHA256 4e475045be07147a7d44d9b0aeb1b1fded684671b8771bf72e76abbdcafbf4d9
SHA512 89ed981be4993873c02b0043a39876bcf25b27c01b599706530fbd63051fb5f06f4af7e8401816cdb0ad7ddc6d6811fff7496e369761d2e2f056b5112875c791

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QW26ZQO5\www.youtube[1].xml

MD5 7262022c5692500372c6a37e7d8cdcf4
SHA1 7cfcfb0b3507bec330475bdad566068fc6be55f5
SHA256 70c5e4d81d5c038bee120a40715ba9f71e36a9f3f778efa2b430ff52f4a4c528
SHA512 43f0c7419d22a9c4a79569f52f2e7192635a56c860c7c498b066a70703a5ca8561963aa49b55903f88bc4e599252e2e46c137a7ae6b076e5de322972890f82d1

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QW26ZQO5\www.youtube[1].xml

MD5 eff2e941dd7b8137f61bc0a179c70519
SHA1 18c442cbab04cf52a3a88321f0d3907ea7d39950
SHA256 c0a7d3063948009410b3dbd12bd3c22758d99c643610efd0fc763187d690d755
SHA512 8bbb6d3bc550267b2b62edb6663dba41955440f3591ce270a72ea5ba2cd4ba964c4cf09d4de27608b6efc7ba68e947ebe4477fbadb6e9b76436c9a4e4e36b41a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QW26ZQO5\www.youtube[1].xml

MD5 a8a6b427daef71549a6b1717e254d91e
SHA1 b148377428d83041c149499519eeee85a6cb2399
SHA256 d357eaee77fb9584f675d3d64c2cc5cc3b9a311c3ffc15ec65b03ead0e094f73
SHA512 934ed942df4ee7946c670822c3b77eb0eab3b2c3122452caa6aefe6a10c525ad6f95d42a546620ecedcba8553291c3ea53ee4e7a151ab650c973795b71b10ffb

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QW26ZQO5\www.youtube[1].xml

MD5 2ddf7fb414117c5986a2796ce4e5181b
SHA1 d9ba86a19c4dc3e3f86276aad2cf3098a725d039
SHA256 63684341d4b02f46a825adf42b39c192dc8e84611a93debca357477c1562c6aa
SHA512 8e7fb7f04862019c276ce15d91ded556abfe93fd20a55c4dab592adf329c012da83b66550de564cd26b06b1ae90c61b3f82995cf1ec1c981be8a50def3563be0

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QW26ZQO5\www.youtube[1].xml

MD5 dcf27f53f60af959cfbb47b8c5378d6a
SHA1 2c7a72b49f87506773ec3d8d8cb420a4e108a631
SHA256 7692cba5d120566d7a57bfae4e3b4d9172844c1f23f9522f150fd5b4f7495787
SHA512 940f0934c4c252c88b3dcbaa17022ead11d31e5afb271f1ed7da57106744b4a73f9ceefe204f08da6084601639fbec87b1a2f4d432faddf91ade8ea08e54c0d0

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QW26ZQO5\www.youtube[1].xml

MD5 1a4468b0c92f6ac80d9a8cfeee61aa53
SHA1 92b2dcf875af305ac53e75aa439597cd0a5c7474
SHA256 b972e29e7fe0e5e4863747feff878a6d6f83ba39609db69ce424c932b3c25a9a
SHA512 a810fa84d7b4b166233b9ee465c3fb2a2eed4722f18a211d72aa4187bca5014f06a7f86409c786deb5dcd1ea47b609e3faff91c0263d55ab546409296dc38083

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QW26ZQO5\www.youtube[1].xml

MD5 93bd559ee546bb4ae29341e8bea2cc4c
SHA1 c2173805fef9a717f5649e3499f330b9c539079c
SHA256 99591efe5f4fde6b4fd21f50d669ad709bc154e25388c3ce95e15fdb62d7e721
SHA512 4b9d2adf75d1d6989e230df23375e702222ab21f13ffad876001d4ec0d4e11fa6c8c541d594a4af308fa8c51e78e32d34811f04961ed2d60db12bf754efcda19

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QW26ZQO5\www.youtube[1].xml

MD5 df8f4afb098f5e9308e3b58f23bbb4cf
SHA1 04777a3b162bd21649ec5930552847471d56e3d0
SHA256 c44a9775f74d148210ac88f070bede6effe762f4a8f0b8f2fdcb1bf4f69dcd54
SHA512 82d130e04059287246a9201657db9ee8ee8a2f761412cb302a7734dc15f56d7cf230d63b7db6f0c1f22f927a4bad1c0416c6d83ae45c852dab169dbef921e09d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QW26ZQO5\www.youtube[1].xml

MD5 7bd7713b8d795a5af53499eac891c2d9
SHA1 147cb0b79e0c0bec14f13b88306384cb8884d441
SHA256 f4266c97f6dc3854223df94113107a27ff252a2bd9d823222d2aed2501768728
SHA512 84533e2c1a1b4e03334c7a85dd5fc6d680e352cbbb647294439e3bec470cee74c8c96a030779a129a3bb767ce0e2ba4fa5f4a5f1251141c8cfc7deaa574ab089

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QW26ZQO5\www.youtube[1].xml

MD5 dfe932b4940f90511a268182a2719131
SHA1 f3ef60967b7b484513d818119c748ae64d287d83
SHA256 07a714a83d8f5def41d9b91b0f2b4e46c8446de7ef551e6e229a88de1747a49f
SHA512 3bae0a0a0c6f9e68fb90d03419e6b69180bd6d1fffd9db85d302a77a671106c0cc32b6b0a11713b27a90416077d2f5a228625f1a73dadb38b2858a1df4db4a58

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QW26ZQO5\www.youtube[1].xml

MD5 7d5e3fcc3a855e40bcc2b9336afe239e
SHA1 b9102d373414b75360e2751e0bfc58fda88d11f1
SHA256 5205db625e9d03cde8c9fa72be8fa17e166ce6fe49bbd083dc49225be51d5733
SHA512 4c756614c9a423e53a66b7f620b3fff8044b427b0449c0272846c966f0c7df9dddcabd434112fa1f376e7f45ed25d6381ccd50a331ec23f355ce6cde7f479b92

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QW26ZQO5\www.youtube[1].xml

MD5 cef63797d1cb0989aee3e02bdb682cc3
SHA1 7127417d7a4c7140bf30474a40ae0df32d1fcce6
SHA256 0a4320d7c56a27aa12af04b664a63a428bc397de0a05d307661a00439467c435
SHA512 c687edf7be53f6061ef92f8c91a705e8f48b37fd1c25980b9d898b06944a25386c1cf192730e996db522fb8be98347ae33e607d8d601e821575a26ef2f1cf96e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cef5919f6879e34c38a460998d558177
SHA1 0956bd01bd1964b0df94c5a835d07b454fe2f59d
SHA256 f8f02e6229ca3f1fbad37a6273d6129c9f5d730a8692f18f285a38a89b095ff7
SHA512 bc24d5304c3496834d7465af7e47d9ab0ca2c0305c8cf69d89a19733dbfdc92136231c96002c3d6627cddf08e31069fa29da53f18928e8281324294646f9bf70

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QW26ZQO5\www.youtube[1].xml

MD5 14e7bd1ba940e61a1fe8a0e61ce02d2d
SHA1 ac3dc42a4f7c434fe17888fae66976977af31f4d
SHA256 3e4ce29741b423f99a977a9bf38bd54881095c6435f1bc3e306a607274295edc
SHA512 dacd5e4fbc24145faa855120ce0b543daef7dc557ca6871bc843369bbcc9d34cd3878c09e7feea7bf4e5760311601ea2b15d8bda334cfb5b9071727a64a156e4

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QW26ZQO5\www.youtube[1].xml

MD5 53806685adae714235f3d1ea274d391a
SHA1 c2dec43e07135f897d9f122082543a87585ff466
SHA256 e41c122122eb578483a1f8048a3897485e4694aad6c4dd5f4c87a8a661854aca
SHA512 c634847ae1ec95895c571e52221475be256403ef6a7ad70be45f86a306af395c9755a327e56e547221a7c02a703bbb2637b1d7b70274eb501cff0e7d5b086e3b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QW26ZQO5\www.youtube[1].xml

MD5 b5dbc9eac5becd76b49d89b6d3c681a6
SHA1 c73ed073daa89c4e598cfe782a38ce4659f820a9
SHA256 a547bcc1b4d170330b752def20c44ae7f8ab65ae08c29a537e8c3a5374de3a2b
SHA512 b78e3b051280111f732d14210ce551df767b42635a5b7a0a7f7bb71cef15fb7d01cf0872da04fe01ba62f3de0fffcfe81415e3d512b604389aa398104328aa84

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 62882826db2c96cfa73a9ecea9737cd4
SHA1 9484395838a490f25a435e44409bfdc0e0d010c4
SHA256 21d77358c6c99c6b3d22d5983c1d938c7857ada3167e66300913d237a5eb1669
SHA512 199188616b3df7485635c5ff00b7048a386ef3853571b377c0075ef7ef6f02d21b93783312c28b97f115b98801991e0a28d8b57972db1dd813b26e60a698a230

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb82cafb04c5c79d03ca57b0b9a3f4ee
SHA1 f43c81b65e7bf8ed68de0781d9e3de78fdabf3c8
SHA256 82b21dd5e6014ead47ad365372167f7e766f54eb48c8d43f81246be34585d032
SHA512 b4a905673fac25aaf8d4498bf2a029ff3ae304d49e615246bf285dbf4ae5814a8d25440e1c538c3db1f2dd53facc38987f9be7875b30bae22d0111dc7543a0b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f68ae12b5bfb7b72a9ee7dcffcc7509f
SHA1 1554899031384c4e7eab54123e09fca5b981f737
SHA256 185e99f4bcde068cbb540a75f2d1e3dea5c125a268a0a0d771748d182feb7b62
SHA512 4a0a011d9334d76f47d417f54925f073207ae2ee865e427cd3ce24a074584987a8367b85f02256cfc62d17beb6ba499e22b8e461ef9ccde583e2d23c9037327e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 7e427fb32148a0c413d297e5254f54e7
SHA1 b6df1bc5166a75cd013a97131bcb3e2c2c125085
SHA256 d761b35a5b2ccaf708ee73741512826f3df2ed8611806b234a114f584dba4ee6
SHA512 827ed18f32aa8cba1c45e996f943d2eb2446f29b8f3b92159d0df078d73bf86da0982b6deebf84ddde228a6a23d72df2868472984dadbecc90de6d7baf5bf50d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 63007e7efb5d93deb537269e92311e0e
SHA1 75b57c5cf02d2082b1292b2439c9468d3c80d560
SHA256 b424f1995d49ff18866e22b92c3dc88f82dc5c6ae83634a17c6932882f736143
SHA512 8d637724a51ed1e596064d331ba5a95ab089d618d52eb2e495d405d5ab5a5d33dabe567cae12274b59a149dfbb0539b11235f677686d52ed4ad961e048d88a2f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d6ddd733f7096baa693f2f70d7c7057
SHA1 b9f0465510bb9f75845e71072e074a05c62aeb10
SHA256 71eeec07d065af3ba28e3c39aa645d40be6bfeab9da8472e1092e64714db699b
SHA512 e817751b2c656226eb20402abb4757a21fd269b8cb3faa7bd1d05b5fb829c77f19a4e42ca544f5daf0d600472a73a55737b5a6e9abe54b0044441d830c910752

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 66764818eb3444025ec2a07308162f0f
SHA1 04825643b63ff216c4dd018872c225a5ed6bc862
SHA256 ff86b9443fac144ad795800385adbdea5352cafd2f0a261ec20fdcf60bf24759
SHA512 ac96abde96eee89b46a1ee35ad4e02fc09c00eee8e848b809e252ec3252b6a2cf2b54d962c4398f23bac58d49d5b41eb1b16fd6b2900b76fdb1dbd8a7f93d090

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7cd7bc73e9dbbd39e2e64422fa8f4a4b
SHA1 2f547ddf096283b86b113b20c78dd561d6678fd8
SHA256 8f317a7746d2c8b87ac06d794fc334b63ec68cf8c0338b6bd85b7207e9d5fb4d
SHA512 e36f959fa20775fdf2e32a17e371a0af165258b5a0cc0f1b7506d030af840773858a714efedb20ec3186c2369839753939853c7da7cd817da98cf7cf5cc91a9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c50b297ffbd7c032daa117bdf1f5e7cc
SHA1 a3f912254139985455db77d36046ed467b47bda7
SHA256 7171425eb28368030687fb866f0239b1453636c6f91a31455481e37ab0205c65
SHA512 b2b39434d2ab7e3206ec74d2535aecde2abe44c17d15e6c9425cf1531965789ab17c1cfd4ebf6e65ee62284a2bc8016d06f7f0229e8690844a9a593eb90b09c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 a7bbd0f7e33f409083c5d480c5297154
SHA1 3a871972c80d4dd44c29282d5b263eb516a67725
SHA256 22cf9fc722452471f8cbc26707306d11563052f21536f6270ed3b2984a45f76b
SHA512 6626a02924158e69391029f23fdcecdc3fffd9cb38dd80ccd814d838322229443360589f2a2538c755c86e196f6eb3e283d1bd137328c43b69e031c9be42a872

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6fe714b41917513aa9132effb36ae04f
SHA1 af03fdc76060ad52bb51615a61fac0de0e9bbe0b
SHA256 2bb2de923c49bbf2e570b4ad817945ae11ae5383b3976bef1407577484a5df5b
SHA512 2361c7df259a1b180ab1bfb1c7639e05b2eec2ca7a7488f67b631ccc931004a77198809a2e49be2614672a6dee7b037327cdbbab2d7910fc5c4bd82e1a336473

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 291d7b678a4d824db27e8d27b89db0dd
SHA1 c3668309a1a28c141484fc7928618a1cfa0681be
SHA256 7ad0297dd8d789e9009cac7acb2e423c8644ac487ed851673ff9e27e94270234
SHA512 ea5157dd194db445fb9d0976a4bc925c9fe481581862fc8baed41806476229ab3d1e640fd127d5c97a4b2d5dc33d86ea06549c88fba07e9db40f584fdd19d3a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe84e50fc7f2ca1e3de0e1f0d511bfe4
SHA1 e821481ac1b58f315aa0335072ee180e47b0f77a
SHA256 fe311809a1e76da145163546639bb09763ffd52de57443ed8edebea04cb75826
SHA512 6af17ff0e67e89fe52e8e0785ecc7a34478dd1b2fdd868275d99780a1d33d60cca959848a31d8540b8993838e180fb16232ffcbb41b1ec241fc82a373a0a4b26

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 06:30

Reported

2024-06-13 06:33

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4363679d660d94de2fe3164b6f0c42a_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3688 wrote to memory of 4364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 1148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 1148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4363679d660d94de2fe3164b6f0c42a_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffca1246f8,0x7fffca124708,0x7fffca124718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,4554005155193074905,14827461850040022556,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,4554005155193074905,14827461850040022556,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,4554005155193074905,14827461850040022556,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4554005155193074905,14827461850040022556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4554005155193074905,14827461850040022556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4554005155193074905,14827461850040022556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4554005155193074905,14827461850040022556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,4554005155193074905,14827461850040022556,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,4554005155193074905,14827461850040022556,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4554005155193074905,14827461850040022556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4554005155193074905,14827461850040022556,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4554005155193074905,14827461850040022556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4554005155193074905,14827461850040022556,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,4554005155193074905,14827461850040022556,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2264 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.konthaiusa.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.konthaiusa.com udp
US 8.8.8.8:53 www.konthaiusa.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 439b5e04ca18c7fb02cf406e6eb24167
SHA1 e0c5bb6216903934726e3570b7d63295b9d28987
SHA256 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512 d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

\??\pipe\LOCAL\crashpad_3688_GXZQQHORVCFRQLQX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a8e767fd33edd97d306efb6905f93252
SHA1 a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256 c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA512 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d4bbf1ec9112b1b7ba52c3c56cead78c
SHA1 de48a3460086cbb90ba967ca3b8bfb0b7f080a67
SHA256 77ce05606436a930794821457b31751ea487e9e0056d4f6583f9fcfc5818a228
SHA512 763d0ba1646d97184a9255ed7c50e5d760d04ae1460bff0671e37757436ebb2eba395ccc831c37280383f341e31bc3cdafd9096ddd878a43d0b10b7d90c5d635

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e5782c17a502b5e88f5d5a87ecf1fbf6
SHA1 fc9bd090a977108dda8e23c3e18017e0fa8d5365
SHA256 6acef977cacbeb2770530fc7035f1e0d948e9b988f26b77145cd7c9be8b11e1a
SHA512 3cafdd3b0e55e92bbc8946c5cde6a3fd3494b6f6b67f83d849d5951673543e71ea50b979b411a605d5c47df008973a87259807159c4f0bdaad7a2f924cedfcf9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 115b8fe39c4abd4a40455851248ad977
SHA1 73a815431cef7c8eac915d16acda0faa3663ebd9
SHA256 2bc9ed155c7688c6ee69f4b0adddbb0907de60c819228c77425dce5237fcc078
SHA512 4c6fda730f5b4c887d8102f65eb42fe3ebb2392518fcf4b5f4c5d3e4cf355724543ef4fbb0f6f3deedb1bf50b0cc894cbb79ac22b3f31fbe73924db43245fbc3