Analysis Overview
SHA256
f5229abe569e656df096a090280a37bfd9af0d6b280b42f174a0f50c111cc963
Threat Level: No (potentially) malicious behavior was detected
The file a437590e493118339664958cf1af87f8_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 06:31
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 06:31
Reported
2024-06-13 06:34
Platform
win7-20240221-en
Max time kernel
117s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9881" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "325" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "19972" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "13296" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10394" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "20054" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "20054" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "3824" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "407" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "410" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "407" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "19026" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "410" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "3824" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9963" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10394" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424422160" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "233" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "492" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "19972" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "9963" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "325" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3824" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "233" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "410" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082aba012faef7a4cbc379de26df88a7b00000000020000000000106600000001000020000000781c94079b28f665fd43fa0f0fa6e3866f0dd513c528a28f96853a500253a3b9000000000e8000000002000020000000870e6c6da9082cb72a3ea09c677a5197625d72853749461ff6511732940bd7b120000000e9855a7466b92591570b179eb393ad8ed0265870d65a9e8269894bd440c197af4000000034367805227f5d57dbb3eff0b585f32d143ee8a573c5dcfc983490d84cb2c99e7506042b39ca8ee5cee4d21a8bdfb63595c3b8888e13a20ef2c94cdbcf1b4a90 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "20054" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "19026" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "331" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "19026" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 4082bd8a5bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2004 wrote to memory of 1336 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2004 wrote to memory of 1336 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2004 wrote to memory of 1336 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2004 wrote to memory of 1336 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a437590e493118339664958cf1af87f8_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2004 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | konthaiusa.com | udp |
| US | 8.8.8.8:53 | www.konthaiusa.com | udp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 142.250.200.46:80 | www.youtube.com | tcp |
| GB | 142.250.200.46:80 | www.youtube.com | tcp |
| GB | 142.250.200.46:80 | www.youtube.com | tcp |
| GB | 142.250.200.46:80 | www.youtube.com | tcp |
| GB | 142.250.200.46:80 | www.youtube.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 142.250.200.46:443 | www.youtube.com | tcp |
| GB | 142.250.200.46:443 | www.youtube.com | tcp |
| GB | 142.250.200.46:443 | www.youtube.com | tcp |
| GB | 142.250.200.46:443 | www.youtube.com | tcp |
| GB | 142.250.200.46:443 | www.youtube.com | tcp |
| GB | 142.250.200.46:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 172.217.169.74:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 172.217.169.54:443 | i.ytimg.com | tcp |
| GB | 172.217.169.54:443 | i.ytimg.com | tcp |
| GB | 172.217.169.74:443 | jnn-pa.googleapis.com | tcp |
| GB | 172.217.169.74:443 | jnn-pa.googleapis.com | tcp |
| GB | 172.217.169.74:443 | jnn-pa.googleapis.com | tcp |
| GB | 172.217.169.74:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | fe0.google.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | cb85f3fcf86ef0de7ef258539cae87de |
| SHA1 | c73288fff07885a62f8c7033b348863ed3b8cad1 |
| SHA256 | 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f |
| SHA512 | dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | d67e3a8c17d59462029afc4b48f71844 |
| SHA1 | fd63868d35ce509bc64296b682954388a6e9656a |
| SHA256 | 02e193159aacbde625189614cd96ba37ae7586938aae9408e3eb9c532bd82dca |
| SHA512 | e3c68e83cc0092a52f90224d2d9910fd39bd5dd10b1f896f6b2ad521f739b8fbbfb5286123f1cd7986426acec850ef31bb080ab52f56658cf6559baffc8d665f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 9a580037967580f249a7b617b19bb542 |
| SHA1 | 376002dd509a4f99889fc161d89fff7b0b9ed898 |
| SHA256 | fc6ea8ba998d0415d2fd35757fe6a16ea1e1da48dbde8f8e4e319a5a3ed11428 |
| SHA512 | 83720f843bece945ba42098798f7415e8bf8d39d8558c1ffedf2bdab7c1e177f12f3b9c75c51227adc7d1c5894304502abcc4ba078f2a4d23a27020abfe39b85 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 34a62604dc56a9e323ed8d80506a517f |
| SHA1 | 7ada0b241abaed6fc3bc19a5630a3636cc097922 |
| SHA256 | f79c36db8508c3f183250ed2c0c034dd4742ae5a8e8d28213e14912effb4d196 |
| SHA512 | d893e7034a4bc3719c799d50f75d5bfcf0e3cc99bb249b9d30d36521ac8e18d3c36a7c3b014fb1c3c588585f49bae9d8af65c599b5e6c6e68480e970fc4c3a16 |
C:\Users\Admin\AppData\Local\Temp\TarF9D1.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_89FBEB9EEBFF8AABF1EBFA20B87AFE7E
| MD5 | 60c593c796591612a55accb66d6448da |
| SHA1 | 816aeadcd13ae6c0829aee7c247b5dde70c7af95 |
| SHA256 | 0a7ef74ec7fbf8eeee4907e58fe82af1928e84c8585a1684c3257db3ba58f40d |
| SHA512 | fc0b1b8d6d428ecdeb395894b6eda967b75f1835a81fa436abb6fe8b3a0d89b5bbd45292bad2eb5531155b4da048ce579b57b59c94338bce58501d60c8f4b176 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\www-embed-player[1].js
| MD5 | 8940a491297381a0ce25360e21b39bb5 |
| SHA1 | 43d7a4157e78777fc024415969c3a7bd550a4322 |
| SHA256 | afc766cb1c4a339c40d24ad926f05e8b4927eed7532b876291d0bd19adc9cf3e |
| SHA512 | 5772d7e7485db888676e69cbaf4c88af01872997338bc61e8e0344d5dba208c2909e167d54d8edcb782e17d1a2b4e9dba955baeb0ad0e43ba932b3bf25ae7dde |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\KFOmCnqEu92Fr1Mu4mxM[1].woff
| MD5 | bafb105baeb22d965c70fe52ba6b49d9 |
| SHA1 | 934014cc9bbe5883542be756b3146c05844b254f |
| SHA256 | 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed |
| SHA512 | 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff
| MD5 | de8b7431b74642e830af4d4f4b513ec9 |
| SHA1 | f549f1fe8a0b86ef3fbdcb8d508440aff84c385c |
| SHA256 | 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a |
| SHA512 | 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\base[1].js
| MD5 | cb463df0a090cdfabc77af2691141830 |
| SHA1 | e3dde6a1f5c4803e69839154013496a781137473 |
| SHA256 | e09e2e8a3cfbcc88eea12d0b17161e1f2c8c75f1bb21100829c09f9858db3f24 |
| SHA512 | 099374f7b03a4635390b94525105884fa101d93a583eed0d92def7d2de3199d2bd57fc63d885e8e9af0863db40cf521d2fb770eb09400a4c6285f7c37ad88e8c |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\T423V88G\www.youtube[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_7B6B0766585C28B689143E993A052643
| MD5 | a4f1ff88f1c4819543e78c57886a7121 |
| SHA1 | cac5a71476e14bfed1f747186ce724adb632a9de |
| SHA256 | 5e19bc4ac654b0f89b3c2e053888ccd3cfc56e4da5c1358b2a0349815099ff33 |
| SHA512 | 98fa0d3c44ec9f6db8d947b15370ebdffdf4b76b924f38da6a98a243f38ab54f37c945bf539293a49f567dd38a2489fab40c240aefa9d2821ae7f40a6d97fdf5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_7B6B0766585C28B689143E993A052643
| MD5 | 931c9ddeb537781cdcb4852074b9b0f6 |
| SHA1 | 24a0c0005e968d84f05c6b8f627d5460527374e0 |
| SHA256 | 5f6ee50e4ecedac7248ed2c46c05feaafc51465a646a63fe5564ce87d861a56e |
| SHA512 | 9d7a2da25978afc8324d80feb9fc86113539d2dec38f198d520cd47a368e2ed8f65a4ac6cef2930069a6bcd7ca3faab2c7a79109d87a488f5359657b1de15546 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\T423V88G\www.youtube[1].xml
| MD5 | 0aa6d59130da3f5397206a611568b714 |
| SHA1 | b9eb192e62f41c6de1dfad8967b832732b571d07 |
| SHA256 | d9d3479f9a56f062e1e38ec94f087c4ebd000d108631ca96b53242c0d9ba681d |
| SHA512 | 525368ac61fbedb80e723eb058a5cea33d817b475cccd04f9799998b322fc4b6154b130cd99e1afeaa5a49a5eed89e239285bf888ab9a1d769ce03b92c3925ca |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\T423V88G\www.youtube[1].xml
| MD5 | 13851e4d9db320ae1b8fc976b8139a0e |
| SHA1 | f49b0355a178e577b86b953d8532657654e69012 |
| SHA256 | e5e17821dbb3d005e76af84dd5b18f2f2293f3784d31eb4b1fc4afae728c9bf0 |
| SHA512 | 6e50025833baf46a6d0149d7847bf9fe375053f59ddfb6e6fb02bf06fdedba64f02242c6bc9100477ed22135e47db415e8121c32829e4b0dd45bd3236196cd2b |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\T423V88G\www.youtube[1].xml
| MD5 | 201eecacf85b7ea477175d94f0f9de47 |
| SHA1 | 5d5c898191315cebde91c3df828996f7921ecd91 |
| SHA256 | 2bda775c238bcbad8536b68f25d0d237c11fc060cfbe08015bb75648447aad40 |
| SHA512 | e34e7d3ce79a72c0fbd19384847e1099c06a7415ee3b685ed06c29eaa4b32270f11797c12058b72d0cbe01f7c6cd18862a56b4a74bc1da7460132cddcfe01e7d |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\T423V88G\www.youtube[1].xml
| MD5 | 8fb4ae13ce16922f86ca2bb6b2e64541 |
| SHA1 | 2a8305ffa4110485913ddf0c106d7547e6013c18 |
| SHA256 | b65a082e702b492fc95fafa43ccc4bda7ccca98486a8faa2960c40ebb52dac75 |
| SHA512 | 215b42094ceac60c45a9920ab80ea2e32020d081714a3df5a9865e1d8060ceabaf72d17393573e3b38702a96afefb0eb2356957f271dc79cc29de046d482f178 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\embed[1].js
| MD5 | 14d69fc9da4a63c8ad5013b3d3781842 |
| SHA1 | e0272f8403d95fd27df22dff5fc014e2ab5d8a3d |
| SHA256 | e2a5632fec9da56d272ccdea5ecfa7000dc70659673c52a11966802e37a2140e |
| SHA512 | 0f85c67ae8969570f6cfa4d265013da7d4820ea11349b11b886d480d7d78df5c6aa1e7484724d6b21421db18678d22bae6d478d3d0e35506673fd609805d1976 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\T423V88G\www.youtube[1].xml
| MD5 | a3f31895ec79b8d12d9d0463d9ef53a6 |
| SHA1 | d29b9d11447915fe5216cbee895c60dcd5f693f0 |
| SHA256 | a04c343293adf2f0addae37891bd19f273e3f41f5ceefe3c9ba42e994ac2930d |
| SHA512 | 72a0a1f4f9a0bda72b5d39ac078656531115fcf3acd23718a8e022e3fdfe4639211cddcca4bc8c0fd7a8c7820e09294c83140a0ef9f2e4afa13b84c3461586a8 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\ad_status[1].js
| MD5 | 1fa71744db23d0f8df9cce6719defcb7 |
| SHA1 | e4be9b7136697942a036f97cf26ebaf703ad2067 |
| SHA256 | eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9 |
| SHA512 | 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\T423V88G\www.youtube[1].xml
| MD5 | e349395b1a64974167430186811b85e8 |
| SHA1 | 7cf68beb3206d0ce7f83304fb463f25ad9f4fd89 |
| SHA256 | bf575bc404c906406393f99c938e5d6bf7b7a422db22a2fca4462b1a7b4a81cd |
| SHA512 | ece61fd1b9d550ac9fafe1c9f056bd9397276d9920c72d8ce98b5254312e8084da08fdb4849f5c5b8baf01b3fc961b0bf7f15abffcee5e09d32f502ae21c31a0 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\T423V88G\www.youtube[1].xml
| MD5 | b88d000a5183167c1c3404cc559654e8 |
| SHA1 | 7d86b800a3c6e00f64c0aea825c70fc1b9ae412f |
| SHA256 | e547e84a607662be0f0626ba00cc3ac531850b43d8eb34dacc302a8c41ff6ab1 |
| SHA512 | f0c0b7c48ab71696dc127b0b2dbfdc49cd61dbbab2e3d444d1df3c4111cffc58fdfac15434999980b13c0d9df90e6d61b1a4018e420a6d2ba43bb8d14e157dbf |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\T423V88G\www.youtube[1].xml
| MD5 | 8535ac75d18f1daf68927e5c0ceda90b |
| SHA1 | 6b1068725545879fd3d650acc82b2fe574f3ece4 |
| SHA256 | def90b8ad56ad9e452d65bfb0acbf70e53c0cf644579064e54251dced53c084f |
| SHA512 | ba20358fb2338ec711b7adeafe334f335940e020dd4c50ea1dddd07da427f0f1f14d4e83bd2b85daae06ca98bd53349eab02f719368d3bc66ed9d9706b519104 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\T423V88G\www.youtube[1].xml
| MD5 | 1ec997d235f65bb57e337ff091fc65b2 |
| SHA1 | 0a3e759e00ca7973a25e809d44e2d1da3ef1b05a |
| SHA256 | e7686f6e51cc072620b3f3ee05b30711a88a8071dc44553104324082c40903bb |
| SHA512 | 9d58c235459accbf47cbd4b9d5eba5d933148494554e823b09ff1914ae912da384c1c3d4b9ee1925861a65243e65e135a4fd769587ed8b2f69d7fb5b28890bc8 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\T423V88G\www.youtube[1].xml
| MD5 | c087b8749a3a7586e87098087d1bca80 |
| SHA1 | 54679dc9f4c579c7cc42368d07ad55c8a1a698da |
| SHA256 | 59e0d62afcee2433510f5a4bceb9fc78de76c4d3b181c900da3e362fcad5a09f |
| SHA512 | 7f193f1fdf08ac11fc9a6e110c9d3d4c3dfd30e9cdcf3efdbec6d33235f2d2624ca9d84e82609cb224bbb8f2d0c856998c081336e449fb39d78cf7054548d1d2 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\T423V88G\www.youtube[1].xml
| MD5 | 720e175c29cc11dab88451a5a6d58042 |
| SHA1 | 64659e3c8bb9269cee17db16805fe98191f7613e |
| SHA256 | 4f0e59b9cc53c860ac0a126a8ff990674acec4a14f42621ea9e125cf83a2be18 |
| SHA512 | 279e8c76b1a3d0beb9646989e020d49e7e56012a4329d6bb5bcb79fc396e798967524b9eee11a200e686f3df15f9edf56c00fb46927bafe6977952d2e659cd94 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\T423V88G\www.youtube[1].xml
| MD5 | 8e4eb4e60b3d8af34e344eb20d00976c |
| SHA1 | d24f20b1800abb78542e726ae725ff86402540ce |
| SHA256 | 2f7520d6ed67cd555c5c3543dbafad994a2d3d409595e02f7db046839bf4c49a |
| SHA512 | 4c9164353a3eb47b389a68d0b197e8c60019d7ec1bbd6be14a2a0ea009769bf6ae4d82d73e4bb74553a1fe650fed5e6a3444a16ff62d86e3a58f2cd4da140c83 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\T423V88G\www.youtube[1].xml
| MD5 | 49646e85df2cdef06cb54ac5b7c9fc46 |
| SHA1 | 97807c37cd52934d4b15e8cbf50e795d90c0405a |
| SHA256 | e4ea0865d774cc2fd8faf3e657e6a2eaa93c0b565c741e2460b8bc0b3bbcc0bf |
| SHA512 | 78cc26ee05beaca3956a2f21afb13b6b002133e8497fbb56c448a8d5c845c8e3273d12f843d1e841cfb4ff89056234cd40076065de8ec9310db26626b9265d27 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\T423V88G\www.youtube[1].xml
| MD5 | 3ac336636597aa1ec241969aeb88e720 |
| SHA1 | ca11ff10a6043c5d94b013b86acb38fddf2d90d6 |
| SHA256 | 392bb4baaebc0c7c34f4cb928ec0a518c30785f2dd321cc395840bb2e8e26bf0 |
| SHA512 | bf59fe042b7e57ef0a60ee7c222d669344d45c72571f037b8cd28523c236b82789f65f1087af37efac9c5c78df7eed6788aa8c3dfc85b382b6e8b98b0627e3ab |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\T423V88G\www.youtube[1].xml
| MD5 | a226096ea4bba7a7c37b11e7f9c30780 |
| SHA1 | 1443eac75cbc42963b790c27a9aa946f886113b6 |
| SHA256 | b75271461f9191355e8fd1b13a9c8a21b7fad4768ac0b1c31e9c3591e056416b |
| SHA512 | b6e9ca421f6370dd1018bed2b7c35ac1c052ad2ccb125cf8359131f1cb0fd1034f493249fd3502e24f7427638e445dec89d161a91cae254a272907cd31d92047 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\T423V88G\www.youtube[1].xml
| MD5 | caec623cbbf7b6f819ba8923b9b2da43 |
| SHA1 | 32ff972a5c1cc5ce97449222a31b46f318cf37ca |
| SHA256 | b2bc850cf77e92f12168807cbb942477c4029cd5ecd326ae0a6309c127d5b9f4 |
| SHA512 | b5caa4ebc832defee3a7d9b1fa0e3fa6dcd25d08f03886357f6276b671cd6ec6fd9415d0b0e5ee858dc534d15e71932139f81e5ed5076f329debe8061cebbe00 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\T423V88G\www.youtube[1].xml
| MD5 | 2dd7f00b35cd07c7f634ed4187b963cf |
| SHA1 | 0197bd02e00f68fbb435b7afdb7696b270ba8760 |
| SHA256 | cf061b004ba05280b42683943643e08a95b8743544005e2e511d1eb8f4623e13 |
| SHA512 | 1886d72152f8f9a322b3ca9a93869ac781cf85bbf00a37b8c17d996ca383b700b4b16be18c81421e47ac2b2c498b57a49e26a777bf1e301e96ededd522dd9f3d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb67a7240caefac829b7d4e9242754ee |
| SHA1 | 76136c8334e3f6a396e2f5d34de4763f33cf5c95 |
| SHA256 | e8fa6b8f82243ef59521b62d9ded65f787b4615eb104b538b00f7c9615b96bb2 |
| SHA512 | 3849b1a19970d6eb2615d871f751fc4e6a608c9f2a01764e7a5e02d66ae390d3d6493a250cda62522f7c03b39eada4ab44b34e9b822ee02a4c9d0c36c7d2c38d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05c8f9ad50afd49d118296aade6a7e86 |
| SHA1 | da613891b0164ef91753d680aa38c9b2656c8a14 |
| SHA256 | 30b950a8c3fda034ab56fd984dd000113c8f61b04ab94a062973e5255af37c1d |
| SHA512 | d7fe26f03df86a0b0f4d68c9a2c11165e7dec944d0c25ec5639cc5fedff6f8456b58578a566257c8b154b28daa5a491b944d3e4863322a7ddbbae2556413cae9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | af948fc0df030eb113bbf7d3b8e76ebb |
| SHA1 | 295e99e1311dae2eacd599fed644d85eb0fbf3f4 |
| SHA256 | fe76a3aac789c95e347d951e7d81e9b51e06faf4d42bce73a845cb14a92daa78 |
| SHA512 | 2aefc66a77cacf0f93a2c1cdaa0353d7bf6dcfaa97c75e790dc5667a2fed9fb7134dc93dc2c8c5034084afd80630143289b6de4f980768022018c562b0ff50e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e263042785030a965d806bca61165db2 |
| SHA1 | 42980a1066f898f7c44cdb139a92f9c80844ab3a |
| SHA256 | 4ebd83dde0caf2369e8561c0b12aed959931ab4ec67d33caa003d5c901669045 |
| SHA512 | d5760e000461be7244233e85fa76c6cecdd5a37675cb88dfa8bf9401ba57e8f607c3b73fb7bf7d5b9ff86c884734ac460c60997557efc13a1975787f962b35ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a48df1931c3b2dc9e2911635ea4a847 |
| SHA1 | a0b633cc6f41d5495026354a801eb1e013d36854 |
| SHA256 | edd2e614314a10659246221cd70722f5f5cc5c2ee1fbb350cde9a1b877af9a95 |
| SHA512 | 902e3ae9b79323d51be9d534c59a5e306ffb34ec4c9e3fc477f57e1bd18247ecbc638183791e2a5ccef9bee8c5349f4cfb1b4964ece47d3ae569bfe354606211 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b5d1930e2c1585d50930be072db553f4 |
| SHA1 | 7bdb39ac194e63a126522b1edcd8db3abf08944a |
| SHA256 | 0d4b77870c2e51b06823ab2f84bebbfa0c675187c5af5b30071c91f9e52b2a01 |
| SHA512 | 3fcabb0b88fde893cbcffa776d2f380d0a4e071ac318ca98b24cb12461e58a631bd501f4d0cd3e673c9a5cf548ced3b9c6216b922b8c086e1539f782baaccd28 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d6944db6d2451591bd5072811a425aec |
| SHA1 | 400cdb06b5a29472f7e8588e27124b0b9148d46d |
| SHA256 | 8416b394f10fdc82eb7829b3f0a38c967ade86b0ae71bf47eea148c85ce67a98 |
| SHA512 | 799ba8ecb5819618780e651e8441eda07eb0d138bae0fd30cb8dd2cb33d9d28db9151e05234b4880d537b54b8726a90064c73aac4a72e7ee02c7b8d4cb6facb4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20b9396771957fdac55d00a1bb0719fe |
| SHA1 | f4d428edaf1f65b97cde6361afeaab70877d3ac9 |
| SHA256 | 86a6e2016151e82b6028ddb8236cee327d4bcb95604bbf9ed4772a8433b54553 |
| SHA512 | b84f4ebfbf484cef00d7bb07a036c3cd09bc3aeb00ed4b5c7b2c7dae186bfc25a4da122e688927e357445dce86d1ac84d60a9fa1991d92da6956251d9ddd34d8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 788f188e7fa365793d6d553b4f391ab5 |
| SHA1 | fe26417004da5c0688ba1f9f626dd0701819f1e5 |
| SHA256 | 1a790e963781cf75ada0b1385bf0a3dc102ca6fc23b0e55e93d7d009c7e77f1c |
| SHA512 | 43a428ec2dc29ea498db0f24e698fca49818f3ebd5cca593d35df25d162641c6f532439154167d42201da9f4fef7127f6d5598a978afb2a5bb90386949ce4e95 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 84090ec233919f787e3e325d6b7ff75e |
| SHA1 | 6e1922ad35dd39010eb27ed296956a60121d840a |
| SHA256 | a83bc96d3223609ecbed7ed15cd8596ec2d0ec0798d4be23e7641b664b609c0f |
| SHA512 | bf5a44df04057eaaf6318f8278debb3abfe1529eeb2188e36307d0b1a7b5c8dbe3b00ac93bc9aa1174656d2599421e9e4cbcbdd07858aa94c7f242e89f54bbdd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df259762d197be5e73cf14cf6bdd4905 |
| SHA1 | 8002039b24837eb3fb5af5f5189a0f97bca152d7 |
| SHA256 | 97a5657ba830a543eb1f3ee343f499f338e63268810a6e6c25581d43c3113a9a |
| SHA512 | dd660ebdd380a18a76ee868518d36f9a55741d1c965e631d8c8401ffbf9e841b0ae0318c123772e9f3b2c63fae4bb5d97ad8b6dd49a027daee897c6cacf0fa64 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b1b3f62f5bc251a13ba76572215154e |
| SHA1 | a58d35fba018b2b28f187eba199669c44cd879c1 |
| SHA256 | 588f5a6476c89cbccb4782fd86b62c28f73b921bada404871d5c943b9bd904b8 |
| SHA512 | 8f3d09906a68cad2198efa907fd0415fd869f45d859e9ef0e2bcd620a96d8e5bb3ebce62d519f867e2bbd41743c927283001b0be8df3116e95be207a3c0c08af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b1847b5cebf54d04872bc9a4abf0fcf |
| SHA1 | 817d60ef1da5955da66352eb596533e564e16ca7 |
| SHA256 | 8fe55ade3464c4aa5a288a374af12df542bbf8007e3420d05ebbff2012eb8f31 |
| SHA512 | 1a90d7e74a17166d189e1e7b6e45dfef17f84c2396a4f0b06dee71e14560c1aa6b141691f2e7cd24634d39f614ea47051c31e33808d2604a368ad4fb9931889b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed25107672ae84ec12228155d13564cd |
| SHA1 | 3d9ebb382c5591802db5ed9385a6774f5bf36763 |
| SHA256 | 4b1da09ebe27d94b4eface704811c984dbcdd05631496b5c4500095a4ad44774 |
| SHA512 | 951e38f5b89d01a4a73597bad075e6c98044fa4f0335ac13da04e710a0ccfc8947cbe3d64c74bd4a253b1f616a1d828493e301f6d27ed6ef9ce7cb8b6d7739b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e8ca09a2c05e70cc1f67689b6413c93f |
| SHA1 | 491bc5726574b80c30af67ad58aa6c59041ede94 |
| SHA256 | 9bc989402f470626b1cf7d9a409c44937a99edaca01244581de225f5fdecfc63 |
| SHA512 | 4a3fe1f9cb49224101b4dc0ab52547c08fd4dfe57882eb36c34bf90ec2244ab83dfb0ed32b25f0b96aa4d35c70aea0404b64359e6a8aadd32074b7b5b3e0be2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 475cd604651db03a903eef24445cf92c |
| SHA1 | 698a900cd685ff4a988c63f32baa111027fea215 |
| SHA256 | 20d0b26603be66589955faa3fbbc3a320a014049176d1793af32c1b45afebb6a |
| SHA512 | a866773257ae0fb76d4e238ba5d4ae9be19397f04dbdd6cdf432915ffa993af0cacb7581cc68cdf405e222a9688545a0e69acd997bfe773463831ae1b2e3a74d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 372c472d942aa39d18fb001c50345a5c |
| SHA1 | df6d31d87cbe2230ec16f34367ef34d8c6c3a4f7 |
| SHA256 | 553214a874868a283df563036dd068b8a33ca735078ffc07107ce820a1903650 |
| SHA512 | 9cb8405dd87ab10cfbeea202db03c6a0936616b5c14877251b2b865bd0880313ebb29a4a9cda12c3bd439146246a8721e66b82b67a3775ce4f34788b0d349b21 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a589e04937c982ed378de6db93875d54 |
| SHA1 | 74bf44ca09e7740210852bfb0e9c487913232dad |
| SHA256 | cdbe0568746b23e48429b269b000c7add3b3c39cc5ddf625e7339d30af096814 |
| SHA512 | b80654290f6f5236d14395b4bf18b2d5acd5702990d37873f580526aa14f245cd62dfe9bb31b4e866b9d9fd38fca598821627f0f99df90d16c38e85b82ffbc85 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b49b0ae9b4049918bd669725c7e89b18 |
| SHA1 | 36b5e634c3f313f5c9fd1b0a6ebc13e798720e54 |
| SHA256 | 2d6d7c5344d24e974b421748b612092c1f37d5af59eaf4e265f4ed973156387d |
| SHA512 | 9a1c8398a21b606f3f245e2187abb6600c19d9fb0a9b80773c8a5032558502fd75f5b239ece508c53cf4fb92790e53d156fba0be4a7b5123eb99034fb545d68a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a96e34cf85ef95a95e6adecda82a06c |
| SHA1 | e931da7315d61b8261f37dd732a9018386ea1c9b |
| SHA256 | 6f51a3711a4c8db26be3b7b470a571c0ec706e6e311238270467e741469b2ea8 |
| SHA512 | 046153305ca93d958db2d6e228224d42c3715b0d74bf103254dcee4025c96711c36fdca273a3a07a8963b584ee96cf3fd76dbf550411d4f3f0042aebf1f06bc5 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 06:31
Reported
2024-06-13 06:34
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
124s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a437590e493118339664958cf1af87f8_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8030d46f8,0x7ff8030d4708,0x7ff8030d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,1135545511809721967,362384169651747080,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1996 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,1135545511809721967,362384169651747080,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,1135545511809721967,362384169651747080,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,1135545511809721967,362384169651747080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,1135545511809721967,362384169651747080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,1135545511809721967,362384169651747080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,1135545511809721967,362384169651747080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,1135545511809721967,362384169651747080,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,1135545511809721967,362384169651747080,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,1135545511809721967,362384169651747080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,1135545511809721967,362384169651747080,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,1135545511809721967,362384169651747080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,1135545511809721967,362384169651747080,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,1135545511809721967,362384169651747080,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4412 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | konthaiusa.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | konthaiusa.com | udp |
| US | 8.8.8.8:53 | konthaiusa.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_1376_IJSRRMORSCYLKBQD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ef427963c03e16dd58c05cb0786c64dc |
| SHA1 | 2536a69e928b6e4982c0facac35e4feaa3d5d5a7 |
| SHA256 | 1313c843389f637a121786b80a83b29aba7f1db1bf4be5368e5ec5a939baf4f2 |
| SHA512 | 9f4ba8b89d26824f2ec801119dd822ca95b0bfa61cf70ea63162a9e73762acfe6f9e1be5a3840ffa6a5009ef8f70de8529de2b8fc9e987ccef0d6258ee849fa9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9e3dae8a45d1fadbf4e6de0b55092baa |
| SHA1 | 75f95facf5a30c841de9866ef0021f2e4589bedd |
| SHA256 | 8353a53a2964d0b55a8d92065a3555e0af5eb877e40e5771d75502a8fbf403dc |
| SHA512 | 8745ddcee765adcc0e2b40cf79a8f68201c2ef482d1686817783d6f708a4598806378e8923f17d409fe4c8b07920eac5442fcdc9ff01cd8a6e84f1a95e1fbe96 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9000aee7-67d7-4599-b629-800909f19ba3.tmp
| MD5 | c568164e6f20fc099d535c94cf016e47 |
| SHA1 | 09175e644a25e608fcdf05dd099bb26b23f04bc3 |
| SHA256 | 8ed9e86f35e3c7b64c08b50d17ed229e4ce7aa1385751dc6074eeaa4f5814303 |
| SHA512 | 49b384629c48edc8b579e0112299f2cefc383acac731d514398215ac472ae7bbb02665d355f43589d7753a90a55fff9fd45d2700a9a0040cdc80ae9b5a7b8cba |