Malware Analysis Report

2025-01-18 01:59

Sample ID 240613-jm137szdkg
Target a47ddd064c8cd8bbeb41c77813a7187c_JaffaCakes118
SHA256 0d808ca10a992b6480a4a5a1e2ba5b8ffd18204a0ee04535968b755234838f17
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

0d808ca10a992b6480a4a5a1e2ba5b8ffd18204a0ee04535968b755234838f17

Threat Level: No (potentially) malicious behavior was detected

The file a47ddd064c8cd8bbeb41c77813a7187c_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 07:47

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 07:47

Reported

2024-06-13 07:50

Platform

win7-20240611-en

Max time kernel

137s

Max time network

145s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a47ddd064c8cd8bbeb41c77813a7187c_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000030044d60fe53b57ce974ceab182e1fe32edb57da9a705cbf7e8b33f01d9b6869000000000e80000000020000200000005790fe694b5b102dadb3757f7d51a601da3bf3316eed24684ce0b610d4639846900000006402590f1f091a75f807462cb5809c90484ebcf9f6989c4b9a363ff52e55c2d9fcf9355597c88fc0976dcee788593dd61095985c03161d86e76cd4a8d71faede01de73e04b22bee9e392b29c7ef70e61abbbd2b71f0d56898c6fd8edfad1e15898eb5f4208f225fefc70726024e141732966df0d341502572361cd3eade65fe174df5daec057f1cf8c5fe5a8f879077840000000a6a964353149831d3507d98b0a879d583e96e7d0497db88bc39c490cb5ebf2b6a7641200ff344cb1be393b727582f1781050a195844a6655156e70772712daad C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "2854" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "7228" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3827" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10635" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "7299" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "7299" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "2854" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "2772" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "11069" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8496" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3898" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "3816" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "7217" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "7217" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8496" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "3827" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "7228" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426749" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10865" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10977" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10859" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "7228" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "2772" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "11069" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "11069" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000020c0deaa505b118d4308d5ce87ad379fb59ce581348ae620389693b7ac942aac000000000e8000000002000020000000bde61de9cd4b5da963065eb83f7a2fa5894d853a159e2c8b1acb01cb150d35142000000066b872fd6ad6243b744da3660556308dd6d62cf866c7e4caadfc2d1664fc18e74000000006fc747c2cbcd734885bd351ccc1e7abf35c7a0dcbb42536ec857e16bc3775c74090bf8e8dc68ea68789c1bf404b77cb31d9113f43d4597d75f8ec79d6ce203f C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{41992B41-2959-11EF-A8D3-D2DB9F9EC2A6} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a47ddd064c8cd8bbeb41c77813a7187c_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2192 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.konthaiusa.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:80 www.youtube.com tcp
GB 142.250.200.14:80 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 142.250.200.14:80 www.youtube.com tcp
GB 142.250.200.14:80 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 216.58.212.214:443 i.ytimg.com tcp
GB 216.58.212.214:443 i.ytimg.com tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 fe0.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab5820.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar58EE.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LT06Y3\www-embed-player[1].js

MD5 8940a491297381a0ce25360e21b39bb5
SHA1 43d7a4157e78777fc024415969c3a7bd550a4322
SHA256 afc766cb1c4a339c40d24ad926f05e8b4927eed7532b876291d0bd19adc9cf3e
SHA512 5772d7e7485db888676e69cbaf4c88af01872997338bc61e8e0344d5dba208c2909e167d54d8edcb782e17d1a2b4e9dba955baeb0ad0e43ba932b3bf25ae7dde

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LT06Y3\base[1].js

MD5 cb463df0a090cdfabc77af2691141830
SHA1 e3dde6a1f5c4803e69839154013496a781137473
SHA256 e09e2e8a3cfbcc88eea12d0b17161e1f2c8c75f1bb21100829c09f9858db3f24
SHA512 099374f7b03a4635390b94525105884fa101d93a583eed0d92def7d2de3199d2bd57fc63d885e8e9af0863db40cf521d2fb770eb09400a4c6285f7c37ad88e8c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\KFOmCnqEu92Fr1Mu4mxM[1].woff

MD5 bafb105baeb22d965c70fe52ba6b49d9
SHA1 934014cc9bbe5883542be756b3146c05844b254f
SHA256 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed
SHA512 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

MD5 de8b7431b74642e830af4d4f4b513ec9
SHA1 f549f1fe8a0b86ef3fbdcb8d508440aff84c385c
SHA256 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a
SHA512 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BC2UA13Y\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BC2UA13Y\www.youtube[1].xml

MD5 42ff8b2ca6591185407795b25d51d007
SHA1 be3bd2d73bbafbf7a9e4866143a03302bb6ce320
SHA256 217bfc12012a19ba81cfb9e5822a21a6c4ea686ba5442445a5725cedb7c65a45
SHA512 b8359f5f6afb3c438e5d336690238d5e2926cfd90002d0fcc6ad8e914b466f6bbf6b7e041220bf9a40043b37e41e293cf5c117a1eb767797d7a83f97d365baca

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BC2UA13Y\www.youtube[1].xml

MD5 64b594a4480b1b9c54e8fe9d65cc464e
SHA1 9f0723937e17f0ee609bc241fbb1be94d33fd689
SHA256 7fc75523099aa1a875d27a5248b963db1e4f39fc7abac98ddca244421fb2db0d
SHA512 ee1cd4abbea5328db9580da75949fbe0eedb7ccdf766cd329f00c91a89dbfa4e69ffb58bf9c50ba5631bbb8bbc201bb879612a005cecbc545ccd4b854c488541

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BC2UA13Y\www.youtube[1].xml

MD5 239e56f86be37dfb51b00b05a89ae0ad
SHA1 0074bb988bbf448fc44d882eb9574fa556319f95
SHA256 63e0e84964288d59fdeafadf8d1fd96beae4789a31f0c42534fec6b4020fc4c6
SHA512 c5bf2c53f3bfb9de99c5f3ec6c32ef31621f8582dcd092d70556c4417ef9202c49c226b461cc8898b1c03258c8023e1b3db407d3931d56e97cb99fd98514b5c2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BC2UA13Y\www.youtube[1].xml

MD5 0fa722dffe1b3ffff4621c00ea097e3f
SHA1 ec796c7eb1835ec96791aa66189e77f33a26f62e
SHA256 7d4f55005e3e7a0b872e2c6420b21c626bfcf5980e4ccb782e43a4475f737317
SHA512 d164c6cfb8d64b545a721f6d9aef903d4209483d6f02a65169e56ba1e3d5448d3f533afd94381be655a8061f32cc7cd1047a292336c7dae1891209055aecde43

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8DU897P\embed[1].js

MD5 14d69fc9da4a63c8ad5013b3d3781842
SHA1 e0272f8403d95fd27df22dff5fc014e2ab5d8a3d
SHA256 e2a5632fec9da56d272ccdea5ecfa7000dc70659673c52a11966802e37a2140e
SHA512 0f85c67ae8969570f6cfa4d265013da7d4820ea11349b11b886d480d7d78df5c6aa1e7484724d6b21421db18678d22bae6d478d3d0e35506673fd609805d1976

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BC2UA13Y\www.youtube[1].xml

MD5 67307daa8126f0649c46a6d8681ac10f
SHA1 8d1b3e447d1a90c339a1b80f4daa73e6885be3ed
SHA256 4f2ad565ab2eff14756830d127d4c0cfb70ee917a8281ef7a3d0bb226a2dd7e0
SHA512 124dc64f5cbf237657cd66208fa47d752711b9ddbdef0a9c2fc62abbabbd1745baf020f95042eafecbf4361ae17d5db4f86dc58893293c9c5d15103e992c3541

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWTP8BNA\ad_status[1].js

MD5 1fa71744db23d0f8df9cce6719defcb7
SHA1 e4be9b7136697942a036f97cf26ebaf703ad2067
SHA256 eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
SHA512 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BC2UA13Y\www.youtube[1].xml

MD5 4d5fd757ab36cd46c440674846965a1c
SHA1 f7e249d4560993782bf1dd2f89cb81da6e03e0ca
SHA256 dccde7824763ccde8971520908c964abe4695fe15b80e40d2e58164fd791c985
SHA512 782662e620cd8f403d66c3e1723861b1ce5978dd438125a8dc47846e7815d2997b4c1fb57b2537d132e2e65eff9860c96408205a0c92e3d62332bb83f2647cc5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BC2UA13Y\www.youtube[1].xml

MD5 af40c36922841e14d1e2101485981832
SHA1 c7ddfa374cd8c9616d93d1ea2541e386f28d1c4a
SHA256 4abb0b7ae3b188154962d44f3a11b4e98dedb8b71977042112a9b4497744b81b
SHA512 ac6f66a648f45964f2e5b26b64ddc16c4c696029e84e4587c559d11a26269845196a1add9d86f0437626c14d7e9fec0533918cf0190e70e4abbf2830993eb5b2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BC2UA13Y\www.youtube[1].xml

MD5 8b5f50ecb51f227b0fd5ee2cc1690e4d
SHA1 a4cb52ae0b83a6d67ef2885644316bf7f797b594
SHA256 f7aca3776c55a99f15d65fb7a2f0d0500f21a14ff14e4bc20446928587a257d2
SHA512 a2c9422dee38462a3735518169999c9a84151091bfd302319636ab2739ca2063236d79b6fae0e5fe1e775ec66ff83a38f7dac0b0c02e41c4003d662eb8db59b1

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BC2UA13Y\www.youtube[1].xml

MD5 2df25a249263bb683267198bbeb15c9c
SHA1 562948189da355aa2d91ddd61b850fccec2109e8
SHA256 1720876d136a3e0f688d4297d299a037da4dbde96c9a0302505d042bab8ce40f
SHA512 9f967b078eb51e1720d1d6ce6b52a1250c655b24dd61ec8b1507715f31a207f4158b2bae5f6741f4b74032bd576c27fed7026178aa097085b0d9508cd1b4ec70

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BC2UA13Y\www.youtube[1].xml

MD5 ef8e3204dd2f7d788e660320c27ec040
SHA1 00b13379637f4e95a37af20a18d6ac68379eb619
SHA256 0a52b8ab5380127c5d2715a5145a757fc0346fb6458c11fcc1c152b2ce09558f
SHA512 c720f12e62a431367f4cccdb3824590d32833a245d27b762f27be478c7faafec3b5f773a35b95b48324bc837be0f34571152282965eef5291d7f1d4e8096c647

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BC2UA13Y\www.youtube[1].xml

MD5 0bcc9f3ba4814df240028b3e5d8ef6e9
SHA1 a6c61e9f0e7f007e8592b38469f9b958884269d9
SHA256 b8c999f5bc0359b1bda09ec2d6bd23d60b8a7359984ad33d83f2b7ac7bb82610
SHA512 fc2382093e2e1907249218315dac89830187438a4079a7adbfc5f9553c886e77040be599c3e8a7a80bd8b6706c41e290aaa09b173e8debc5f49040ed6d39d3c6

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BC2UA13Y\www.youtube[1].xml

MD5 b2182984d4ddab8e04d168571052bcea
SHA1 4e16ac9b19a3d37a9d50762a7be9087913305441
SHA256 2a420d776c26c87127d9460dae2f93ca5a3d3ea18effe1165a749170e3c70e2b
SHA512 f52513487bb4a3e03a9b35f4037ab7dbb4f575e526e522d3a2e5fdcd8627eb03fea26a58c4be3d9cdf04c9e234da35ef6a2d7b3bda1dcb17b247b0e56755e74f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BC2UA13Y\www.youtube[1].xml

MD5 f66c2025f607295e1c7034a64553c619
SHA1 bfb4d15ac11336ad362953b958b546e0803eb8d7
SHA256 fdcf141d0566cfdd80792da898b4f6a449fd74b3eb5e116ca3eba548e57f5810
SHA512 0d7389d5c497fe9e375c70a8a674cfb108d8c5cd364bb6470f682ef5976ba09d0c6ae5c37b6ce3a0edfe14af80c695bd087c7141e4428ece9b64b17d70eb88e8

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BC2UA13Y\www.youtube[1].xml

MD5 1fc485b6d05e914e60b12d9037b6889a
SHA1 e5309cc4ca2573373113922a823a50897e9759a6
SHA256 56619f32b8cc4fd3fc6a8aa90c03a924b374f634a928a6fc6dc257e4b1a175cf
SHA512 a4be15e4b471bf397a52d0b46d19f4d6280c62be086adf27a1fb5195b9cda88b7d42a0b428b821ed5669520bdc3a5f18970a6fae28bbbffbfae01484790c19cf

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BC2UA13Y\www.youtube[1].xml

MD5 b80ffd49c89c0b67496120fd69acc26d
SHA1 9051233aabf567aea01e8305bcf270052606b4ec
SHA256 4580a56be78fd0e4828bc47b28876979ed5d6b15d7dc404addd3c92213d40f08
SHA512 53f11d091f308d33ecbb2ccab7032e0ec8cf1695da2ff8a573d62b8429f3710e36be3a3910b2db7456e2f0001fe7f8e52373db01121c6e422f780a4df33708ca

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BC2UA13Y\www.youtube[1].xml

MD5 e1fa64c55a79c3ddb37aea141ab0c3fd
SHA1 793f6b9e863729a919e2a3d669989325f56e8349
SHA256 21b60942fe5fe7c11377f21fc13f683a400767479c53adbd7351f65fc1b5cc0b
SHA512 d9815b2a119f037f5383a99610ccb0ba3812845358216216e772b658748e6c8b83613d1e7ed95e8cba58aedf4a9f2b69f1fdd65071d49934f6c7700fa1ebddd0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7835c79916114a70f967cb45f5a61128
SHA1 490c76743a2d2474d97478e1ca93cbf92573cb87
SHA256 7fee3b59cd90130235c9800bcde7cf36bb7776ae8d08e84c5f3e0bbf969faffd
SHA512 cfe67e77f63b13db33633f92339bd6ad2c88fd5016b58c65fcce1d0259fd4a6f3b4ea9680a95e5b73037f8dd5a93fa016819ecce30ad9f645e85edc5d17245d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e74dc9a07add27a6d913ca8e0573633d
SHA1 d9c10f01aac1afe3b983d188e176a6e892db8587
SHA256 6b48cd0295d12add27eb102f61efb25588cfcd9782660bd1d8300b8a80e557cb
SHA512 68917c3002b91c0fc8b14117f19afd09e2aac7fa568b3355d87e6f5c70a99859bd805dac96ade90323295a289b57c205d67c3f9ccef90782c8cf9e4117acf1e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a298e923c176cc2df0913a99012d0b90
SHA1 628aa1cf9153f011c41c0de34f41f4899f31ddcf
SHA256 ff4095b67c593cd0ca1e0a2a446ee53ae854adcf55c8df2cff504bfd6ec471d5
SHA512 f23d8636753b964cde2ec0615d17088fa82bd7619e5262817ca430dfa92fddd2a6fce1cecc6c6a6b8e9bcecbadd2ada3ef407206d9c92ed70ad16115644cd286

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 363625ed847b68f7b3aea37d963d7ad9
SHA1 7ba05ef921c8a8080e6c13fe335a7ac4317da8f0
SHA256 e7861ef6eccc613f790e09d94d54fd2446680e1e03bb05fa56812e493b9a76b3
SHA512 ab5d730c03b4c5b10556733ab33677555b4407325127ba88b09bd4af93443b460bb213b3cd8d78925205c3493b77e2566950cfe16520e687b63e8b42d940d0c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 32c9276e5ba5e788b52d2b31c82165aa
SHA1 403dd381189fa182942572989a3e8cd1aab88090
SHA256 6c225df7a57b7553656faad49bc82f412ee0a9f8307095e2f9d25d1a5105caca
SHA512 bf04f3941388e65410aeffe170552f1e7494d03d155a4774dcca08ac856d4acf44ea82aecbb9f7abcd47136814da21f017c58a50f7548debd8728d660ffc32d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 54baf9cdf62cf966a857dad93d1252c0
SHA1 12e7ded5139bdc1916f80d4961ab26833bfe8e07
SHA256 aaccb3496b70161a8914b7a669af3f04e0e3ade0a6b5b9b2db7d20fbcafd73e1
SHA512 82b79ee74a9ef38ec3a4f19a50304375cc39351a3bbe33b7c4efbab37ff1af10d2bb6c91cf02dffd3e2607aef1262e34692de4dbb5e83af84aacf946d376f51a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2587b1ad9cfc5128fc57f0b5bd70ff38
SHA1 ddfe84b1eca39adb808bc079150e39ec05051286
SHA256 38a326336abb20181315ff53ab83dc17d3392400fb1f6d1bf9b41c118eb650a8
SHA512 e41c081c18cfcc3333fab9da6b0da0fd767220d2fd2a20b130551cd8909142a86cf4b1cad006c75441bd16ffe4047f6fb450993ec65cea27cda994ea70c067de

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BC2UA13Y\www.youtube[1].xml

MD5 18f0cfdf555690129badf1ff251206c4
SHA1 c9c28502183c253aef995b4dcff95342a8bb4107
SHA256 b752db4a935f4cea66b2338bbe023b71de3c5ecc45aa4db9f4297f50d0070beb
SHA512 c6853d7d8c89cacce4a0c805967190f078bef851aae12960a9ea3ee217ae67e4a896108660ecc45185e1f5c133358e41d8abcf4a53e2d8e8b2d487d95168af3e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BC2UA13Y\www.youtube[1].xml

MD5 58329d81f4df5271a4b53099ba78aa35
SHA1 c50e289b6e1b52f4986473d03c0b20ca8789dad2
SHA256 89e742ff047b643f8f60fc28c2476736624524fc7b419ebe8803b8cde9b94211
SHA512 255296cf8d23b8402c61ef3474451767be664b0591212ffcad6013c6f370c11aa5c68d3b01bd2277d068c3573bb53f90a865ebb501342272f02b9db82ad31b1f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3a9671830044af028b83f72b91bcaeec
SHA1 314b58d0f1553b26f60b4d0d43cb41b5fefee3ea
SHA256 7f042f5691cc7d167ef5dbed9f902b64ec46426116a6cd8664838c66175e7bd7
SHA512 676aa1f8be19404d7c25274e1b9332b8496e89bd9e0900567bad6f4d3db77a3724d01e36d202380090180c90470c4fcd655ee68e0ce5ad22f97bb7320efe2129

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e7e1c0be1b3709729db8cdfe3f50733d
SHA1 c1e309731ebeaecd0a0bc44a5796dc95ea48a8ca
SHA256 70d85bc6b8af1cec1047495fe9d1107bed54b5d6fef19262d3687807ad5f9f33
SHA512 c3b76b9b51c3172f80d3d2537dd7202e6cec41b7fbff25700c54b1ca5959bdeebae7ca2e40774c3cfdca13da92e5ccf16cbec44d302bcb6a733e424b4b8fe1a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 62e0049f89e09641b154c842d76f76a5
SHA1 0a2753d237a254debce901db03300f3026f2f007
SHA256 7805e3aa12320bb98eb17786d7b14cfedf1db24bb58f03a812080d927dacf852
SHA512 ab60cd17aeb11683448bba5dccac03bf3b37aaf3be5dbb1b6aa0f1779a6b5810a54af7b449c3167d7eecd7e5ea06f4fbb0552989065ea79f8c959f30054fdd5b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BC2UA13Y\www.youtube[1].xml

MD5 0bd78138ee98dad63fc350ab6f9fb4c0
SHA1 d2689a1a418477ddc8c2a3ef55f11681f2ba2ade
SHA256 183c4f964455ce7fd1ea5dfb98141385b4330f1b835d233ca123656d22e47531
SHA512 f467abad8c015a1c4fa6ff7bf19c69ff48f6e546284100e9aeae11b7679a93d4014e8c096b76322be91a99ea74004dbde031c7245706eb0498603a7f9d5b7eee

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BC2UA13Y\www.youtube[1].xml

MD5 6b153120a76557b4012192c11d2940c8
SHA1 73f795e5dfe8b020e08c73893e18627db51248de
SHA256 7501f5fe6268440f0c17cf4b87ff9441635aa0c3d07ba3230b5f2c3a0c795870
SHA512 1783e7e10b11e6dcc9323a869c7389a27c8b2d57d66e5b04c163fbe7eb8e434477713e3c9d45fbd668c05107406ba3ca0a51bb2e008a22944b2517544dd9aef4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c32fcbc524ae913cff4ac753d97ba4be
SHA1 15b108218d808b87724f093c3160d37571a9674c
SHA256 6204fa6f1c59433d8771ada1ba1c1edeabba64094fb65dce03cfc84dd25f68cf
SHA512 98a7c210b72d617b0cbc2122e5ddb5b660d805c804120eee5976a87d6377a1ce373de41adb4ce56664fc6b905a9226f5352fb4a0ff98fe9d57b99b881c710377

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BC2UA13Y\www.youtube[1].xml

MD5 5a63af1c2bf20434f6b0ced752919ddd
SHA1 01f66150e098237d23bc305bf646e8b098d740d8
SHA256 0280d18eead4773058127766061eacd212ac552a9a0fa73f1f9c0084aa781ec3
SHA512 502517d2a747a4255e7567457f4e5d9d45635969e513bed8f08a458c4143c28c7bb6054032f457b3a920ee936a0f39e8271d45dc0cb53c0969edee8ba7d04039

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c95586325d6bf72ba3eb3b69066962a0
SHA1 ac715e47fe869b62f374e7a749eb51a4f82e03b4
SHA256 9b6d77d54d35af350f13ffa0b5e6ae3fa5f8a6c133a509036c873a85f8dcce89
SHA512 dd9466f80e2694338e52abe64cf3f98a6df046566a787556c46d7d3baf86914cdd6ed3433fc93800b8f32104930aefd684e992d76411220115e8bfecab182d11

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a90719a51d09a4f23cdff6fb111d6610
SHA1 0fd4a47a602bb6e6e1cee5fec965b7bfe6b58ad5
SHA256 5020e247c203a55074251204f325cad99a1fa8ccfe1fd015f687a4b15d2c4328
SHA512 2b72f1966b733605b57f7e050cd636bcbf59ca8073c731fd4a2c96ed162a06b7356b32db950dd9fafb802eea2b6ce0085d3553f2cffeb7a391e2a7104881e799

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b2ac5876808154aee11c0a4633069103
SHA1 99a1dc8c0389187c49e0beb8055be5a0d594e350
SHA256 935bf6e2ca1c730385acabe101ee422708abbf9e6bd9470e1fd21b9dbde67931
SHA512 8dc0af7c4fd75312791953330bf8b14972b0589648c08c3c10c41a17ae0dc0d8f31629e45df887a61abe4ceebdaf572728ec95224a707bb51d8a6fb15b3f16c0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b23937e918ba5ea5d337e98a900f75e7
SHA1 cfcf34a995ddf040b58271961616557211b123f9
SHA256 e74ad72ae9293d80382e82a91cdc633f69aef74d906a973a15068a08110184d8
SHA512 702f20a8989a1467857d74635b73ad699a2327b0a06180b3edaa04075821a1575f8af610fcd47933eceffceb1b090a4304a3943b3a7464330b82ec048d653856

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 19b005845388755a192f40351d09c84e
SHA1 35c3a22d5aef86d89555ce2bfd126f279d365584
SHA256 8587a9dde3f0ba0be7b59a01754397082d9453b087aadc3a528969d402b0159a
SHA512 d3f12ff092f459b15008b538f0c073e549ec8a4d242c307820eb74d7138dd565540e5492296eb7d525358cac4462b2b5b27aef156a9ec91a59f2d0cfabffd5ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dcd4da0e83b2061570d80026d420f0ff
SHA1 adf37688cf36fa7296fcde3216f85e51c50dfbc9
SHA256 4a92f16141d27bcca0e6ad92307da6cc4b3eb159db9969e4508705a3bb4e1ac6
SHA512 2d84c6b667a77bdd8a0e930c3d25c84a829d7bdcfdc81fd65de94bf9c87a3ac739425e639d0109a66ea753e7fba5727edee5c6e3252b85fdc007cb2848d3b28e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e5825d6c379a53722ac8b3ae5faa9df3
SHA1 23a6f56a0d75c00e6996a1f1f9ee7b8dcd54525d
SHA256 edcf00c443bdc1e27e6b4ab945770d5bd0303161504e265890b0cde1f0fbc5ea
SHA512 430db9fccdba64c5779e149165a82e7bb691c49af778ee610e13dba1d0762ea317a935c2e700db2ffc2e726b91741c367bdb737e69b2bb3bfc275a3057779540

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9ad6ca356ab245ce41c6621d8d5c69e3
SHA1 3f848d87c424b9de372a17890f3d5eb690fde697
SHA256 d73a967103df1ccb82cd77955ea05daf80b80e2c2ee2a6c4d45fc63a7ca09843
SHA512 ab97645501d9d381d28048fec5a731a628115c88c16860518019b9ed25b60c3bfdcc8cf2ab1995c5291367e854ec396764800041da58ce685d78df4f746d0ea3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc6f7166b7343cb6e9c4c019c033dcc4
SHA1 5ff5ea9b059a2b58369db9150e5df77fb0b87e1e
SHA256 a20148d500f29587236dba07ac979e4bc48f4cf5799be371b99c53c239bfcc08
SHA512 d79c269217d5dad949de72c336c792bfc26ed61b859a84f9040333184ca04f8cad223c2ef665262bb653c45fac48005fe3beae38526f9a81ce21d940559294d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 18fd3bed93ca43044cba21e7dfadda7b
SHA1 3634ba12117d9a5f7652caf839d08fcfe3713722
SHA256 9edbe351385a6d2a7c4ac414cac537c702b1f39c6c4debbc68ec4ae2e3e035a2
SHA512 afadb2157b5bf55e08849620310ef603027588cfe06a092c1412c62b2a110e9bb1ffa0d541ab619625b728b8416b8addf52b0f4f37324fb7ea830355ccb80fd7

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 07:47

Reported

2024-06-13 07:50

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

124s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a47ddd064c8cd8bbeb41c77813a7187c_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2888 wrote to memory of 4672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 4672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 1724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 3844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 3844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2888 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a47ddd064c8cd8bbeb41c77813a7187c_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcab8046f8,0x7ffcab804708,0x7ffcab804718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,17405413784039673021,16965446793299323966,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,17405413784039673021,16965446793299323966,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,17405413784039673021,16965446793299323966,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17405413784039673021,16965446793299323966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17405413784039673021,16965446793299323966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17405413784039673021,16965446793299323966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17405413784039673021,16965446793299323966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,17405413784039673021,16965446793299323966,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,17405413784039673021,16965446793299323966,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17405413784039673021,16965446793299323966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17405413784039673021,16965446793299323966,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17405413784039673021,16965446793299323966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17405413784039673021,16965446793299323966,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,17405413784039673021,16965446793299323966,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3100 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.konthaiusa.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.konthaiusa.com udp
US 8.8.8.8:53 www.konthaiusa.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 87f7abeb82600e1e640b843ad50fe0a1
SHA1 045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256 b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512 ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

\??\pipe\LOCAL\crashpad_2888_XOVBYLDKUWVPIIRC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1 df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 54994b0ad343132e826ef9130c92211b
SHA1 4febab12e47a1531cd4c82d931255e6a33b92c15
SHA256 2715ac6d9d55becb6f783dc8f747e2ee262997d4cb9ab736b3177593e8aab2ff
SHA512 c6acf03ac473b27fd80f7531767de807df9d6067b8a3a9005615ff3e8dcf6718e2263b6318bc432b706f7e3e561b2da67f4049763574fc677750b1932891c27d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\13791c9b-20a7-4095-8ebd-ce281711003d.tmp

MD5 6f17f20d024dac826af580b0109a43c3
SHA1 da5247a3d4edfc74aad3e6a5f7834bc1c17e7f28
SHA256 ccd5b7f655bc5e4740364d22751312526a9211a4d7534a24a1a6d01a9bd4ebfa
SHA512 181eb0045c65d2624faa3754325180f4543e169ed112a17e3b4362da0f009f6e95e6bd1fbbc823c04a696870c56ac0fa63d2a6810cca2f94b26f1d68b0a55ac8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 67e00588c24b99d4f20f93a728e6024c
SHA1 9f405e86368a2fa28dce1f72a44edd0613bd24e2
SHA256 3ade5c59ecb7215253aa9f855dab037e42d570d08f3d4d82348f88147e7a05d0
SHA512 13f69ab0246b3a0bc3f5d0a5725c37896076abaae79e1c19574b75ca5db0616590da3d3fe7c881bcbc3beba850a0ffb8d9df7919ac6016de9a0133819125fe1d