Malware Analysis Report

2025-01-18 02:02

Sample ID 240613-jma7sazdjb
Target a47d6bf019003b4b01df6f9406deb0ee_JaffaCakes118
SHA256 cce976ef9fb5ce05649777ac5d1ad21b9ddc8ce5a4e57d0ae00902156031620d
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

cce976ef9fb5ce05649777ac5d1ad21b9ddc8ce5a4e57d0ae00902156031620d

Threat Level: No (potentially) malicious behavior was detected

The file a47d6bf019003b4b01df6f9406deb0ee_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 07:46

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 07:46

Reported

2024-06-13 07:49

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

127s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a47d6bf019003b4b01df6f9406deb0ee_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2696 wrote to memory of 2760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 4216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 2528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a47d6bf019003b4b01df6f9406deb0ee_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff091646f8,0x7fff09164708,0x7fff09164718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,5596763178839036717,5218213149650206374,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,5596763178839036717,5218213149650206374,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,5596763178839036717,5218213149650206374,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1488 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5596763178839036717,5218213149650206374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5596763178839036717,5218213149650206374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5596763178839036717,5218213149650206374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5596763178839036717,5218213149650206374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,5596763178839036717,5218213149650206374,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,5596763178839036717,5218213149650206374,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5596763178839036717,5218213149650206374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5596763178839036717,5218213149650206374,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5596763178839036717,5218213149650206374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5596763178839036717,5218213149650206374,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,5596763178839036717,5218213149650206374,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5780 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 konthaiusa.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 konthaiusa.com udp
US 8.8.8.8:53 konthaiusa.com udp
US 52.111.229.43:443 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 87f7abeb82600e1e640b843ad50fe0a1
SHA1 045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256 b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512 ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

\??\pipe\LOCAL\crashpad_2696_JEDCKUMAUSRVBJBU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1 df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a5ce2f8c5c461dd0c2d84ab341e20772
SHA1 4eeb9938105950aa8dd1f578d9e889fcddfde58f
SHA256 199e380581351ea0b938f9d5e4278cb3281d6c1e53ba0e4e8a582fa860438368
SHA512 956190825afacdc45d22b932b25168030de9e07fada448a0bf453529ee419c00b3d428d956643fa693f892dc149a18bff5519f34942c740307ca012b740efae0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fac8425defb4483b79921467073095b1
SHA1 a83ec4ed6ea95b782fd07300f20d6abb9d0fb3f8
SHA256 b3d7489a540513c1d98f2ef86e8ee74a96448de7c354dc565152933cac26dd43
SHA512 7b202bd84eb0e4eecc28670f546900d302c96d02858b52270e19cfbee8ce7bc220667c2dcea181b2cbcce8ec705dc832b0250bba66c58fa6035a383d4381fdef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e7bcacc9aff2a9ac399ea5dda38fec3c
SHA1 cdbe57d1daac63530e530c7ba93bb22e9bdd4e79
SHA256 f84a065ddef27b0ed9be10e23df3bfc4b6495a6874cfad9cce87138260de7293
SHA512 7b565aed94aa6c3663ced04ada6d4570bf1e0a39a84347cc0c0d4e0f9b3d6de2bbf0c2ee6e886c957852ec73a352c0ac01fd2ba686b579b2657007de3c1bd18d

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 07:46

Reported

2024-06-13 07:49

Platform

win7-20240221-en

Max time kernel

133s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a47d6bf019003b4b01df6f9406deb0ee_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "16803" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8588" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8384" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8296" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "18924" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "16797" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "9880" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "16797" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002839321140e4944ab02e697eb3b9087f00000000020000000000106600000001000020000000eb5241be674d43c73d9ffe3fd6cd521a8191fb0bf516731413145df2708806bd000000000e8000000002000020000000f173b8e14e09adab298bccedd3fd70ffefa3e10948850fc6d6019c0c34dda0de20000000c612c60f62f47276a18e406a54158faba3ac37ab22586d255edb7ce42fb44b69400000006f7d46f12306b9e97e2662de17252afb9e65ff4f689fdb50406280a9e996423287fbeee38c9a0f08c222d5481020305c2f5a213678d13216f01df1a74674db10 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8588" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8588" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426669" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8296" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "9962" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8296" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{129E9691-2959-11EF-92E0-EA483E0BCDAF} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10050" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8384" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8384" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "16797" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "18924" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "17007" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "9880" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8378" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "16803" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10050" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a47d6bf019003b4b01df6f9406deb0ee_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1740 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.konthaiusa.com udp
US 8.8.8.8:53 konthaiusa.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.200.14:80 www.youtube.com tcp
GB 142.250.200.14:80 www.youtube.com tcp
GB 142.250.200.14:80 www.youtube.com tcp
GB 142.250.200.14:80 www.youtube.com tcp
GB 142.250.200.14:80 www.youtube.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 216.58.212.214:443 i.ytimg.com tcp
GB 216.58.212.214:443 i.ytimg.com tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 fe0.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 30d86a9f17b6be51a21a056640c0f87b
SHA1 297990313a635ca02a54a168baa70ba01ba51f1b
SHA256 4a6edd18e094ae89c946c86d3dfcc4ce84d269ec5dabab4cf7bc986de7b833ab
SHA512 2969685d330e7a59037043ddb057b2f1d428bb40b98346e0c8c92b1ec31beca9ccb73d5d907b2376e1cb9399304df7e1c6ba8f0f4b2a0479ea7b28033f40c82e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 cb85f3fcf86ef0de7ef258539cae87de
SHA1 c73288fff07885a62f8c7033b348863ed3b8cad1
SHA256 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f
SHA512 dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 b2da82d6ec3ec602d25dc9e045eeab18
SHA1 8a5cdbe24350b827c572f1df6d7050396315e9cd
SHA256 921e7ac4948c7e06b1e12cf3a37f3bce0f67c9dc9fa008191f10957f853e92f8
SHA512 ef68cbba224e707091c0f59ed4add3e982cc024987800388a072622a7b8e14f9e2625c988bbe0157e090bc83a23ba40d26f71f045a7623ea09a9ddf56b289ca8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_89FBEB9EEBFF8AABF1EBFA20B87AFE7E

MD5 4d9982e08cc570df49c2c1a09ae5413f
SHA1 36e59cae43644178e72d2223975fd1d1d5434d00
SHA256 b08a5b4b34e61b24894432137f637fa61c1d4bd8d83e1f67fc8251ec6b21468d
SHA512 67d56c2b285abf126989d508f986205850a604b1ab0dee9f4c327a45352df4137de469801fd73ec067aef45a8dd299ee3527d58d4cca3b594762a495a7cdb148

C:\Users\Admin\AppData\Local\Temp\TarECF5.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_89FBEB9EEBFF8AABF1EBFA20B87AFE7E

MD5 60c593c796591612a55accb66d6448da
SHA1 816aeadcd13ae6c0829aee7c247b5dde70c7af95
SHA256 0a7ef74ec7fbf8eeee4907e58fe82af1928e84c8585a1684c3257db3ba58f40d
SHA512 fc0b1b8d6d428ecdeb395894b6eda967b75f1835a81fa436abb6fe8b3a0d89b5bbd45292bad2eb5531155b4da048ce579b57b59c94338bce58501d60c8f4b176

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\www-player[2].css

MD5 d32700adacd5d982244c69736b87bedf
SHA1 813dfe8ce4ee3608ed3580113e3b82730ff03c85
SHA256 2c7426a5c6bf00c328c96fb01c89c3e23ba7791e87455cab5aa3b546942f1fc8
SHA512 bbe35704822e0a82de2da2890da6c06138514070fe93978823601079a9371386915431f98e613adaa9566112d728f5f0274b3864e8a0c7da538833383ea5d342

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\www-embed-player[1].js

MD5 8940a491297381a0ce25360e21b39bb5
SHA1 43d7a4157e78777fc024415969c3a7bd550a4322
SHA256 afc766cb1c4a339c40d24ad926f05e8b4927eed7532b876291d0bd19adc9cf3e
SHA512 5772d7e7485db888676e69cbaf4c88af01872997338bc61e8e0344d5dba208c2909e167d54d8edcb782e17d1a2b4e9dba955baeb0ad0e43ba932b3bf25ae7dde

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\base[1].js

MD5 cb463df0a090cdfabc77af2691141830
SHA1 e3dde6a1f5c4803e69839154013496a781137473
SHA256 e09e2e8a3cfbcc88eea12d0b17161e1f2c8c75f1bb21100829c09f9858db3f24
SHA512 099374f7b03a4635390b94525105884fa101d93a583eed0d92def7d2de3199d2bd57fc63d885e8e9af0863db40cf521d2fb770eb09400a4c6285f7c37ad88e8c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SGVFLQJ6\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\KFOmCnqEu92Fr1Mu4mxM[1].woff

MD5 bafb105baeb22d965c70fe52ba6b49d9
SHA1 934014cc9bbe5883542be756b3146c05844b254f
SHA256 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed
SHA512 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

MD5 de8b7431b74642e830af4d4f4b513ec9
SHA1 f549f1fe8a0b86ef3fbdcb8d508440aff84c385c
SHA256 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a
SHA512 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SGVFLQJ6\www.youtube[1].xml

MD5 bab7f329d090d5c16a5b63ae0e50dd65
SHA1 35c8beebe76a68746a09252180e6cd1563ba5574
SHA256 a25269e3426a4a6d4d29c992b880a2f3bd59b5c5827c55516c535e742a3f947a
SHA512 3ae3525ed4b390864fa242d69c262ff268f06a49a403fc8168383116436548286c296bde35bd3915752adbb535c12abd3a61be4f213b14572ff740408eff6d79

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SGVFLQJ6\www.youtube[1].xml

MD5 efafd9b361bf4c016dc056b2f31d0745
SHA1 b32660e4d6c9ff8123447eb0dc25d91f8e59b5f0
SHA256 1c4111d0b577b590608ba71206c52c7e333ef73187b7c1f4313051d64e15456e
SHA512 1bfc14c66d7d9975ba8c88e7d43173dceaa0b0d431162056cb682e458a6c3739550757bc16535e7d419042f9cdd883f6032de1595886c1443f5de40a0aafcecd

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SGVFLQJ6\www.youtube[1].xml

MD5 1734a8ad8c5377c27bedff7276c9b2d1
SHA1 3ef72d9bc70e81ae340a73270ab1baf8ff54393a
SHA256 6d65549ccd689d19126b24f3631f3c529779b92899b83995a42c3441a0384f90
SHA512 4e591ef4ee2a1f08f158f8df4b4c96668e209caf76630ccbe0890ef7cad84927ccabcea77d974c7b0dbe0a156ebd8ec930105c879879411c4ea12d5c1ce922aa

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\ad_status[1].js

MD5 1fa71744db23d0f8df9cce6719defcb7
SHA1 e4be9b7136697942a036f97cf26ebaf703ad2067
SHA256 eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
SHA512 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NPBB818\embed[1].js

MD5 14d69fc9da4a63c8ad5013b3d3781842
SHA1 e0272f8403d95fd27df22dff5fc014e2ab5d8a3d
SHA256 e2a5632fec9da56d272ccdea5ecfa7000dc70659673c52a11966802e37a2140e
SHA512 0f85c67ae8969570f6cfa4d265013da7d4820ea11349b11b886d480d7d78df5c6aa1e7484724d6b21421db18678d22bae6d478d3d0e35506673fd609805d1976

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SGVFLQJ6\www.youtube[1].xml

MD5 6e231a505b065a9e1dbefe78f2ad10de
SHA1 35317ed73f3aef37677bcef2ad93ef42c60d3d4b
SHA256 9f552e0c3e971295c40044061b9570c8a778bcc9f506d652c405b5e5f9e8cac3
SHA512 d58c126563610bf1725de594aa3a3d02a0b65567536ef060cc285137530c411a77317767a1bf44813a66bf745aabfea5c1df1ac3380dd8132b513ed8f5858584

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NPBB818\57wTYcgCL9-06Mjz4he5vP6_4afBPjLl2lxgmn3azys[1].js

MD5 856cbc9239ad5b22e09262a0772086b7
SHA1 f85c8823e31ee0445b52eaff81a312bf30a9de0a
SHA256 e7bc1361c8022fdfb4e8c8f3e217b9bcfebfe1a7c13e32e5da5c609a7ddacf2b
SHA512 9a57544fc353802c2e7b209a025b39a79ee646393fd89ac7d0325940853033fa661a252da81a0e4ef391d0c3b6365fe9f77a6c3f5f73bb41ddc14459c627b745

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SGVFLQJ6\www.youtube[1].xml

MD5 0c95ad0a95e51d04d0e333e92d5d5db1
SHA1 42793d15aa23e324e3eb94eb3df7cf405e4c0f61
SHA256 4a04c79807350fed011ddfc7c9be2b283917ed7a6937f7221768ee50cdb726fa
SHA512 24361df136c64fea9bded1be4ef4847c0a14feb5d8682af8d0d0679443dc0c57135544ee08fdc8c051217cce2f908e0a0bbf52089db41cc1ae9c2a62164d343a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SGVFLQJ6\www.youtube[1].xml

MD5 7788b101d359ff57edd115d2d6276da2
SHA1 20652ae36d31176dca85541b9cd995ae919d010e
SHA256 2059d2a633af343fb204e4f568bcaa0311fd38d1802d6f72859476892191a5d8
SHA512 0622af8da203c2c1c4601aec3965994c62ea5bfb936abdeeed9a1ee1a6fdb99c95ea21d5d681ffa9972b86b43eb7d5256ec78be22374ea84befae446490c8d50

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\remote[1].js

MD5 122e83be4335ed0b6b270ff458ce45fc
SHA1 4cb88bf4d9efe3759b45d01dbdf258ab8b4147e1
SHA256 13bace7cd8fc970632b82a7f1614ffff8f8f9f8dee7d5072d633c4ad5f7cadc5
SHA512 188863a2f4c41b81179f8039874f989163a3c61ad4a6d766dc86aacac71f80add476682b6686f8c95f6be031ad78bf5767ca48544aa64ffd303f522888b558aa

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SGVFLQJ6\www.youtube[1].xml

MD5 e1ed99464c685888fed363387a417d84
SHA1 1544189be5deebbdddebd4ae613889ba8efbf876
SHA256 4a4558bb0f63657b44e64b86e16c8e2b9d1f24eaf72fc55eec20696230024f6b
SHA512 ba54559df4ba3862e1d2cac7bbb13449166305906d34b80fe5e341ef140e89560efde6200a7ff242089b2e9580611d441be1b859349afe2de72057c31ca55f9c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SGVFLQJ6\www.youtube[1].xml

MD5 3a739138fa6e40cdc82900ecd86619ad
SHA1 78767f9e43c24d2f1d1b04b39d3fcd1cf52ae125
SHA256 82cc4681277d9598b28d7496c85f46b15d4ad93b1b18393fb022149b9fc43c99
SHA512 b0ff68c4dfb54fa707858e3abe26dec4ee6d7d58d34265587f90bcd691a7a8588d7a0fbaded58c81ebf6bb94a36f70b12012c8e211362b0df71a85c122b28f57

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SGVFLQJ6\www.youtube[1].xml

MD5 680a8cd496335db448046ba9482c5d47
SHA1 317540f1f79a262da7022135e426407d47530515
SHA256 c1766f1ece4199247ac9e5e09db0ee4a0fa39a7cf99f48c3b03befdff91a4454
SHA512 9aae8743afec1ec03a450bdd720649addd8797091b35c4ed06e988414e249249d9dbbe880b64a8dff8f442042672ba619695c45e9dbcabb5a873ce578171c106

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SGVFLQJ6\www.youtube[1].xml

MD5 f3dee7968e4c5c597a467678932ba256
SHA1 01528ceb97241e3b4d4c137f45b7209c2597dd8f
SHA256 ec18de86821fdc9374d306ac6aa5297ba691816508a7d6390fcb121667c188e0
SHA512 faecc9d5fb21fa37adfc41e99928f8dcd27de45b2e1a2be709fa69bafbdc754a13801f3338f2671ee9b3b0b08603dbcfd3071726f32531cc59d2ba3373eef752

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SGVFLQJ6\www.youtube[1].xml

MD5 db721e03456bb14a79884345e3408b3e
SHA1 4c6c870d75092a203d6eb8e22d9487031a40fdcb
SHA256 7e61160c6a5b4b9356ca1217ca88f305e3e5c716ead44dfe06c313802f4055d2
SHA512 de8b2c57a39b606e4805b8bbbf2fd16fd82ea8840966547521e7750a5a9066eeaa9bf48de7a5d3c65453fd8becfa006621f23be4c0397d47add0b081c37891a7

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SGVFLQJ6\www.youtube[1].xml

MD5 b7cbb5dfc370305882b927c52230dad5
SHA1 86660d274f6312dbcfaabd5d6b22d52c6c5885b2
SHA256 f28ae6971c0f27575aad2c6a4a6fac3fb028c741d4a08c073f5fb4cdcbb2bb87
SHA512 f1d1e30757dbfde8e015723ca2df71387cb6b80b36e426bf757780f1314e1322690378e4de50134f2526dd11931af9b21149ab86de7a53f038dff3406dba46e8

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SGVFLQJ6\www.youtube[1].xml

MD5 b97199dc20d9e42c19ede7edf8ea26a4
SHA1 259272d15c6c0494ebcc6ec457b22919c3454b36
SHA256 4121f2bad5e4b96304cd5336a50030afeaecc37b8da634c9950dbb062548f367
SHA512 bff33c30f6d2a400e0f5d214ea77c4fd5ce21b0500a042752a23016bd00114c05626d98ff8d80f516c160da1f2301a19091889dd2f6fbdd7ee5500d610947a72

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SGVFLQJ6\www.youtube[1].xml

MD5 17da87077f768da725982f2b3eedc82c
SHA1 e40e6cc4561e86cb7c1c1666ef7f98f088fb08a0
SHA256 9b00dd3bf418786768c5ae55fd7faa01ac339a680890b3a4f1acc003d688235f
SHA512 1addf0ccd42ab30c3c14f76cdd07238d177f1bc03f8d8f2442bf06e819fd539a15473c34bc288981f253fe7dd0f42bd4a733ca61c76a63b94b6fd5c98f35cb4d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SGVFLQJ6\www.youtube[1].xml

MD5 823eb0b8b6de106931809ec01f3a5612
SHA1 127cca9aca6a24129309151841851401d1b1a15d
SHA256 c3402fb26f589c90d01f06eacf99c7f55137cbfe759246b2471592fcab2095b7
SHA512 9f6e5fcf5f5e758f2d7ca2927d20796170adb08a7fd44bdcbfe49d35109eb986be1c1244e4fd6156f67a53d33cf2f72be724ddb1b993ae56078e55ad0f50943c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SGVFLQJ6\www.youtube[1].xml

MD5 ff497f94b3c64f1c8f4c0eecb035fa00
SHA1 2d0df7833d62622b632d8c50da4f60cd97d24315
SHA256 6eed71bc37ddbf20cd3564761d4513f813ec4c7ce418deeac8e48dd483dee757
SHA512 a751f9c74777b7a56891d236fb3d8bfc107b68eac58b9e92bc1bfc1c534b03adf49cd41c8f47dd5178e48a5b8a60f5952461c5c3fa7d068376c141b776a13447

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SGVFLQJ6\www.youtube[1].xml

MD5 e151d33ee0c6f0663c914104eece6b4e
SHA1 3af2215a5393ef0b036ecdb02ce12a6728832c79
SHA256 82b087664aab8b809c090be7d5708d038e3cafd0cd6a56a53a0214ede4f21a56
SHA512 d946f197f1fce6c495557414af02edddd8891278f4a724bc3b63363a64587ee5862c66335cfbabbb323181f1a446fa758d4cd499689588971c02f3568f38781a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SGVFLQJ6\www.youtube[1].xml

MD5 a1f912e5a7a0e27b8af553216b80a311
SHA1 80231d81b6c8d1e1119bf46177206e75055b98be
SHA256 42124cadb891729e6401d71d00e29367666777d111c75a1e1621f8fe06405a44
SHA512 e5ba23e5ae438489d120f24f435a220ea0468fe944da281251a599cccf457a38b26e5a1ac11f0f871877749a6dc4b88c9fdc304d0006f00691bdc12807a1314c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SGVFLQJ6\www.youtube[1].xml

MD5 d1aac428d17a47c0a1328cca1b3be423
SHA1 55366e4601227659d30762e6264e450aa9957055
SHA256 57206e49f12a5e23a1932e1a3e7be0cc220ed99a99392633698d548f5cb5e6bb
SHA512 824231e0789444429d0692d067f7e2179e369d93f04f1a5b21a1b814ec2083ddd5bf89e37c5cae3cdcb69414b7c5aedcc5a75be5fd36281a6fa43197b13f7f1c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SGVFLQJ6\www.youtube[1].xml

MD5 5129675f7f79ba660b7dd0f3166c78d2
SHA1 db0ba3474b61dda91a45519ac2d28a2bc114c23f
SHA256 f2b9672dcdacbfd471c23870909e848a3a6f90a52c6180f74a6393631e5cf0f3
SHA512 18fe86d65fb0bd1817aba915bf1c279ec8b039c5078267f214e21bfd4deba8ea4c64a9f976b66e04ccda4c42f9df5896a0251b09fc49c218c6f576b7ee626d19

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SGVFLQJ6\www.youtube[1].xml

MD5 00a8b6eb993fb91588fa11eed17d41fd
SHA1 a0b922b4adecc213b68ea1d966eecdcb0894b61a
SHA256 72f8723e6a48e6e2364586ec10dd6667b9619820b370f77b797369743be5e301
SHA512 a78b41e43436b346f8893bbabd853b37741b4eabcffbaea1bcf493ad9f8b46735e2c85b30668639b8c9da1617aa36d69af05bd2b80ec38647c1554678b1a975a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SGVFLQJ6\www.youtube[1].xml

MD5 3ed25efb4fe0cfd8c1f09d70ac0adcba
SHA1 9ac35609e806c3767535794839cd98c5e58292d4
SHA256 bdf048c63d279e536fb4e7ef9d275dc367b0c72c501dd9a8ac7d47d14a2f0eff
SHA512 1b343a515a69ce51abdc145c719a75becf0f38465883fabaab427f087424fb3c8649e70820475c79475d2fe23434b274dac2b9dc02c42f18d375d2b927fe2097

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SGVFLQJ6\www.youtube[1].xml

MD5 57fecaa38e30d287d035eb2fd6a89654
SHA1 4cb1a7fef04598d391904622ae64b7490652ce27
SHA256 bd78b3fee858d822bb1056e96604c6f234e323306e8a55de56292667a205faa5
SHA512 21d330de3947e1252e7978464aa56983587734379d0f9dc2f813a272b57596ec67fbd40f361fabd26cd59fe6048b4e3ccaa62458d4ea13e9eab8f4e364593f42

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e5f265f63f65a6c3971567902afeed83
SHA1 79d417f452314f54610d078d229867cdec7e1520
SHA256 58a11abd37c7435b5aac69d13b8466f2ec0c45df6d44c3c8733eeff7b5f28201
SHA512 dc79f592abc40b9d23fa1fa8b145e5c68c4354750793e031827cd89a4969380f7bbde7c3847e395d4eedcd0cd22c4230ad06f49b720436abc93b6f63904bb805

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e4633861404896690550fc22bb20eb8
SHA1 7c8244a9908dc947d54d8f81a443d84335892166
SHA256 478851b82e6bbdfe02d6940526d440f30d8e8ac9e80861d997aef9cd2ae650f1
SHA512 66d4d013b73f3a05ff024f0363eee90789c5653799e63373127ef1a0246a13433cb68dc979a16b4f86028bb115353a1ab6a1c0a1e966cf508bd9363429b1fcf2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a9a486cf3c75d8774c2a7cf0deb5d930
SHA1 35dab0cd9320d5950268a47f8c8466b3da44f767
SHA256 60f84391f37dfd9f512007f585617414fe4d3f0bef502bdf31b57833b9821064
SHA512 40332fa5360d4e38b06433dbda2dcf7707d896cd9ef2254edcdee89b4159a3b73fa5b6d47890e6b68e1096d79b21ad6fe681ff13e1d7b2a0e56f6eee1e20f3da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b8c0fc10e3bb1d49e6cf6ab7c6d0ee4
SHA1 e73cfec2245374d38df0d937e528b4d7e5b499e7
SHA256 52c2d1ac0e1ccf92cae16ac39271e7339c02de48e302d38adc93cb0d7f9e4072
SHA512 4daa69d81e8816b769930e2d0a28190e8b018840586a4565e2c093b6a6a3554a202f8fc9482ff0ed3db93a00e093f1e117fabcf4a401fb9d356fea242771907b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2852a8fc347fafa42f7fa326d1beaf19
SHA1 266c35776452577e6a60b512a03b6f08de82673b
SHA256 52ad63c8096f9e11649fdb880de8234ccadd9625e10cb5e014d00aa5008d57b6
SHA512 61c581bc2acb06dfdec756c9fe192b0ec086f964045e49b3192ee3fd9d44a2cf6c9c4dbfd095324e5df27ed33ce51d794f8bbd385171fb625b9f81ee2706f7be

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SGVFLQJ6\www.youtube[1].xml

MD5 58e7aed274e1484cdaa19e606f820fb9
SHA1 d70e79f6d4d02434b9b54104df146e561e98a646
SHA256 f903d947cd762b44444385c34e965c21e061cc122299039dfcee522797c15c95
SHA512 065019b8dd2dd91866dc1bfc4970a6be05991596648fd963aec8e85d1348c630dd6b76b115212a1dd0d3cf2ab3ad74640078aaef21a1768070d65add53f2c04f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SGVFLQJ6\www.youtube[1].xml

MD5 ec18f31498bdd00850003cafc2ea0806
SHA1 6d06a17f9d85642dccf36645cc2f408fce28872e
SHA256 83a4c7e5911e6a6087285ec624e16a2b8db6d9b4d0c4403d60874a6db4c51091
SHA512 415ee9aeaea2b8842203cff0e8dea742b29fd8b9e63b814927a86093c6efe7d9d05b6fff68a3c739d0f083c8f3adddb11bb6c21381f87955462c2c9a1a9a3da0

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SGVFLQJ6\www.youtube[1].xml

MD5 c5272f0ce5418932fcf1662f55f6dc07
SHA1 f575746abc5d9e3d29543d3a66111b62e3d8a99c
SHA256 d9b0cafb5770875ccfb9e3bd8133b16bf238a0b7a7d8b05a52431d8f80d31a05
SHA512 0467921d0786f3234e1169019cb00bd2aa88befdf9b9096b9ae7aa17e1d9dd3ccff169c194b87a95422f7ba2b3af4447b87e479a0bf07bfe3f283682eb541524

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 57d5c5f56656e62f1478a789c26b8303
SHA1 cb5f7d8a08469272043cc694c40a767b6bbd99be
SHA256 cb20c3bac269b32619f634787fba5149f67a74a9de3a316fc8a9f05b93fd8aff
SHA512 80d86d6e10749f4314f24f4d6e20ae65d3c0aa9434662f1b317191519832cb33a2383fcab17453e2299b43764933915834f53267343890163d70236d5457d838

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 090505754635a11c1503f026dbeed71c
SHA1 b5c8373408e46062f386f8eec4e25243b0bf445c
SHA256 fa2657f219de4b2e9992d44c53615b8806f8f7a0396748f7ce0c7a75f145f867
SHA512 6743d01c921e4464f43e84263b47fe2134347bf5d1bd2b439d0465e5cea53e0e294b57708a7adfec22736dba8a9ec95261a137b97f8b84317e26d7fdf8fd50d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ae148c38821e1ccdc50a6f7c431efdd
SHA1 414f59da9695958b3af7cf8797c254eca69fbfc8
SHA256 fb8e7a5a700cede2f5230e1ab1ab423c2fe504f7a3a8f164b5b827d54c0862dd
SHA512 1c1042eafc8ab86645bdca290d3702ea3e891b943c89140e26e73f78a51e363771fbcc10cb98a465cd0ec97742157065577e57d734fdd018ce40962df42f19d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b718a724fc06b98103a86c3766efc77
SHA1 08e3a2c94741c5469ffb8b53f684d80b17ad39c8
SHA256 3f3f1e7fb0d4836f1ca5165eea836332a816bfe1da054fcd1811d153782b5831
SHA512 0e036f6db2997f6b562afe99e8537ee561a09f07e4d22f2e57ec0c5fa2e8d40f70f1a6e572d71cf8b236e9a8685e16a26db79cad6e657094e254414e3437fe5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c1f7b8cf1820134fad6e064db55c9ea0
SHA1 d3a853886e833912983dc998772784dea020fc15
SHA256 2fc99bba199da702a3417c5e97afcef7d9bd8f56452e5764cee27b307e8ec483
SHA512 c3cdbf9ed4f2f47ce0fe60c16632d27d5ad2e2ab76cb9db52967f3717a3c3b83111e7bc6f557eb86a7f6e10d1efa0ef046a2007f2d042ebb8082bac1c540cc63

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SGVFLQJ6\www.youtube[1].xml

MD5 e95790c91446a881359880804df31343
SHA1 4c9fbf58089f7c63549e4a64a7788561eae7c180
SHA256 d17bb10ab4d25ba1c3ad6ee99bab9e97812ec31cf09ad06201678e71b682dac8
SHA512 becfe42c440b2ee1af3005ed20cc065ba613200cabb449127abdcc54687f535fb22bf2cceddeb0d94166d71feded20ff0e9f7ff69ee4062f828fd26d35a345dd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5a950a53df7e75e635093fda5db0dd9f
SHA1 7f2675bae5ead3b59225da2da9340fe1ed5c4529
SHA256 f4e21c9e95d5cced95c07414dd8dfd9f4dd5d43f25f8c9c0c5531191d6a39ad9
SHA512 ccc92e40c166794a903705d1b5d56400e251b9a44d7841c702b9c5b7403c9f17bf41ac9dc2370fff2e8869b0f965666da421dbd3235b349338f36379f8185acf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 faa5ac7fffcf65c460469a617de56cf9
SHA1 ff1745ff8bcaac0bc281eb9b09ca6624eb652ec1
SHA256 1947342166d79496904a895ef47fb973976e8057943a41264b685723fc18b719
SHA512 5a7006b7c412e66b3a65b62e14e4cb11bf911c204d5372b0fd4b8a91fd434aeb43b5b72444cf1de685985af2b02a06173f74eedfe7911d8f27cbb43debdbe8ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a19ddc43acb17ca6cd56088a4f8c87da
SHA1 6434fb33b63692f4246931f40e6d497378858d35
SHA256 90fd482cb358a746cdb2fdadb6f72d16488304ff5e692937f98393daed09a423
SHA512 31fc1a92e17feeb46b5b6314375ffa1a4dbe3f7a81fca3d2378ac8674f9f1762e0bcf541c9f1e085104f585fbb32acf640ca60650fe466610b0da8791f7f66ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d65dfffb7e32f26de6ab714aeb22383e
SHA1 f9c428eb8556fbf9bdf430b35ecd5bd7345e0f87
SHA256 1e29a70ff6d3d26af1006aada501320d96190ffdca2a776ae68322845540c66f
SHA512 7528d08431ea36eba29c1113153f0f0cc9e06da7beade8938d9959e97aa12872fdbc99fc99923e23c68be2919e3001c7f7db187d99aedba215e70a3689745fb6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb3184a486c11420cd9a3eda7243ffbc
SHA1 617f494c9a2c9780763abf9c09e80ea486835ecf
SHA256 110a36055bbe8e38b703e546519ae7e56f79e1a2dc1a5d76bf79c283e20eefd0
SHA512 5efa9c488a72a230e7dbf43525a7851150e0a51b2787ef3c19faa55d80c23e2b7b8860e845a803758407132bf8484657498aaed3903feb49470ed01df244faba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 008197bda4e2cb2d98b1c526d8ac71fa
SHA1 823416a274a96778d76c7ff864fc7dd4067f0df4
SHA256 bf6fbe23ca70d35b6a7197c19ceb098ed7c180d2360ce7dbff8e992b6b8007ec
SHA512 98572196a248fda661b89583075dfbc3ae84d6688b222ee5fe2447c341dc0e493342566ae160f084457526e9bd0532a40779eb3835dd410bcae6a045b7ee8af6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 53270585c71c90db634d22206c085d21
SHA1 d9ef21bfdb755300616dc50bc26bb12dd9de56ad
SHA256 50d6a1b26c5dc1d05926509467c4180030f2c3dd8b9b3ed8127049ec67a5b2ea
SHA512 b6e8a5ab5fe758fa69016a815f7456342d1fa21bb0dc6f1e2f3a5bdeb0548a63fada7a4d6e7a57bd19374fe68d8d6e35b5f84640fa52189c353a393b051e0fd1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c2808b3f556a3cbd702ef6c1e046e56
SHA1 b43a65a7ef5617a285dead3c26c9b226ddfd9929
SHA256 60045f73c282feb1476da9879a45aef474c945b97763791c66d081a999b6c9c4
SHA512 a4c9b5ece78197c3378d8f90a25afb1cdf47c3a98fa4ba28ccff67b7820b06d59a1d7b6583657c455e121423863ccb6cf298ea8d7fbf201dd9f01056e3ddad77

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 62793d3240a63915e75e480d7421b113
SHA1 125bfe07489a19deca68d44244ec75f1545dbbb8
SHA256 5865b5e1a1e1a8086f0bd8b97f78eeca9a6d1e1e61e235cd8521935e531e9ecd
SHA512 3fb8decbb7b3beb8cb765ec2c725691ab725fa1901dcf8dcea41bfb96dfc5622f95feaf9056f11792c449af7f1f9911368121be2d9a93f3c6ee35389bef211c0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 83b7f07c684c90ebb3c3f394060655be
SHA1 5068db2e01f91500819a594075a0bc32a12f0d37
SHA256 9686a7888dab9205b34f1851c7cd5284e0b4f34cb30e5a07e25ee7722ec12d8a
SHA512 2ee666992ea0cbcfe6d27bae5ad59b9a945dfae036cd2b040e5dc28cb3c70e9e1a444c88d2fd7b4a0130d8dbe7571afdc84628c19a5b8751a2316c318fac4f6d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SGVFLQJ6\www.youtube[1].xml

MD5 93aabe7e93830146056ba499204a17d4
SHA1 fb208833fefe48e045183501ca3d24f2079655bc
SHA256 99a1392ac336db5251d26efb6b8010aac26ce5d07aafd3d684634c2bc7fc1119
SHA512 cc76206df9cce4b5d541191b3794b708246016ac6307e0d3cb341f62aa7d637af1762331c2645e17fa1dca1ada02409292ca3359f7edf5278733520b12bc59b9

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SGVFLQJ6\www.youtube[1].xml

MD5 29afd6f6e56c053d387ad9c2e76c104c
SHA1 bab08ef796e50646db02a217e916850e81303be9
SHA256 a7fca51223c5186bf38519bed8870f1389b8f64d9a8d8da0b85a19ee7dcf24cb
SHA512 f271686e1b4d417f350f112d57e1d55d94b8b0af49077d6f6e3fb7602f9fb3b5e6dbfc4fd3c17808aea8ef245829c1264af1d39f16e07cc53f31b73441ac4c9c