Malware Analysis Report

2025-01-18 01:25

Sample ID 240613-ka1gks1ckd
Target a49d957ca967b77a6f34b592cd00f995_JaffaCakes118
SHA256 560a0fd91a2c5e66b77a68f1b93236d1ea209059f9dd6a314b94ea43eac62b31
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

560a0fd91a2c5e66b77a68f1b93236d1ea209059f9dd6a314b94ea43eac62b31

Threat Level: No (potentially) malicious behavior was detected

The file a49d957ca967b77a6f34b592cd00f995_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 08:24

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 08:24

Reported

2024-06-13 08:27

Platform

win7-20240220-en

Max time kernel

127s

Max time network

141s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a49d957ca967b77a6f34b592cd00f995_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "3844" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3844" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "3806" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "22810" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "3888" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "12777" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "331" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "325" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "13839" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "233" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8903" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5FDC23F1-295E-11EF-AAE3-46DB0C2B2B48} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "331" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8909" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "22810" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8909" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "13839" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "331" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8903" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8909" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3888" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "233" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "325" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "12859" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006992b7d23c84374a9c129cf3f84c4b9e00000000020000000000106600000001000020000000cdc980c01b5fb0a9a31082406ad0d0321f88eb4834b927cd1a36c41acfd073c9000000000e8000000002000020000000016594fdabd6ca2b5dc9d3e1e44afa023f99f460798c2df277c4959d320b5337900000009cde652f881255d6fe4184f5abb032e6d95cefa4f0fdf8b31d2d4ec9e54b33561ff3974f23a2a8dabd40d7e95a2651eba44c5efe617983a8f4411b4c02bee5a83f2a50783438017cb44354979e8501f9054cacd262f047e1809ff511114f5ad007156bdf95835629ab161cd554e551a11a84db11a026452b42e4c653c28f4a425ba5bb7b55bc37966d8101acf099af0c4000000010757039bba69f5b62532c45f1ef4cf1ae17381586394eda1eb985c9d11c268189b938ce185f28d7c37a23f606c488ae1bfc9c00b5a5d818c0199554c8e892a2 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3806" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "12777" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "233" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "22810" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "3844" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8903" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "325" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "12859" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a49d957ca967b77a6f34b592cd00f995_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2064 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.konthaiusa.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 172.217.169.78:80 www.youtube.com tcp
GB 172.217.169.78:80 www.youtube.com tcp
GB 172.217.169.78:80 www.youtube.com tcp
GB 172.217.169.78:80 www.youtube.com tcp
GB 172.217.169.78:80 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 172.217.169.78:443 www.youtube.com tcp
GB 172.217.169.78:443 www.youtube.com tcp
GB 172.217.169.78:443 www.youtube.com tcp
GB 172.217.169.78:443 www.youtube.com tcp
GB 172.217.169.78:443 www.youtube.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 172.217.169.78:443 www.youtube.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 fe0.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 cb85f3fcf86ef0de7ef258539cae87de
SHA1 c73288fff07885a62f8c7033b348863ed3b8cad1
SHA256 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f
SHA512 dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 8aaf5d927a9ce6ada9a24f7b412772ff
SHA1 f07e762b2afc8f431e21a4d12c19d79c03018dfc
SHA256 3c94f6205db8d35c7a22f8e239cf277d8ce6f2139342f65dbdd395a21cd47e52
SHA512 a49546a82191891f498adc36e158890235fd92c0a885cb40e027c543b01f0e95e9eddb5088d519b548a84da202186e18628d4492fed794d20b6c7d93ca922d55

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 bf57a661398477053edb692644d85741
SHA1 3cee92f5d4e56faf58de41a20442dabef7756059
SHA256 c46d4c49c5fbe2d6fde510900a633bf81395e80274ed925b85aa0378a0774214
SHA512 1b647b8e832de035ffdd0a5a1f5b9ad18a338bdb43ff09bf7bc47034601a552baac0aecbeb5bc5bb7b8c18a706013455bcc475cd0631d45b78da4e5eca807c74

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar27A4.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_89FBEB9EEBFF8AABF1EBFA20B87AFE7E

MD5 60c593c796591612a55accb66d6448da
SHA1 816aeadcd13ae6c0829aee7c247b5dde70c7af95
SHA256 0a7ef74ec7fbf8eeee4907e58fe82af1928e84c8585a1684c3257db3ba58f40d
SHA512 fc0b1b8d6d428ecdeb395894b6eda967b75f1835a81fa436abb6fe8b3a0d89b5bbd45292bad2eb5531155b4da048ce579b57b59c94338bce58501d60c8f4b176

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\www-embed-player[1].js

MD5 8940a491297381a0ce25360e21b39bb5
SHA1 43d7a4157e78777fc024415969c3a7bd550a4322
SHA256 afc766cb1c4a339c40d24ad926f05e8b4927eed7532b876291d0bd19adc9cf3e
SHA512 5772d7e7485db888676e69cbaf4c88af01872997338bc61e8e0344d5dba208c2909e167d54d8edcb782e17d1a2b4e9dba955baeb0ad0e43ba932b3bf25ae7dde

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\base[1].js

MD5 cb463df0a090cdfabc77af2691141830
SHA1 e3dde6a1f5c4803e69839154013496a781137473
SHA256 e09e2e8a3cfbcc88eea12d0b17161e1f2c8c75f1bb21100829c09f9858db3f24
SHA512 099374f7b03a4635390b94525105884fa101d93a583eed0d92def7d2de3199d2bd57fc63d885e8e9af0863db40cf521d2fb770eb09400a4c6285f7c37ad88e8c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

MD5 de8b7431b74642e830af4d4f4b513ec9
SHA1 f549f1fe8a0b86ef3fbdcb8d508440aff84c385c
SHA256 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a
SHA512 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\KFOmCnqEu92Fr1Mu4mxM[1].woff

MD5 bafb105baeb22d965c70fe52ba6b49d9
SHA1 934014cc9bbe5883542be756b3146c05844b254f
SHA256 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed
SHA512 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JM5SKQGA\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_7B6B0766585C28B689143E993A052643

MD5 e40e8544a6175444d0b96e592412aa8b
SHA1 9a97f19d036be78ebb36204bce0c2e6f2fdc5477
SHA256 7f41e461d3f49cbb4ed5a36b2271694223679aca859d7a9fcd73372e5f2a4f39
SHA512 506e7560d5b8b770f9df897b2d2ecf8e0d43b92324ea97ba7d952154b6303c3fe0925993a4ffcf29885ac52f458318a6060d4f46cac54affec0c8c48835a19aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_7B6B0766585C28B689143E993A052643

MD5 a4f1ff88f1c4819543e78c57886a7121
SHA1 cac5a71476e14bfed1f747186ce724adb632a9de
SHA256 5e19bc4ac654b0f89b3c2e053888ccd3cfc56e4da5c1358b2a0349815099ff33
SHA512 98fa0d3c44ec9f6db8d947b15370ebdffdf4b76b924f38da6a98a243f38ab54f37c945bf539293a49f567dd38a2489fab40c240aefa9d2821ae7f40a6d97fdf5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JM5SKQGA\www.youtube[1].xml

MD5 83d00ab93a63589469cb99c926bfba6e
SHA1 b0a6898f3c4918a5efb0bf901ec234b405c37d17
SHA256 710951e742cce4aa19695cc2916b50d09e4e4c58423a8d6147a8430addaa2881
SHA512 ced59c2e20d806d5032f8b761660ffe90f0144a64213e0e124da7b632568b2809b99e5a92412f4ffbf7a7c87007893ff07f0e6e519860fb46b716b36b1d8183e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JM5SKQGA\www.youtube[1].xml

MD5 98c114c3cc88e4db031dcd1eb96324f2
SHA1 9dc19812b8fe6ed4bc15dd754ec6505b501807d7
SHA256 bc17d4b821663015ffa576c4959a0f9d24a882833f7888cd8b103122a822540a
SHA512 763db6f30e17c476c3f7d8815d6aa8281fd18bf88fe6d7d05d1679b2b3671f3029d00493044a0d6eec04b46d27e35f6be7888b3dbe8d9ee0ac3d88d2db9b749b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JM5SKQGA\www.youtube[1].xml

MD5 7e62217cf06bb21c333bb284f83951af
SHA1 9d269ea826d69c71b5753447767e164ff2c21980
SHA256 297ea4b51d9cb827b9c7b7a357112fcb2d2bc0be34a14a5850a36cb6dc6de66c
SHA512 5bb386794b4a313276e38b5810622874e90e401e25cd00453dc5bd74b5c1861004bdc74133cf01f6a840846c7f855cf82635ff986f86eb6f54074fd106ba32be

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JM5SKQGA\www.youtube[1].xml

MD5 7ea0b944e7e6d2979c0f936b1af0f748
SHA1 6e0306deb974875cc7d1381acef03adbbbdd2f35
SHA256 3a6c809753e572bc70f023e25dbbbb767459bc7f39af310152baadf9e95518ea
SHA512 93afaa9e744dffd53b383a3b4a95d3bf9636f7a3aa0daf1baeb4beb557bf5d1c3ddf044d857e6b6f5e46076f8f631907a9565379c4cbbb74ea91ce2c8943c16c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\embed[1].js

MD5 14d69fc9da4a63c8ad5013b3d3781842
SHA1 e0272f8403d95fd27df22dff5fc014e2ab5d8a3d
SHA256 e2a5632fec9da56d272ccdea5ecfa7000dc70659673c52a11966802e37a2140e
SHA512 0f85c67ae8969570f6cfa4d265013da7d4820ea11349b11b886d480d7d78df5c6aa1e7484724d6b21421db18678d22bae6d478d3d0e35506673fd609805d1976

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JM5SKQGA\www.youtube[1].xml

MD5 ae5f7e6f39a3f956dcc0a5b79c2248a0
SHA1 0ecb779153416c9e39fb3b4fdb5bd54ede575e1b
SHA256 75c2f70c56d140a4549bb2edb04cfd143959e23194eeccdceabc086c22a90764
SHA512 6ed4f545e55234befc77997c8da3e8fffee6ce3f56003ee18011d2f6139dc1a77ffb844f38dfc9d31198d82394caafdd62a772342203b9cef901c4e435d97244

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\ad_status[1].js

MD5 1fa71744db23d0f8df9cce6719defcb7
SHA1 e4be9b7136697942a036f97cf26ebaf703ad2067
SHA256 eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
SHA512 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JM5SKQGA\www.youtube[1].xml

MD5 e800b8d11465bc560f0f374749b7e9fa
SHA1 8a9b8440e1319396bf404e2b3671a99b33f66797
SHA256 1d60434643f5c3b0ee9735c67ab1237d63aaace9354b2013f3d0b543aad4f4a2
SHA512 3f20499aa5643a2936ec5a7a8cfff59e8d44c0f68b227a509ec6fd09af720fd3b253afe2b29abfb1c3a5fa60d2ba3beace51be38ca8f349a4a51c0b59d6b38b0

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JM5SKQGA\www.youtube[1].xml

MD5 5f46069b57e191a06fe3aea07ded934a
SHA1 8f8086133e4243f44741476877234062b8e6ef3e
SHA256 211f2d056058f64b09b14d9567614b37dc1a352ee2a4ad6f2a73d03ec8a5ebb1
SHA512 4864ca5b0fd494412a7f9655a1fa93eb8c2bbab876165d8b67fa065163dfdb7af5e09b6846dfd1bfc315c8a16c60213e2aec19702651aafa854bd6bea031cb97

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JM5SKQGA\www.youtube[1].xml

MD5 1f21cee7a7cf2850ab8c4c68fe6537b2
SHA1 a5ca4baa8faa1b7b652273e83a51017b7c993ff5
SHA256 1b47c456e74cf648f266aeb5180a632a073a9966b2782acf69ac18ef214edd0f
SHA512 cfea9533b61f2860084adc7afe752832049c213e60bef4e09eec7cefbb73ebcad258aea5734d43053b5f2e588dcf16e8607034672f2ec182876447109f8c2557

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JM5SKQGA\www.youtube[1].xml

MD5 32a510e15d46b770f14e329515386ac8
SHA1 b6f241c04c7229d1f675491b988964831163a2fc
SHA256 5a5911788f5f76e680008dbf2fe112bdbaff9a4c8920533fb825a59a20da3b66
SHA512 c1cad8e8fc8d28bbc27b974bf6a7e6a08980af85f9e83d53f83c267c5046345a55800022cf30a7f0d2f9355e1ee310d0bc4699cef9ec4e7548544b37516d03b0

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JM5SKQGA\www.youtube[1].xml

MD5 3a8f7f8c550e5b14908618fb8777b683
SHA1 e26d52559fb5f4c67506c34984f1ae443a339308
SHA256 0da0fa8c39c2da7a4d1393b5fb1984eeeaf64ede2bce2fb66487614872c3ca3d
SHA512 05b8b4dbaeeeb5dde26eabdff2208e194f10c24ccca3e4d2bf16a7cd5b82b3c7dffddf33012a64765b7de4af5e048d4ca1963286b3c2110c50a1db67b65b5d9d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JM5SKQGA\www.youtube[1].xml

MD5 d8663c20eebe466eded5a04a60827035
SHA1 c5cd6770a163369af14c090e6555115f108599e1
SHA256 8cfc0d45c0b6be290ef662da46ebe5a68e54ba1a9d2bdf89274ed48fc73d42eb
SHA512 fa3b918f65cc8cff3ecbd23025d2fa7dd6b65d5eb3145baff2507f4ed3438a2586d48ddde5fee418b6a39fc34614b118d089c1e9774ed53b147c47158c961fcd

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JM5SKQGA\www.youtube[1].xml

MD5 7759620d3882934af20df21b2604339c
SHA1 8880ddb0ffc4a57eb5c1de12614b482ccd8319af
SHA256 8e129e215168b3fe6217171096c47b0291356ae0ba0bc882d9f5f8b8fe6776ae
SHA512 2a33d2ff8ce4674191adb7f5dfb321d34996fc38c02fb97de6f75e78c0f79b9489182f42da0777c28c63c07feb326b48838b3d903d2bb7d3a911e6035f2f5396

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JM5SKQGA\www.youtube[1].xml

MD5 5d15b3c3e03d138f70f52b46570be8b8
SHA1 b5f215ffb7541eb247f27f3bc9a7a7aa8bc1d59a
SHA256 f95b56879ac7b9bd88fd3d93e796b915b3ce60249b469e03ff1a6c62df35e563
SHA512 72a65ec17ff5929163fb3f0cac96a661cb6c47ad34a656d8b8c64a4dffbf2638fa746283bf12e071727842dbc31d15d543bb59a39b8fa61a5791315f8ffb0524

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JM5SKQGA\www.youtube[1].xml

MD5 562bcfc6d32b6403a4e205b0b2fd6317
SHA1 dd6e046ea6afd02a4b83f8b8984ca7f999d3172c
SHA256 725a98038d33dd473fb28df9adcb191242fca7f7530754cf4756dbf202178e0b
SHA512 2a18b46fb6b9aa709c1f5222b3ec5da74ae2ac49ba04546c8a33947cac7f8d0cba473daf9c74369979aed3193f3f46a6066a83687f35d5791b40cb7a0d94d61d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JM5SKQGA\www.youtube[1].xml

MD5 71e40e47ed1b4eff706a05c7a3d02fa8
SHA1 b2cd7e25f0d51a27c7d0044d2cf0741681d4e765
SHA256 4ff51947dd2c4389c53b627ff84ce3f8ecafefda73d6a49e455ec4d4245f3492
SHA512 3a625a5a1c89068b62b95326c6d95d8d74fe8df3adf27abbe5fb369b4c99048bb517144aae0a32779a82619d5349b630ade61c0a013b87df5a4a4ce2c84a7ffb

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JM5SKQGA\www.youtube[1].xml

MD5 b64eaa41f398c0c481e5b970fb6dbb07
SHA1 7f77507a0fb642533be8d975f1be7490366909ad
SHA256 65d769a9f3ca63b0c858751c7ef0c932bb30dd0127cbc0fbf3493f9d29b503b2
SHA512 4744924f68575d46b275f1ce5c4dbcca632a8f5a841ff4afd950120cc7615b4a3e128c4856b0771ae7a1b44a912bd642dc009d109fe7a643ab5b8e82ec068bfd

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JM5SKQGA\www.youtube[1].xml

MD5 d20af32426606a5de3b342ca56504134
SHA1 3172b1c128157eb679d48f5122bfa6c46c0c7b0a
SHA256 614b99a205b6e30ff84a5990e9d409e62102cae59bb298f0bb09b4a54cdb598a
SHA512 436786f9aa7e6642189de6035234951bc637218c11a18288a7a9ad095a364edde04fdb6fdaf66405244983ac9d0ab37f8011139826271b70736a4d8866905921

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JM5SKQGA\www.youtube[1].xml

MD5 5d04d9f77f250dc98efca6514c7e1011
SHA1 0f1a47e2f4022bc2e16f6ca0f633923689741a9a
SHA256 729a8f0b7e6941cc03fad4157660764d24db4dd4b78ae2d3e42503536f6342a7
SHA512 a768f50daa8ed558101b0cc08ec4d9a40e1e99808d5e281c46767f3be223877b2c81cf2ef232efe013d25f9967d2df40ba9e3c0dad5b45e1afff2854e76c2005

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JM5SKQGA\www.youtube[1].xml

MD5 ef9034771480ea843f1c083367ab2123
SHA1 2040ced0d8ae4c2ff031cd215760564a7b395cad
SHA256 997a6e400d4c931d23788058e41c63cc7237e86534a4edcc82d40d3ed44c0eff
SHA512 26ddf128a11d5d2abb09622570a00a4d68b25ca4d3630adfdd12edc750b0860e7b1f2a78a07fcb5f7f49efb29f42ffaa138957d8bf1fd6a1d607e60d07f54dc3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JM5SKQGA\www.youtube[1].xml

MD5 abe2f951d3e40789011791516a15071e
SHA1 ff88e728a4e24611ba71080b42bf9add1d1a3cb9
SHA256 364ed5494d892d28e9f64f13d5a042090ee500711d196c079ff474077b2ff1af
SHA512 eb9ce3016431e612cfd98544a69481c38a84fb091917573add9a22ed24e4d5f03bb3f334965082bf5b5867502ddad1b6996b6f8eaddedb3189608c50a907a6cc

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JM5SKQGA\www.youtube[1].xml

MD5 bfbea2b7852c78fef09f5eefae0f71c5
SHA1 b99eb8833917e3ff92f073a46171ba9d79ef6cfa
SHA256 b989644ead6f0c93af5d110aa9d2e0ee2c8903be850e9d1bf88d2fad6c76d7a3
SHA512 b9d99d6c3400889fa755fe83d263d2a77755c40c863869ab1564055dc4ea9c43af589b9f1a87b1054cdcd22a00c813c0f0ec0deb1c0f6ffe1d7c510ef0557fa4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 75903698c6bcd89b3359dad1ca05ecfa
SHA1 0e90915f034da0a39a28484c21b3e6db505b1807
SHA256 cbdcbd672694723cd2bfb83e05fff3beae9ac878c42ccf9982c7301a2764ef54
SHA512 a071f5e6b1d8113f0f4736e6a722730c0b841c4ec195b2700b7c79e45d7b5e1ac3d42da873a20b89143749ff4390b366f43ab170e2cbbd38a394ec1ae9cc2ac1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c334b37410cf83a51995c7a84ff84010
SHA1 32422d11d023bdcb4bfb636f2238a723564c3fe8
SHA256 57d02b20963b9eda2025f7d64117736f56b224cd6b2a83769ea13908e85172d0
SHA512 6df55e9569a1699e107556e39a6cc1b3439f17fc9ee51e2f908601d1febcf16abbb5054bde165cf1901259785261355d8605a03d89a9e75d3434228817ce90e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a0c88a2f8b020e275290a7f7bc863063
SHA1 42a0f2b209995adc762172b06de8ba759284ed77
SHA256 dd253bee430fc9df46aa74878b185efb0baeea8de612c6d3d4f89e1380b67647
SHA512 fe1ed588e5de7afeccd7c1e99baeb24d7f84f718a917cec89bb1481a127f0faef237f64a1f5874f73c80ced34c4f5a2cadb9bff6e63f049672e2bbee2afce1ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3182d5f32f78535666c96149b2b3fa05
SHA1 6c6563d15e5b3578f4448b4b61e938c87e216746
SHA256 558ea36903ee0fe914f2bd5f118d47ac696ee20f1b802d4271e4f3eca463fd0f
SHA512 9d9a657e7b17f7c5de9982c5533a0e2bfeac3c168262cdcc743d59dcc9d442e5b763eed638fd49c8f88e17007d3dc8006a401925b1b992eb47acf05c09be56af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5794f80d388c0ee619fad1c9de4b76b3
SHA1 1fe2bcfb70a5f289e8e72ca675a91d4d478a9953
SHA256 bd065a0a5992c5d0b861145b983f5061f65ffdbc0dfd441000aaa883dbc83272
SHA512 b58472d7a747c1972da88981ac59211b91816b00108fdb1c2313af4049a2352218e64581e5f63ad1e32b155ec540fe2410fd2e4e75d99e02c4d28249b03fd94d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1572c98a94f3563ec7c2a2c8feb0cb7f
SHA1 c6bff0edeca4b39a591d67182f723f92a317a616
SHA256 f1b77a528b19de4ceb71ba208174f90f4658221cedf2cd7456a210fee8c76780
SHA512 7d100b3815403d34939013221c8c4fbc86e430e897244d7511b2b4b8ec9f15ad2bd2495869c48ec2447ef98964c7667d81b7c440253ab38e0cbb361035934e24

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JM5SKQGA\www.youtube[1].xml

MD5 a0e1309144fb5cb7c69100841441c827
SHA1 95aabd02d37afc858673412885bf2f68cbeb4791
SHA256 f6b02cc42c12c240030ecf4970fc5f80a2ccab04eb76f0c594227558c57f6026
SHA512 4d91db4a654eee557eb29d21819540324a1f9de16fb869af87fa511813b985340adbca41e9a893a3568b16037e7ce0585cccc416c73c7fd48fb6abcf4ca7b363

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 40761eaab82165d3b3aca1bf99906274
SHA1 0cf3dbb8d574eb72f78c46c6529c6e9c362ae21e
SHA256 7817b39f3f48ba80b27754b1d3f410321ad51eabad4fc911bdcb443195e3988b
SHA512 721fa05a97f52a7e372cdc0dcbb971124a27b9044498fc4d5ff188e383223e6907ac6f3db35520122d2f466e6495ea3544fa0fad5956b4e5f5521892ad528891

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JM5SKQGA\www.youtube[1].xml

MD5 345223046af5e263eb9218596d62afca
SHA1 02abd9962b0dcf5f157ba56df9d4464b24b33224
SHA256 964fe986b0513c8f12253b2385402fa0324e226f6cc5b2371dc89ffd7f89a59d
SHA512 57399d889c67030fb333768f9db93d632d607546488f6d0915d0865b9db3dc9461fb35df641763ff0779537bfe7d6939fd25bb1d99b05d255f0b452771e315d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a351c2c8ce55aab1af98aabf46c368d1
SHA1 b4bfed6c0d54173c4fda80f458d790ce87417ce5
SHA256 e70645537ead5a40b592ecc519ef97410c2014b8262f6359e6a18ef64275bf65
SHA512 7b7a2167c99f8ae3747a6ba8d54d07569df5b392483eec9b1b830d95ca251496e5075c621ea97b1250c40d2445224628d4c534cf5d800d8e09230feb946b76bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b9ac782715b019de2ebbf7eb73a9db65
SHA1 72526850de0f92f4ba85e636b8372f044a05c625
SHA256 24033eeabcebd73de69d3fff88337c5767266cef92b327325ebd652e698fa32e
SHA512 a68536c6487966733ba7f6398d458be23c99541057b2e565ceaaff2a25f531da03bf5f9954ad356eeb0a148a7473d57c71bca14984dde3dd88845ad3449ed123

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6cbc27da4a64090512cbe0167ef4942c
SHA1 5f9989546605392f93c0695a323542a805ef348e
SHA256 e67840fd2a291d79673390d55fe01790f965ae2f29351d36a45ad19217e65e02
SHA512 44c691c5447b8f9a926d46f0cb9721e79a21e3f8e69597a465e678541b40c3b4a2c44441d6fd3d36f0709f55ef29eb73fc31eec4c1fed6b3e7414d3504df1127

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JM5SKQGA\www.youtube[1].xml

MD5 2eedcfe215ed89b8c9aa6fc941ef62a9
SHA1 db987e09a923abbe9981148d5ea0b981c5c478d0
SHA256 2712ffabbd04f6a121ac320fa7fe97acfdb95da5556fd0d01408cb72e95084cb
SHA512 3ad2a0c06c1765d2e353dd303e49a16847132678e57d461c2c2a1f8f1cfdb3e0d60f04234386be7477e2091edb76fa3c968a47d043148401b2c0c67aa606aee6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ea108d359200d1abad2759ca3cb30313
SHA1 f232585717f519708ea27aeb36b0b61c361c635d
SHA256 20c421c1553c0f7b14b1a1b7a6868338f79109aef84b50ede457969f4d78c545
SHA512 a4fd8cee84fc14f73b4ce4fbea905ca8d99cdaa6741ac96fdae70ff522df61d9b72a6e1868c5ea4a73a6bd3b2075491aefe45c01cf71a8853e8a3399766550b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 ffd066e65d8476ba9e5b7e84156f9153
SHA1 83c871f5097356e83254a84fd51e368c79e531e4
SHA256 f79c7b70fe83869275269ecdf462dde701a8e4abb6dad2504e45dc92f9a745b6
SHA512 88de6e62acb1d5623e50e836978212e1ca06f41008dffa4a3e09026c93f247e94660bf0901b08ff9f8dea4a6e41624ec95479b4f353514bc09341c237320175d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f256f881723364a892f32283fa27cb10
SHA1 9c23c8650c31ee02fd34c90b5299b67e6c2f6f15
SHA256 2b2f419ce3575b59b9f95a84eea6a3379ae8c92126e0ce0f826d373fa3fef9be
SHA512 2def34478b9fe2737a993f1f84e3056eab98da6c8ed5342b41e4f3605b11522c34ad068ea75f95727f1a0aab141684f09907fabe7ca7948f2e4f157d5afd5b4c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1fbd70524ef3b74aead44d93ac014016
SHA1 1e5396f0dd7d97245af759694ab1c377ae7bef73
SHA256 5e7699a3bca2d6d9817d2869afa69862ad3bde5b5cc516b88619ce2f23e91f75
SHA512 3e83332333ea49fcc8994365a2bff24de94c56555db480a9431a12a23257160da6bbb363b4f2cefe51ff0d906fd7734c70aeb5b5f801ee82b8301be77b770e20

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7dffe6f72f7733588be767c07160dce1
SHA1 8e14e2f9c5ca14632651b6b81b43b6395bf2cb0b
SHA256 a50783148d79d4acb3fdfa0683f2284fced9995507dc5478ccb051e6c769d172
SHA512 3a9d07d737b519a0ed449f3536d75944d7d71aabbf733f8d49db5776c5b24b5eea9d33fccf37b1a5f14078673f28689c36121978c503d47602715de7c9bc000d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 362350e42eb7a2172a10c8618d5a5642
SHA1 fe9b15e6f3e25ef642811f417545747fe7098035
SHA256 9043d6676a15c41f1797915e161e1b697e10f39ba336a16b78471a74f461e240
SHA512 c91d144d1ec2a97f1a191b7b2197527dab306e1bf9454dcac0efd2d3ee591cd9e95ff500ed8a0a84b8d632716fef770109f049d96bdc747d2381053b6bf7eb9f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6fcca0cc5f5aeeaf820910d049adc603
SHA1 55e120308d1392590bb2ad56d1ab120e8c7acf2e
SHA256 408b106645ce049a1c7f26d328d33c2ef584790d0a613a28863e3394d6c29b27
SHA512 deeb04430efe6d75d6cc15f70abe426c3df2fa4b93b233812166c66845779174419deb39446db46d1b12c29cb222d785e489d754303521f47affa8d8cb7fd53f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 72168508984274a16511ed04fe28fdd3
SHA1 9c1b99835270f70406d007b9ee55ffe7475eaffc
SHA256 bf83372e17f7459b7c99b280da86b9bd4e23f09151aa289750cccd49f162f9d1
SHA512 0281343cef27689e8303300ae6709a7dc33f8a3e18c773ff2e7aedd16d655f33a26d9fe3923eb2e985b88b4cacf2397751435cfb62ebe422d714551d0a1834cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 9262447dff7cec92b3846b9f699e26b0
SHA1 636fa938a48fe41a49b9b2152c7553ea37138fa9
SHA256 282b01f77b051fdc3575c2477909b3da1eb525efa882ed4d5fd0e6d7aa3d2ff9
SHA512 546209f988bff6afe1828846c81b59d06b5c3eacaaa96644f7c04880f395a680ce2c2039aef0b7ba395a47ab76cf2e402684a0131dcc2401468634c816299f53

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f023f0601dea07dba1bf0c44243a9d1
SHA1 ce778e9f8141d0656ae15c0346653546c9d7db4d
SHA256 3ccf41c2bf22fa56e314ba4fa25438784642fab4c09785638651ab8a5834d5d1
SHA512 04ea0cb2a4c33700cc7fa5944af3e794de6cbe15639838c010fd889582df7136e06cc1b17fad275549e81c86e05d83336e18e16edcd74af5c1dfc0dedf6b57b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 889698a6d1dbd3c914a82259bda6f7b8
SHA1 a982bfbef9c14fe9a5200d7fc30a3c92f3101605
SHA256 6bc4bde50f04ddd503e8c24445faeebf515982f82d3511fd06c546f4624ff65a
SHA512 0c8729b84f81f686ce5ab3bb1ec7b119105c3d2283dd7bd370a5c75c0730dc4c06f40498a95eb2414a4678f1394520409b6d36285c3ff9097c1820b35ceb169e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cfb5d328989e258e3d2932aa975b50db
SHA1 25413fec092a60c480767e0a38c7877965c0909e
SHA256 6c2f36e25a632f98bfd4d1c4e88493ca41e993e3a6ef382fe66951225b6d3cf3
SHA512 577ca8560a8936f67074443578ddfe4fc2b966645440b597166acb4a97d7de599e38efded7af0b42f6f7cfff358b65bb58d029046711cc048a5ff1550aa4a9ef

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 08:24

Reported

2024-06-13 08:27

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

127s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a49d957ca967b77a6f34b592cd00f995_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3416 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 2896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 3472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 3472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 1948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 1948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 1948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 1948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 1948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 1948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 1948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 1948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 1948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 1948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 1948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 1948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 1948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 1948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 1948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 1948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 1948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 1948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 1948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3416 wrote to memory of 1948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a49d957ca967b77a6f34b592cd00f995_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff824c446f8,0x7ff824c44708,0x7ff824c44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,5849993037956747045,9612349203373780129,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,5849993037956747045,9612349203373780129,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,5849993037956747045,9612349203373780129,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5849993037956747045,9612349203373780129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5849993037956747045,9612349203373780129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5849993037956747045,9612349203373780129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5849993037956747045,9612349203373780129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,5849993037956747045,9612349203373780129,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,5849993037956747045,9612349203373780129,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5849993037956747045,9612349203373780129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5849993037956747045,9612349203373780129,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5849993037956747045,9612349203373780129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5849993037956747045,9612349203373780129,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,5849993037956747045,9612349203373780129,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4396 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.konthaiusa.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.konthaiusa.com udp
US 8.8.8.8:53 www.konthaiusa.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 eaa3db555ab5bc0cb364826204aad3f0
SHA1 a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256 ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512 e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

\??\pipe\LOCAL\crashpad_3416_GKCTIPLLGMOAUMQT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4b4f91fa1b362ba5341ecb2836438dea
SHA1 9561f5aabed742404d455da735259a2c6781fa07
SHA256 d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512 fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 57a54f5a4945de9eb702bdafc943b5c8
SHA1 c7cb824f057ca263bfbe8f79bd0a85c8022f36f3
SHA256 305b106d00e1049c0b38df09ebae38b23728f8447e5663adf5080f6701b39043
SHA512 a904d0ac9c12c53a9f97f440ad0968c01ddac49ced59a2893925e86bcbed7e11640014aaea62bf200fdbffc6a9da4ab8e84ac83a4682449dce440d219b8de563

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 396cf7b07291ae8389eed7c89d2f3554
SHA1 23022796bdb0e59ab787edc806b1a1e3fd051806
SHA256 b16a7a90683bfa8e843bdfcbca99ad3943d63851354451565a8c3d1ad8aa97e8
SHA512 f08904ed999a8853a3ad2cc628a924245d77ee695b685349d5d9b71516fe2bec965ead67077328892fd333d568effb71037059383034a147a2ba760285276696

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 aaa70b11c92c7f9ae6fe84bfd71bcdae
SHA1 9a05daed6cb30e5f92b3d555967c10c8f56606ec
SHA256 5b6ba6a0b4bcc6fed3f0a13dceabfea23aa472f7e97e39ac37d3ccbff6a0f6e6
SHA512 ed410907a6189cc433c306e8afe836453e4e3f852e2884d6f3bccdd6271885b68b635e73d1fe20ec334a439a949681dab34a90543492a50ad94cbb64ee966daf