Analysis Overview
SHA256
3b5de43ccb01bf41d93f1b4f474d3fdd0fb39c52e0d00d17ae956657f23b2b59
Threat Level: No (potentially) malicious behavior was detected
The file a4a06a6f911429128d1017b073e4d7d9_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 08:26
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 08:26
Reported
2024-06-13 08:29
Platform
win7-20240221-en
Max time kernel
117s
Max time network
131s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "407" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "410" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "9947" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "3805" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "19523" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8103" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "400" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "410" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b02d46a96bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "400" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AF273671-295E-11EF-8A46-EA263619F6CB} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "22919" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "282" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "22919" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10562" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10562" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "410" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9947" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "3887" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "288" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424429079" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8103" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3805" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "12766" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "498" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "19523" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3020 wrote to memory of 2180 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3020 wrote to memory of 2180 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3020 wrote to memory of 2180 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3020 wrote to memory of 2180 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4a06a6f911429128d1017b073e4d7d9_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3020 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | konthaiusa.com | udp |
| US | 8.8.8.8:53 | www.konthaiusa.com | udp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 142.250.200.14:80 | www.youtube.com | tcp |
| GB | 142.250.200.14:80 | www.youtube.com | tcp |
| GB | 142.250.200.14:80 | www.youtube.com | tcp |
| GB | 142.250.200.14:80 | www.youtube.com | tcp |
| GB | 142.250.200.14:80 | www.youtube.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 142.250.200.14:443 | www.youtube.com | tcp |
| GB | 142.250.200.14:443 | www.youtube.com | tcp |
| GB | 142.250.200.14:443 | www.youtube.com | tcp |
| GB | 142.250.200.14:443 | www.youtube.com | tcp |
| GB | 142.250.200.14:443 | www.youtube.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 142.250.200.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 216.58.212.234:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.212.234:443 | jnn-pa.googleapis.com | tcp |
| GB | 216.58.212.234:443 | jnn-pa.googleapis.com | tcp |
| GB | 216.58.212.234:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 216.58.212.246:443 | i.ytimg.com | tcp |
| GB | 216.58.212.246:443 | i.ytimg.com | tcp |
| GB | 216.58.212.234:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | fe0.google.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | cb85f3fcf86ef0de7ef258539cae87de |
| SHA1 | c73288fff07885a62f8c7033b348863ed3b8cad1 |
| SHA256 | 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f |
| SHA512 | dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | cc1cfd23b69efe163ab3f787b6d4b535 |
| SHA1 | 8d6a46dae6e74c3618fa4a0053d9d105dc722205 |
| SHA256 | e4bbad1209c27a42834a5042f676ccbc1e0347730808da7794f5223b88a56e85 |
| SHA512 | 31f0c5cfe811e45f32220b32c831a06bf946838e07540c14cf9f48768c2fbba39b3fc8dcb5a9dc6647904d58dd518241417741bf66ba5a8e6af6e886513bad5b |
C:\Users\Admin\AppData\Local\Temp\TarFAAB.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_89FBEB9EEBFF8AABF1EBFA20B87AFE7E
| MD5 | 60c593c796591612a55accb66d6448da |
| SHA1 | 816aeadcd13ae6c0829aee7c247b5dde70c7af95 |
| SHA256 | 0a7ef74ec7fbf8eeee4907e58fe82af1928e84c8585a1684c3257db3ba58f40d |
| SHA512 | fc0b1b8d6d428ecdeb395894b6eda967b75f1835a81fa436abb6fe8b3a0d89b5bbd45292bad2eb5531155b4da048ce579b57b59c94338bce58501d60c8f4b176 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_89FBEB9EEBFF8AABF1EBFA20B87AFE7E
| MD5 | 9ffa5e9d8a9c687f03fbedb05eb24ac9 |
| SHA1 | f0bdb9d67babcaf59adf9aa668689d6f89b4891a |
| SHA256 | 557b190a553b1b939af86341d6df92f4bfc537e7739e278e3e87ee71d8000691 |
| SHA512 | f184a075fd62afad5042567dcd067d82daca05407aebc1cd94b3065e91720b3dc8e2adb40b68bdf461a32b8bf1e4908b1666d751d4fb06e003eab1e14f95d14d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\www-embed-player[1].js
| MD5 | 8940a491297381a0ce25360e21b39bb5 |
| SHA1 | 43d7a4157e78777fc024415969c3a7bd550a4322 |
| SHA256 | afc766cb1c4a339c40d24ad926f05e8b4927eed7532b876291d0bd19adc9cf3e |
| SHA512 | 5772d7e7485db888676e69cbaf4c88af01872997338bc61e8e0344d5dba208c2909e167d54d8edcb782e17d1a2b4e9dba955baeb0ad0e43ba932b3bf25ae7dde |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\base[1].js
| MD5 | cb463df0a090cdfabc77af2691141830 |
| SHA1 | e3dde6a1f5c4803e69839154013496a781137473 |
| SHA256 | e09e2e8a3cfbcc88eea12d0b17161e1f2c8c75f1bb21100829c09f9858db3f24 |
| SHA512 | 099374f7b03a4635390b94525105884fa101d93a583eed0d92def7d2de3199d2bd57fc63d885e8e9af0863db40cf521d2fb770eb09400a4c6285f7c37ad88e8c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\KFOmCnqEu92Fr1Mu4mxM[1].woff
| MD5 | bafb105baeb22d965c70fe52ba6b49d9 |
| SHA1 | 934014cc9bbe5883542be756b3146c05844b254f |
| SHA256 | 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed |
| SHA512 | 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff
| MD5 | de8b7431b74642e830af4d4f4b513ec9 |
| SHA1 | f549f1fe8a0b86ef3fbdcb8d508440aff84c385c |
| SHA256 | 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a |
| SHA512 | 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml
| MD5 | 3ecb51e95b1c8873dec2678ff3a9a55f |
| SHA1 | a517a134a95c6fc6c9b19d53c7cb8a8e6974b2a0 |
| SHA256 | 534c8f1549204dc5647357ff43db8dc4b4c4f17cb3307d07947ec180d7e3fbc1 |
| SHA512 | 0d1f0f18e6758544770f2b2c1343499eb0fbdd8e151319772e8b63a5195907f0a5c600f593dc42ff3c05ac3fe6fe6fbfae4b7ac5645fc76c325327e0e6a56fae |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\ad_status[1].js
| MD5 | 1fa71744db23d0f8df9cce6719defcb7 |
| SHA1 | e4be9b7136697942a036f97cf26ebaf703ad2067 |
| SHA256 | eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9 |
| SHA512 | 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml
| MD5 | 80974ad28c2cfe5056519e1d7ae6e114 |
| SHA1 | 490429fd5c5c0e6c456a3ac378bc119811fd13fd |
| SHA256 | 91abd0b95f64ae493f7daa108920bb255857be0665a0e4753eb2514114a6ae9e |
| SHA512 | bc0f50def9c14bd2426681bef966a5880d4d1b66c3dbab603785e382aa4b9377a93aa7c2d445e05c97fed2d136088b7918177586bb8795e52958e04a2ae6765d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\embed[2].js
| MD5 | 14d69fc9da4a63c8ad5013b3d3781842 |
| SHA1 | e0272f8403d95fd27df22dff5fc014e2ab5d8a3d |
| SHA256 | e2a5632fec9da56d272ccdea5ecfa7000dc70659673c52a11966802e37a2140e |
| SHA512 | 0f85c67ae8969570f6cfa4d265013da7d4820ea11349b11b886d480d7d78df5c6aa1e7484724d6b21421db18678d22bae6d478d3d0e35506673fd609805d1976 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml
| MD5 | 3a8108dca33eb273c526b810f8ec637c |
| SHA1 | 23d22fd4bc2d4aecc51abbadb70079badab0db48 |
| SHA256 | 88100941186bd7d586ae968b2c35ad25be86c9d005cbf7d185fb5afb831d30ce |
| SHA512 | 6cd6fc7999bd5906ad2cab4f91ac53f8f400fed2e3c5a57020aeb4664a0340c1f46cdd38732601c2a0f777e31ed076dbcb7d740418c97a95d29ac6ecc8e421a3 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml
| MD5 | e964651928d191af8f267a7273b80811 |
| SHA1 | d45e7d7bad851a1518b20b5bf79c0ae77fbed3b0 |
| SHA256 | f5c044f29b2db08f2f19fd3a6a446b577996bd7636ed53c6bc7a722df334bdf9 |
| SHA512 | 770875460a5bd1127dd8e7d0f885ab32b26277ffddbdab08ba4fed434019f4424b28a48b43f3de5b026c16f193f754986a52ef693e04ed69d3dee3aa464a1167 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml
| MD5 | 6191e3dfe32fd69be5dcbee79ff6a242 |
| SHA1 | ae31994f10042286dd679bc32472942dd6f73b6a |
| SHA256 | 702e80e47f02ae8d6b863235b2f05ba5cd9f395a79a23787121029cac4072823 |
| SHA512 | cf90d65051f1e1fe7195609bd68ef6f2022dfd21d2da028209ff16f597f7cfe293e0581d7b3077755a6a10920931ec27625d6f4c7951caf0d85c17e55140fb1b |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml
| MD5 | 88bb58dae5b7c109a4e76b36c4d139c0 |
| SHA1 | 465af7af56a60654b95f154c96adef847542d120 |
| SHA256 | 5a509e2aee7bd1e15c0ca53ca0d0ca5b46df15d40860ad64917955a897ae3c67 |
| SHA512 | 1f73b4bfa1d78a82d394b5a4aecede60e8806697c16c97c18a025ef613d51e18c305d8e492abf653d0ea704c959273abbdc5cf593f5ab5b453c96fff4c3ec732 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml
| MD5 | b63b58614819ad1ccb642f403f87b14b |
| SHA1 | a66b10b18e405b2d0ef650a223f22ec6d1eb458b |
| SHA256 | ac2e3934e54a28466d5f4199f9f6446564424f8c09bb848e139b1c0676e47b43 |
| SHA512 | f1ddf8d4eac0762a80143172bd6d4b7ad081a2006a1fe1c117c6502f627ca833bcaf24ad79f6a4b3c1642cd989b9de203d25c403a4c93b1304a0ba37b33e754d |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml
| MD5 | 24a44bef10c6fe3ece88e6b053a38b22 |
| SHA1 | 9de4f17473ba7e50f0c1b61757f015bbdbe225d7 |
| SHA256 | e711649046cf6faf5a2cd1bbde1e56be5920b1207f310975b6ca088ea2d9ae00 |
| SHA512 | f31fc004028b7ac7d30c5ec87dec0ea34058dff4d58d77f649cf938e96809168b4913a729025907e2ce57b8073fa4b38f1220a4db1aa3fe65163ea252c96035e |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml
| MD5 | 47233cbbfc1d178896c8e0cdbc74ea85 |
| SHA1 | e9d16834a63e1bc03a0129c865fdf1d3e936f71e |
| SHA256 | 3c431ca73372992f9f513fdd33a5dccb7fb20f4695e09ead75dc732df46d3088 |
| SHA512 | 0a7186d2a83e32f0e87ab68186febc5fc60895f968aee8c56a665ca6051a7c21d5c7a2e096285baa8b7c6a40774edd7f19b997a0e4978f985ba429152b499fb7 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml
| MD5 | e48e4ae60eaafc6f1737472af3710aa3 |
| SHA1 | a99d76aa3e143e8de4d2fe106c387cfa5fd1ecdb |
| SHA256 | b3b8f7bb52096fb6c70f486a12783f52845a088f5f2be705860d97e8979d5221 |
| SHA512 | 69b0115466bbc8fb5f98f64bf5cec8f1b1c89fc59eba3ec46f34cb00df527d885f19844d9e42d440d7e8abe7aebd09aa8fe3fbbc5a40006579b5331bbd5b49c5 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml
| MD5 | 6daa2fb0401b48445fe4ede76c587272 |
| SHA1 | 964b79201173ec2946cb8ff994718f07d50c414a |
| SHA256 | 2cf7f4b56492e12a236f270282223edb06002d581fe61f891620319c2eac8f0f |
| SHA512 | da40724245605eba149c9fc2eed42ee40ce0d69113b28bfd9af9af1d5bd3a74e65be3b1a6c0a6b6e06dd5dfac5bda6657fc98e2bbceb307ab445aa16bb934efa |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml
| MD5 | 7c97756c2c035ebcfe9208dd86591df7 |
| SHA1 | 57e29d637804dff916a207896274157342cf68ab |
| SHA256 | b7fbec450a4da215d0f778737445d0d3ad164d12e33b31e982eb75b64b4585e0 |
| SHA512 | 5b44f363277a9902132cdaba7b84e2cab60592d37c39fca6c64074e62fc6189f72f6ad4d3d98f65562ab435de1b213b42824f8319b678e845314d68445733208 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml
| MD5 | 38d0481b85b19d5bca1cb38e42860ec2 |
| SHA1 | a5e30299161c6bb1c430d514a5903b62549b25fe |
| SHA256 | fc2914c8c9d2be3641bb22b4dedd9b807f10b288650ae6e99bb8cc17366e1cf0 |
| SHA512 | 64db17f38464637f63fa10e16a41be1a149ffbed26f55e8538ab377cb984cc942050a851f7c997e6d91f2ce1b6ceb12bf46f7dda1938e84a22266862804d6d8d |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml
| MD5 | 15c1a96a57c90f089b82b106ff7fd028 |
| SHA1 | 772fb9d5c90bc6b8bdeb176e8b0f8caf437c0b1f |
| SHA256 | 491f5bd05129980418caf70a1f53a8121eed938571bc495f6f35d0416cf1cf4a |
| SHA512 | ca3d39fa1d90cde31704c70228d2026f897139f0b23af514da3745b5278641b54fbf53497fa0ec323aacf8ab745b1b59d7554c57bffcd17fa894f6ab27cb6945 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml
| MD5 | 5ccebd9dde4187cdaf65707240307f4a |
| SHA1 | 5b78bf8efd6ae4caed3307867ca94227425336a2 |
| SHA256 | 83877fe2f0a1e6da843bff64f146363e1dc37d5067fa0571df3b13f3aaa6110c |
| SHA512 | 77cc93f9edcaebeebfd9abf35658263b47b47cd209e8dd52f04e804669fb5211d3938b5c6d0541fa7f84a1751a12608e844e770dc20d6ed6ef80cd7b683ca239 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml
| MD5 | 626b15da0837869083e4bb676ed70c62 |
| SHA1 | 6120b23993ea2856e45f6bc8373958294f7cfc28 |
| SHA256 | 0cbe35e0bfb1f41e8281aa8aa1ae46c4daf66353797e0e3ce4be19e6bacbfb3b |
| SHA512 | 945e6fac26b674778ed3d6cdbf07834ec119d76e773809874fecf8f891684891f3f50ff6e0881a4bd2fc25c98a0c204298663da25e2a986103273abf6c2623bd |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml
| MD5 | c2d7e407cd4bfad31a774b7ea308bdde |
| SHA1 | c2553fb6ebdf3ee1b7b16d4d3d09b675ed51727b |
| SHA256 | 1c21f7efd9ba4fac6176f1ba6b5e845264bd1adb3fd8246d388f5d1d3357cc67 |
| SHA512 | 9da57341e92d3bbe90e05fb11836665454d125762077fb084f0ec30c0946bc4c5e28b19b7ac894e2773c88d1558e4c946ab7f14201f66a8b94d9840b7ba39ae1 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml
| MD5 | 1465db1a8c11b27b3cd529297ec09533 |
| SHA1 | a50dd0740eb6618556f165a8b0ba4090c0460fd0 |
| SHA256 | 09e7f486af7d960d7196b691d62856f8f20b4952f838b0d85dc6354cda4874df |
| SHA512 | a669e0bf7d105c8bffcc28f80022e2d099e15412d404d04e3f20245206ceb35a3101f309e4aa5fea8c9345e276b6e82a1b980f7986c9264182c9dfc7db1df707 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml
| MD5 | 43a206e080e93181409ad00770049af9 |
| SHA1 | 7cdd101313a168e277ecaad70173ef5f879a693b |
| SHA256 | 2d63a16f07aa50f19414f1fb38669ff3b289ddc4a32ebe4cf671e0f2c500c85d |
| SHA512 | 800e4aa5969cb48906bcaf06b23e9b1b957df1618b31d30d6db9e3acab33da7426637acd521d4a065fc7b692285ac113a9c2d93517581bfb7cc98647eedc46c2 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml
| MD5 | 41cde9b42a361bd2043b019f14dfcd2d |
| SHA1 | f598ed90b4b302b3a0a72f6544af94f9a2697d87 |
| SHA256 | 3ca34e3ff216f35bd44ee2523cba7acd7902b4f9cea29d419280e9a4f0e30a5a |
| SHA512 | b7bb4c6112cc259cac8e99a647053d5dbbff68a7bef81b31868ca9ca67100ddd644d9a27040ab6cae51c7b85c1479e850690f7ce7f49898d292ec8e5aa99f12c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fcc1ebb12f33c291e17900f2d92010d3 |
| SHA1 | 46f2e8192e4fc6ece35d9388c97da622a393335d |
| SHA256 | 534e94bde03a64ab72dc3c188afaeec3eaefad2f0174eb7096185ad2fe7b606c |
| SHA512 | 9c542f4f33b4626f861a093b92bd04dd2b51cffd91820d4c1988aa64bc51e17f0b37ec4b210a7e8e629b002dee0cdcec771bd5f7cf255e2963738c2a511c5885 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml
| MD5 | 11601b52bd10ade40cc0522f4c6c8475 |
| SHA1 | c170bcb3f0fe0aa21490c4f4fdd8562e688aa681 |
| SHA256 | efa51eb1d935e09737ce6d502bbd63b7a0e716a3e633c45bc511d97814215e61 |
| SHA512 | ddf259df05aed54b01fe4cd0d76217c0ab5190b15489be165cf5b7bba29f459c22682537f360f44b5068f00c5183433b61e88b6a2bc3835577dd5485697c99ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 075a741d64b0faf0bd1aecb08ca2d5ad |
| SHA1 | 649609722869b7cfee2c0f5f86a0a5561016a2c9 |
| SHA256 | 2dc90b0680ec0b7495e179a97d853384efffea09ca55a745b1c6ec7f7cd6810e |
| SHA512 | e79eef54bc4184729fb91123697633571c2cda1c50aa9beeefea847e67005623adeac2a4d9b8dd78e3457ee7ef391c3b4a31e0001dfc8d8837fb23960dbbaf57 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e3756229a428e026cf26e05df404ff52 |
| SHA1 | 8ade6804b8f49b64d6ab6be50bcd7830dda22a52 |
| SHA256 | fb36d64f83dc2d80af1b1824ad1e5f55ba540f17313c92d7af62b0a413840311 |
| SHA512 | 0cb7c197079769f6735ff4cd50610b8653d633af0ee63ffc4618ea501c2a5beb0f02463e801ffed9b44bda24010e2c2188d7dfec652414188ff29f3436b11701 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml
| MD5 | 707758aa6930262f172c2a4b6c4c60b2 |
| SHA1 | ab5e818a57479b6a4448867f6c03ae4d1118859c |
| SHA256 | bb0c20c5c2a46888b294a5d6d35ae51b58360ef20ed538a0f97d668ecd870d2e |
| SHA512 | cb92798237ecfece41c6799dbfa6db01438f8bd59a8924341ec8ad8fad20c5aa19d14761851efb8299d3efc29abfd100b8f46226e40dbb98561902477f701720 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9037d8488e061f73770119360ed916fc |
| SHA1 | fc8c3d9376945adab07c167ce0e5df4e41ac2b74 |
| SHA256 | 0dc9769498d649ab67736ec8fcf8dd976e8c7b2f3b7ce539b671715ccb9feace |
| SHA512 | cb2b26cf4395287040eef1d51f8f225b61ba893669806c6a6c135c0af3abf90a3eeda9f05d1d2e55bae01c8a43b2de41a55c77caae9bb5c3681a3c816139c5d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb5bf037598f46ed5587de74d6e94a05 |
| SHA1 | d14c2dc541fc835146ca14ec5d52283bcb60d50e |
| SHA256 | 667b1d118e62a0415346d6d58dc019589b50bf57cf4366f12f78203ceebc1924 |
| SHA512 | 2eb4c9bb4b1bbfff112d3c7e11731d84fe68bb4899f046c632dfeaf1593ed66b664d878a6960c89b14476d5b23c9e06c31556941e2fef35e3a79c4975414996c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c80814b25da1983773edd66446ec2e1a |
| SHA1 | 1e9df386f0873335572e73625d8a9ecf416b39e8 |
| SHA256 | 23c5466ec5c7fcd7ee5da70ccaac7d1e1635ad56e48fe0d94204240ae3de1830 |
| SHA512 | 4ee5229a620926c2a602d653a26c9ccd0139bf2788843a58006d1c72aec035e249480dad0f5f3da9eae3bf2c717ae3cfe8e7f93030372d13637c353e5a2825ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ad08185f158988f7fc31f699960068d |
| SHA1 | 99b669c268030cdffd820d5e87d599fddaefd734 |
| SHA256 | bff63071491d2a1c61d7fe9a645dc02ed3a044969ffcde13ef58da342bbdd239 |
| SHA512 | 7a0f187003b4d60dedee4c0c2b84e44aa3ab8dc89e16cfbb909646fb01fe40ac0bfacd419868c8af47a122ed7635c65e5e305e6b77daf513bf283ccaa2cf15f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32f9b8668fe6c22cd2130b6281220d31 |
| SHA1 | dd5a128c0ca1056d15f6b07ab684a8dbc240bf81 |
| SHA256 | 4aed0c9e5ec5b95cf4847d5d12e4190494e0bb331b97a13d3f3a539171806589 |
| SHA512 | 8d37dccee3730bb4696e52263760586bc2dbf5197dc662aedb132d58e6f27150b32737c59cfdcfd8336c4cc46c76d1546c5b6b27fbe255426a35fc8a16588a13 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 72be49abd75fccd012ff592bdf4ed96c |
| SHA1 | 5dd83a7feeedce5ed5665ef430221c77ba9b659d |
| SHA256 | 12ab990f01df532ad14e6598d2ea49889ef2e17406f3600e1fe254d3a5ef82b4 |
| SHA512 | c268e770b934a93903ce377fd45aa933f827aa3ad4194b24043bed68080def9fc8a92557e0b29e043e9db2a34bc47ad99cb00275176a22944ff2ffb61ccfbb2c |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml
| MD5 | 3b88e2612a1cceb9cb47a5201c6fe625 |
| SHA1 | 26d42a870c8eb954fd31958a4646c416584852fb |
| SHA256 | 7de0de12f9ab7580e86666dc2a3323873c1196aced34f389c62077d29152dcac |
| SHA512 | 980da4d86b2c35fcabd527cbf2b430795df9068678d953373167ba0c01537ca09e2f1b00bd339dc6dca2ad1404426a77380bc370b8676cc7c0a582be1abc68ef |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml
| MD5 | 600d9ae8a6c6648f8759d8cb8d85ad62 |
| SHA1 | 335c1727ecbc603d2364edc2e4e38e14bee46a4b |
| SHA256 | f232d7d20ebc7c0c40d653d7af57f2434c55c1dbce741511132aab37838b7514 |
| SHA512 | 6aea895383a876d7c73848b0990a803a3c4623f96ed6503c146b743040cfca08f1453c09d3621584c70596fd426b0dc75392bee35ffd83d8223e803a52c2a878 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml
| MD5 | 66e354d50081f3b49dab5d235ae6d0d0 |
| SHA1 | 1c9b0dc89b138b09142269e1f1472e40a4b1e5c5 |
| SHA256 | f2824cc98c144dfa69dd48f7574d9b6f63c606c14e44458d50d28b0ffa9d8af8 |
| SHA512 | 39d41e43ba61c276a959da7eae7bd1c4825eb236944d4d0a1e0e0e6984f7384961658469c7b0a260e077bd4ca37d6ec42e55e18623e03ef97207c2f57fedac2b |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml
| MD5 | 7cd8b7a8c0f040fab97aa7aa0dc9eadc |
| SHA1 | d0cfb7f17e25af65e7e3dad3aac741b95e9ced9a |
| SHA256 | cfc9975562b396a2f8b5f0e3b53cd3bc608105b3d7a718cd1ef406c06d3e209f |
| SHA512 | 7b9d2d90c1a7e95e4a5713bad3d296675738f592fcf0a652aa095b04cc022c089c1e4af10ed19244f2bc8baa7d628e7c730b50336064d9ba38bd4b6f0964a522 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml
| MD5 | 2b0865003446c0eb2cd4871994463245 |
| SHA1 | 3ca6da360ce0df86700de639c53795535f9932c4 |
| SHA256 | d2fd180b074f84e30d234a04100007de509f3665fdcee5ed96389a716b1c5add |
| SHA512 | d6804ad358264ce9fa81f963165bcebcb75cb6edd647f3146595e6a7d94095f477064e3cc44d9db9b05727d7ae1b77007878fa4fe6f1ed693b30d28cd1c2aab4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ec7c0dcb37db55d7b94776aa458afd2 |
| SHA1 | 457591a94848a8111b1c95999fc79b833f78efde |
| SHA256 | 63303ff841d1ef560aaebcee062dd631c546467b16c4fcb5930245d09dff027b |
| SHA512 | 12f89d1f1a05444fed6f8701768d897558be8a040c3350ee08bdf8a836bb70cc474910008a6a83a86328bc8a07b980e079448ed73565ce6daaa41fb34fab498c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d264b87824177b8b201f5892e82b6fe |
| SHA1 | 531bd739c09c4f9771c5508e3e61b468fc481525 |
| SHA256 | 0d236db15cd6b441b50e265678da0947b751a6f1e68f418a93173fa9fe2caf80 |
| SHA512 | 53e9f5ac9f63d165cbde0378bc8f24d445e5524c3c0f19e21cdfbab257c5cce9009571253db0747c86b8006e7a66340c4ecca1399aa1e8b3b6355ae41362aca4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e094643f85ec1678b3df3d3d14c77126 |
| SHA1 | 43d9645b1395038473356d2ad5e4f0ee24d6c391 |
| SHA256 | 6a96df3b913db154bbba326875777d7dbcb32b75411aea382e12cc152f08462e |
| SHA512 | e27800e50e0fb8ea64dc370b8e79a3c4ed340a8fe67a5d998947a55aa673dfb1f3023afa82f621d5b559acd360c1bfc8cdb566f3a138ba27e5500f8b62b74dc9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e82767ac7c0708b1708478edb2fc6479 |
| SHA1 | 74db065cedd121734512c78a322c6cbce641283a |
| SHA256 | 204512f65388b1e2848714d963e61acf967603cf96e314171750686e522e3e46 |
| SHA512 | 55398656d9fd5d0871af7ad7a60a53117efd5338b6eec395930c4d4519e4da0dc5eb4d8923a2a26ba036b95db9bfeb98fe17159b67ff76ee778547acc6e74389 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 84e5ae90e7239606f3478f7deb55c660 |
| SHA1 | 0c279a5ee8b6c01052394aa942e32950f2c7bc3e |
| SHA256 | 192661af40b8fc741633a8878b1123fff1416fd8e862859ac352bf5634a42ef6 |
| SHA512 | ae2c574ca15905c83ea5d6681bf91fcf12826ffc7f5bb7a2dbe5aa16ae175c0fdc58608c1f29da1fcf96e08a0a1a707f17cf136a924de89ddd0fc18f3ae7fec4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e5a08456e508b9567b8cc0d07cecdf2 |
| SHA1 | 4262ca7d86632db6cb3f8d311393a49a5a71a875 |
| SHA256 | 1e3f5795e9d206b717c06c223cf252963471373f06b4aaf25228636b1bdbfad9 |
| SHA512 | 4dbc78f37581ef4385f212599e4e22215b00364bd17cdbf5927d4e82d5f380f542bbf45128b6525053c92678b55a0a48b79f0163bf414b49f872b7e6e2e286fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d581d2195ffdd91618b4fc5d5a9fabc6 |
| SHA1 | f4c45df32b8f41c30874b06d588b0611de54bc3d |
| SHA256 | 2d79ec68b6de1da108a0dabe733962882123cf99527182d912a83b24cddc990a |
| SHA512 | 594e61bf3e36b136415ee359ed4cf8326892e5859ffa81cb6d5a3a4f1bc8a142aa2b95924ecc5c5cfaaad209eaba44fd6259235d9bed5fcc3770d2f5fe64e8a7 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml
| MD5 | 6f743be6559756747d83df39f1e76f74 |
| SHA1 | 5d34d84d6b97dec87ec7f6ecb829959d82df1689 |
| SHA256 | 36cc624f2bd8752b103739b550822ca2e17d0b9fd749ecc357cbeae599dcdc82 |
| SHA512 | 79b64bcac4c418a1c9e588abfb2f4ce2f4aaffce947045212cbc2589206edbef867a5c9f8b65507213c90886fd07829264af44a1333aabc9664ee4e6505ecbb8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dcf3b7ec7ae9270fa337cf4ae1a9f635 |
| SHA1 | ef9867e29b25647f6457a9c0ffc85b8bf6ed75a0 |
| SHA256 | deb4f8b926a6f4190a121af6d08de9ff4e492da6c566c6f8a98db2f9ecedcd8f |
| SHA512 | 76187425cc0b88e8a2e19946befc86944a8ef7be60b98908c7489acfd44273aed20d6dbf322faa39532bc6955e68b147f64c3d375440e7e7277e4678a0e2699a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3a9b7930f3eba045ac8b17895199a981 |
| SHA1 | a89666a1129f7201cb9ce2e0a5af872d9971046c |
| SHA256 | b2cab5061624c5bb175da90746e1411f01e3a72e203651630f23912983339e70 |
| SHA512 | d7ab262383fff390c525c9acaea6748e626a56856725877e5f94cb6463708c818ae9009271c743d9107d974245a21da24d6a3579e682430a108103d0de695ec5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f11e0bafdba45cc6475821e34a9c9fac |
| SHA1 | a91bc2ab3d30703a59e85b8e02c35f1af6bc6987 |
| SHA256 | e0a7c7a7359ec967397b6d16ef1d9b33c7d4c515921170ac9463bf71de3e5b3d |
| SHA512 | ce052a8f6a8b96c46b64fff95617a1e6447e9f1f3c24551d18077dfddd3bfc85865084ceb66b098f8a6e9c03d187ed0aeb6dd082c06f1431765106efffe5abae |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 08:26
Reported
2024-06-13 08:29
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
124s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4a06a6f911429128d1017b073e4d7d9_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0xd8,0x104,0xfc,0x108,0x7ff9053046f8,0x7ff905304708,0x7ff905304718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,7148778378673272826,11428482713517725111,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,7148778378673272826,11428482713517725111,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,7148778378673272826,11428482713517725111,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7148778378673272826,11428482713517725111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7148778378673272826,11428482713517725111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7148778378673272826,11428482713517725111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7148778378673272826,11428482713517725111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,7148778378673272826,11428482713517725111,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,7148778378673272826,11428482713517725111,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7148778378673272826,11428482713517725111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7148778378673272826,11428482713517725111,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7148778378673272826,11428482713517725111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7148778378673272826,11428482713517725111,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,7148778378673272826,11428482713517725111,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5140 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | konthaiusa.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | konthaiusa.com | udp |
| US | 8.8.8.8:53 | konthaiusa.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_2944_JSOKMXNRLECNDJIW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | eab70ef6907667838d608666cd0e5401 |
| SHA1 | 8f875da2ba0d3df5168f41804587625b39ec985e |
| SHA256 | 102914b5809ca845bd024b2b794bb4274d4579c1b0cff13fa16e071b23057bde |
| SHA512 | d7abab7ad6002bb87b58a77cc1cd3f862e4235da3d35b93b20277306cc5385f8cb943af41f04273aac47da69df23555386d0eccd6de93dac7b515c4ea1159c66 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f4a04226c3d3fa97e0ded1057545de9b |
| SHA1 | 785897f1b6727b5176af8e408ef74282b0485a0c |
| SHA256 | b92636615bd1f3cda475af594a29f80b66475664d5a46617f9d313705621616a |
| SHA512 | c74e4a81db29a8f73c225087ee3b7b3cc7c83984f4d42340f8c4d9b83c640f48898e598c35f14c6b0cf22542a7461d7737486a983632ab091b954bbb360e916f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e089e3f68367641741f92b915b1a1ed2 |
| SHA1 | 276000db2f58a1fa591add16843783062bbef039 |
| SHA256 | f6dfd0ceec31f35fa6aed483f3cb2b6d70688e85283b7a0f7dac9c23f66cd431 |
| SHA512 | 967a260a5fa3b5499d65cf788ba13e77a14bf4d906d2832292d9fd65ea908e7de3208e39e875b8f9b47e278b2cd245e4aa156abe5db3120f00489fc8ea63c9a9 |