Malware Analysis Report

2025-01-18 01:37

Sample ID 240613-kcanya1cpb
Target a4a06a6f911429128d1017b073e4d7d9_JaffaCakes118
SHA256 3b5de43ccb01bf41d93f1b4f474d3fdd0fb39c52e0d00d17ae956657f23b2b59
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

3b5de43ccb01bf41d93f1b4f474d3fdd0fb39c52e0d00d17ae956657f23b2b59

Threat Level: No (potentially) malicious behavior was detected

The file a4a06a6f911429128d1017b073e4d7d9_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 08:26

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 08:26

Reported

2024-06-13 08:29

Platform

win7-20240221-en

Max time kernel

117s

Max time network

131s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4a06a6f911429128d1017b073e4d7d9_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "9947" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "3805" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "19523" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8103" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "400" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b02d46a96bbdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "400" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AF273671-295E-11EF-8A46-EA263619F6CB} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "22919" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "22919" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10562" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10562" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9947" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "3887" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "288" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424429079" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8103" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3805" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "12766" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "19523" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4a06a6f911429128d1017b073e4d7d9_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3020 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 konthaiusa.com udp
US 8.8.8.8:53 www.konthaiusa.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 142.250.200.14:80 www.youtube.com tcp
GB 142.250.200.14:80 www.youtube.com tcp
GB 142.250.200.14:80 www.youtube.com tcp
GB 142.250.200.14:80 www.youtube.com tcp
GB 142.250.200.14:80 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 fe0.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 cb85f3fcf86ef0de7ef258539cae87de
SHA1 c73288fff07885a62f8c7033b348863ed3b8cad1
SHA256 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f
SHA512 dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 cc1cfd23b69efe163ab3f787b6d4b535
SHA1 8d6a46dae6e74c3618fa4a0053d9d105dc722205
SHA256 e4bbad1209c27a42834a5042f676ccbc1e0347730808da7794f5223b88a56e85
SHA512 31f0c5cfe811e45f32220b32c831a06bf946838e07540c14cf9f48768c2fbba39b3fc8dcb5a9dc6647904d58dd518241417741bf66ba5a8e6af6e886513bad5b

C:\Users\Admin\AppData\Local\Temp\TarFAAB.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_89FBEB9EEBFF8AABF1EBFA20B87AFE7E

MD5 60c593c796591612a55accb66d6448da
SHA1 816aeadcd13ae6c0829aee7c247b5dde70c7af95
SHA256 0a7ef74ec7fbf8eeee4907e58fe82af1928e84c8585a1684c3257db3ba58f40d
SHA512 fc0b1b8d6d428ecdeb395894b6eda967b75f1835a81fa436abb6fe8b3a0d89b5bbd45292bad2eb5531155b4da048ce579b57b59c94338bce58501d60c8f4b176

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_89FBEB9EEBFF8AABF1EBFA20B87AFE7E

MD5 9ffa5e9d8a9c687f03fbedb05eb24ac9
SHA1 f0bdb9d67babcaf59adf9aa668689d6f89b4891a
SHA256 557b190a553b1b939af86341d6df92f4bfc537e7739e278e3e87ee71d8000691
SHA512 f184a075fd62afad5042567dcd067d82daca05407aebc1cd94b3065e91720b3dc8e2adb40b68bdf461a32b8bf1e4908b1666d751d4fb06e003eab1e14f95d14d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\www-embed-player[1].js

MD5 8940a491297381a0ce25360e21b39bb5
SHA1 43d7a4157e78777fc024415969c3a7bd550a4322
SHA256 afc766cb1c4a339c40d24ad926f05e8b4927eed7532b876291d0bd19adc9cf3e
SHA512 5772d7e7485db888676e69cbaf4c88af01872997338bc61e8e0344d5dba208c2909e167d54d8edcb782e17d1a2b4e9dba955baeb0ad0e43ba932b3bf25ae7dde

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\base[1].js

MD5 cb463df0a090cdfabc77af2691141830
SHA1 e3dde6a1f5c4803e69839154013496a781137473
SHA256 e09e2e8a3cfbcc88eea12d0b17161e1f2c8c75f1bb21100829c09f9858db3f24
SHA512 099374f7b03a4635390b94525105884fa101d93a583eed0d92def7d2de3199d2bd57fc63d885e8e9af0863db40cf521d2fb770eb09400a4c6285f7c37ad88e8c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\KFOmCnqEu92Fr1Mu4mxM[1].woff

MD5 bafb105baeb22d965c70fe52ba6b49d9
SHA1 934014cc9bbe5883542be756b3146c05844b254f
SHA256 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed
SHA512 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

MD5 de8b7431b74642e830af4d4f4b513ec9
SHA1 f549f1fe8a0b86ef3fbdcb8d508440aff84c385c
SHA256 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a
SHA512 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml

MD5 3ecb51e95b1c8873dec2678ff3a9a55f
SHA1 a517a134a95c6fc6c9b19d53c7cb8a8e6974b2a0
SHA256 534c8f1549204dc5647357ff43db8dc4b4c4f17cb3307d07947ec180d7e3fbc1
SHA512 0d1f0f18e6758544770f2b2c1343499eb0fbdd8e151319772e8b63a5195907f0a5c600f593dc42ff3c05ac3fe6fe6fbfae4b7ac5645fc76c325327e0e6a56fae

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\ad_status[1].js

MD5 1fa71744db23d0f8df9cce6719defcb7
SHA1 e4be9b7136697942a036f97cf26ebaf703ad2067
SHA256 eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
SHA512 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml

MD5 80974ad28c2cfe5056519e1d7ae6e114
SHA1 490429fd5c5c0e6c456a3ac378bc119811fd13fd
SHA256 91abd0b95f64ae493f7daa108920bb255857be0665a0e4753eb2514114a6ae9e
SHA512 bc0f50def9c14bd2426681bef966a5880d4d1b66c3dbab603785e382aa4b9377a93aa7c2d445e05c97fed2d136088b7918177586bb8795e52958e04a2ae6765d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\embed[2].js

MD5 14d69fc9da4a63c8ad5013b3d3781842
SHA1 e0272f8403d95fd27df22dff5fc014e2ab5d8a3d
SHA256 e2a5632fec9da56d272ccdea5ecfa7000dc70659673c52a11966802e37a2140e
SHA512 0f85c67ae8969570f6cfa4d265013da7d4820ea11349b11b886d480d7d78df5c6aa1e7484724d6b21421db18678d22bae6d478d3d0e35506673fd609805d1976

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml

MD5 3a8108dca33eb273c526b810f8ec637c
SHA1 23d22fd4bc2d4aecc51abbadb70079badab0db48
SHA256 88100941186bd7d586ae968b2c35ad25be86c9d005cbf7d185fb5afb831d30ce
SHA512 6cd6fc7999bd5906ad2cab4f91ac53f8f400fed2e3c5a57020aeb4664a0340c1f46cdd38732601c2a0f777e31ed076dbcb7d740418c97a95d29ac6ecc8e421a3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml

MD5 e964651928d191af8f267a7273b80811
SHA1 d45e7d7bad851a1518b20b5bf79c0ae77fbed3b0
SHA256 f5c044f29b2db08f2f19fd3a6a446b577996bd7636ed53c6bc7a722df334bdf9
SHA512 770875460a5bd1127dd8e7d0f885ab32b26277ffddbdab08ba4fed434019f4424b28a48b43f3de5b026c16f193f754986a52ef693e04ed69d3dee3aa464a1167

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml

MD5 6191e3dfe32fd69be5dcbee79ff6a242
SHA1 ae31994f10042286dd679bc32472942dd6f73b6a
SHA256 702e80e47f02ae8d6b863235b2f05ba5cd9f395a79a23787121029cac4072823
SHA512 cf90d65051f1e1fe7195609bd68ef6f2022dfd21d2da028209ff16f597f7cfe293e0581d7b3077755a6a10920931ec27625d6f4c7951caf0d85c17e55140fb1b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml

MD5 88bb58dae5b7c109a4e76b36c4d139c0
SHA1 465af7af56a60654b95f154c96adef847542d120
SHA256 5a509e2aee7bd1e15c0ca53ca0d0ca5b46df15d40860ad64917955a897ae3c67
SHA512 1f73b4bfa1d78a82d394b5a4aecede60e8806697c16c97c18a025ef613d51e18c305d8e492abf653d0ea704c959273abbdc5cf593f5ab5b453c96fff4c3ec732

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml

MD5 b63b58614819ad1ccb642f403f87b14b
SHA1 a66b10b18e405b2d0ef650a223f22ec6d1eb458b
SHA256 ac2e3934e54a28466d5f4199f9f6446564424f8c09bb848e139b1c0676e47b43
SHA512 f1ddf8d4eac0762a80143172bd6d4b7ad081a2006a1fe1c117c6502f627ca833bcaf24ad79f6a4b3c1642cd989b9de203d25c403a4c93b1304a0ba37b33e754d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml

MD5 24a44bef10c6fe3ece88e6b053a38b22
SHA1 9de4f17473ba7e50f0c1b61757f015bbdbe225d7
SHA256 e711649046cf6faf5a2cd1bbde1e56be5920b1207f310975b6ca088ea2d9ae00
SHA512 f31fc004028b7ac7d30c5ec87dec0ea34058dff4d58d77f649cf938e96809168b4913a729025907e2ce57b8073fa4b38f1220a4db1aa3fe65163ea252c96035e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml

MD5 47233cbbfc1d178896c8e0cdbc74ea85
SHA1 e9d16834a63e1bc03a0129c865fdf1d3e936f71e
SHA256 3c431ca73372992f9f513fdd33a5dccb7fb20f4695e09ead75dc732df46d3088
SHA512 0a7186d2a83e32f0e87ab68186febc5fc60895f968aee8c56a665ca6051a7c21d5c7a2e096285baa8b7c6a40774edd7f19b997a0e4978f985ba429152b499fb7

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml

MD5 e48e4ae60eaafc6f1737472af3710aa3
SHA1 a99d76aa3e143e8de4d2fe106c387cfa5fd1ecdb
SHA256 b3b8f7bb52096fb6c70f486a12783f52845a088f5f2be705860d97e8979d5221
SHA512 69b0115466bbc8fb5f98f64bf5cec8f1b1c89fc59eba3ec46f34cb00df527d885f19844d9e42d440d7e8abe7aebd09aa8fe3fbbc5a40006579b5331bbd5b49c5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml

MD5 6daa2fb0401b48445fe4ede76c587272
SHA1 964b79201173ec2946cb8ff994718f07d50c414a
SHA256 2cf7f4b56492e12a236f270282223edb06002d581fe61f891620319c2eac8f0f
SHA512 da40724245605eba149c9fc2eed42ee40ce0d69113b28bfd9af9af1d5bd3a74e65be3b1a6c0a6b6e06dd5dfac5bda6657fc98e2bbceb307ab445aa16bb934efa

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml

MD5 7c97756c2c035ebcfe9208dd86591df7
SHA1 57e29d637804dff916a207896274157342cf68ab
SHA256 b7fbec450a4da215d0f778737445d0d3ad164d12e33b31e982eb75b64b4585e0
SHA512 5b44f363277a9902132cdaba7b84e2cab60592d37c39fca6c64074e62fc6189f72f6ad4d3d98f65562ab435de1b213b42824f8319b678e845314d68445733208

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml

MD5 38d0481b85b19d5bca1cb38e42860ec2
SHA1 a5e30299161c6bb1c430d514a5903b62549b25fe
SHA256 fc2914c8c9d2be3641bb22b4dedd9b807f10b288650ae6e99bb8cc17366e1cf0
SHA512 64db17f38464637f63fa10e16a41be1a149ffbed26f55e8538ab377cb984cc942050a851f7c997e6d91f2ce1b6ceb12bf46f7dda1938e84a22266862804d6d8d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml

MD5 15c1a96a57c90f089b82b106ff7fd028
SHA1 772fb9d5c90bc6b8bdeb176e8b0f8caf437c0b1f
SHA256 491f5bd05129980418caf70a1f53a8121eed938571bc495f6f35d0416cf1cf4a
SHA512 ca3d39fa1d90cde31704c70228d2026f897139f0b23af514da3745b5278641b54fbf53497fa0ec323aacf8ab745b1b59d7554c57bffcd17fa894f6ab27cb6945

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml

MD5 5ccebd9dde4187cdaf65707240307f4a
SHA1 5b78bf8efd6ae4caed3307867ca94227425336a2
SHA256 83877fe2f0a1e6da843bff64f146363e1dc37d5067fa0571df3b13f3aaa6110c
SHA512 77cc93f9edcaebeebfd9abf35658263b47b47cd209e8dd52f04e804669fb5211d3938b5c6d0541fa7f84a1751a12608e844e770dc20d6ed6ef80cd7b683ca239

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml

MD5 626b15da0837869083e4bb676ed70c62
SHA1 6120b23993ea2856e45f6bc8373958294f7cfc28
SHA256 0cbe35e0bfb1f41e8281aa8aa1ae46c4daf66353797e0e3ce4be19e6bacbfb3b
SHA512 945e6fac26b674778ed3d6cdbf07834ec119d76e773809874fecf8f891684891f3f50ff6e0881a4bd2fc25c98a0c204298663da25e2a986103273abf6c2623bd

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml

MD5 c2d7e407cd4bfad31a774b7ea308bdde
SHA1 c2553fb6ebdf3ee1b7b16d4d3d09b675ed51727b
SHA256 1c21f7efd9ba4fac6176f1ba6b5e845264bd1adb3fd8246d388f5d1d3357cc67
SHA512 9da57341e92d3bbe90e05fb11836665454d125762077fb084f0ec30c0946bc4c5e28b19b7ac894e2773c88d1558e4c946ab7f14201f66a8b94d9840b7ba39ae1

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml

MD5 1465db1a8c11b27b3cd529297ec09533
SHA1 a50dd0740eb6618556f165a8b0ba4090c0460fd0
SHA256 09e7f486af7d960d7196b691d62856f8f20b4952f838b0d85dc6354cda4874df
SHA512 a669e0bf7d105c8bffcc28f80022e2d099e15412d404d04e3f20245206ceb35a3101f309e4aa5fea8c9345e276b6e82a1b980f7986c9264182c9dfc7db1df707

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml

MD5 43a206e080e93181409ad00770049af9
SHA1 7cdd101313a168e277ecaad70173ef5f879a693b
SHA256 2d63a16f07aa50f19414f1fb38669ff3b289ddc4a32ebe4cf671e0f2c500c85d
SHA512 800e4aa5969cb48906bcaf06b23e9b1b957df1618b31d30d6db9e3acab33da7426637acd521d4a065fc7b692285ac113a9c2d93517581bfb7cc98647eedc46c2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml

MD5 41cde9b42a361bd2043b019f14dfcd2d
SHA1 f598ed90b4b302b3a0a72f6544af94f9a2697d87
SHA256 3ca34e3ff216f35bd44ee2523cba7acd7902b4f9cea29d419280e9a4f0e30a5a
SHA512 b7bb4c6112cc259cac8e99a647053d5dbbff68a7bef81b31868ca9ca67100ddd644d9a27040ab6cae51c7b85c1479e850690f7ce7f49898d292ec8e5aa99f12c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fcc1ebb12f33c291e17900f2d92010d3
SHA1 46f2e8192e4fc6ece35d9388c97da622a393335d
SHA256 534e94bde03a64ab72dc3c188afaeec3eaefad2f0174eb7096185ad2fe7b606c
SHA512 9c542f4f33b4626f861a093b92bd04dd2b51cffd91820d4c1988aa64bc51e17f0b37ec4b210a7e8e629b002dee0cdcec771bd5f7cf255e2963738c2a511c5885

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml

MD5 11601b52bd10ade40cc0522f4c6c8475
SHA1 c170bcb3f0fe0aa21490c4f4fdd8562e688aa681
SHA256 efa51eb1d935e09737ce6d502bbd63b7a0e716a3e633c45bc511d97814215e61
SHA512 ddf259df05aed54b01fe4cd0d76217c0ab5190b15489be165cf5b7bba29f459c22682537f360f44b5068f00c5183433b61e88b6a2bc3835577dd5485697c99ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 075a741d64b0faf0bd1aecb08ca2d5ad
SHA1 649609722869b7cfee2c0f5f86a0a5561016a2c9
SHA256 2dc90b0680ec0b7495e179a97d853384efffea09ca55a745b1c6ec7f7cd6810e
SHA512 e79eef54bc4184729fb91123697633571c2cda1c50aa9beeefea847e67005623adeac2a4d9b8dd78e3457ee7ef391c3b4a31e0001dfc8d8837fb23960dbbaf57

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e3756229a428e026cf26e05df404ff52
SHA1 8ade6804b8f49b64d6ab6be50bcd7830dda22a52
SHA256 fb36d64f83dc2d80af1b1824ad1e5f55ba540f17313c92d7af62b0a413840311
SHA512 0cb7c197079769f6735ff4cd50610b8653d633af0ee63ffc4618ea501c2a5beb0f02463e801ffed9b44bda24010e2c2188d7dfec652414188ff29f3436b11701

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml

MD5 707758aa6930262f172c2a4b6c4c60b2
SHA1 ab5e818a57479b6a4448867f6c03ae4d1118859c
SHA256 bb0c20c5c2a46888b294a5d6d35ae51b58360ef20ed538a0f97d668ecd870d2e
SHA512 cb92798237ecfece41c6799dbfa6db01438f8bd59a8924341ec8ad8fad20c5aa19d14761851efb8299d3efc29abfd100b8f46226e40dbb98561902477f701720

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9037d8488e061f73770119360ed916fc
SHA1 fc8c3d9376945adab07c167ce0e5df4e41ac2b74
SHA256 0dc9769498d649ab67736ec8fcf8dd976e8c7b2f3b7ce539b671715ccb9feace
SHA512 cb2b26cf4395287040eef1d51f8f225b61ba893669806c6a6c135c0af3abf90a3eeda9f05d1d2e55bae01c8a43b2de41a55c77caae9bb5c3681a3c816139c5d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb5bf037598f46ed5587de74d6e94a05
SHA1 d14c2dc541fc835146ca14ec5d52283bcb60d50e
SHA256 667b1d118e62a0415346d6d58dc019589b50bf57cf4366f12f78203ceebc1924
SHA512 2eb4c9bb4b1bbfff112d3c7e11731d84fe68bb4899f046c632dfeaf1593ed66b664d878a6960c89b14476d5b23c9e06c31556941e2fef35e3a79c4975414996c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c80814b25da1983773edd66446ec2e1a
SHA1 1e9df386f0873335572e73625d8a9ecf416b39e8
SHA256 23c5466ec5c7fcd7ee5da70ccaac7d1e1635ad56e48fe0d94204240ae3de1830
SHA512 4ee5229a620926c2a602d653a26c9ccd0139bf2788843a58006d1c72aec035e249480dad0f5f3da9eae3bf2c717ae3cfe8e7f93030372d13637c353e5a2825ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2ad08185f158988f7fc31f699960068d
SHA1 99b669c268030cdffd820d5e87d599fddaefd734
SHA256 bff63071491d2a1c61d7fe9a645dc02ed3a044969ffcde13ef58da342bbdd239
SHA512 7a0f187003b4d60dedee4c0c2b84e44aa3ab8dc89e16cfbb909646fb01fe40ac0bfacd419868c8af47a122ed7635c65e5e305e6b77daf513bf283ccaa2cf15f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 32f9b8668fe6c22cd2130b6281220d31
SHA1 dd5a128c0ca1056d15f6b07ab684a8dbc240bf81
SHA256 4aed0c9e5ec5b95cf4847d5d12e4190494e0bb331b97a13d3f3a539171806589
SHA512 8d37dccee3730bb4696e52263760586bc2dbf5197dc662aedb132d58e6f27150b32737c59cfdcfd8336c4cc46c76d1546c5b6b27fbe255426a35fc8a16588a13

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 72be49abd75fccd012ff592bdf4ed96c
SHA1 5dd83a7feeedce5ed5665ef430221c77ba9b659d
SHA256 12ab990f01df532ad14e6598d2ea49889ef2e17406f3600e1fe254d3a5ef82b4
SHA512 c268e770b934a93903ce377fd45aa933f827aa3ad4194b24043bed68080def9fc8a92557e0b29e043e9db2a34bc47ad99cb00275176a22944ff2ffb61ccfbb2c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml

MD5 3b88e2612a1cceb9cb47a5201c6fe625
SHA1 26d42a870c8eb954fd31958a4646c416584852fb
SHA256 7de0de12f9ab7580e86666dc2a3323873c1196aced34f389c62077d29152dcac
SHA512 980da4d86b2c35fcabd527cbf2b430795df9068678d953373167ba0c01537ca09e2f1b00bd339dc6dca2ad1404426a77380bc370b8676cc7c0a582be1abc68ef

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml

MD5 600d9ae8a6c6648f8759d8cb8d85ad62
SHA1 335c1727ecbc603d2364edc2e4e38e14bee46a4b
SHA256 f232d7d20ebc7c0c40d653d7af57f2434c55c1dbce741511132aab37838b7514
SHA512 6aea895383a876d7c73848b0990a803a3c4623f96ed6503c146b743040cfca08f1453c09d3621584c70596fd426b0dc75392bee35ffd83d8223e803a52c2a878

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml

MD5 66e354d50081f3b49dab5d235ae6d0d0
SHA1 1c9b0dc89b138b09142269e1f1472e40a4b1e5c5
SHA256 f2824cc98c144dfa69dd48f7574d9b6f63c606c14e44458d50d28b0ffa9d8af8
SHA512 39d41e43ba61c276a959da7eae7bd1c4825eb236944d4d0a1e0e0e6984f7384961658469c7b0a260e077bd4ca37d6ec42e55e18623e03ef97207c2f57fedac2b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml

MD5 7cd8b7a8c0f040fab97aa7aa0dc9eadc
SHA1 d0cfb7f17e25af65e7e3dad3aac741b95e9ced9a
SHA256 cfc9975562b396a2f8b5f0e3b53cd3bc608105b3d7a718cd1ef406c06d3e209f
SHA512 7b9d2d90c1a7e95e4a5713bad3d296675738f592fcf0a652aa095b04cc022c089c1e4af10ed19244f2bc8baa7d628e7c730b50336064d9ba38bd4b6f0964a522

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml

MD5 2b0865003446c0eb2cd4871994463245
SHA1 3ca6da360ce0df86700de639c53795535f9932c4
SHA256 d2fd180b074f84e30d234a04100007de509f3665fdcee5ed96389a716b1c5add
SHA512 d6804ad358264ce9fa81f963165bcebcb75cb6edd647f3146595e6a7d94095f477064e3cc44d9db9b05727d7ae1b77007878fa4fe6f1ed693b30d28cd1c2aab4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ec7c0dcb37db55d7b94776aa458afd2
SHA1 457591a94848a8111b1c95999fc79b833f78efde
SHA256 63303ff841d1ef560aaebcee062dd631c546467b16c4fcb5930245d09dff027b
SHA512 12f89d1f1a05444fed6f8701768d897558be8a040c3350ee08bdf8a836bb70cc474910008a6a83a86328bc8a07b980e079448ed73565ce6daaa41fb34fab498c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d264b87824177b8b201f5892e82b6fe
SHA1 531bd739c09c4f9771c5508e3e61b468fc481525
SHA256 0d236db15cd6b441b50e265678da0947b751a6f1e68f418a93173fa9fe2caf80
SHA512 53e9f5ac9f63d165cbde0378bc8f24d445e5524c3c0f19e21cdfbab257c5cce9009571253db0747c86b8006e7a66340c4ecca1399aa1e8b3b6355ae41362aca4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e094643f85ec1678b3df3d3d14c77126
SHA1 43d9645b1395038473356d2ad5e4f0ee24d6c391
SHA256 6a96df3b913db154bbba326875777d7dbcb32b75411aea382e12cc152f08462e
SHA512 e27800e50e0fb8ea64dc370b8e79a3c4ed340a8fe67a5d998947a55aa673dfb1f3023afa82f621d5b559acd360c1bfc8cdb566f3a138ba27e5500f8b62b74dc9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e82767ac7c0708b1708478edb2fc6479
SHA1 74db065cedd121734512c78a322c6cbce641283a
SHA256 204512f65388b1e2848714d963e61acf967603cf96e314171750686e522e3e46
SHA512 55398656d9fd5d0871af7ad7a60a53117efd5338b6eec395930c4d4519e4da0dc5eb4d8923a2a26ba036b95db9bfeb98fe17159b67ff76ee778547acc6e74389

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 84e5ae90e7239606f3478f7deb55c660
SHA1 0c279a5ee8b6c01052394aa942e32950f2c7bc3e
SHA256 192661af40b8fc741633a8878b1123fff1416fd8e862859ac352bf5634a42ef6
SHA512 ae2c574ca15905c83ea5d6681bf91fcf12826ffc7f5bb7a2dbe5aa16ae175c0fdc58608c1f29da1fcf96e08a0a1a707f17cf136a924de89ddd0fc18f3ae7fec4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e5a08456e508b9567b8cc0d07cecdf2
SHA1 4262ca7d86632db6cb3f8d311393a49a5a71a875
SHA256 1e3f5795e9d206b717c06c223cf252963471373f06b4aaf25228636b1bdbfad9
SHA512 4dbc78f37581ef4385f212599e4e22215b00364bd17cdbf5927d4e82d5f380f542bbf45128b6525053c92678b55a0a48b79f0163bf414b49f872b7e6e2e286fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d581d2195ffdd91618b4fc5d5a9fabc6
SHA1 f4c45df32b8f41c30874b06d588b0611de54bc3d
SHA256 2d79ec68b6de1da108a0dabe733962882123cf99527182d912a83b24cddc990a
SHA512 594e61bf3e36b136415ee359ed4cf8326892e5859ffa81cb6d5a3a4f1bc8a142aa2b95924ecc5c5cfaaad209eaba44fd6259235d9bed5fcc3770d2f5fe64e8a7

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S99WM6MV\www.youtube[1].xml

MD5 6f743be6559756747d83df39f1e76f74
SHA1 5d34d84d6b97dec87ec7f6ecb829959d82df1689
SHA256 36cc624f2bd8752b103739b550822ca2e17d0b9fd749ecc357cbeae599dcdc82
SHA512 79b64bcac4c418a1c9e588abfb2f4ce2f4aaffce947045212cbc2589206edbef867a5c9f8b65507213c90886fd07829264af44a1333aabc9664ee4e6505ecbb8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dcf3b7ec7ae9270fa337cf4ae1a9f635
SHA1 ef9867e29b25647f6457a9c0ffc85b8bf6ed75a0
SHA256 deb4f8b926a6f4190a121af6d08de9ff4e492da6c566c6f8a98db2f9ecedcd8f
SHA512 76187425cc0b88e8a2e19946befc86944a8ef7be60b98908c7489acfd44273aed20d6dbf322faa39532bc6955e68b147f64c3d375440e7e7277e4678a0e2699a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3a9b7930f3eba045ac8b17895199a981
SHA1 a89666a1129f7201cb9ce2e0a5af872d9971046c
SHA256 b2cab5061624c5bb175da90746e1411f01e3a72e203651630f23912983339e70
SHA512 d7ab262383fff390c525c9acaea6748e626a56856725877e5f94cb6463708c818ae9009271c743d9107d974245a21da24d6a3579e682430a108103d0de695ec5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f11e0bafdba45cc6475821e34a9c9fac
SHA1 a91bc2ab3d30703a59e85b8e02c35f1af6bc6987
SHA256 e0a7c7a7359ec967397b6d16ef1d9b33c7d4c515921170ac9463bf71de3e5b3d
SHA512 ce052a8f6a8b96c46b64fff95617a1e6447e9f1f3c24551d18077dfddd3bfc85865084ceb66b098f8a6e9c03d187ed0aeb6dd082c06f1431765106efffe5abae

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 08:26

Reported

2024-06-13 08:29

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

124s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4a06a6f911429128d1017b073e4d7d9_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2944 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4a06a6f911429128d1017b073e4d7d9_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0xd8,0x104,0xfc,0x108,0x7ff9053046f8,0x7ff905304708,0x7ff905304718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,7148778378673272826,11428482713517725111,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,7148778378673272826,11428482713517725111,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,7148778378673272826,11428482713517725111,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7148778378673272826,11428482713517725111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7148778378673272826,11428482713517725111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7148778378673272826,11428482713517725111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7148778378673272826,11428482713517725111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,7148778378673272826,11428482713517725111,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,7148778378673272826,11428482713517725111,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7148778378673272826,11428482713517725111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7148778378673272826,11428482713517725111,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7148778378673272826,11428482713517725111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7148778378673272826,11428482713517725111,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,7148778378673272826,11428482713517725111,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5140 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 konthaiusa.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 konthaiusa.com udp
US 8.8.8.8:53 konthaiusa.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4158365912175436289496136e7912c2
SHA1 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA512 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

\??\pipe\LOCAL\crashpad_2944_JSOKMXNRLECNDJIW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce4c898f8fc7601e2fbc252fdadb5115
SHA1 01bf06badc5da353e539c7c07527d30dccc55a91
SHA256 bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA512 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 eab70ef6907667838d608666cd0e5401
SHA1 8f875da2ba0d3df5168f41804587625b39ec985e
SHA256 102914b5809ca845bd024b2b794bb4274d4579c1b0cff13fa16e071b23057bde
SHA512 d7abab7ad6002bb87b58a77cc1cd3f862e4235da3d35b93b20277306cc5385f8cb943af41f04273aac47da69df23555386d0eccd6de93dac7b515c4ea1159c66

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f4a04226c3d3fa97e0ded1057545de9b
SHA1 785897f1b6727b5176af8e408ef74282b0485a0c
SHA256 b92636615bd1f3cda475af594a29f80b66475664d5a46617f9d313705621616a
SHA512 c74e4a81db29a8f73c225087ee3b7b3cc7c83984f4d42340f8c4d9b83c640f48898e598c35f14c6b0cf22542a7461d7737486a983632ab091b954bbb360e916f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e089e3f68367641741f92b915b1a1ed2
SHA1 276000db2f58a1fa591add16843783062bbef039
SHA256 f6dfd0ceec31f35fa6aed483f3cb2b6d70688e85283b7a0f7dac9c23f66cd431
SHA512 967a260a5fa3b5499d65cf788ba13e77a14bf4d906d2832292d9fd65ea908e7de3208e39e875b8f9b47e278b2cd245e4aa156abe5db3120f00489fc8ea63c9a9