Malware Analysis Report

2025-01-18 00:19

Sample ID 240613-l5b8xatglg
Target a500083a93d243874ec6b431f9b55d59_JaffaCakes118
SHA256 e331e946acf85ba7d7e81f48cff06ac5c012ea018bfba1caeb26c128d1ef4e03
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

e331e946acf85ba7d7e81f48cff06ac5c012ea018bfba1caeb26c128d1ef4e03

Threat Level: No (potentially) malicious behavior was detected

The file a500083a93d243874ec6b431f9b55d59_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 10:06

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 10:06

Reported

2024-06-13 10:09

Platform

win7-20240611-en

Max time kernel

118s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a500083a93d243874ec6b431f9b55d59_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10081" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "9490" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435062" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "400" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "28575" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "28575" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "19582" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "19080" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10087" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "19494" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10087" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "19494" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "19582" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "19080" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "19576" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "288" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "9490" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10738" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "9999" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10081" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9999" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10853" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10738" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "19576" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a500083a93d243874ec6b431f9b55d59_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 konthaiusa.com udp
US 8.8.8.8:53 www.konthaiusa.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 216.58.201.110:80 www.youtube.com tcp
GB 216.58.201.110:80 www.youtube.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.212.226:443 googleads.g.doubleclick.net tcp
GB 216.58.212.226:443 googleads.g.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
GB 216.58.201.110:80 www.youtube.com tcp
GB 216.58.201.110:80 www.youtube.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 216.58.212.226:443 googleads.g.doubleclick.net tcp
GB 216.58.212.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 216.58.212.226:443 googleads.g.doubleclick.net tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 fe0.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabDDB4.tmp

MD5 2d3dcf90f6c99f47e7593ea250c9e749
SHA1 51be82be4a272669983313565b4940d4b1385237
SHA256 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA512 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1df85e0519a89b5c718045635c2fdd6b
SHA1 fe5f77d92454c6d306826647d15ac49b8578fa57
SHA256 a28ca024faf86f7fbefafe54eeb0a9f894f067323084492f915b3133e813d75e
SHA512 7ef6aa0c0de1c43cdac98c62b06bb007bd44237863ae30dc64c05cfb7f897ed4479913f27593f6f715b57e1004579614df73700e70f6660c3c8a04dc6a2ba412

C:\Users\Admin\AppData\Local\Temp\TarDE38.tmp

MD5 7186ad693b8ad9444401bd9bcd2217c2
SHA1 5c28ca10a650f6026b0df4737078fa4197f3bac1
SHA256 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\42CQJEG7\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\42CQJEG7\www.youtube[1].xml

MD5 9ae2e1aac85133b169afb89e3fd53250
SHA1 90076b878bac2542e2f3eacc071d0b1977c45200
SHA256 aa1ff749b776df4e45aefe6cf1895d48b70f62082c5007f8d8698391dd30b2a8
SHA512 6195448b31840e4590e1ef88348b2da2aa22b1ec14211476daefcbee61aaa98ca87c31e689bef0926137e9a84310007b65de2c7b0c4484cdd3228692f936b4d2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M46YZP1\www-player[1].css

MD5 69958caec43c10f1d36a71ce83ac69e8
SHA1 d363274a0f568e4bfe98e978eae59441fc17a1fa
SHA256 d24493147c49a7b5d1a21c66aa87d11a0c976cd4e9392b89add880139aa2b1ff
SHA512 8a57bb5c5a1f7a91057493bad34133f7a2da0b7322ea84638a82e4df13045a584b11a0bc5beb90c018e9d5fecd323bc73cb35e2c322804ddd74ab0e4967bb84a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R54TGSS0\KFOmCnqEu92Fr1Mu4mxM[1].woff

MD5 bafb105baeb22d965c70fe52ba6b49d9
SHA1 934014cc9bbe5883542be756b3146c05844b254f
SHA256 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed
SHA512 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R54TGSS0\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

MD5 de8b7431b74642e830af4d4f4b513ec9
SHA1 f549f1fe8a0b86ef3fbdcb8d508440aff84c385c
SHA256 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a
SHA512 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M46YZP1\www-embed-player[1].js

MD5 8940a491297381a0ce25360e21b39bb5
SHA1 43d7a4157e78777fc024415969c3a7bd550a4322
SHA256 afc766cb1c4a339c40d24ad926f05e8b4927eed7532b876291d0bd19adc9cf3e
SHA512 5772d7e7485db888676e69cbaf4c88af01872997338bc61e8e0344d5dba208c2909e167d54d8edcb782e17d1a2b4e9dba955baeb0ad0e43ba932b3bf25ae7dde

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M46YZP1\base[1].js

MD5 cb463df0a090cdfabc77af2691141830
SHA1 e3dde6a1f5c4803e69839154013496a781137473
SHA256 e09e2e8a3cfbcc88eea12d0b17161e1f2c8c75f1bb21100829c09f9858db3f24
SHA512 099374f7b03a4635390b94525105884fa101d93a583eed0d92def7d2de3199d2bd57fc63d885e8e9af0863db40cf521d2fb770eb09400a4c6285f7c37ad88e8c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M46YZP1\ad_status[1].js

MD5 1fa71744db23d0f8df9cce6719defcb7
SHA1 e4be9b7136697942a036f97cf26ebaf703ad2067
SHA256 eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
SHA512 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\42CQJEG7\www.youtube[1].xml

MD5 837d124e547060ecf8f9a2410faf9ca7
SHA1 7e65e5caebf2d4cb5eb131bd099e1f3dc4281ebd
SHA256 9499656197b19876dcbaeb8de8d4ea3903ab504a3a48820e6ede89f86276f3b9
SHA512 3ebb46b41b1efe4df0c916d33790ca85b4106cbf0d90c261cfbc98a84afa84cfc00c71b2cfb9beb17d5e6c3f4d736476eae6f5d9d613119e4ea50dc48b9d8852

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M46YZP1\embed[1].js

MD5 14d69fc9da4a63c8ad5013b3d3781842
SHA1 e0272f8403d95fd27df22dff5fc014e2ab5d8a3d
SHA256 e2a5632fec9da56d272ccdea5ecfa7000dc70659673c52a11966802e37a2140e
SHA512 0f85c67ae8969570f6cfa4d265013da7d4820ea11349b11b886d480d7d78df5c6aa1e7484724d6b21421db18678d22bae6d478d3d0e35506673fd609805d1976

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\42CQJEG7\www.youtube[1].xml

MD5 d769fa9345e70f24783d33e5a72d3d5f
SHA1 99a46d79d7aa0d1ef99c62b487c0a6c003819146
SHA256 c5b837734955ac9ad057aa993ba2e8e1eb1c06ea9c953b4542d453d8118419f2
SHA512 e15572acb1434052a11b5010ae2044fd83f7901f917b3a40d8f26442c09b1fbe49b4966112999db77b36a1d2b49f3bd9624559d28aef867a4610a13ce44322be

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M46YZP1\57wTYcgCL9-06Mjz4he5vP6_4afBPjLl2lxgmn3azys[1].js

MD5 856cbc9239ad5b22e09262a0772086b7
SHA1 f85c8823e31ee0445b52eaff81a312bf30a9de0a
SHA256 e7bc1361c8022fdfb4e8c8f3e217b9bcfebfe1a7c13e32e5da5c609a7ddacf2b
SHA512 9a57544fc353802c2e7b209a025b39a79ee646393fd89ac7d0325940853033fa661a252da81a0e4ef391d0c3b6365fe9f77a6c3f5f73bb41ddc14459c627b745

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\42CQJEG7\www.youtube[1].xml

MD5 fbe66645a31b224f4f37f805249f11d1
SHA1 0eaee3231bf1fd08ba9efd019107335395737a32
SHA256 c8c0a63945208befed6de45aa80f57db020beee91ee0d970e7976b5798f003b8
SHA512 90455362217acef6fd72ae46cd80b6ed465d2aa322dc42eba1dfa628baedfc2148ab87bd4cc133c34441dea40ac92f9c329201663a7c0baf9f49383e6f8af817

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\42CQJEG7\www.youtube[1].xml

MD5 f66d980cdd77f0d8416c07b060f47209
SHA1 f014abd8ead8536301baf315c1a00c31de0e4ee7
SHA256 a4a55a5b9f613680e35b0d137453ce743e4a668324d8522460bed25a059eafa1
SHA512 6200d49893786e1dca4f97acdb5c7e9ee9729d6d33c3ec5ceb9682f8ce46304f0e60a0bd09787ab76ac81f6655f6142d45425b53359403131271dec4d9f46b83

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\42CQJEG7\www.youtube[1].xml

MD5 fba379ee767bd1f31420150d74812794
SHA1 158e9f32e8db39db25131e6bbbf487730f0c18da
SHA256 3727b732d96dbe8a81ab856bb4797b5d6108c0e747be831ddda5547d8c5892d2
SHA512 d0780416347a1484260be177eb3c625468dd5394b1374cb8c4cd584ad097a4e61720b459d7bb1999ea5a1a82676ce06ed259a8cb3db68c348e89df4134b90f4e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R54TGSS0\remote[1].js

MD5 122e83be4335ed0b6b270ff458ce45fc
SHA1 4cb88bf4d9efe3759b45d01dbdf258ab8b4147e1
SHA256 13bace7cd8fc970632b82a7f1614ffff8f8f9f8dee7d5072d633c4ad5f7cadc5
SHA512 188863a2f4c41b81179f8039874f989163a3c61ad4a6d766dc86aacac71f80add476682b6686f8c95f6be031ad78bf5767ca48544aa64ffd303f522888b558aa

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\42CQJEG7\www.youtube[1].xml

MD5 0656cbffd81191cfbd41d0b28b81f1ec
SHA1 dfd19449a96a8814b4ca7e40249f94856342f92b
SHA256 20b3d911b19151fc65740d8060ecc794e3c7458947c51be23e0ecd088f5822d2
SHA512 148b1f577fcd841dddc0d5220d3f3757abd9bbffb4c6666909b2a0389642e21309c427a7ace1af1871227a37065c4a57535f8fbefca3eafaab5a33ed0c73b074

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\42CQJEG7\www.youtube[1].xml

MD5 814b41b21ac7e1e2646989665c1d0b0a
SHA1 53dac7db250169fb6192b3517fcfe6d2e1ced4e2
SHA256 9e966a7eeafa968fbab4573687a80b9920f4e1c8bc92971873d1b283c2605bcd
SHA512 c47a924307760def92c29fb4c38ffe9ed568a485fb8f6580f91feaead6a2fc6e6a1da8283311b9c66275b131095e3fcf42f1c6629fc2e7db79ff269f7656ab18

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\42CQJEG7\www.youtube[1].xml

MD5 c2727f8cbada4f8e56ef1236ca15b5d1
SHA1 ebadf878fdec46b215779550fd9522cfda09008f
SHA256 c0795fab59f5b36f23cad9f7d42105bc173238977e68c79f485438e784b6b7f7
SHA512 7b6d55a36e2fc53064644be869f5ee48a29f8551ab94ec00471dad31c368ed711244b89710a924dee40d1d1056d5f26447d1331a951787aba13620b2367549c2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\42CQJEG7\www.youtube[1].xml

MD5 5fd791a44749ad5a57693943ae5bbc35
SHA1 9320996880bfa3a638d0e3fbd3dc7a0206f23f52
SHA256 b0eaac2e2b038050535b2d2d33ace77397522d6e545b382ce07202e6e78accd4
SHA512 a8ac42aa3b9089b48bb288b4fc83298635ce2c942c8385b1c9a462709849c3a67d9a744029f78b8384411ec063198738cf2890d5ff53825f0f5477bc1a32a410

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\42CQJEG7\www.youtube[1].xml

MD5 50c4e0767765c12121dcbd10b19aa1eb
SHA1 14fcfb305a98f6032fa4f2e07ff69788560f6c20
SHA256 338d781a66c62bbbb9b518f1c6298a52a971ac84f9c263ef50e585a589b67314
SHA512 2935ba6bf3448d14192277820b561652eb892d3de338380bcb51f40bf1d44407aacd07d055f69578bb8bce8d60be392379f1f848655febb5c69eb076dd3e2fa3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\42CQJEG7\www.youtube[1].xml

MD5 9e3dad4dc75af301ae4b6435cb6067e6
SHA1 d558c25be3c839d3c02d0dd867b7c879bd528201
SHA256 fd2b8f47ac084029f8126ff697ffbc96564702e8f9c41c0d8492116b040a991d
SHA512 6ce315b14423a5b9b5ad6df0e4a957698da65446560529f29594eee0c00683c624ed219ceb10aade81f958fefe6d6d2936fd08dd3cd7fe7789a11897c0d82816

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\42CQJEG7\www.youtube[1].xml

MD5 6672a758f3bcd3c637fb54686e10683d
SHA1 173603d90bc83d887696971a16578da314081529
SHA256 19a35a0fcd42a7791f04b6cc6eabf31df3cd226f7dcd25408974753d8e2f1f26
SHA512 a06eb1dcd1c81499aa37be57baaeb1b277543b1145da23cbac4f323d6ec2c6d902c1e23e7455cb5c5ffb87199f2113924c1309b7c5b9c46f1e967edb660810f7

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\42CQJEG7\www.youtube[1].xml

MD5 d376feedb86c2b8afcdda6fdde23630a
SHA1 4e2dec477dcff5163028c6792e83f3085d7b9bc2
SHA256 22c969b480f0923b4b4693ca4e3dfee190dea6ba5d63355d677e41a7c852c3c0
SHA512 9f4b404b2290dfe02d8280ecdde334f8990faaf2bdee19aea36db6331b24dafe6ed49e6c4136fea28fa75b061b437afaed29f439919d055e22ecd3e734d70885

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\42CQJEG7\www.youtube[1].xml

MD5 11928fe1715591c0aa821898c751490a
SHA1 bfbb2f92d31da72d58544f8c1f4fbd1a39f19c07
SHA256 3cb96c3e840f4621fc2a625b6a51cf4f98182f45ea94e921b64536568ef51cf5
SHA512 c685c9a8a799178368a18555866f13a6c8d62b89d3d481d825f4996c6be71a82ef46be9adafde16851de2727f21d69fadfc715e8ff050ca3908f67d0968d3848

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\42CQJEG7\www.youtube[1].xml

MD5 2bb9ee3da7e7cd51f29ce49d2a5462fc
SHA1 253e8572cd10eb3f110137a06a8ce4bfccdcef37
SHA256 a3da1f7c074d24d919280150e91716d0acf44bfc7d4a97f5e27f9aa3ba50becc
SHA512 92a1a13be23de863c50e0bc1a2266dd13f9fe9b3e0e8ec946c4667374ce10af5e7da9b47678548a68ab4add1596891fc7e1b5159481f16adfbca2927ea618662

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\42CQJEG7\www.youtube[1].xml

MD5 3846ef9b746cf5e812ce0ae2e1c6615f
SHA1 1f41ea27f0978770d074ea3c7e9d5f6c25bb37a8
SHA256 e06a8d22e79b2ed7e2c02e601925b0e7266a94f4a1ee8435ea1e65cf1b182bdf
SHA512 b2ef0e769c70e5433cad818bdafb49a2e193bf4a1cd82a3c114dc7b37a95046a434d0dbfeee00381cd6b32571170e85b9c34c17ea8137234bb1e311820ddeae0

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\42CQJEG7\www.youtube[1].xml

MD5 bd4d59c1e4d336bec1f3958ea8fb42d6
SHA1 ece5e7a4b6f7724b50ce88841bcf9b1e4189f311
SHA256 21f9c0729bb2ef1f12cb8a370aaceeb90060d2f97e65386017f9598ce15148c1
SHA512 d80e8d3b2a344d3ed622dabab6da0a3cca236a3fcf59402c9a91d40fa784d9f2b71caabf4972224dd9b2b7d65f634c436129236b005bf25010b9d170f599630a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\42CQJEG7\www.youtube[1].xml

MD5 5d44b2da1d086cd4fc04b2883595f6bc
SHA1 25a609baccf37bd668188d0b272e4405e0b75bb6
SHA256 c4c96d68f76b66122dde20761e915c14c3d16e685964a2c1b30cc9b6801c6676
SHA512 49a7bbba89fd0e130ee63aebe1f4b4a43cac81d972d4539769618d5ca462e3def963c75182017ed2ffd36c1f039a217fc948037f0f55d4ab50b0fb0b5e51c23b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\42CQJEG7\www.youtube[1].xml

MD5 c10bfe4324756bc5544cbc0e0a245e8c
SHA1 e9343d1d4a752b1810013137c8a87863bcfdf43b
SHA256 ed74b86343a048f1b5c8452d5175db78c9f1f4f06bb8e5375e39e29e335c4b89
SHA512 2ab5ed458daa682e3aa4fe13439d7cd225aa9e75c547bdc50229944f3a795d080523d985462484c052c74aadbd7bb46a3818ac65bf4a4df9f514a703db6c3efa

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\42CQJEG7\www.youtube[1].xml

MD5 58c10fad3f1bc32ab11e50e44393c917
SHA1 e1def118fefdeea1c832181fbef56b3fc643599d
SHA256 ec31b95ec8a8a9648b57ecf7da0a7d48e4ba364a264ae493e5f2940b601aab8f
SHA512 bcc751be11c887a09fec020b386d69c7622960599c65febc28e8c7e6485b3fd14e0320a71643ea5e682771764570cd102c329b021f6aa2d39f108b0185a88c24

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\42CQJEG7\www.youtube[1].xml

MD5 ad999edfddb31a46544ca4d4fadf4c9f
SHA1 eb28271d9bf08c5198b775f13df97ce874d0412e
SHA256 47e2f6d824a6a455407efe883ba66ed39e60f2881f47e4e7ed184bbf5f42dc3e
SHA512 af73e0d6898133c0ae4c859af9f6faaab2ecebb2b2e83103e662cf1a996eb93b50f5839bd12a8213c8ceafac1f7a4d1c68d01731f6eb00ed877b6cc883768682

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\42CQJEG7\www.youtube[1].xml

MD5 b68bc33a4e658ca100d0b86b537e8c1b
SHA1 6aae7208122aa8e18713dc1e300b8b13b6a07c0d
SHA256 38d895c1dc3160be1d2ff823d5db67e1261c760cea31506273ae05d85a9baaf9
SHA512 01699d29eada8b3741c3fbe2f0b463e33deac6226b5c78430f92303e58e5c6f9b62fb83e0a954d5805e814a42053918e4f5f67fb29385bb1b10622d57c5d356f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 933534ddc6f0a5a62c18404b1efe4ef6
SHA1 9be410c2d11d2139c50bb18840d7f7fbf002ec1d
SHA256 7cc078ecc617a010ad4851d85096da55050a821b1730ec771725fe8b16d3cdec
SHA512 12be01b0a6884d7e482fc4b2ce7d69cf284bdc2a2a4644c11b0917c41454a8311d648f2e32ef22baa14318f6376d39696710517fc519930efe751c66110a05d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c245191397de54776f666e4fc0d55a3
SHA1 f66409df44978fbe8adfbab7202d401e5b245111
SHA256 15ae432b7dd310bf2d47b5637a8d66bf0dea84343067596f74924f8ea75304e1
SHA512 faefa01dd34e4b9da09587d5373b3674d97876eb1e8d6a06ad883a51471d9cba0484754c3c8f06b29446bd0cd88d0f907284e2e85805fc32a8f120249d43d568

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c2ccf00ab7e27093d254cf75639be010
SHA1 e6c6970c1d4a4ed1fed79e61b88a69a6552d056e
SHA256 5b316452bb79800b5eebc3c557df974af46582761f7462c2001211571949ccd7
SHA512 8abf163476f83eb4e1f15ce5c7185499f2ce6f465590979fb529f25d774b0263fc2562f1d23819b9c089b4504ab107f3a3c4d80fc9095119273d36da3f2172e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c43573d7b8593e228bf17fbc50d9b703
SHA1 0697b11461ea8c8db8493ce88d15305aaef6e881
SHA256 d6f71fb7f2a415a74f9ded1b24b2f648b253a43dc1f7b29e4c3748f7444a8bca
SHA512 9d210099d0f28a721bb585058e78f924dfbf99e66b68ddb561295f71bee0b64e905952288dda365126e4b10a71630856657250c3cb52a828cb31a4cb832f7279

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 91e446b05abab09b56ec6c922eb54f83
SHA1 0fa3ea3fd4b07bdc264829e0c2452e5f8fd4b6df
SHA256 de583f5f39c2744b203d33637036b1f4cabb9844421721efbfe6eea8b7ae5c2f
SHA512 6e728604894df77442919741a42b2369a77479b42c5c40f0488e1822ff833c9a8e86ca4caf5d54faf964cc54062057f7dd8771f6edf0be0cc171f344bee550e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2daeb1578cac6dd1ae5a805c87280e08
SHA1 176f52f3a857b5d13bf3114edb824d828b99cc84
SHA256 1b4180de0a21dd2793b2e29bcaa7c032821f281ae1011e7a15d400af6f867287
SHA512 6d8ad917996eb71c0fb02126e7254a36eb6f33bff8742566e3b24bbb2f83b77e004520e3b8f79ebf6ad9e65fed84091dcdd77ae4d8584cea5c80cf00965026a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec4872a06b12568174c1a77e5eabcafa
SHA1 8857382036503975950ca3e8fe0973cd794926c1
SHA256 e5230fa8ca4434aba0b9cffcbef4f3e235a499d8583cb53c49b37aa05c23dc85
SHA512 0f8a6ad3067e1b6a81c47814839752664b54b578ec93d5f02dacf3752e072b71106cafca84ee8114368fa89c26979778660305790469cd8898521a2f7a5be661

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e70a861cda972f707101246644bc6d00
SHA1 b8bba34a17ddf1838f05b2cbb1c0799e81babb79
SHA256 6c08a86c641f45b4c5800daf896c4a1c86f2bc1b8a9e8ec36f295e4730851b9f
SHA512 216d90811cf1081dc36af3da54f2c355643f77bc2ff52e2a137dcf1be4ddb3d4e1f3021160badfd9105be565b4e87b5a8c81beb9b86a57ca4aa629c165f45f01

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c87be53534daed383806d28f29fd685
SHA1 8c560157eb966112be464b1b251ce916d2a1364a
SHA256 a69a38196d38a017c7725e3bb7cca92768df2693d7aafb51d851b49d9cbbf63a
SHA512 bafd7cb8d45fcf157420cfbf52ad1bba6768ba0b362d125323fa36a64965b566b778b71a1cbeb364a8ce722b6ebdbb00ed12dcac2cd662b79c2292c23d212260

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e53669993d2d598284aacdfb3ab37ea2
SHA1 3d238e247d423fec6ffb29bc3f5e55acf59a9af8
SHA256 e5bf5de57a345caf78c37865e51dc421877dac01f1d42bdb40fa82026ce33357
SHA512 b6201771660c3568e3390bf7f85d035fa835c8e9cbb150410fd39de0ac0d4d5e9551c331cadcd73b6c7176d5be1412648c2b5df8eadd1ffa52dd6f10b8dd3cff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1056c5df2f14cc50d842df7acb10c14
SHA1 55c1234f826e01b45872548b394d9890e03f1ea2
SHA256 1a2778e282259c8a38ed324ee2a370b7b19bd1451ec991a37a6d7f2f52cc6abe
SHA512 06808712002ad761ebda877fab8d3f4e5d2bc9eca515dd3b3827f5f26c328708ce16ccad1fa541fe86fb3d46a27a5d4759b0b3dce619a2d6e97d0fe264a34c8c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a651210f38e4be41efc970e0509663a9
SHA1 afc1ae0d8b418a847af009e5f5195a498f29541d
SHA256 34115edc151277a11cd1e84816438246efb774f6e0c2339042a268cc4ddcbbd9
SHA512 d125ab2eeb7243907d0fb54a781831edbcb7ec22e93432288b1c330c5af24ea8ceec3a3ba09b735d352a08d548d3aba72ccf1f3f0fa65a10f4c602f194081b8f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3212c6ff89b0072a8d8516c1c4d0851c
SHA1 8f7b3ff348db98ac78864a9ebb1c4390b45118d2
SHA256 33d6d7a5a5ef703c8e163634551206ef4e3caa9855917604d8633837b5c6a43e
SHA512 d752eb1c02f465187ea026809b3f4a661607eba9c0cc01023119fc06aeab5221a9d08780c47b458657e1927c613a10fcf615f1f2a8518aa6d329ed11fda80d39

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 84ab6b42ad0d5992d83fbc82f1cd2716
SHA1 36a9b4479bce96422dbd6fc5a01f2a2b40c7291c
SHA256 0f27c46e47deb4016cfe26921731f9be61c7904ef23d56c6ac70f2b4210e8d7c
SHA512 07e0eb9d7d1ab74f27b35163c84c997f743a7110cff18299c49f4b18cc729dc31b33879c058b10b740d0af00c9e5881d3ab7e6f5c431cd855820608ddfdf1da8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d055fd025cb1f37838283ad1385b6d1
SHA1 8c82f23cb367b26b3a05d91da06c874e3eb8b2dd
SHA256 8380743c9e409b0b86aff48a35f476403050085ffc40c69d982d09a32f9cf9ce
SHA512 61c83a97d722b449f11d40f98fed68f9a148f970b3875d062ea48073a41e63a07eb9e8daa8dbf572609a53e3c6458055c0e1fc3b2c18a3190dfe9f098ffa3f30

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 340a4b988bb9affe3ae3cbb7fd08551a
SHA1 779026064ac958b9449c1db28c556deb94c30ca8
SHA256 597520a27726e4911804afb82cb7689706b2da750983daae7b232e179ac1844a
SHA512 6fe9e631e49a46be2081ac643430ccb8c59b5d52415ffef45061fdcb77ac52c166e17364d2447b26d733a06f7727584a6df2adfdb7eeee7ee8e03e2ec66a6e5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ebd74932d43c02abb71dcf47c0a7e6ce
SHA1 370cadd6101ee31510a092779711e04477d05773
SHA256 2e44e9fd9878e18c32c42c511caeb9b76e6b0a5c0d101c494ff3ffa64ed172f9
SHA512 5604b3ae80248d00e7f61e848363d0d73fdfff846aba6c5f8ba4555ca11365de03335b6815ef4d5a9dadcbafc099430da7849d13496af7b82bcbc4502a575c59

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\42CQJEG7\www.youtube[1].xml

MD5 b81ade400d1efc8a549e98fe0cacbe94
SHA1 fb63607d622183b5187249a48b18424a8f16fc9c
SHA256 7c0f722438e65805408ccd63e3ecabcb4aaeb7e184e2bc06f2c49d8279daffb7
SHA512 e055c94e61bb8da2898def9a65a443a8cb2b190f3d6cdf7e8fa4df5a2186889a2f0780c02fb6128a42e6918909fd9f3393893979d6533291239caba32d04020b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\42CQJEG7\www.youtube[1].xml

MD5 d922dc34b5152d43da20892db0b8a49c
SHA1 f7506f5d57877de1fd03b379eb40a7929c6e7621
SHA256 6a8eab8bb2e639248a0f3052f73ce6e354ccb81bebfebe8cac5fcbc8aa97bd69
SHA512 ffb6935bacbcbce41b66eb7b6d15cd784b168ed3371ab2639bbb98aaa5bf739f1e178902f0f723d652c77194ea3f2955a7b4da9ad4688773c35eefbc8bebeb60

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 10:06

Reported

2024-06-13 10:09

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a500083a93d243874ec6b431f9b55d59_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2680 wrote to memory of 2736 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 2736 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 2632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 2632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 2632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 2632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 2632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 2632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 2632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 2632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 2632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 2632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 2632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 2632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 2632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 2632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 2632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 2632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 2632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 2632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 2632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2680 wrote to memory of 2632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a500083a93d243874ec6b431f9b55d59_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8d18a46f8,0x7ff8d18a4708,0x7ff8d18a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,14047237896113224516,16283830565101571513,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,14047237896113224516,16283830565101571513,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,14047237896113224516,16283830565101571513,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,14047237896113224516,16283830565101571513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,14047237896113224516,16283830565101571513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,14047237896113224516,16283830565101571513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,14047237896113224516,16283830565101571513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,14047237896113224516,16283830565101571513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,14047237896113224516,16283830565101571513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,14047237896113224516,16283830565101571513,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,14047237896113224516,16283830565101571513,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,14047237896113224516,16283830565101571513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,14047237896113224516,16283830565101571513,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,14047237896113224516,16283830565101571513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,14047237896113224516,16283830565101571513,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,14047237896113224516,16283830565101571513,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3444 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 konthaiusa.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.konthaiusa.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 216.58.212.238:80 www.youtube.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 16.43.107.13.in-addr.arpa udp
FR 163.70.128.35:80 www.facebook.com tcp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
FR 163.70.128.35:443 www.facebook.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.212.238:443 www.youtube.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 35.128.70.163.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 246.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
GB 142.250.200.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
NL 23.62.61.57:443 www.bing.com tcp
US 8.8.8.8:53 57.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 105.77.117.104.in-addr.arpa udp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 88.65.42.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b704c9ca0493bd4548ac9c69dc4a4f27
SHA1 a3e5e54e630dabe55ca18a798d9f5681e0620ba7
SHA256 2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411
SHA512 69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32

\??\pipe\LOCAL\crashpad_2680_SHYOGVMGWNGQXLZQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 477462b6ad8eaaf8d38f5e3a4daf17b0
SHA1 86174e670c44767c08a39cc2a53c09c318326201
SHA256 e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d
SHA512 a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5c4436b05422837f44b44e26c7845ed9
SHA1 ca2ba5d1134cdd51e5b0ab9aaf5cced3995ef7ec
SHA256 8ddb324903832f8cc87d0e1b1b3298d0294a8ed075f8a3f7b4a347554e899a42
SHA512 8ca44023888b717eff720774a75b665f58ba857d15eabae2d7ca74abc16831990a3defdebf554a473d9abbc4c0edd5dc52790976567c5c7c7c12cb736310b3d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 24027052b2c4582f7f84a532a0218aa0
SHA1 b4f7f3ea8c6ca2030e3560a2056dbdb5a390b8aa
SHA256 600dd578010553d7b213c7c78ce118177d2de87f0888afb7c55cb0c74cc75bfc
SHA512 b96e8b3952298da5a111f25433fd5d0ec098c4a109eaabc8fdbb87fac2a5ecdc3fe5a4613949c651158bc35f5fd6c273c467f290cd633997b2089c4cc753acf4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b0a622bf72deb19896ec123a773eb16b
SHA1 4f389061b84a7dd2ded0922669399aec1adb9017
SHA256 fbb14db04a36db946a3acd153a769660188eec70ce988a0af91995608a83eb54
SHA512 f16e8ee680d1cbd545a9254affde90729ab201d09ea4a368c2327059da329cee98c0f5b96ecae966018aa8348015c7ef48918a4fc210dda3d4538b84e4bc6389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c110b77b5e29e880b3780c039cec455f
SHA1 e88e13f7a026d3ad146235fb55038682239ff64a
SHA256 f83afc95ef8951a011b4a21dad16d45f7f3d809647cfb9176deb254f0dfdfd5c
SHA512 afdca0753bb5e95563e31009c74c0146c7256eb98aafe2723adb07f709e66bca98666f9249119472542d2a18cc95dcc9419d2b5df124b0e1d1212643da0c80cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 55839836d82bb387ba078e7135b2c6de
SHA1 98f1edcb55eb1a95effd2c494ff749894deeda67
SHA256 35e4cf0b52fe48eaa0be5f67cd07d88a8c8d5f13af4b0414c1d812ca9753dacb
SHA512 ede66cb7a1cd74d8c24b9a8e1b9352b62a8d7db3f4e760503ab7d57fd3bef475c52e987f049576edf51c1e9d289e56e417efbdd96c5ff246c7b0b2c8ecfc74e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 fa25ce6d391b9b9c9d85eda190a3d4e9
SHA1 143c7fa9ef4075349d4cac4a59ab68483289846c
SHA256 ba08d75a21471205952a3002e663663647f901c45a63540be1609f171bb838dd
SHA512 3b9b69c5014480fb1796f0ec246fc071c8e6162a0fe2cba38782bc6c5c40ad4eca7294ec18af4bd850319b0a14de078d60748171f89fe81330ed73300ce1867b