Malware Analysis Report

2025-01-18 00:56

Sample ID 240613-lmxf5ataqe
Target a4e44d6765d2c2c367373dcb39fb8ebf_JaffaCakes118
SHA256 0708c2b62a235495ee2cb0ccf60f77de46177794cf76fe6fa8848bddd403f528
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

0708c2b62a235495ee2cb0ccf60f77de46177794cf76fe6fa8848bddd403f528

Threat Level: No (potentially) malicious behavior was detected

The file a4e44d6765d2c2c367373dcb39fb8ebf_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 09:39

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 09:39

Reported

2024-06-13 09:42

Platform

win7-20240611-en

Max time kernel

120s

Max time network

132s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4e44d6765d2c2c367373dcb39fb8ebf_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3897" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c09219d475bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "7298" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424433446" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8699" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "3897" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000007922bb7aa682e4403db4d9be5d110dc97cecf89eb6f62d0430cecdbf5ab25abc000000000e8000000002000020000000e81133b41732d5171f31231e8e43e480bc06ef9013707b771430b6c93872421090000000c3915e360273862f70bd75a9a66c5682a875f4b05aacd40112a8d0f0dfb2fa8e2422453c5837bae182ec0823c779e7bcf954f3b36b279c2a622b832cc03aff6b4eaaa33cb91897f1fae2797a2dc9fbb62e0e7ce2a0e4f5f2a4d1a7453dedd5d01db505117f3fd7b6b50e3517dce79bddd8308f4ebaf891649d6ecbe85a47d7dc6919552fb4915450e2b17ff190120c6f40000000cd8c3b7f43ae2b24953d192db05b621fff6c2b92384c01c1168de1521d71b96f1b854a89a37d7abcc5c80d2d8740f81aad05b565f98edef05e4d6c463562706f C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "7298" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "9968" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8903" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "9968" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8699" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "14152" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10746" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "200" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "3815" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "7292" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "7298" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8693" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "200" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "3815" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10746" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8811" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "200" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "3897" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4e44d6765d2c2c367373dcb39fb8ebf_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1176 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.konthaiusa.com udp
US 8.8.8.8:53 konthaiusa.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.214:443 i.ytimg.com tcp
GB 142.250.187.214:443 i.ytimg.com tcp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 fe0.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabFA1A.tmp

MD5 2d3dcf90f6c99f47e7593ea250c9e749
SHA1 51be82be4a272669983313565b4940d4b1385237
SHA256 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA512 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 acd811a5e2da313d131c181de0c4e869
SHA1 53ac47d6e8d3f0087ab7582002525b4b230e8472
SHA256 521a82f7406ed1cf698e0015f7b22ea554079ce342177bde643f2eff25790c24
SHA512 43490c4c08644a7743a274a2353f0393de9e48d45db2a7556cc2225f59ceb16c51e4bcce2fc13c2338e91126e2d1443022577d68459a7d3e90ccc9063caa84f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 cb85f3fcf86ef0de7ef258539cae87de
SHA1 c73288fff07885a62f8c7033b348863ed3b8cad1
SHA256 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f
SHA512 dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 a4d5b4d065e76ad7febb6d376f95a5f3
SHA1 b9eef14691dc0cc5b498ff939c002c9a7e9c1711
SHA256 cf3fdc7e3f1e1c8a5faf3e941bb45acb0c38df071ff401c2496d22d29c76f760
SHA512 901b799affffd4a00741727bd13d486b9daf8f6fee34faa75f775f59f3a316bbfbc380f4c742ec976b2e6bd1f8a03baf7bb36913a15ded52d15f10f6f2f740ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 20cb9bacae728f31bf2cb59fdb5fa334
SHA1 f150b64ae52ced8f4722642f98620b76373a1aa4
SHA256 bfb109327c3c93b4639f6d3014806757f7921d26bbf43d14cf3c70ca51b2f8a0
SHA512 8d5e920ebe442838b9cb598dd61a59e3aeebf3a56551eef00abc2f57ccc456bf3db1ab9790735a80cce25ba08ae0c05dcf67e103cf9d6e79bfbd5d16bb1eec2a

C:\Users\Admin\AppData\Local\Temp\TarFB49.tmp

MD5 7186ad693b8ad9444401bd9bcd2217c2
SHA1 5c28ca10a650f6026b0df4737078fa4197f3bac1
SHA256 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_89FBEB9EEBFF8AABF1EBFA20B87AFE7E

MD5 a52f349a9935bbf206130ab090b8f0aa
SHA1 88aca1c64861345f8e043d7e6dd1cb9001943b0b
SHA256 9fac7a77c699ca67ac842bdc86d225a7aa119d14c252925d24cae868f1c56462
SHA512 19895e229b9a38bbf20205576edf94002322b40ed144dd415e537c9aaeba2a4ea66dbe077df425cabc10920798a04aca818da228deff5aaaabe4d41f73befc64

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_89FBEB9EEBFF8AABF1EBFA20B87AFE7E

MD5 60c593c796591612a55accb66d6448da
SHA1 816aeadcd13ae6c0829aee7c247b5dde70c7af95
SHA256 0a7ef74ec7fbf8eeee4907e58fe82af1928e84c8585a1684c3257db3ba58f40d
SHA512 fc0b1b8d6d428ecdeb395894b6eda967b75f1835a81fa436abb6fe8b3a0d89b5bbd45292bad2eb5531155b4da048ce579b57b59c94338bce58501d60c8f4b176

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M46YZP1\www-player[2].css

MD5 d32700adacd5d982244c69736b87bedf
SHA1 813dfe8ce4ee3608ed3580113e3b82730ff03c85
SHA256 2c7426a5c6bf00c328c96fb01c89c3e23ba7791e87455cab5aa3b546942f1fc8
SHA512 bbe35704822e0a82de2da2890da6c06138514070fe93978823601079a9371386915431f98e613adaa9566112d728f5f0274b3864e8a0c7da538833383ea5d342

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M46YZP1\www-embed-player[1].js

MD5 8940a491297381a0ce25360e21b39bb5
SHA1 43d7a4157e78777fc024415969c3a7bd550a4322
SHA256 afc766cb1c4a339c40d24ad926f05e8b4927eed7532b876291d0bd19adc9cf3e
SHA512 5772d7e7485db888676e69cbaf4c88af01872997338bc61e8e0344d5dba208c2909e167d54d8edcb782e17d1a2b4e9dba955baeb0ad0e43ba932b3bf25ae7dde

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M46YZP1\base[1].js

MD5 cb463df0a090cdfabc77af2691141830
SHA1 e3dde6a1f5c4803e69839154013496a781137473
SHA256 e09e2e8a3cfbcc88eea12d0b17161e1f2c8c75f1bb21100829c09f9858db3f24
SHA512 099374f7b03a4635390b94525105884fa101d93a583eed0d92def7d2de3199d2bd57fc63d885e8e9af0863db40cf521d2fb770eb09400a4c6285f7c37ad88e8c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M46YZP1\KFOmCnqEu92Fr1Mu4mxM[1].woff

MD5 bafb105baeb22d965c70fe52ba6b49d9
SHA1 934014cc9bbe5883542be756b3146c05844b254f
SHA256 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed
SHA512 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M46YZP1\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

MD5 de8b7431b74642e830af4d4f4b513ec9
SHA1 f549f1fe8a0b86ef3fbdcb8d508440aff84c385c
SHA256 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a
SHA512 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JRI7WX5B\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_7B6B0766585C28B689143E993A052643

MD5 a4f1ff88f1c4819543e78c57886a7121
SHA1 cac5a71476e14bfed1f747186ce724adb632a9de
SHA256 5e19bc4ac654b0f89b3c2e053888ccd3cfc56e4da5c1358b2a0349815099ff33
SHA512 98fa0d3c44ec9f6db8d947b15370ebdffdf4b76b924f38da6a98a243f38ab54f37c945bf539293a49f567dd38a2489fab40c240aefa9d2821ae7f40a6d97fdf5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JRI7WX5B\www.youtube[1].xml

MD5 db3c3e066113aaaf8b23876bb65585be
SHA1 6d8c0511b8b734cda9869dbcd0426e1e59919947
SHA256 a1b146bcc4e2651311a86daf1e8ad33b4f449c267e11501411fde837b208c7d5
SHA512 deea8cb28ab0460fbe63ed25b42b570bca3c37d109eaefe530f950b69f84693809b63b001e3e84a2cee573954c173bb0d32467e531c8ca795a0194f006ef8e7a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JRI7WX5B\www.youtube[1].xml

MD5 b95039381186dbb066b7a1d97bb6e1ba
SHA1 8795dc5e95619da3049094096f27a3cd3e431608
SHA256 5d5f34d4df8b1e67be8394c2551184b647212cf2531d74b0f54e0e5ac4497c76
SHA512 6635138dd20459cfc907e2a588b4eb87606164404d072e380fc032e3fd80fb3a99fd82831e6bfa4b2c42b246e39a7a729807a9fdf21ab58437dce7831ebefde2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JRI7WX5B\www.youtube[1].xml

MD5 0de1a538f6ee13ddf267752076042ae6
SHA1 588e8b7ba945f241b08f932267e604c908045a19
SHA256 67a80e3fb5c636ac4c99a966b5fb98ceb66c7c859d36d603d28719cfdfd28155
SHA512 a632c31eb98b14d7464d4cf9938c21b099eeb98cb6364c85d67516e3cc48fff819dafb44b59cbfa3b040d71fea90e27dfbe5c09b15178ed22b0a832f3a0732e8

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JRI7WX5B\www.youtube[1].xml

MD5 3de4d9535b18d93037cd48578c1dd8a0
SHA1 d6e333f6b1ad322aeec23d482217230cc6a2b39c
SHA256 9f67a7162fb9e9d7d2587791b3dbca4e8a4c3147a3d2de17be79f150aea4bbfa
SHA512 3703bc0d4c094dbd059066de45f80bace16cc549e09596c0d648066b5872813479fb747246dac155f0a506a18cb509830656996f93404cd7a4e767542dd26cc6

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JRI7WX5B\www.youtube[1].xml

MD5 1d1779dc307517e7167232e73e3198df
SHA1 15ed3c1cb3907fa651ba63505c300a5d2a0b074c
SHA256 43245a3671679df1d1ed8e6aa2442de1f3bc92be38a6b49fc913dbc034a959b4
SHA512 9d1e376916cce931a340757727ffaf039d11a627b6f3a98db72d9a16f08260bc47beddda6c045a085e20ff018ab1dbb6c9845060405dad17f194fd0631a5b8b2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6F0O117Z\ad_status[1].js

MD5 1fa71744db23d0f8df9cce6719defcb7
SHA1 e4be9b7136697942a036f97cf26ebaf703ad2067
SHA256 eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
SHA512 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FY3LN490\embed[1].js

MD5 14d69fc9da4a63c8ad5013b3d3781842
SHA1 e0272f8403d95fd27df22dff5fc014e2ab5d8a3d
SHA256 e2a5632fec9da56d272ccdea5ecfa7000dc70659673c52a11966802e37a2140e
SHA512 0f85c67ae8969570f6cfa4d265013da7d4820ea11349b11b886d480d7d78df5c6aa1e7484724d6b21421db18678d22bae6d478d3d0e35506673fd609805d1976

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JRI7WX5B\www.youtube[1].xml

MD5 4499b127622b010ed16cd0d640683b06
SHA1 3f4776db9a31fa8bf4ec3091eeda2aa1e3406f50
SHA256 9219380b748c114ff6c9b05a3f221b5a710413d120c14aee3fa3186c2a69ad66
SHA512 b818a8c4904d6b98e924d15368a440237e15e8bd0128cf6b96703d3aa4dfd5c19ceb864ccca23eac0d5c2a8885379a13e60f33e47fb334a2ef3ffdbedfe31c3c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JRI7WX5B\www.youtube[1].xml

MD5 f7d22b18f2db5d635146372a3f215c75
SHA1 778e921d080c3689f5b54c0b7755c3f442ff0022
SHA256 0c0b52d50938ee64751024bfbf4dd866d8c22fd3586e2ef86cbe90c1b4a1b20d
SHA512 8c56b013da1ecd5755eea35c8855bcc889f82a9d4113d5b03a534adffb32775e6010b1cc193fd3e254321907eb440e00a91e7661dcb9c279c497858a30613572

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JRI7WX5B\www.youtube[1].xml

MD5 74f0b9183c45016f70c918f09cb9e4ec
SHA1 5c8e4c758c1666a48b1e73025ba6a431df0d57f0
SHA256 ab999827b46cac39505e6e0288adca5b815879b3373abe2f3d94ff00eabd821a
SHA512 e5bf1dbd53bdadb515f2a5527545fb915c66d4997762586cb85f0b42c6d88ad93cc28c061669be3851157ed193c7f253c65426b925a30a0893473d1a90e4d169

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JRI7WX5B\www.youtube[1].xml

MD5 e2a5f886548b9b8b4dea9f236e3c0425
SHA1 0f0e6792c519cf803fa42fb206e8b7b2e7525060
SHA256 a3a7d2b68ce36f1c6305721484539df34e36191a061f9117995a0d912ba7f2c0
SHA512 240dd5e14ff461ec0bf861109a1468577476f2e7aa0aca8e928528b04bc5057f190ff52804713b9fb13f9fe5b5b0c84a4918ebcd997d5b11155229f60a79d448

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JRI7WX5B\www.youtube[1].xml

MD5 46771836dcf34142b5dcb5d1f68a01bc
SHA1 2aa44075b164010b149ca9096d98986947f81370
SHA256 413bf61aece4f718c89cdfbe857225efc0682b4748e07235a94fcc432db3da73
SHA512 90cb17c4492ad36a0ccc72677951826d7e2ebad3839efeed53358cd218f10c255ccc4c045d34221b18fd9b99d0b1da03cc3ff57950080dfbf78b634a5aeb143d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JRI7WX5B\www.youtube[1].xml

MD5 02b6446478ea9f5dcda80216c28d02a5
SHA1 0f00f2222a9af9ecb7d18aff3726944773c5bd61
SHA256 4eb90416acbb5fc93ae65ee7130609bc6cd48783b15b973696b7e55b7f60bd27
SHA512 6cc09c97ba695010113416b4fc6bb2f744f1b72206c569c0fa094dc78070e1b63ec06df544b8f3e914d6358bedcc794998f025e909afbaaa23d422a560e0fd99

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JRI7WX5B\www.youtube[1].xml

MD5 97d5ea3955ff330ac47461a9e0069ce6
SHA1 6f3cbb9ab9631034d3451aae3d6d56ab7576b9d8
SHA256 0cae5ca59fb88b260e7d6242b1156fb7abe5ca9a70f6cf53f8b399b32d2b5416
SHA512 b8afcc812cfd5e5a1af3a22af0f85178691f2d83aba9395256c86c8669b7aeb01144e7de2149ea95f0b008d334f47855f41d1daf979f12631f151eebf9244218

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JRI7WX5B\www.youtube[1].xml

MD5 75aa6b0f5687703b896d34721c880a96
SHA1 786b5aa8bcf5d69a9252f0410d7f8beaba30877c
SHA256 d99b1ddb114f5d6eac464e3a3f768c63b00556940bbd7ca6bd499b1362cb76cd
SHA512 a70f4d0f83d03e6070eaef708bf3d459cee415de29e195d5cab0062dc30b08b887dd0bca06e6dcf03bb1fb6c119f51b2a021f15960901b257a3bb746121019d0

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JRI7WX5B\www.youtube[1].xml

MD5 47e173240ec1d131768830d06534e9c6
SHA1 fa9de64c4f65b96a73216ed87472b27f6a36faad
SHA256 b786e763459497f2b3ef47f37a45d1b30b427e339cfc6e30a95cdcf051bdb304
SHA512 b071e2971e31e5f7ddbfba7ac1a317d5548b2f04d06f4f001b6e5c9f9fcb20fcec300ad238e7bf794a0f48ca28e0d05fc4ab30e359d179ca3f552975c2b1bb85

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 33a9ac716ca7e6eb8b02f98b7bda64ca
SHA1 832bc1debd427e63e560fa21a28d88e360653d3e
SHA256 900d262271d0458897a453090495c6a66b102f2b9346cea929c173baba66bbc9
SHA512 d4fa440ed8aa2b9683a7b7f370ea096a779aa2547f2aeeeda8bbee48e208da204b57205383d3aecea9a0a1c169a31ac8dec35dde765b807271bab48edbfc22e3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JRI7WX5B\www.youtube[1].xml

MD5 049e52b4a3cd5de809abb6f1e4818ff0
SHA1 ed16d50627fba406efa7233ae9958b5977c4e202
SHA256 0c0643b0a771bda6673df9d4a722b997edaa14753504972be776e8ace47791d9
SHA512 dd65bfe298618c6475b2d4cfb8ef3bace838757b5f69f4e0de0162879f4175d10838fe90d1be821868b5b0bccb1e6c69568f03d3a7e6e81bd0a919e8246bbf70

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2b73979c31a31399dd28a9abd8ae9910
SHA1 9360038d1201e909a79eb65ba49755e5c4eb4ff9
SHA256 2071e9be52855f83e43eb38fe3da99b7a95f7bf3524f1e2fbf1bece73e7fa5db
SHA512 a4b62c3324cd64980bb7c2bff4eb7b260b77711792091480f547ce4e0a9e509fb3f5daace2e295343271e0d28b5fc10df5966686630f1ee7878a670075ce0766

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 39935c65b575d95e8a7a08712fb1e366
SHA1 ccf1db603d452bfa4ef35dfc9b7b69060068f023
SHA256 c9c56654a10a6bac258f3a59f2dfce7c4b8c7627ce72ed6db86591ec3c199591
SHA512 f62b52bd18ccc0f63f4e8f189c8506e8b420e01d0ca5b6479910762d7b8bba1ad7480e7f3c8979a752486a55e41178b888b5b45a0148c4a0875034e3902b04ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 640bb99af2951c6207573a3d129f106f
SHA1 de464c5590c86b497f8a7323be5919759689d44b
SHA256 c20bbe3753662f4bcc8a73f0c3d0e304c7d74157e135b620125e53eb4245d35c
SHA512 3fd6e575c419aa6f83f9d5cfc6258001a776413ab6eb5a142c2fb83b006ab73b3a742d319d972041e43f981fd731065e4164e5778115caec452f5b098c839994

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 67fcd116002f64c13ec1112a2b981772
SHA1 86cca27d765906861a554c5408aaac945a60dfc4
SHA256 b4227d3a11620e8016af1e34302e0e5a9f5c402e8af951064b1c6224810ae935
SHA512 217b741a6c37d2ae5abdfc09fd19632a0cc2126e0e3dcbe91fbbf908ce25cf491b1e9a5b86bbfc69d91f883d838971d61a6e95458a07a293b01cd510239b06f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88c3fbc6bf52346a9a244921da4b6a49
SHA1 766d926dc7e7df437f3e5ba904f977dc2bd55815
SHA256 78e85db7aed85c61ba772e84b1c6163cd21937806ba8a68344ae4bdc54fc20a9
SHA512 959d89bf1eb023d66bb603fb36ac36015523aad6af0c6fcdc00953f888941c14563f77adf4d23668c0105f91bbbfde64fbf42f5f85aab9005a14803d4c5a2b58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 82cbde844125d57be63c2931a2cced88
SHA1 1a58c14a890ca6c32c038e05d59faeef93f2327d
SHA256 a7a2f554c71561b5023a200135a0403b059839d8d6a0daff32cdd76227315e7b
SHA512 d22ffc269c0c8bfd74fd85054a3c7feb039932c23f429253b3bc0c31ebe2adaf739e30e589eca6ff1ca3a128bda414af30ccab251e4f0327e201ee6a6a20a973

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JRI7WX5B\www.youtube[1].xml

MD5 a7247480089336f3cb19ad7dac5bfc0c
SHA1 8be74765bd55ff8de8042d64b9e7310ecfff9ba2
SHA256 8e0348a62c75d53d844956a335b50a184153f43ef98a19d05d1b9c5e91a8559e
SHA512 dc0e6257e9b8dd6dd16a885dade93afbbe10e58d8e741dcc4b615ab98739ceaa89eec5b54909a71a2925b444c6645d12267c1699c9f9dd7e2f09627215ffe87b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5aa3c054413ed928afff7cb4605c75c4
SHA1 901bd615eb95f1c7d0975046aaa49e10a7ce66a1
SHA256 8d8835110683e36774fbfb37d5ba2b299450710cd4194ea677bd831e56b9dfbb
SHA512 f7b6bef640f9145dea3c6fe409e25bc757b93197c444ee0dca8560071485e2b1cd9f5518cd235a3b0df09fce5465b777b4a5a1dc83585c13dc727de348269b04

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5916a5d8e6bf775aee4787a47c7c460a
SHA1 4bedb49d0f2b47cccbbe0e3db7636736d0e1e70c
SHA256 f774053007b6b428a291e9c60ae935ff7fa9d03ad8a8c2026305dcf7c0c82dde
SHA512 cdfcaa741f1559d9fab2a777b3c58fc0f9283306ec9ecd5e06b9189689e20f8999b4fbd3197301a89d0b9ddca2008dc60b12949a4241a45a3d2541fa47e8126b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 719f47308860deee89846a6fe90c7d7f
SHA1 f825e1e75cc8f0f771377423cf695f42609df5ba
SHA256 07703c8d4c9c48f0a5af1421d241c894cb234a81ebdc6936091c4a356ecdcfb8
SHA512 e39115a0db3a1336983a196a6cb4ff72c142c9dc191c18db47777ef8c605a1e21183f56dcddf178580fb9c1d772978e4e2e8de339ff5a71e7305de4aa0166c4e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JRI7WX5B\www.youtube[1].xml

MD5 c4ba16e2a70409e53acb3e654e3ceed3
SHA1 b8e9a65829a54186e18b22798c7c2c444fba1715
SHA256 cd0d6aa2cd6d50dbd9d4520a1338cc063451e440365147b2183ead9cfc2f4cb5
SHA512 9e84f85f6db5f14c5d109ccb1e5966a97909322760b72fcccc41219b2c4e79c01f6026c374c3c345d7f34e77c24a2b5258f10a7351b35a14e79d2b71cc7350b5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JRI7WX5B\www.youtube[1].xml

MD5 e38ceecf73d4087e38981531c1311419
SHA1 3cee62d3b16bbd6317d445ffb6f94dee7b1c83c7
SHA256 bdbeaf94d365b47afec323a5659c6285ba260024ccf023827f6bd92a82cdfd44
SHA512 6baa537ad35f6050898d8d2149688e89f3f51cf8164e91b3e7e2d823c41fc2c860a60d92a791d08d6ee646b875adffc687f42dfb7d07ef5a34dc01b3aa5f9daf

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JRI7WX5B\www.youtube[1].xml

MD5 9ac2dcd2f8b7b512157801d965710adf
SHA1 9d343ea1b8beccb469e0be673a85016ca58c7548
SHA256 c387aa1688a2031d11497cc805d3e503c64fac6397c0e11319debca3f2cd2880
SHA512 9a441feaabd623f66017fda3756e2550339ada56ff48752c125481d9fe1a7c3b5515bc2fa9067b627e53ebe5e4208376562a30b7199ef4cb7038ea8a350eca10

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JRI7WX5B\www.youtube[1].xml

MD5 a4126c37e859aab558d0a0e38a129065
SHA1 d72bef54f9bd04ea1cb47be1a5c9f49d570a6072
SHA256 d2f7424400d0cc41e0f907584a99a17d883759d98ce72df7214aec30b952eb32
SHA512 34fd2ddb1422a7680da4dce44415fbcd332bffe99def7f1e6f36a796d1deab1cb9a6acaf76f5187d50aaad101603aab5c08345e7697c26a7c790b4978dfcb739

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fae6a13e17177c767fc0ccaf252d44d8
SHA1 c86f36ed65cf25d7af63b85270684a67e8cfdbd1
SHA256 69abccf9a7aa2556e9306fe4383b6dc3133c49fbc2e2dfcdad48936fffbd106a
SHA512 e2b4db62e9d0fef4022c41ddc5e508850c9e547a6bc7808c0883135ce29911a0920687617ccb5a1ebd179fd56cd1904b264e8554f8ae86ade12221ae0a8f8b58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1508a79ecb94294b3bf5c6e090949854
SHA1 d23e35436deabbbfdd219144d5cab2ccb3212878
SHA256 afffcd2e774611fc182fd9277455f669ee538486285d621709d40121e5e8dcda
SHA512 acd76f7a853099a56c0c3006881f37febbc454f1895a34e67ca5855ce358ce601657a4573313dad5cd254462dc2589b62aec8d634f8d0aaea1c1a66ba557dfb7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 885563a7e63164f971c12aff3cd89953
SHA1 c5b161e90bb0de0b0441a7ffea6b7e263d01aee7
SHA256 8d8529c1e40f4b9b4fc1085cc4f594f474f932048f942f70a51d66e04e90e924
SHA512 4f2d568e20d405a183ce23f6ae73a9362c8ae486420d35d995fd2b80f582230dbeb6c9cc1252af148728535be9510e8dbd7731eb9e6273c6bdbf0a287b60df91

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 17230cb35043964a372644887a635cb9
SHA1 79e4a7a802b43d42689fefac805a898b8bb66c8c
SHA256 b445b6a8d20b8f3a8601914ba61395f1445830fa4e0c0688c493115475508d7e
SHA512 bf04f93b7af84494cf07598480205b95c5f8deebcb475810096e028f0670fecfe3386ec4b3db3bd4d0211160cb4a7a9713d6576d1710b56a8f07ccffb7520f27

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be11e8f8959d5b4e88913d11536ede2e
SHA1 a55905d4971318bf239aea6757cac592082aa4ba
SHA256 5e408d19d7b0636a1a61ba9238bab787b1296f89ccf63514775247bd1a106fea
SHA512 4db39c278e23993a3dd173b41dab436c3f7049e045b1c87e64dbdf4ba611a1d31dad30aacfeca5455e9cbe4aa540756a345577cab55048046b351a4eee1abf29

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2a000a8831f7aa54ee04b29c34b1b7fb
SHA1 4dcb35454da91b48d283283d43f3ce99bd2393fc
SHA256 83e85163cc491b5cfcd7f489556312080a3116339c4cf7d935037a518952f716
SHA512 d96c401965c094b14dc129a4b6b6bf8afde0c5e6d6f20b5588adf4d1f60b1414f278879c43ec204c60bf943facdb636e13542ee2591b7563583373ccbeb37849

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JRI7WX5B\www.youtube[1].xml

MD5 23e015d3095cd8ec51017041d73d0f7f
SHA1 0ce3ec068ecf13ee937642ab1a423b6359ead3ef
SHA256 312b8347dbf75c65def1d356693517dc61295062726598059bacdf780c547f5d
SHA512 4e75a93fceccb6edded953ac7717c434fd15b2a0587fc24dcd1530a196b5bf5701384562dbbab8460ffe94b985b84dfd1fdfc0ef8dfe0ff8e411c782f094c6c1

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JRI7WX5B\www.youtube[1].xml

MD5 bb7145cc3f8c56638131c01e930e8866
SHA1 0266beb6dce0a553e5e8d9d8543a32f5d2dc7d9a
SHA256 b5fc05b6ee4854153216ee3d4c6c1c1190a856d1bfe9ad828d73ac08d79755c4
SHA512 3258fd6799cabab0e2b4a6fca1264ce6fe2a9cbfd8507810d82aafded612616dfc3404a1049316951788c0000775fb29795485dd9c1585aafeb4ae1a44eb4237

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 28c8828957d0276cf367dc80cb548ecb
SHA1 c0fc989e9d7d1c6a7d6dbea8b72a934ebd19eba0
SHA256 867c72e760a39019e6171e32df9652590b8362da5a8e130097b4b39325953922
SHA512 c866e961fb7f53f636bb15492d04da02a324320a6ae287170fa323c9da8576c9be2ae7b968ef5b2f4339685ca7bdd1c0d6032051be2d7a40f88d01adafb7a53a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ad24a683770b415211fe107450b5f23a
SHA1 04692984bfe85574a893145ccfc31fce140cc511
SHA256 1bf20f36b633e30419b43409bb5b7102f27f637fea316cd1b1b32599b54d1fd4
SHA512 119d88cfd52432673799610a25348405de66ed79871463bd1f81441ba2c69a14fec2bd13297bdbd05afd50c7de12cda7a8c8e4bc0b043bde83e8ce7c2682554f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b09101cc6da03e2bad4fc8c99af63e3f
SHA1 21014fc7d19182b2a3908b55ebaf06f87f19eb4a
SHA256 e72d66b8eade9f04fae3e489203204e7924c8d3a6443122d527155f433f14a81
SHA512 495a2a05c5e05c5344c331c2d404cf8a8b5c3cd6da16febe3ba327066e5dc5fe8df54ad991c036fa5d7c6c5df2c3306fb33c8ab8a960b30b40c5b14ae00a57e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c2aeb11e63a93d54ecc4f50be08f5002
SHA1 13efbe71ab0620a32fe12852832899024feabb5b
SHA256 d7beff8ca1dcfb2a74a56a3a9995f9e8d8a259a05ada9b388342fe0b57449a19
SHA512 45a53b4453f0c417213de2860669c7ace8b15b2d634db7d0256197c92bdbe2373a718676a57619269e230ac44f3aa08f937a374ecab48875db6d40d9b22f6162

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JRI7WX5B\www.youtube[1].xml

MD5 4bbd3019276a68a0b47d9f5fc03251b7
SHA1 39b91aaa4927d8da80472a90602be23102a0ba67
SHA256 6c7a09f4ebe00c4beda4a76529648ccdb0e1d3f90136004cc44d793e7bb26beb
SHA512 37e5f9fc7964da1d707c696cba35c3b003631fac4934798fc834e2430f6a60edfd5040a9e81ead692a0ba1142e76a0a49e56e8c4af51023b88a9ca5335efa758

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 09:39

Reported

2024-06-13 09:42

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

125s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4e44d6765d2c2c367373dcb39fb8ebf_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1548 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 4408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 4408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1548 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4e44d6765d2c2c367373dcb39fb8ebf_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbcb3246f8,0x7ffbcb324708,0x7ffbcb324718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2328,14613393081472877958,10943072824680593259,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2336 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2328,14613393081472877958,10943072824680593259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2328,14613393081472877958,10943072824680593259,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2328,14613393081472877958,10943072824680593259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2328,14613393081472877958,10943072824680593259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2328,14613393081472877958,10943072824680593259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2328,14613393081472877958,10943072824680593259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2328,14613393081472877958,10943072824680593259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2328,14613393081472877958,10943072824680593259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2328,14613393081472877958,10943072824680593259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2328,14613393081472877958,10943072824680593259,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2328,14613393081472877958,10943072824680593259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2328,14613393081472877958,10943072824680593259,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2328,14613393081472877958,10943072824680593259,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3204 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 konthaiusa.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 konthaiusa.com udp
US 8.8.8.8:53 konthaiusa.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 87f7abeb82600e1e640b843ad50fe0a1
SHA1 045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256 b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512 ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

\??\pipe\LOCAL\crashpad_1548_NPMSQQHWPCAHURFA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1 df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7e3c38d68249406acea09a7d336f3ef5
SHA1 b64b739f620348fbea82c44bf30e036200527665
SHA256 013671cdbd7410d0b6efd144b065154925ac1083da622cb5f120467334749f30
SHA512 219cc747cd7cf7c876e77568a62feccef011317ffacf9dbf42e9cee07207ca735e75de099fed8ce9f641c8994c5d2ad9ac5bc5c4c6d7f3012b16beaf8d4928f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7c5cbad642f32fb5c00ae18cccc1edb1
SHA1 6d9447b745cac9f95259edba8e2ee050ff3f761d
SHA256 62b9161c2cf7e2c0d21fdf8bba00454f3fe6594ac48a0be6bd05e1f8c331e5a7
SHA512 28eebfb307717ceaa1654e7845fa9a3dbd57860ecbc08f5c6477eb314ccb140b7433f02bc6dd042051510e441ac6b89ca3219ea54dd86ee6ad3305a449334af4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a5812ad420a1dc6267a0b0f7d8f82257
SHA1 e8675cf55fd2433b8d05a1d54cbd9bb7de38521b
SHA256 3300b285248477c485aeb5a45fbd779b7904bb8286444c88e46fdf43fd37bfe9
SHA512 0b34dd5b35134acbfb7a746cf37e43917f01ecd6953ef6d62fc7e1d5895d460e2132cf20afa38281218eaf43704fe7a68e3297ef0130d6d146d72b75f1e1866a