Malware Analysis Report

2025-01-18 00:55

Sample ID 240613-lqkxhaxdlm
Target a4e88a3312a06ad41b681f015a32f5fa_JaffaCakes118
SHA256 fe38d1a7a6fd865cd34991ab58b908a08bda901004df7acb0d3d7572aa92f97f
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

fe38d1a7a6fd865cd34991ab58b908a08bda901004df7acb0d3d7572aa92f97f

Threat Level: No (potentially) malicious behavior was detected

The file a4e88a3312a06ad41b681f015a32f5fa_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 09:44

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 09:44

Reported

2024-06-13 09:46

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

124s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4e88a3312a06ad41b681f015a32f5fa_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1356 wrote to memory of 1400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 1400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 3896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 3896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1356 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4e88a3312a06ad41b681f015a32f5fa_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffa05d646f8,0x7ffa05d64708,0x7ffa05d64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,9742276632420928273,5230828711535800658,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,9742276632420928273,5230828711535800658,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1984,9742276632420928273,5230828711535800658,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,9742276632420928273,5230828711535800658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,9742276632420928273,5230828711535800658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,9742276632420928273,5230828711535800658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,9742276632420928273,5230828711535800658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,9742276632420928273,5230828711535800658,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,9742276632420928273,5230828711535800658,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,9742276632420928273,5230828711535800658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,9742276632420928273,5230828711535800658,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,9742276632420928273,5230828711535800658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,9742276632420928273,5230828711535800658,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,9742276632420928273,5230828711535800658,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4392 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 www.konthaiusa.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.konthaiusa.com udp
US 8.8.8.8:53 www.konthaiusa.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4158365912175436289496136e7912c2
SHA1 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA512 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

\??\pipe\LOCAL\crashpad_1356_CNVYWXVOCSCRCJJZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce4c898f8fc7601e2fbc252fdadb5115
SHA1 01bf06badc5da353e539c7c07527d30dccc55a91
SHA256 bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA512 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4193e46106930abeac4bbc95eef82dc3
SHA1 4abfe787be9dfef7d1b7b7d53a781e8e41016044
SHA256 28f1c5fcb4761f9f46532d43ccf72c8e16282b782e91d98bc2b7ee6b5c279d82
SHA512 f4c46d2848a377b49cda8610c9ddc1f254f81955393c873f9cf4f6f2a86a602181d09f7249d6e3f1b780b204c9d1f4944bf43abad7243616f3f6986d8158eda0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bc3d0603a40ab2298f138fa5e82faace
SHA1 4c502be96988c6dfd65692ceee3c9c3edb3ca73a
SHA256 d6b0df96628e4dec6d16850d24f012434666c0c78926b27fdef5c0f216143570
SHA512 92afac558ff02f9756b189ef9c8129585e9863ed2e7c281df0a2ace43a87dac471202143c82f4efafc88e2bb72232a7814bebdafae134b607eddefba1364984d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dcf9af9eef08fc53e438b85d81661485
SHA1 efe79de48c796cafec94a134529a8e2cf372aa14
SHA256 90f2b26485faf44f5bed1f93486cd2c1ce1fbaec55f76dfbf80e36c6a566ef33
SHA512 53b7ddcf15b2f37bb03aaecac1461c76c8644fdc926a3f694563dc81fe159dbeef9dca2a1685b0cc4f1117db8c4beff40f43106efec65cbe205c4394e9038fd8

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 09:44

Reported

2024-06-13 09:46

Platform

win7-20240611-en

Max time kernel

127s

Max time network

140s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4e88a3312a06ad41b681f015a32f5fa_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "16039" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8300" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9748" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9742" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8096" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8300" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000e67594bf9bfbd15736e9b1363e1817e087a1ac5f3fc7cd391b70b44f85a57255000000000e8000000002000020000000eca5d15ba4bed3e0fe2d1acccaa3c174134d2f99831d3106abdffa52412fa996200000009d3aad75dfae88eb251f26efeca67d659548aba06d966ede78ed073a17937527400000000d41300d4f35bd53af7953641c1465f8f4d19737cd9b3930739e995754500eafa123f845cd7b7117635730ba2d8eb17a372d42e5da000a6f56bb6547f237cf9d C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "7975" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "16039" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "16131" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "9742" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "9660" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "9737" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7F22AAD1-2969-11EF-A490-4A2B752F9250} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "19405" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000e84a568c71fa35eaac68e0870279a4607ed7ad53d9399d6c77e70a759b33602c000000000e8000000002000020000000139244ee876d6e2259e7e885a437b0f696ff479e15dd61ceb6c6111a97b5a71590000000c3d74ae910845467bb6a1503fe012ebbc36102728cc1757a0519a9c25fe3335a2665c7a653d871c2ae22abd022665d4dc58a3af5737a2ee60f99f04e0cea182ba6225d49b37d69938c81c496ef657c866f3a7357d508e580c0b0d2c07a0c223e8cb6c02bdc554d707e6790b9b452c1f56f9477a8e9ebd1914c472a200202d17851d66a6655c0b7e0678be602b51ab3e140000000fea33d97cf5e14b22d98bae277ed0750d9369d99b23da28fd1e6e3ba3fe91a9f8dd769d7312dbe1e3d120101439db182b74fce6bb6d78fd2029c8a0638584737 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "9660" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "28733" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8090" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "15921" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "19487" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "28733" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40cbf05776bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8008" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "9742" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "15921" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "15927" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "16131" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4e88a3312a06ad41b681f015a32f5fa_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2112 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.konthaiusa.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.214:443 i.ytimg.com tcp
GB 142.250.187.214:443 i.ytimg.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 fe0.google.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 2470e6787dee3f80073966d1d6df307b
SHA1 d2a71b6a18344beca279f7df35df097f1eaeacb3
SHA256 2dfa9172bc8f2767b260bb1abcef438a2c9d98c1bf92b7791ad8cce2112f66c3
SHA512 bb842205b2c17431f5123f1b6bb969748ad320a9df942c5fb3c9de8cbb90942c6fc1594a1d0c706b028369fc89d647671c978de1870f33489625626ab15c5681

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 cb85f3fcf86ef0de7ef258539cae87de
SHA1 c73288fff07885a62f8c7033b348863ed3b8cad1
SHA256 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f
SHA512 dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2

C:\Users\Admin\AppData\Local\Temp\Cab10C5.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar10E7.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_89FBEB9EEBFF8AABF1EBFA20B87AFE7E

MD5 60c593c796591612a55accb66d6448da
SHA1 816aeadcd13ae6c0829aee7c247b5dde70c7af95
SHA256 0a7ef74ec7fbf8eeee4907e58fe82af1928e84c8585a1684c3257db3ba58f40d
SHA512 fc0b1b8d6d428ecdeb395894b6eda967b75f1835a81fa436abb6fe8b3a0d89b5bbd45292bad2eb5531155b4da048ce579b57b59c94338bce58501d60c8f4b176

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TNPG4FQ8\www-embed-player[1].js

MD5 8940a491297381a0ce25360e21b39bb5
SHA1 43d7a4157e78777fc024415969c3a7bd550a4322
SHA256 afc766cb1c4a339c40d24ad926f05e8b4927eed7532b876291d0bd19adc9cf3e
SHA512 5772d7e7485db888676e69cbaf4c88af01872997338bc61e8e0344d5dba208c2909e167d54d8edcb782e17d1a2b4e9dba955baeb0ad0e43ba932b3bf25ae7dde

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TNPG4FQ8\base[1].js

MD5 cb463df0a090cdfabc77af2691141830
SHA1 e3dde6a1f5c4803e69839154013496a781137473
SHA256 e09e2e8a3cfbcc88eea12d0b17161e1f2c8c75f1bb21100829c09f9858db3f24
SHA512 099374f7b03a4635390b94525105884fa101d93a583eed0d92def7d2de3199d2bd57fc63d885e8e9af0863db40cf521d2fb770eb09400a4c6285f7c37ad88e8c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z082EG1W\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z082EG1W\www.youtube[1].xml

MD5 9acf7e327e7bf538a7dab0b5e77639e3
SHA1 e9ee7cb24b68cb4dd8f112f7ed757726649acc9b
SHA256 f59099efb6f59c7c3774a36d2b6812b4792ac770c6e294c8c5b6053bfd9a4cd3
SHA512 db314cbedf79fc525a66946a017ebfa0e7ae8de3c4db35ad9cbe948f258bb4aa3037dd7d31a07f57e94d2b321890c03c481813799605f7918d2cfde6a8a5be3d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJARS8CM\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

MD5 de8b7431b74642e830af4d4f4b513ec9
SHA1 f549f1fe8a0b86ef3fbdcb8d508440aff84c385c
SHA256 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a
SHA512 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TNPG4FQ8\KFOmCnqEu92Fr1Mu4mxM[1].woff

MD5 bafb105baeb22d965c70fe52ba6b49d9
SHA1 934014cc9bbe5883542be756b3146c05844b254f
SHA256 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed
SHA512 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TNPG4FQ8\ad_status[1].js

MD5 1fa71744db23d0f8df9cce6719defcb7
SHA1 e4be9b7136697942a036f97cf26ebaf703ad2067
SHA256 eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
SHA512 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z082EG1W\www.youtube[1].xml

MD5 575b745121e1d08748bc97f7ee1329ae
SHA1 76f49c148ebd9770e6f9e3617ad524751e1ef1f8
SHA256 a9ae1629be2d14911d3071b54c2bd8ce988307c4d1db66a3f166b7b5ad52a009
SHA512 927226603858739b17252e661f9248359068e0d1bc40aaae296dd45d4130f934d8583dc2de2546fe0f52a7223849b04376619bb0bebdf3e6af2dd9f237af7a61

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJARS8CM\embed[1].js

MD5 14d69fc9da4a63c8ad5013b3d3781842
SHA1 e0272f8403d95fd27df22dff5fc014e2ab5d8a3d
SHA256 e2a5632fec9da56d272ccdea5ecfa7000dc70659673c52a11966802e37a2140e
SHA512 0f85c67ae8969570f6cfa4d265013da7d4820ea11349b11b886d480d7d78df5c6aa1e7484724d6b21421db18678d22bae6d478d3d0e35506673fd609805d1976

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z082EG1W\www.youtube[1].xml

MD5 5934c4c7fc5c05303cc4691220d0b975
SHA1 e26890e3069b1944213e1d6f41f86fa3cbc596d5
SHA256 5d1851a0c0cc01eae6b3feae9d23b93849b88dc60bf05d9207144af199ee287c
SHA512 2161fd72fd693bc0b816f1832af2d3f84f59b6181c4502dd59362a232543bcc15c9916d49c6240d1fc7b2e7caa2cd593ba0edf5c03a19ced283aca1332b80bd4

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z082EG1W\www.youtube[1].xml

MD5 021b6dcbf54a4e619cbcf948ac3f51e5
SHA1 67ee423d2e05f67506de01623c3464488d727db2
SHA256 1fca5b7f0f7744c8b58871eaabe045ee1da378de54f5463c124dc7d90d7a073e
SHA512 82fa722d799c3372e51d1c86561515af669b9347a1550775497f80969649a25ef05641272d7f81931594fc1e4163f41812c288764c07c28646becf69965e525b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DODQ7AEY\57wTYcgCL9-06Mjz4he5vP6_4afBPjLl2lxgmn3azys[1].js

MD5 856cbc9239ad5b22e09262a0772086b7
SHA1 f85c8823e31ee0445b52eaff81a312bf30a9de0a
SHA256 e7bc1361c8022fdfb4e8c8f3e217b9bcfebfe1a7c13e32e5da5c609a7ddacf2b
SHA512 9a57544fc353802c2e7b209a025b39a79ee646393fd89ac7d0325940853033fa661a252da81a0e4ef391d0c3b6365fe9f77a6c3f5f73bb41ddc14459c627b745

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z082EG1W\www.youtube[1].xml

MD5 98207ac05b6dc7072b0eac002bdec13b
SHA1 1529782dcce9e5d0789b3f41a4f8be06efacbd53
SHA256 722ecaa72251c88ff5febc2800066e4b07b9a070bd5065e57b77cd007b66d628
SHA512 8a061f13ac24f18760a514b2bd48d1d4be49cffbe301ab8b23b1c27d6af09c2802a049cbf5d3c347deeacbf794402569f379c98d378607b54e6f26029d2aa3f9

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z082EG1W\www.youtube[1].xml

MD5 cdcbb27aaa86712361d26d35b827730d
SHA1 a4eecf5ec7302d2850f0f9b0ca1b0ba3e276f91e
SHA256 d32bae67d88ab138b4bb32b02cf270d0959af8743e9829c4e549a27106b87108
SHA512 f190f9296d58194793d83e42df9e79db4d1f616acb6637f2f522a5d9a8fb212543e9c96e1791dbfb517f43e2270109f2866c82900d62cc5b8519ef7b9e9282b0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJARS8CM\remote[2].js

MD5 122e83be4335ed0b6b270ff458ce45fc
SHA1 4cb88bf4d9efe3759b45d01dbdf258ab8b4147e1
SHA256 13bace7cd8fc970632b82a7f1614ffff8f8f9f8dee7d5072d633c4ad5f7cadc5
SHA512 188863a2f4c41b81179f8039874f989163a3c61ad4a6d766dc86aacac71f80add476682b6686f8c95f6be031ad78bf5767ca48544aa64ffd303f522888b558aa

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z082EG1W\www.youtube[1].xml

MD5 361b0d76d61642aaacac2db48a90de6e
SHA1 b03a1526ce28386802a90c61b58120d8b6e36cfb
SHA256 0c1d4552877c884b692eb245fe48182d1fa34f49dc4eafa70242a702ff142f0d
SHA512 0ed44c8b2cfc3f19b1ea283bdf728f29d10b038723e3b76be18c123f75c5e95018996530ce376034d8a687883f63d716091676b518836cebe4fbca0f0dae90ad

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z082EG1W\www.youtube[1].xml

MD5 34439dd9940bb6a59615aee1a46f2a33
SHA1 ea4a0012817a5a165ec2191a7409093086bd048c
SHA256 e95b74b44f3f28fd40f9861fd3a3ddb68b81f9ccebdc528cc5debc243d6ecf58
SHA512 8f4576978bcbbd7c052413fe8d89fb01db66f46daaef92fc22ccc95eafbd42c8a147023abe67ea4dcda49088d40569eb115352e19cf85311def00500ba5a3677

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z082EG1W\www.youtube[1].xml

MD5 2a97a9e845d43ee7e4e62239d87f193a
SHA1 c1ea5e86870ec2434c464e8f998e42d59bf51069
SHA256 cfbc3956f30e8f715f3750e7a4fd8829fc72b0928a4dcb12316b0686e6ea0121
SHA512 c595385450657688bd8f59797cc525de36bd3a700b3b99e26ee43c72a804fedec6c0119dc036dec54483f2b12a1d46b60a2ceb43da00bdae2aaad23ca915d372

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z082EG1W\www.youtube[1].xml

MD5 176c4304cca1ce4fd9018e1a34bcefa9
SHA1 891b29f9f7a554b0bdca202cfd4dc61610c87d02
SHA256 f9c9aefa35dd7370d721e0b925e6e978d76690d9ebcbad96bf274cd62669551b
SHA512 96e285a7c8adb8baf18c0415e8eb53716f2814bc84a7d14b040dc185d311715fb0860928ebb91d0fa86cc260153944265d163b68a9a8f0a506dabe0885977917

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z082EG1W\www.youtube[1].xml

MD5 da00f0051659f2470426250e9dc19a4f
SHA1 66ddd5808176770c8e4ae3e736070af33babc8de
SHA256 7225ce9f47301f3cf22dd4a98958071a72c68ca3770f95918deb663180591947
SHA512 4f9154d14a1f56f9df851e2b58f4d9e87081545041a5a99c0bd0ed840abc3431cf1be3cf0be2882f5d7d9fa0ea57fb41ea85067a6f583247ee05ceadd0065e00

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z082EG1W\www.youtube[1].xml

MD5 3a75cbc705c511221f932705c17877d4
SHA1 9db76f408c45eb8be35981611284d24c45614092
SHA256 10cbd577809eb0bebdd3413f685e0935ec3f942750f1a8473454429b2b3958b2
SHA512 9b98bd81739006aaa75d9809b90c1ad7956b3ca81b6c4a296d7da03fb69ee3dc80f27ded721fb26ebe5a5701e8b4971881be016bebc414daf28f296f15914bde

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z082EG1W\www.youtube[1].xml

MD5 349a4315f6f2b97feb1a08fc070e5c14
SHA1 8c40f37a92fec71fc4ca130fb94d7819cff9cad9
SHA256 576a87a59e96a6ae5246a45f8d3f2001949eb38ac7701ae291f764551eae0292
SHA512 c0f73d415c7b346eaf370b629c108fbe3f1d8ebe4003c7e0babb8cf9a3bf19fb8e40f4218d0611d53d50a86f15e6a1ed20257210543d55c21828937eeeb6fae2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z082EG1W\www.youtube[1].xml

MD5 44c7020017bfa6ea7f284d191f0f7460
SHA1 3db801a2ae89e3032689045d99d7c8685367bb82
SHA256 b517cd7627f476e8f80b796064941251d5604f457b2f5d3a08f0fbce2e3b4662
SHA512 0876088ac32938f79d90cb2934e44c820529f4f1e1af68c8775a7925dc51e4d227396a7ddef04fe4f8854ab825a47c041912f34d089af87505b85253faf275b0

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z082EG1W\www.youtube[1].xml

MD5 6d6ac2433bc082dad362d36585adbb84
SHA1 545c5dfd552fc40b143b4a0ba2b643bb684a9151
SHA256 33198e99cc3981b364bfc6cae2892b17469d6b22581aa8670378aa3bc69c9a75
SHA512 de3afa73119abe902617e3d632a0eb3e766ba0bf2b9e898d8f8f132e8cf69a2c42aa8b973498050851bbc450164f3976eaf783f44ac848e9ae189149f5121969

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z082EG1W\www.youtube[1].xml

MD5 3908c642b713af6935e18c9dac15976c
SHA1 5acca5b86e7a84c777fc6f61802697412e403e41
SHA256 cf3e603b1d2caea3ef358491e02c0099ae0c49381d7c65c76ae84e1ee34ea0e9
SHA512 cf2ac6fd770878285c45fb2985623b6ce6bd1ba883dbbe695463fc0f4fd193e2e7fcf9d68ee9984de613498a4def674943402fb0e67118c46ac54268081d8872

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z082EG1W\www.youtube[1].xml

MD5 3d85aa48c423877a154ae3f3f85e6986
SHA1 265dff3e0af90f7377418929f7657ce613146f60
SHA256 209951407f1eec0c59aeea1a5dc39d5044435b25147d7934f17d207001ac9d5d
SHA512 b1e3d24ab946785e5c41685aa541882f440e3f4d94c0365627b7a2e57946287531ac48ed6980529aade2f02583de0a14e8aa2d5f3c0a6a7493f9bc648a14ff67

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z082EG1W\www.youtube[1].xml

MD5 990990b097618102ba712970fdef1973
SHA1 72b812156cb4649e0e1e8e606232792af60f7c11
SHA256 b34d6c3dfa9ab1e8fb795e7cebeee64385ff58b3d9d6eb23444ecd98fda2688c
SHA512 7f7ac87f20e4fb080a141a169d1a328db0d79d88b7ce6b4106e2e17e6668e178f909f35507af414181a97a2a1f4e7eb27e30cdc42b7cda87f1d12c207268b471

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z082EG1W\www.youtube[1].xml

MD5 9fd8633029a8f8e192a39c09e3bc16df
SHA1 d61376c6a43ca81c42ff70067d33382537247dd5
SHA256 dd2b792d8c821c7b6ce18a98cbd1d22ab7154e794a0190d25eccf58257e744c4
SHA512 a88d382a4b2cbd5399c9b30ab565946bf0c2375c3f36a48a1e0c5b65e8a4c791203a9ce9e097450acd53c2d42258ad759572485a23c1ff6d131eca62d9818dcf

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z082EG1W\www.youtube[1].xml

MD5 8aef961ec9258fd2fffda89abae0256c
SHA1 5ed763c0883e9b74e7c7cc9f374f6ba73a0c6000
SHA256 a0b8befe32f26a6b16bbe73b6a8078bee9bc6f47d34ea9158f3dfcac7796a761
SHA512 53ce0ebd9317303c330150eaee0d3a42f42c95ebfea949e66aa2f7bb79d680fd32e63948e9fe204b3281974d5e595953a8ed12249c9551bc2b05045a6869d85e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z082EG1W\www.youtube[1].xml

MD5 387fd5b64f349c8d375f67d8c2e3bf1c
SHA1 4acce2aebc42e0094ec47edb6365b8c0ca7950d7
SHA256 8ac71eca62b8dcce896abd640a310a06963fbdbb30dff842d374880ea1f0eb90
SHA512 95b55568ec18ebc25ae75ccc5225ae1b4d31145913822e008c5402846439e409417040880d24c46e44034b2c2290e6d2425581af5c910eff09ca1122469394e5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z082EG1W\www.youtube[1].xml

MD5 d227a188914bf9887730e3db09107b37
SHA1 27e4b82e137fced513ca6277e561ae665c2ee504
SHA256 d2915ecfaaf8a9f7ba613bde5ee5f44745982e64da1f863f6c14fcbc0977cf00
SHA512 9fa5e9406060d6ba6b789fe241479b20782ef1d6190eaf65057614c2838c069ce6f391a986c3ee0b5a88d606aec098c3ab5decd2b862438c2f5535b084e3f37c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 463fbf992aab549fe9d34d56431fdc9e
SHA1 897234595feb2953ab0ec3c68f439daa47217160
SHA256 d2667c01956917bece7de9722b19ec0b8ef7fb1859231a7d355bf47a228c818d
SHA512 80f150d16d3853aa0e05b0d52d495332659669e719bf6c57ee9ed703df7b183a949d3e387176503dad07cae60e1fe46ca768ef1349c2b875d0fdc36233ce5224

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b6bee94efc89d14d207ed2b672c86633
SHA1 6790ef9b2bf08d5915fcf94661400b0bf28e1232
SHA256 b53fb33f1978fbc79b031acfb6da6ea41aa9c9bbf5a01e3bde30ede3b899b7b6
SHA512 f5b509820c559133e5ccbcc70c8cea12b1495dc934eb4cb675a1114fcbc321b1d293353a5a0a19267e78015269694e434977490614f9526c70adf05dcce5ae91

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fc2646881b00a21e7f49916505bc41c7
SHA1 12b994431844f72c8b1ced29240e0437bc148d90
SHA256 9bee4c09fd848bc1718b4c5da38f77a53011572bc6e1856a639f1f9a70c37de6
SHA512 4886006aaa35542ca208931fa8ba1c87517555bfbfdfefe2625ee1110106a6029237d284d1e2effc0bc28a2ffa524224c048b70e47ea1814efe924b6a6c4f984

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a4de373252aeecb4ee5a21b2d45538b0
SHA1 56a880ae88221dd572a83d127c2bceecacec45f3
SHA256 b0a921ca1a8430c428408966300bbe39a9ed0e98a982787f35d08f3372f5adb1
SHA512 00bc64ecc1a8aaa1c77b8dac0d101dc40bef17b114db5553a9a60b5cc0a171656ae064ce6ea156605c9775b8a0a792f83fc0593d8311166e60dd1f12789a1d6c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a4b2392f9392650f671c3c56c1c2802b
SHA1 b1a0463e9ab5750f67c40d60e3df6a2583d369f5
SHA256 f386dd4aea6dd4abff15aa133d418b1f23bad7f4040b1ea1c1bfa5dd3e983e3b
SHA512 7a82f8ca72d6a39c491e834b126f22e0b2de27b32649d3a40f7fea66652f6c3b6790a7d6d731a6f4f2956fc95f12b2243012befca869fcb14f0dd688af25152d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 35668a1415fd87fe35f8f35bd5ce0915
SHA1 c2cfad8e27d7e35b62a9f0ccab5ab49101daacec
SHA256 495228822c853e9385880b9256e923d838fa8cfd3ba7c040f7f42d1c8fc4be0b
SHA512 0ba80b5120df310b3f44a2c6be0db68071e65e4aec19ed166b1078c46e6557e620e6279b843a544f222f57689a7bacac982a55008499f0d3c6cd85a9677522c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e2a581f9325dddf2be56eccffd1f53c6
SHA1 a7586454bb7e6b5b0f66333bb532d70e036f0508
SHA256 284facb454147f8eee6eeff8d397d4f559c9024b009721b0a5d40e18fdde6c4c
SHA512 a75f44c7d78276c2a005585d3ae7e6beac85193138ff027c8ac454da01a152dadf6f1babc4dc0f5b3ff82390b5759e560a93f2d5e6d1669d1e5f051daabebbf3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bad467558c00f5f03562e2b940c780b2
SHA1 ebc5aeed126adf8f574297277cd5451e7f70cded
SHA256 c0d33e8db900b595f9783ce518c0dc7801b0832e1270df64455c106993613765
SHA512 1f666707e6746d3f65df7114f8fa20a4637de1fc103231ea4c79a98b08e8db714a8bf42a6af00ae014352391d2d1fa45b693192db9d9808cb06a7fd838dcd672

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 172e6f41647b627b5023650c24f08598
SHA1 90534f420acb0a7439f2c682ad6b76982dba2d35
SHA256 5a7cb9ec86eaa5687f6a5d92b4d3a422b5bdcbb5cbb2a6700620b24eba28a330
SHA512 fbfa64ae0938a0f3bcb4fe9511165e9d94def446bb9dfd76e2cbeef5e9be874ddc0064a755f8ec4f1103eb99b22ffe63694044c931023715bf6d49a0e1d02a8c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da14e06ec8a7531225c65ca642967f84
SHA1 e7a511eacfcc2fc697aa74de99e83a1934819541
SHA256 6a98b0e2e38336c93606402e403e744bac84107ed9fff2dc3b03ec81e0c4f5f3
SHA512 4894a565d124de09e663c4813d2ad096f1eb85830f8b9733591d32f25c021efb9b79397bca9c49a2fce63b9d91dfaaabc975dd548a7eea840a6bd782e79cbbf9

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z082EG1W\www.youtube[1].xml

MD5 7d8946b02b3a1ee799328d140baa3445
SHA1 2806cedd4a80749115bb7f12f5554e05ef255e0a
SHA256 c7c010549396e7f162615583af7bcbb33b682d9a798fb512d548e438db1c216b
SHA512 73b7925b67faecccf5e7c009e02df22dc1a40708e2a5aa26a88b233b849cefb7ff944129859a41aadc9f51517c323f880e0cf9b344e80ea1b9cc4b7a72fa4fb3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5196a3426e56b9d59c0d7047efb90674
SHA1 5850a6cc5de0ecdbd6938c9e352eaed111299e80
SHA256 f3b92de2751c834f5981c9f797665bbbfbdee4b8a054d1b60efbd76a95c7fd32
SHA512 57e39451355a7984ee152a041ece050096ee6516c3b2ddd4f7442ea7ddb219632a3d142d8f02569f6ac43b37e49646b0e1e5076af58a86dfd6cddc8a5dd56a20

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b1a605a3461e5137f1202c6a0159a59
SHA1 527cac72cf470582abd04c5cb019af9ab8e9e112
SHA256 35bd56e729e1c844c1ba4b77bdca69aa92fa89f47f318cf71741cef1faa15d6b
SHA512 7fd5e750a355be8873f8e00b4e61453f57b667acc2dd103ff962cf2c0da76809af107cab9c406851e30704cc2a7f0dd450aefe4a8974a045e0ef9c6a03c67c64

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 13ad260fec06f1a1a5ccbb082330fe28
SHA1 4bbf7fb087eebf2c4fdf999265f870cb8895567f
SHA256 3c130b4a5155a1194260e8992a996cf6e47b9d11497fb62ae35910cffb7d2a49
SHA512 15ab6fdcb5631fd4e1e205497073e61c5f774219f5d865d482ad9142ec072ea94a2af0263504ef0249d03d1cfc280ca88a21024b22514301e4393ec8ab860599

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c46b8ac7c98ee0dc07671b68b11d4aa9
SHA1 22b5ad0eaca3562db048c40190514a4a655e8665
SHA256 5eaf0abc75ad4d51110ad9bc1dcbb103bc7d01f92ee6a8d01cbda8faeb36d69d
SHA512 6ba0b3c910247293bb688e00092d2187a8ad1d9680a698b57859a42d7adfa538b6463bee0685583b019acaeee1afa66c746202aa565b7de58fc01e230fdd5dda

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dcfdb743d1f0ed6f11034467f7b57e17
SHA1 5dd3316260ef0e1c17848f2597cafc9ac693f1d2
SHA256 91777246cff0be539b2ddca562f7b6e56be438d1cbb8d29acb0458f9d18293d5
SHA512 03d3b710ca1ed75c6d61ee0fbf05478959545567001af8289b2459541e41ac15c3b157862b907dd299b37606c04185113e24143ccc46745add90d04aeaa95d80

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f9977e6eb53359359b97e37e0c9fc05f
SHA1 989abc70a4d18a8cc114060c2f45ebf89cf682e4
SHA256 59ffc809d6b85fb3ae95d1818608d175ac2f0c754295adcb03a4d25088ebb07a
SHA512 2f84a436f9e489b4f393d175d3343327e5b6ace437a77f39bd6a2005e7bea7c4706a69c245e9950bf684bc412ed628dc1fa2958de01a01482ad6661ac25dcfe5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ccaf349caf2a97a8ec983011f8a3055f
SHA1 f0b225300baede49a61261c8ad75738423318bf1
SHA256 c8258bc08b2b57fc7cab28ac65bb6cb952db1bb5a556a0ddcc9736e8be810f00
SHA512 612b7b2dccb5f8000705f10b1621eafce1bc76fb4905dab554559d07f0e012e4b2c79209dd63bab4ab3bb961e44807f191f0c8a9c94704c0dfcf46e61b116800

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7578d03a3c39da09b5032f2166a7dc4e
SHA1 5447a9e16dad1b5030e719bdb72834b76bb0f1c0
SHA256 33054c2fc9e5b12fd2657605407fe0ba84db577649527885d14d4d2213115ca5
SHA512 87a28f1a0bb6abdef0e539654b363a7dfa84fe005e77c133e749e9bc9c57b5995b757cda3dc0e82e4704b63d5812edd104343e1b8fbb582c92f06dffb62a12d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb2dfcdc4218a8a50d7d94320526d1ea
SHA1 4a47b43f2b18784b38b5d7f02d51acb02f65f02c
SHA256 382851b1c0ba1ebacc53dc23314f803a84ac319c1e5ccd45c05559ccf0dc2c23
SHA512 b1db2d77c822049291ebb3fda847a1e9173af2e8b28c1689eb98a45dd28f033f3bc6547a9aae81530aaecaf815058a7c0214eb6ce81ea5ee29c17850ef482c33

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f4fcaedbad4f83e29733de06bbb4410
SHA1 b4cd9f1232672ad8191403d4b9be0c13da63d7f8
SHA256 f8e93f0d224386da1202afa15ed85bea553d636815b8463e01eb852afea5dfcd
SHA512 90f10b804c933e7dea56e5efb86402df6f3ee500a12c302c66a4a99c6af00090df78a923d287c25376bcf46afb4e7c9597862c50d7c3f27086ac4b672e406d90