Malware Analysis Report

2025-01-18 00:56

Sample ID 240613-lry6hsxdpr
Target a4eaf72b3d32a64068250aca2e46ca41_JaffaCakes118
SHA256 1ee552307db05ef1fca873a4827aeb930947c319022a225df5724965a265d4c4
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

1ee552307db05ef1fca873a4827aeb930947c319022a225df5724965a265d4c4

Threat Level: No (potentially) malicious behavior was detected

The file a4eaf72b3d32a64068250aca2e46ca41_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 09:46

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 09:46

Reported

2024-06-13 09:49

Platform

win7-20231129-en

Max time kernel

133s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4eaf72b3d32a64068250aca2e46ca41_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10474" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000748843e74c8f75448bec43d2a521d7130000000002000000000010660000000100002000000070b0d0985b92b379ca3b47d1e875ee9cd50a29354e05478cd1cc6280fe8f4d8c000000000e8000000002000020000000d0fe52dbda2c56b9f58be1b469b51a5d67af54d08dc5b621984d6cf1c045ce8d20000000a29049f5cd5833ae84df548cb4d0308d7c1e4ee632fa80d6146524c635cfc1f74000000026892b4cebfe941957d0705663a7b163ce2b3f957bf85a51eb2894a49c10575e39365bb1472dd259af586f3e8bca77e8f56596ca521befca41e54fff4fe40b8e C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "13311" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "29306" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "9965" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10474" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "13317" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "13311" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10556" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "19241" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 908828cc76bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "13317" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "13317" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "22587" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "400" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10841" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "13229" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "22593" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "19241" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "288" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "13229" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "22587" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10726" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "32061" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "13311" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "22505" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "22505" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "400" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10556" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424433867" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4eaf72b3d32a64068250aca2e46ca41_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1244 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 konthaiusa.com udp
US 8.8.8.8:53 www.konthaiusa.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 216.58.201.110:80 www.youtube.com tcp
GB 216.58.201.110:80 www.youtube.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
GB 216.58.201.110:80 www.youtube.com tcp
GB 216.58.201.110:80 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.214:443 i.ytimg.com tcp
GB 142.250.187.214:443 i.ytimg.com tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 fe0.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
BE 2.17.107.131:80 www.bing.com tcp
BE 2.17.107.131:80 www.bing.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarEB1F.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 fbdcdd8a79841c8055dc6523ecf6782c
SHA1 be16fff095f4b367c9896d0b57188001ad3f0fbd
SHA256 7427f1be5bc097fb3abfeeec4ce87a36bedaeec460bb8594e63811c9df244544
SHA512 f422511e68e66552bfb4649817a14e0e750a3ec59137a5f3549e968d6ffa80ef3c98463417c3155f271da3528eb7a0f073df52a8391300670d84fab09c73cf44

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XW719U2T\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XW719U2T\www.youtube[1].xml

MD5 c2ac67e3b739cd6d3ad60ef73b3f9a2d
SHA1 c10cff63e52d84a404198d05404cba400c54e793
SHA256 30a9e37f898fd9937017f931ccd0f300236676590564f7f7e83744919b758217
SHA512 a565009e573657ca65e54005d1b4983c22ad2a69577acb4f2f30bce3334d077ce91a274fefa2f86f2e9d2ed13404e94a126800a7597baf9fc087427c32f2ab11

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JDHO4P68\www-player[1].css

MD5 69958caec43c10f1d36a71ce83ac69e8
SHA1 d363274a0f568e4bfe98e978eae59441fc17a1fa
SHA256 d24493147c49a7b5d1a21c66aa87d11a0c976cd4e9392b89add880139aa2b1ff
SHA512 8a57bb5c5a1f7a91057493bad34133f7a2da0b7322ea84638a82e4df13045a584b11a0bc5beb90c018e9d5fecd323bc73cb35e2c322804ddd74ab0e4967bb84a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JDHO4P68\www-embed-player[2].js

MD5 8940a491297381a0ce25360e21b39bb5
SHA1 43d7a4157e78777fc024415969c3a7bd550a4322
SHA256 afc766cb1c4a339c40d24ad926f05e8b4927eed7532b876291d0bd19adc9cf3e
SHA512 5772d7e7485db888676e69cbaf4c88af01872997338bc61e8e0344d5dba208c2909e167d54d8edcb782e17d1a2b4e9dba955baeb0ad0e43ba932b3bf25ae7dde

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JDHO4P68\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

MD5 de8b7431b74642e830af4d4f4b513ec9
SHA1 f549f1fe8a0b86ef3fbdcb8d508440aff84c385c
SHA256 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a
SHA512 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7DHZ37UN\KFOmCnqEu92Fr1Mu4mxM[1].woff

MD5 bafb105baeb22d965c70fe52ba6b49d9
SHA1 934014cc9bbe5883542be756b3146c05844b254f
SHA256 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed
SHA512 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JDHO4P68\base[2].js

MD5 cb463df0a090cdfabc77af2691141830
SHA1 e3dde6a1f5c4803e69839154013496a781137473
SHA256 e09e2e8a3cfbcc88eea12d0b17161e1f2c8c75f1bb21100829c09f9858db3f24
SHA512 099374f7b03a4635390b94525105884fa101d93a583eed0d92def7d2de3199d2bd57fc63d885e8e9af0863db40cf521d2fb770eb09400a4c6285f7c37ad88e8c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MRDZJO8W\ad_status[1].js

MD5 1fa71744db23d0f8df9cce6719defcb7
SHA1 e4be9b7136697942a036f97cf26ebaf703ad2067
SHA256 eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
SHA512 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XW719U2T\www.youtube[1].xml

MD5 56b8228117dc409b52e9f35b278d4dcc
SHA1 217d0d6aeb1f87931f4010cbb9e1c82a45b43dbe
SHA256 d1c2bbc9b59aea6af75f4926fea662a155b308e87b6f02d3d53cc0167ed6cd26
SHA512 099907dba46ef4c1bb81301e57b5193d7faf77ced41dfd1d56331dc8c29447d26f30f9717c7467e366772876e57ef651f8607e918711e7d8d93467120e836d76

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JDHO4P68\embed[1].js

MD5 14d69fc9da4a63c8ad5013b3d3781842
SHA1 e0272f8403d95fd27df22dff5fc014e2ab5d8a3d
SHA256 e2a5632fec9da56d272ccdea5ecfa7000dc70659673c52a11966802e37a2140e
SHA512 0f85c67ae8969570f6cfa4d265013da7d4820ea11349b11b886d480d7d78df5c6aa1e7484724d6b21421db18678d22bae6d478d3d0e35506673fd609805d1976

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XW719U2T\www.youtube[1].xml

MD5 da93e31fa6ca141f0235fc3f493ce92f
SHA1 ab82ff498b3457413d2b06d0b3f6f201f25e3f14
SHA256 b4d1ee292e9f7bfc15b9dde6595e571c1d4d0c51aba0a8ba2f50e281a72d4228
SHA512 91893eba3fe881349f95147fc742095ebe57709de3ff25e33e0760d15b4e93c1383e09bb9b05bf2af00247c6c9ca67bb97f83287b61ea0cef809192213952d8d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XW719U2T\www.youtube[1].xml

MD5 1c8f66cb38668909fbe4af7f029f729a
SHA1 70dd53d19978f880ce8789018278ff13e1e4c65a
SHA256 c8ea480d6cd21de82b44deec73fb01d8946d4bf1bc1adfbdfecba360db16f872
SHA512 6714794aeba91f102507d0bbe0a506813e3e3a4e618e61e5750374b771588ce6278b63b780c17c295dee9686b706ecc33834ddd079c0c13ce41e7bdd3be1da86

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XW719U2T\www.youtube[1].xml

MD5 35a1332d8ebd11a2cf6a0a19786523a4
SHA1 15c1c6f6051d4a73fc7222f4acce954fd8191c93
SHA256 18cc9bc5e592c8967264361cb777214ab7ce363f57f91d26617a4139030d1de5
SHA512 cc4bd3c038070c15a022aafd399a4140dc834286145aa0be580f9bddf2ef3f8823b515cb9bc9f43a5c66ec4f28d1850ffb897196e03afaa4a57ec3c81314226b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XW719U2T\www.youtube[1].xml

MD5 8d099462c70c29184a5a80b7c24ecdf6
SHA1 142d7e6b4dfc95b9411ab010edd5d312207aa326
SHA256 aaa640f5921fa158a89d170f68ec7012a9835c10a25c25b214a804b4e5344dd1
SHA512 72075c84079efab23c5fec548096bd28379712ab4bf5eec6f565e53b0cfad1228046adc60c610662f3a4de52b6fd27e8eda8549e4805a9d291334e5d2080b682

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XW719U2T\www.youtube[1].xml

MD5 f2cba4f0794aa0edd2652ec16fd5a892
SHA1 58a738f16ad7c07ba5fe27d7824cda1bac7ce044
SHA256 22ce025dcf8b5effdcf4cbd7dcb4e1faa1e9e63533de8d0f4c2b31cc22ad6997
SHA512 00ed08b33817914390d848b5eed860bc19bed8b60d0ff432c10bab3c1a8f5987bc21d2ff3c5515ceae54e0a3d71c8d47b9150e29d493f411776313a20a288152

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XW719U2T\www.youtube[1].xml

MD5 723d8d64e2d654c77e47b8dc3d07dcb8
SHA1 d2e97ec8bb30f8d8ff36cf2617f87f8446619790
SHA256 9cd0a903e86a7a9f6a6f01c8ad5eaf5031f33325e131281607073bf805b0b59b
SHA512 e1fc69c3d17dc95a7c60bc546778b4f8892c529a5a4c5481af1494e2b8666c5a681959bb3b9f72c2567b00a19da17b915981955d9be3ed2f0a5d25401919c0bd

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XW719U2T\www.youtube[1].xml

MD5 c027d638f993c712da4334dfba2d7528
SHA1 7d2439933af009cd265b16e9d449c920711e6b79
SHA256 da1856ab5545898acad9d20705f3024896d3718192915a6e943954127c0cf6b5
SHA512 6f823f6ac25a3277cdbf9d8129bd301d2d1cbd3fddf0f9808a36f85d2688903057b5f2cab49d61c78452ef80a7fd203845cbc235738a335a1e503676c9c5c866

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XW719U2T\www.youtube[1].xml

MD5 957a5e26bf0eb9a039e354483f8b3073
SHA1 3f365059033dc846a33c0db328f2dea189b6eb11
SHA256 52092ff03e49b791e26613befd44bd3f352ad19d434673edb5c7977f9573f95a
SHA512 c4c543e3709c98fee93125544e00c91fceb3bb959f35b8210d6f5f3b78380889f34a26f60dc3c8e0c9d552bff9be794df7d44ae21e5a140a3ba691128a35a692

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XW719U2T\www.youtube[1].xml

MD5 58bc9c737c8074f0d1627d8ee8ae43cb
SHA1 d5a6f982e6d8c48178d97fd1f83a0099439e68d5
SHA256 4de36d800636db85a6b8ab100d4ee8c2620bcbee5ae1bd67da8214332727b21b
SHA512 aa03ad7a72d9fbe6ba6b3394cc26db8725a80d6dd4128279288130f3c3c3953e4cb1ecee221a0914c0533b5c5f0799390adc56e2099f66a2c95ceaba9071375d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XW719U2T\www.youtube[1].xml

MD5 4c93588e705e71e364d3cda21c2020a8
SHA1 9089e5ab3d574af8adb270a84aa246d4d6c83aed
SHA256 6c38ef0d8330ddb66d4be44bbd80d134e81036617256d0ffe12e71f9dfa7bd3a
SHA512 f7312d7122281a5136706771839908f6e637a7a863d3563d520da020ec1edc6c7665470baecc44af6dfa5a0507d6ccf29c6e1918f6620b7ba2b877b9b42c3696

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XW719U2T\www.youtube[1].xml

MD5 21b59d736db6747b1ea30a65d82f54d7
SHA1 edb77e242ab36b792b6becdd87400e8452b1c0ec
SHA256 a07489173ccda987ab3d78e78d7d7cdf9822c1e28ee95b031fb86508fdc31771
SHA512 9161e455b47d3b90b37f227e667102965feee651c5707b0670099ba0f881c5b1e5c28307671d9f8d03447afebf3c8f4992f0f0d3982d35b51ba05b23342ab8ec

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XW719U2T\www.youtube[1].xml

MD5 53b569404548ff66cd8cd9f024fdb85d
SHA1 7c540dcb2c5a7b4d2bea5964617257756449c216
SHA256 060c7da724daa846a850bdb296231b0b289994fe8181066e0161c5d42c710c73
SHA512 a65d857aa35fbfdf8105744f91233bfa1224ce51a48064a19ceb953211924ddbd2da213698d0ef7ed9a0b71de552bf41c8c64db8af939e6558d9e7a94a25ebe4

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XW719U2T\www.youtube[1].xml

MD5 7f8bdf75a8742dcb403b7c1408cb0686
SHA1 2f6b27d0001b59e0554f3b5359fd0003179e1162
SHA256 0f676f03ae2207804250c2091ab2696732bcdf5898e106fcd6c94ec859e3cf1f
SHA512 18cf41bb22a4a7e00c7ae779942ab1aa28ab0ff16437080d2f7c6b0101c491f1b8e8a0d5e19da4c74c7b3f9ca159cb5352a21e32419e81292088253e0b6cd62b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XW719U2T\www.youtube[1].xml

MD5 5c6eeb0a4ad5077e13039065913502c1
SHA1 85fcab641128fe42e6588a220ad4fc3259853888
SHA256 ed80d7dd797ecb858fb16b8a3cd42334d44eee567d62394dec80726ff8f61121
SHA512 d61c2ee3bff201cd9e76ca0b59a8ca30772731bd5cbcc207233b2b3584e5ac3a47acff867a53ab372519eeae642e583dd524e9461c4b4e1a1966bdc4407985b3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XW719U2T\www.youtube[1].xml

MD5 d150467f166a1479222e82b8ab5c2bcd
SHA1 915906107423d26a4ac60699bd0e52b403a3f97e
SHA256 b354b14aafbe5dd983dc2c184fda47d451ca51324d56feb7c5f9d0c0c3b2f1da
SHA512 5ab932791d61300b1aa5b8bf442569f3e3b195298712b29acb9d333b831e25614fdebc5ae806da843d307549cb75e5f1a87b4dfdb5072bbbac599a08b556c268

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XW719U2T\www.youtube[1].xml

MD5 c8523b44996514c7008a55c15b19a725
SHA1 b9ffe946951d5f1e5a33149ace4389375fa5d43f
SHA256 2d76f5beaa44ec4d2945f4f59822d85c7e06095d0179096d73f136b74d8ced5c
SHA512 aeca26c43c0909daed550fa564f9df58f225513cc7f894281ceecc1e8cce143bd3c92163bf7c2bfb53be9f47b81cc21e6e71ac75e7d66a9d92924226f8818550

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XW719U2T\www.youtube[1].xml

MD5 d20813cfb0de1252902072445f8a4857
SHA1 3d40e0429509843473f761e456b9a89292f56129
SHA256 a5712bcb95ce32fbeba8b5d96a1e28cf2b61cd674f8b1133f7f184c782c243b3
SHA512 e7ae8a242990e1bcd51af041fff0796a540d449d97e4a017c44efec65a33421873a556c226496af0553d273eefc901e8a1340f94a23aaca2a3ba60159da948c9

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XW719U2T\www.youtube[1].xml

MD5 5715f9b8c9a85a90269884032695d571
SHA1 df0a375879588158e479a78f0d7639eb7aeb38f4
SHA256 b5266b64d1070a5d7db642e4fd953b0e8f0a4d721b630699764c0b8d105022cb
SHA512 37cd9c1b9f571f0d5d514c935e9b09c5375e3ea89a8cec27c881f7e6975f4793963178875e0acc0183ae688bea51e5c639d3ce3dcf83b07f9bd1674e38e36259

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XW719U2T\www.youtube[1].xml

MD5 5c5100083485071c5e7b2be4562e2003
SHA1 84c4982f69555ae718b0af418cacee9c3065c2e8
SHA256 e6d8253e4602d4ceffabe7f9a01c79fb94728116108d013a45d3e04f54500464
SHA512 c37b1521ec45c07d3cf5061b622631c3f63b952e1895b7eff0a63fd5716419ce6d038a6cfd45b247b710771867b282eed090c317024886f19ebe1446c91fe26c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XW719U2T\www.youtube[1].xml

MD5 89ef421db4c03db3600772e96ec4891b
SHA1 404ba2ef95cf06d551c2913bf786170f887da15f
SHA256 93cfc0b3ddb3c3f712aa302b531c0e19ca6cd3ecf0503cb1e0daeb3adead9b03
SHA512 58b38acca11391cd5a465a74b53afe82bafcc3a5162ab9bf3386d3e42587bc4320d073e8a7f5b750dd5d79a60d149313dc1fef6a4858d0cbdc6ae15c07e6fbcc

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XW719U2T\www.youtube[1].xml

MD5 a69e5d5d712b2b429c64cb1c5ad4a380
SHA1 73fec635bd3a5958d130f4603082be9f66ab876a
SHA256 0f8eeb7e3a9b48161d5d409dd37e4517b91fa67ce96462aa2233114b008a96dc
SHA512 0f5d7fbfe2ae1fcd50f36c9bfc52c74fe014b3ebbec945e2151e64d3980b161a61bd394c7258ae39e0bc719c32d432d82262c3a54a0087b7b90f626d622b704e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XW719U2T\www.youtube[1].xml

MD5 0b294768f998984f414c143123eba5f5
SHA1 97f57a52fabc9922c3be02c730b4899110daafcc
SHA256 a8bbeea177f1a86e759c314d01d88d194b111692067fb11be83911c475717a68
SHA512 17e9d9f2235f89629349619b12f33647c18f96006545f673a2ba1484d26697629042a23598d5c048052a018202a7d5dbfe8a10f4369d7ef83306535faea8852d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XW719U2T\www.youtube[1].xml

MD5 a998c07bc111a7f9fc4699982a5624c0
SHA1 4066893c817836d16e9a39c261b3d00d15180662
SHA256 1204510650510882a664feddd99a68b03d5f603b3627d0f69e0e29ebfee71359
SHA512 4589e21df64e17078339f8cfa325c1f25d11fafdfa2cac359015b2e595a36c310b97f65024ca5b4d03152d36b1c733f0d518f5ca311239bf61d1e37cb6727dce

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XW719U2T\www.youtube[1].xml

MD5 9df0099920c36a5b5d73c65a1c7dbd55
SHA1 a69fcfa86b18791676b77a9a61fea6e088887cb8
SHA256 3c6c33a14224d2b0ef2c96ea30b5f6990647aa9fdd9471a122a0c8f0385c63a8
SHA512 d03c0a40e7383ee83d1b12f3f282ce01f0539d955e46c17be5a966b284343602b8f4cc7ef3bf1ef2e14fe6bea871103d1121019fc50654df27855964429f1c60

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8863afb20d6258ebe2c293add651cf7b
SHA1 86f05ab59824f1c446e9cba5d1763f54e82ae699
SHA256 8fbe03ef37ed6942bcc6c1b0df95ab3f4d6cb9ef89376ff16aa10d82fa86f724
SHA512 4488b3b848e27420d6d4cd832612fc4b6e666689b4f6964e50fd33fc982c6e197153f4924631d694eefcd47a732a68388af9c0846cc16ff8cb4d933812d864b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 30eefaf633170f1d90776b8d1631b834
SHA1 9383ca92d64b192e9496cfabc4867891240d5655
SHA256 a0bffee3c996f9e9c97c5d2ae6547b7e8e4f94f3229ffba9437e90d2698d3e78
SHA512 494de936b5dfc2511e420aa16b3f54f9c484e71da511f64b6323e2aa6b5b195c2b8b285a4a979a8853f195833665b68fb634316a4d9266b89cf5e15ab7999eea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0e3f98497f92af8e6e595041de5e4c71
SHA1 6558f73690f6082f779f63f170792333e5c2ae65
SHA256 f00c6188e3ff355f5e3d935c9c820715ddc23cd9d124d324b27312b33a9f9245
SHA512 20e2aa5e7aba505e650d997994e1ba094a12dfe472d63b48ea4ef874f965bbb8d6dc7dfe695c42d23ef298820ba7622de6abe2c3f0dddafa2c6eb43b1568db79

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f0e0be048825b461dfa7bbcea99f19bc
SHA1 28a897e2af4113f0b16bc09c84ea3c18c06c3f78
SHA256 21c2cf987f9f816808ed6c1e8d39dc99a8ac0deed6621d5f1064189b2bf6d854
SHA512 33c8a4a7b75f75af425410a87ef12d5c5984da2afaa1ace87f6f2d17f0e6b288b89b2dea7eedf49bae2081506d9adb0e0dac937afd7a87350daee0fc66ffff37

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4405e3cb89e5b4fad54c201077fd830d
SHA1 7a56bec429e042971ecf293522fee9589c30f2b6
SHA256 02f7c6212f41bb512ed88e2e8cb78ee1c2d4ee3f2ee937f55026c0435f9b4dbe
SHA512 53229bd0ec94951c0f798eca0774036ed6dc4b6333a9981ed5e2a375c78548df25c2fdca7b3022fc491918fef8fac45ffcd85feab987725a0d6db24ad0966a2b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b98f0f22a081d3d2f294f7c4060d5822
SHA1 c8ccc0c482269bfdc9301c747c957da836f0255e
SHA256 5923f247a1d16dc8b9e77ef328227f5c7c480cfd0f883ff2534472cc64f3e7c0
SHA512 8fe7c5aeed9e2228b93134147980e980cb959444cd58ff0e43c051b6fdedf485e1925f2aa197cced1f7c38b8b30faf7e87465d2e8a6c65eba2f4901ccfc68a61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 29e36a4e3248478a6d45cbb1b45d84fb
SHA1 7f4ed1a4d0e598c382cf0b2294179396055cc0d8
SHA256 57a88b6cf9b286f9dd7fde15348ab2dd4d8db8717c39eefe01a9681faeb2f766
SHA512 bbaa0bb11100551490bb6410c27064e0a41ead1ef028a0d85df677920f1884de015e4cb01ef13b96c977ad9471d374e4ef034e263618b03311ae84874fb17483

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e6149620978674fc0c263e4189021d2
SHA1 236f6e0fdfa234a2cc3e2815d06647dbcddcd5d3
SHA256 fb2f4eb340a9db0b509a9959701c082f9aa6c8f4226899df8e514b537911a658
SHA512 92a2fec5104ea0eb13cb33d231c9a1ee7ce02339b6f20ae3da0ddf54526c747e5a4d6f53f497853b23919fd82c0e55073359f2c88fd198c42c4af4424781eea2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 a9bee383966a971dc5761f9c7c47a5d0
SHA1 6f9715ac632e3adced2914b076763c8f2b04d0ab
SHA256 3b3226794a673382a9f934f67e192ddb6226783dafb2e0f97b5254ad38f9c471
SHA512 16720ab9263d724e41324262a7e61f6fb874c4dd9a0c53b1421a0bcbe63762663a24f5db9411fc5871f0d2e02022f752dc72c37b7f9221dfdb403ec21b5138f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc64744d896a39ab3ff6cbacc5c6a87f
SHA1 013e80a8aba6c5a97b4495619f6cfc658f53f8cd
SHA256 53fb3c2a6224bc9a59b7a8ca22f643decf2339adf6ff561abab03008140660d4
SHA512 819b7d29b4ac5e46524d20885ea68aab3d33c88bfa14c07b21c7325365b9c75e2236f44184cf44b933052f0aadde61a5074e09dd9fbce48ef39762bb69c4d565

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XW719U2T\www.youtube[1].xml

MD5 f7d8fe4ad3e1bd1f7cb01465c09b07b1
SHA1 bb033566cb47bbf71cdd90f6184fd01fe3873741
SHA256 77cceaa31e598eb2126c5b00392b7c23f4dafe846f729319201496bd76d99143
SHA512 ef0afc61dc40d6daf1a49cf8aca17027f8eb5b917a578d4e401d1c5d06f245ddad9bfb02bb1bd1ff759187ffc26904b1ade299587a5a06ddaa1e0f2b9af720ca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3906d83751515da3a17a7c20b60d251f
SHA1 880c6283e193d5b10f46509aea025f2e70c461b3
SHA256 e560f6efe997b13d56c52d3786beede99000f76ccb6e335e9ae7157254e5e725
SHA512 fe03c0d62d30ff72ff8987453cba5bf6030e0467869c3d21ea180086080540e3077630d098de21c45ff004248a126f0fa88a2e14461349ae5fbe3af306d82e4f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f1cc169e4446098dde73bb06c17b1bd7
SHA1 f045dd72176ed4b8741c9067d789571e65487397
SHA256 58a26190e0bd9be056bd4cbd666f476df36ada33e95a452ba66b595fa5923a33
SHA512 7a5634e9ed8accf1f6637727956a287c2e3806f093c529ac990e40751e9470d4e30b3d7f244504707b99ac17f897a5dc803647f73eafd8228dfdb884d7f54d01

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c4eb43a0c659bd3c0e9db52e87a784e9
SHA1 2c74bedc9d8ba55e2eb870669ba80238dc31cde8
SHA256 d91965cf05d9e731a6dcca6defe84d430896fa594f406a21099e5f74ec52ca5a
SHA512 f32f0e2bb7673eef292805c47534337f2ce0e20d7df5390ecb6fad8a0ab8163772d226912feb60a6f3bdda811482807f348b209bbb7038a8ea29e7e154f3c9d6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e64abc74aa19d222b19a271aa016782
SHA1 facae70ae0bfa76c0a1e70afe0ac40e7b08be56f
SHA256 bb4a13faca047b250fe995297a4567c8808512d300787a7e51de46dd03a2349f
SHA512 189f577b4184413574a2db159cdc7caef769d9f13c8414947573b0a11c7dfa51ba58f06a5d40b239e2fa8245e6659657935a8c25404a45e1455163548ef2c44b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e25e316ce53816c3cd8d8f8aa6afdcba
SHA1 af332192d8a8e8bfee4e1e232833eb55d23de4de
SHA256 4d2af76de9499f33a707cf8d83ce465f63f2517f00a17608869b3c338d18cb7f
SHA512 e0115cc3f0261fbd872ecd70d239ae1addeefd7911dbbdbd0612424a2d1e846455a664f8c61f1ec127535c6aa0ef3efee7c13c6052703cbca6400ac372124fa4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b22c4495d76373e128ae74bc412d0a4c
SHA1 8d466aec22a0b9c87569c9bf7508c5674d17229c
SHA256 4593dbcdb82eb4c330dcecd604d8d1269aa05de5df055c984beb7c8d998be336
SHA512 90e9fc65b1a290497e236f3c571bd475a7b17aa6a0c0d054f3c4f16132a83e4531a40a2430e1f5658b43f9e18a7b8d95b53872f7420cffc8241cb1d75a81ae3b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b63e0097fa1f8bc346fda80ce66b6625
SHA1 1f29bdcd660a0cc1c93aa9f685bfccbe0928e3ff
SHA256 9ada55258aa6d931bec95c486824a9196c541bb5086562866398d120b738560a
SHA512 0dca14e408b66421091b1fdfcf861a12390952c049307dd2e1124c51d08bc5b36351ebdfa3f4e74e95d0d5d4f7f9d3136248b025bda467c518af61a14f6e92a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 31fc8c1e48242b5756aa8416978f0e5b
SHA1 381eb831bb4d7c288c55c13638f8610479abe348
SHA256 d93af9af67ba733eea7f716678de2309285aa44de0a485ce8fa0148adf946b57
SHA512 2f098b02822c6135b4e14ebe93179fd2cd21f61e85299147718c2754d3c57d9175bbb20f76ca94a0d41b26d3c94ea4169c34153dcc353b29cb7bee3f3ee2d706

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc11f126b124afd823f708290c96041c
SHA1 e9145991fac4e011f26588e7d811c6cd83ef312a
SHA256 020ccc4d886c16121508a4ad17cdcaf3dc28cce4a272c6c9338fbdad3d5e61fd
SHA512 a883b0f1579f7454d3ccba146e234dbe0dfdfcfbaeb0435526166429c69b1d25dc32818b52669b630ad751ffe56842e7f09fd20c2b0172ac351a2ad971feabda

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XW719U2T\www.youtube[1].xml

MD5 b8cd99a0db2ed588e597130e96676660
SHA1 dc109280422811609828fa07dbe045606c0af796
SHA256 7fb9cf6c54193b686dff66ed04948679296f4984e9f51d1fbde90152eb571782
SHA512 557655d1dadf111e4abdfe7d6656aef52bf0e342f050b9ee01719ef74a684306da54a951346eb4cdd0e6ecd24f554a33e4ee35a63eadd11664644d196fd0650e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da1235ad36d9ec14187a7a7502b31807
SHA1 28e1b6a11346997bf1e76358c4a278ab8efb92bf
SHA256 e64aadd41c08e020d91fcf62f3ce3b031720d3b9b9e1748c23e7b110118e509c
SHA512 3d1762012ef45a3ce08662a73e21ed2902e3f42c70693c8ff528f1d2ec74038128e283273273f27f4af9d9a2b5d27fdc40c6c205876152324e161aaccb7826e9

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XW719U2T\www.youtube[1].xml

MD5 f88e01220996f16d065edb9a08d6e7ad
SHA1 938eb2127680a4e55f191d8de183cbc6a9b81997
SHA256 32fc3508747ee9f9c412810e9a466bfa839d681dcd7df984606ee9a40160ac40
SHA512 02f570dff1b902a483a4ed2e132eb01baa7f222867e80d54626632e1c874247423398f1e2ae8dd7ab71148264a9ca6e5b3abc2a4f5377d9f7550af1f4f49d99a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XW719U2T\www.youtube[1].xml

MD5 34371a49ef4f0cd94e4f648633abeae1
SHA1 930672b3265fef043b2f5a9d92301d7fea21a772
SHA256 2e3c4a9bbdf23cf03c7d620377e56af32894839e35cddb5ba98b0bd20ee766d6
SHA512 e3c6bcde436b419b85beddf55c05f3d87df3b06550f6f47c2c166119c4cb908f0c826c2761f50bfcc37bd0e0b941761a3fbaeddbcd4abb96441120e8af70a8fb

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XW719U2T\www.youtube[1].xml

MD5 acfc98dfee3c8ea71181866a41ad2fae
SHA1 b3adb991fe29c6068c287ef118b5d1e345d0c8fa
SHA256 70b484313304c084b3989eaad12b65fde0cc211c5e815363321a3ec1b9c92b56
SHA512 df94ee667bc8345b5c3e06974da4935dc079220b87175662e7fc97b11ae899fc9c05cfc492a55647b3cadf26efb87fc587610dd638fda29260af516782891b7e

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 09:46

Reported

2024-06-13 09:49

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

125s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4eaf72b3d32a64068250aca2e46ca41_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3440 wrote to memory of 3796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 3796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4eaf72b3d32a64068250aca2e46ca41_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa292946f8,0x7ffa29294708,0x7ffa29294718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,7333136659876039288,8920879404663004169,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,7333136659876039288,8920879404663004169,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,7333136659876039288,8920879404663004169,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7333136659876039288,8920879404663004169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7333136659876039288,8920879404663004169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7333136659876039288,8920879404663004169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7333136659876039288,8920879404663004169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,7333136659876039288,8920879404663004169,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,7333136659876039288,8920879404663004169,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7333136659876039288,8920879404663004169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7333136659876039288,8920879404663004169,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7333136659876039288,8920879404663004169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7333136659876039288,8920879404663004169,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,7333136659876039288,8920879404663004169,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4592 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 konthaiusa.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 konthaiusa.com udp
US 8.8.8.8:53 konthaiusa.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 eaa3db555ab5bc0cb364826204aad3f0
SHA1 a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256 ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512 e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

\??\pipe\LOCAL\crashpad_3440_SAXHSRYOBHGFZVCA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4b4f91fa1b362ba5341ecb2836438dea
SHA1 9561f5aabed742404d455da735259a2c6781fa07
SHA256 d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512 fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7ab4d973bb8879e692d3b030c75dabb9
SHA1 a6a225d82662cbb8357b854857e0f197ce119581
SHA256 1eb263f0005c5a9dcb396d7087dca3117100cc2b5b58f12cd5a6520276e43f8f
SHA512 450ab714bd20b036d85a1b22df4ad2802718d000a08b8fc430a247e703cd424e5b30ddaf7726bf8cfbb37abb29111c4f9ea9cdf01fb81629cd5720e28166f741

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b9db72f45d4247bb6bacd975a8cfbfa4
SHA1 bd871bf62cb6460998f7d598b73ae945dc38c3a6
SHA256 8d23286850e59c8c00a99cac9f4c096f69e20060e40c3cf9951e1d42480c5f27
SHA512 d44914546610f339ef8ae48c55f710f9a59caa20a75786f0b8d513d5926309c5b2baabfa1493fafdede2fe68965bcf889cd6d332bdb19fac2fe5acdaeb29a350

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a754aad2b8383663117f8824f708c68d
SHA1 c85f318a730508b287c07fc28350e18ae45721f7
SHA256 e2fa6d6b56e6c25536df1b78627842d5280e88b5ed018853c6f78120bda4e157
SHA512 d30269cd83c98b4202d6d48a16d066be1f3ad4d800f6f8a4e2ebff7a217fcc89c7d7dbe4e4bdb56f2a98dd95d00954d27fd21378f33d071f72b8787e3326883b