Analysis Overview
SHA256
a02021a3be04b82c41e5fca351848c79dab8267e71f2ff5946460461eaa8c1d6
Threat Level: No (potentially) malicious behavior was detected
The file a5cc9d4678965351f6211525e386ce1c_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 13:31
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 13:31
Reported
2024-06-13 13:34
Platform
win7-20240611-en
Max time kernel
127s
Max time network
141s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "13354" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3614" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "407" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "7672" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "3608" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "32070" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "3526" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "22331" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3608" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "400" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "498" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "22325" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "32070" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "32070" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "288" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "22243" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "28953" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "410" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "9468" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "9468" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "498" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "22331" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "288" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "3526" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "19213" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9468" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "498" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "22243" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000586cf3903f3cb3a470d32c236ed44304b1fc3db62d413f3218bb988b9903bd53000000000e8000000002000020000000d1fd2709287cdc78701c184143669bc7b418c6be0db50c4ca14b44bd62efca3d20000000e4eb6375fb7c232857ac705ce97db01d2a3f6a78f058a9e9b93a40ebafc09e6840000000f62f50c26767f8f2c5ccfe4511a387da86225339d1f22e50b0e7ca54600c9923839e962f31ff138ab1867bcf236c04850c0040c2f58a5f50d81bf37fed1bfb8d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "13354" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1936 wrote to memory of 2064 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1936 wrote to memory of 2064 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1936 wrote to memory of 2064 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1936 wrote to memory of 2064 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5cc9d4678965351f6211525e386ce1c_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1936 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.konthaiusa.com | udp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.187.206:80 | www.youtube.com | tcp |
| GB | 142.250.187.206:80 | www.youtube.com | tcp |
| GB | 142.250.187.206:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 142.250.187.206:80 | www.youtube.com | tcp |
| GB | 142.250.187.206:80 | www.youtube.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 142.250.187.206:443 | www.youtube.com | tcp |
| GB | 142.250.187.206:443 | www.youtube.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 142.250.187.206:443 | www.youtube.com | tcp |
| GB | 142.250.187.206:443 | www.youtube.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 142.250.187.206:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 172.217.169.74:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.169.74:443 | jnn-pa.googleapis.com | tcp |
| GB | 172.217.169.74:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.200.22:443 | i.ytimg.com | tcp |
| GB | 142.250.200.22:443 | i.ytimg.com | tcp |
| GB | 172.217.169.74:443 | jnn-pa.googleapis.com | tcp |
| GB | 172.217.169.74:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | fe0.google.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | cb85f3fcf86ef0de7ef258539cae87de |
| SHA1 | c73288fff07885a62f8c7033b348863ed3b8cad1 |
| SHA256 | 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f |
| SHA512 | dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 5545e494629e2b56b314a968036d217e |
| SHA1 | f38219d5d50279327a731e8c4ca1ff28bdf6565e |
| SHA256 | 4409c530fe698be538eb0eda955f5377b1724e3bb2b22fde7f66b52f1f1f7400 |
| SHA512 | 5130d52d112086a1b8e2aee77607cd58ea0769d1a6bee714ec45125e57121e4cbd6ebdfd590922819e16775056bd8476b64cdb8e3224f677a333d51608b77171 |
C:\Users\Admin\AppData\Local\Temp\Cab1180.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 398bfe5f66ba2fe71451d783080b5e75 |
| SHA1 | 2ac9d9751459bf1b0654bc46ba6dc63f0e571a37 |
| SHA256 | 2b7b71ad1f9d09b11c7d5ec1c3374411760e53c4d8f6f3852709380ef6422046 |
| SHA512 | a25a880e1abc41264fd9c3472b617dc4dbe00fac4f2d1a935071b71d0678d3cebe90ad29d5a85d4b3ced293470b15576734bccaf918df6480b3a6ffd450a300f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_89FBEB9EEBFF8AABF1EBFA20B87AFE7E
| MD5 | 9e6505fb45c52cb64ef313c527a71bd3 |
| SHA1 | 73fc663552708c2d52c7dc755200508a93ae8cd3 |
| SHA256 | 36f875f579d292f26650d8d095e88f3101b413cf2aa7586a3634e26bad5513b5 |
| SHA512 | a5ac5af4618b0b63115def891bb892d35c801e9e479d01a8379188e3716bb5acf8d93e0c64a8b069fde902e2ef3f2095f9022b66b6f8917cfb568f19ba9f1dde |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_89FBEB9EEBFF8AABF1EBFA20B87AFE7E
| MD5 | e8b5db0ae8c5fcebc669dffbcb065526 |
| SHA1 | a559e084ce3484603c8712ed5696c007daaeb9a0 |
| SHA256 | d32935080ef6d293c85f45a4d40c341c587dbd128396789f2f22100ca6c78483 |
| SHA512 | 50e3a5d2abc5eb214172e14f0b2aa354ff793882fffaa1d140e8ed6f4ab9eaa6d37020883011facbae1e50e10c465178af574e8feab61fef9ea62cf1e39940a8 |
C:\Users\Admin\AppData\Local\Temp\Tar11E5.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M46YZP1\www-player[2].css
| MD5 | 69958caec43c10f1d36a71ce83ac69e8 |
| SHA1 | d363274a0f568e4bfe98e978eae59441fc17a1fa |
| SHA256 | d24493147c49a7b5d1a21c66aa87d11a0c976cd4e9392b89add880139aa2b1ff |
| SHA512 | 8a57bb5c5a1f7a91057493bad34133f7a2da0b7322ea84638a82e4df13045a584b11a0bc5beb90c018e9d5fecd323bc73cb35e2c322804ddd74ab0e4967bb84a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M46YZP1\www-embed-player[2].js
| MD5 | 8940a491297381a0ce25360e21b39bb5 |
| SHA1 | 43d7a4157e78777fc024415969c3a7bd550a4322 |
| SHA256 | afc766cb1c4a339c40d24ad926f05e8b4927eed7532b876291d0bd19adc9cf3e |
| SHA512 | 5772d7e7485db888676e69cbaf4c88af01872997338bc61e8e0344d5dba208c2909e167d54d8edcb782e17d1a2b4e9dba955baeb0ad0e43ba932b3bf25ae7dde |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M46YZP1\base[2].js
| MD5 | cb463df0a090cdfabc77af2691141830 |
| SHA1 | e3dde6a1f5c4803e69839154013496a781137473 |
| SHA256 | e09e2e8a3cfbcc88eea12d0b17161e1f2c8c75f1bb21100829c09f9858db3f24 |
| SHA512 | 099374f7b03a4635390b94525105884fa101d93a583eed0d92def7d2de3199d2bd57fc63d885e8e9af0863db40cf521d2fb770eb09400a4c6285f7c37ad88e8c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M46YZP1\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff
| MD5 | de8b7431b74642e830af4d4f4b513ec9 |
| SHA1 | f549f1fe8a0b86ef3fbdcb8d508440aff84c385c |
| SHA256 | 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a |
| SHA512 | 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M46YZP1\KFOmCnqEu92Fr1Mu4mxM[1].woff
| MD5 | bafb105baeb22d965c70fe52ba6b49d9 |
| SHA1 | 934014cc9bbe5883542be756b3146c05844b254f |
| SHA256 | 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed |
| SHA512 | 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml
| MD5 | 2f9946f8fcc5e09c2c44331639760877 |
| SHA1 | 76f36c14c4dd7cc1ae2f455c0574d08115331748 |
| SHA256 | 9bc35b743a770918821146168e3b7342c23b9e820fc58bea077e165906b8d0ff |
| SHA512 | 3039ed74943b1b5409a1ff36a00fd3bac2eb353e74e0e7bae4095cdf966667e5b0d415a5d0f8bf4dfa425874d7ba6ce32b2fc8d5ee5c9909ca7213f8065867bf |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6F0O117Z\ad_status[1].js
| MD5 | 1fa71744db23d0f8df9cce6719defcb7 |
| SHA1 | e4be9b7136697942a036f97cf26ebaf703ad2067 |
| SHA256 | eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9 |
| SHA512 | 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml
| MD5 | ab8c16a5bcdb6de6fff622330e268855 |
| SHA1 | dc788954c86f7fc272f672f1753e41181f09edc7 |
| SHA256 | f5fd45cb59b177b278d9f3d9868f7ce50779b60dfa9c3900464e7b057981ec69 |
| SHA512 | 3ed7b0cb57429af61c59ce485d847d321f39437755b54e1e6c777669ac59e181080c9613d5c9ad21abefa9e7b4486f2e231c86705fc284100c50281a6d0a3130 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml
| MD5 | 56da5f3483ed4cc04c3619a85b6a072c |
| SHA1 | 58a697bf81e8cb00243eda5147fac6df7c41319d |
| SHA256 | 80b04ec7833075e0afa81570e99be06b6a3a48dc49d88b798ae90e06250be318 |
| SHA512 | a4ead6e30af9d84a604473ae773a69fd04b19fefd527bc5d2625f6134fe93e3b71d593c6f6eb819db3778277fa6f73079f7f533d0a03526daf0beb7390b10bb2 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml
| MD5 | b45c05a2cd384d8a4eb0ebb314d932fd |
| SHA1 | fc32ab4a6407cea9058e0bfddf018ffb149cc855 |
| SHA256 | 3585fe1a41730b07a34de61328e3b2b5b117ffdebff96086db7e63aa828be7d0 |
| SHA512 | c9bd3d7ae8b3d1c1721673283f0521424f540460db69f2a109ad8d314a62d60281111bb3170e76724ec37557257968a94ba75a044eec16c82279c599d5eeb055 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml
| MD5 | bde364b47e5212c908dad3bd676cfee5 |
| SHA1 | 1d86cec53f142e50a33869ed3a576cb9155a38a9 |
| SHA256 | f759f3c4ac65d810e4777dff29d1fecdbe5bcc05232f9f5e90fa6e329c65dcbe |
| SHA512 | 8f19eab1a8f2fec9af99b6c6c337b8b72577d30994b5eecf25c20eecafc721b3827fe799c275d605bdd79d7c92dfa8e4c9b55d525b72748b332d7c6d0ea80681 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FY3LN490\embed[2].js
| MD5 | fe1a5011c3a3220f32b6365240503241 |
| SHA1 | e4f78b28f19652327b60d07c154c57cb727579fc |
| SHA256 | 00ab3bc15602e04d00ac5de6b553c6914b10c62a9a6492e6c0239523d2d40964 |
| SHA512 | 80282e77dd310060bd5e8add02a63cf3bd9b9f629dc4fc1cc0cbac801ba33f7601c1cdf1e62549b898de2fdaca24004f01061519ff39cf6360594f02576528fc |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FY3LN490\embed[3].js
| MD5 | 14d69fc9da4a63c8ad5013b3d3781842 |
| SHA1 | e0272f8403d95fd27df22dff5fc014e2ab5d8a3d |
| SHA256 | e2a5632fec9da56d272ccdea5ecfa7000dc70659673c52a11966802e37a2140e |
| SHA512 | 0f85c67ae8969570f6cfa4d265013da7d4820ea11349b11b886d480d7d78df5c6aa1e7484724d6b21421db18678d22bae6d478d3d0e35506673fd609805d1976 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml
| MD5 | 047d86e1e32a82a7cf47bd0857199cb6 |
| SHA1 | d3322b3f583a19b3de3c01143434e171187ce99c |
| SHA256 | 4f5d5dba5e21cd87619e76bd32139d6d14e98d1fd6ced3685a16020adab41265 |
| SHA512 | c6b575b3d5ffa63f9b812554cbc543655999b06bdf3f539e7d09726103dc7744a159995603de3751fa8f1825112c325eb17ee07bbbb134e489320c7676810bb3 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml
| MD5 | cce570a9ef888cfba3f5f6138128c06e |
| SHA1 | 33ef50bcb3eaac5ef462794d2f4472def4cb9758 |
| SHA256 | 65d63d6ffc1ac6a8519d489e2ff247c4d061402ac6de6e04d1fc91b23ad1dd98 |
| SHA512 | 406399a125847d1ba3c463ffad0ced978a8cc5530fe65b93eb7e48b9c7f0f5f0875e9ba54d126e5f1165c228267cb0ed2117828f0eea1fa182a83eabcd7f851d |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml
| MD5 | a58563b61a16d4c0195225af3f75f5b6 |
| SHA1 | 7f851c40da4b9c9192b9a623d56c84ec7ef913b8 |
| SHA256 | 6d9c50ba1be03962e3c9c19d92e6003f652cb43335585259501f7c90066a8b2b |
| SHA512 | 72eb11855f8708885817aedf3c1ee3cc0e31ee8e1e2e7a3b525f094019764e12e734766c230bcf9e1e7d92728f7d73ea339b95cab13939363469bd8d47fee5e7 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml
| MD5 | 0fd9af3d8c000e1dd283417f53b7a6f9 |
| SHA1 | 3b95409790b87b0056fffa1d27cb32d9fbcdbdfd |
| SHA256 | 483e4eac4ea11b616ffdd55959f829cbd4e3e68bed5679965c571cdf6027cc1b |
| SHA512 | 3901f6f3cb392d3912b73d36a08937a84c1262ae68cc1c77bc6e9c32fcb4ba4f4213554f89b81b2990ce85a78b5b0c441d9fd127937b026fdbfef95c61afc05a |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml
| MD5 | 9c10f4d7dbd7863d445b86c3eadad7a3 |
| SHA1 | dc5c0bf1a6d302b1aa3d2e36a2182f7df4873079 |
| SHA256 | d16a4a623deebebe422f076c569dad9e117e9ddbafa286d522d350f11e6dd483 |
| SHA512 | 9a0fa1f9f94151672b47ae12acb6d28728a119300f48babafe201b3261bc1cc9de620e140bb710f848cc0cdd10ada9dba4031c228fd0977247cbc713a7322a9e |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml
| MD5 | 876a40457be3cd2263c6f55a1be62014 |
| SHA1 | 310d13f539b3ef778dbed8ee0ce7ee8275206cb3 |
| SHA256 | fe0a3ada9221dfc2ddf8969fc037c58c8d210a0656a4e405f7fe88c571a14f00 |
| SHA512 | 21d93b02bd4f80de546f6a28ed1e4963011f4a8dfd45aa4453b8cef2b63a329815436bbd63da925a45208121188922a6c15d275ec2f31296ef2f45024066f58e |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml
| MD5 | b82c79d747e461a8c1337b8dfd5b0ae6 |
| SHA1 | 93fb72283433c762acc24255c20bce64c42368fc |
| SHA256 | 4b1242c8d175739b59d40db0e18ae9cda6e941d49dfd4e72b1956218c348b00c |
| SHA512 | fad4ac162b556674b5fe2310e69256ad23814beefb3787bf3cfc1c222810b1569418118e1123c4bbdec14d8c889f495c829f8b65beaec46d50dbedcf7fec82f8 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml
| MD5 | a9861074b5de13c78e4bce7567384c64 |
| SHA1 | 01698edf36c0dd1b2358529989c95838088fd99b |
| SHA256 | 8f27946453b1150e6ff7d359d1385b96689c1387f224f3ef773c80fe3e4a6933 |
| SHA512 | ef77a36538f402d7502e75cdab91b4b7b4f0d0ec2026d4257a8db5164dae54753105968f62b40726a973d9fe56e2708838a694570bd78815b96cc9ff15cb6d9c |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml
| MD5 | f04d4b64229c708bf8de575229b74122 |
| SHA1 | 5dd4d93f9896db670919fa70492b7ae537cb0d66 |
| SHA256 | 85034c254686044277c5b1f7e9245f7d1eb259ddc53446779febe638289d312b |
| SHA512 | d945a86bcdeebfc7ad2e97d5a42ef1ed4f87957bd29350085d34b34e4622ba8fb8fca7c6439d0538eb57133bf56e1c6c7d8db3cc8a9737070202d4a4ed56a4e1 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml
| MD5 | 5541537462f2c67111c13ef31a39d2c2 |
| SHA1 | 6c9f8416930133995d8c3da8b98e8b8b83c7bfeb |
| SHA256 | ca59326dc939e00196432f377716c7c3b07d70fb66e53e92ebdf654416615bc7 |
| SHA512 | 252d331dce12a4f40989c3a2c656e3d16f1ac8345353bf9b7e1fff5901e7bc7afda8b4c883445448dde16c32b616cb4bfae8d1742b80c85d58094e15cec8c252 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml
| MD5 | b0ab9d71c254361a2a2c3553f8bb6c83 |
| SHA1 | 6c565d22f68eb5dbb9e10edc76efa67133d58de0 |
| SHA256 | 29165fafc525c1c1d7167e66a8ac5702c69744f29824b21747b3c9bf11445f94 |
| SHA512 | d756490a10138ac694d4f5a11f06f6aabc1d60e328cbbac1cd787c2fdcb541782f8c8729684dbb77b2c1fae3bc682f384675b6e0396e1218f3a6813a0d24baac |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml
| MD5 | aaf7d9f0ed062c055d9046b85d423b51 |
| SHA1 | f094d700dbc8b7a1c45ffe43877648ad0670b0ca |
| SHA256 | 79b8757a7765327dadeabf9bd4467233713e05e18a45a367253603b39fe3caa4 |
| SHA512 | 10bfa9115e15631e675dfe90c5e8ef17fa84be07d18b234989b0c8eda3d26619810b10b70b50143d976ee7cc4d406ec013e27593cb6f281d59302456682e6fb2 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml
| MD5 | 80f697881b0655b58ac1b0a4a898d44d |
| SHA1 | 4322c5e5f5f54ef56b346eb8d742cd903820eaf6 |
| SHA256 | 63b611d89b919ccb1edb25f8427cdeb1c591cce8f4e03174f7973211a965ce13 |
| SHA512 | b563e28027b277f77ba5b035903d61de866bbca870f731f10a41717dc739e60764f31f49d82eb8dc9ef93d120909f43a2ecfc82d4acd86427465b595d0308b2a |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml
| MD5 | d4c2a4211fa3928c79afd7906c1f9c9c |
| SHA1 | 2e7954a146d362fc47562d84f896b45fbe574200 |
| SHA256 | 5232c8cedabe9537646fc3f574f24e1932b95570113bbd6424438d38736612a0 |
| SHA512 | 4bb7b2c1a20dd2c2a66fd79f7a693a11dc1c04ae7965d47a1a8342d95b5fea32fa05f6f250af4aa2e2ca7309da4093ef3397de2316d93dee2331f16a7b6d27c7 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml
| MD5 | c6b3e96ad7c7150d350054670fe53ad6 |
| SHA1 | 08164829a1f56381aacb329578c85152f9a7a3a3 |
| SHA256 | 32f21ab68a5006c7481ce93f33157a06cc3c7b4928b1c6f7e26d032ea0a71cbd |
| SHA512 | 64d8fc23375d8eb95edc7566495902505ce1f5a529786950e8877d1e5477adbbed94864b2cb4249b0380112e1f6edd5dd241e1a55b645d8a70fc02f38ca8025c |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml
| MD5 | b88ab5a0738f51d9b63b7ad1ee27f98d |
| SHA1 | c10c1eeb9453b72d97c66e818e839718d3fd15c9 |
| SHA256 | 3a085bccb9776cdb8827ac7121363462118d051d9b0b4942c8c1979a1b5a0003 |
| SHA512 | 156eec2b12072ac11ea780a01ffbaa4bb7f2cd63c89a9e4ea35e38b53205d914f6ab44be5cfa725ffebd5015ee0c2e61f7024da5531d1b93d171361708235d89 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml
| MD5 | 986887e4fdb9761dee044daec5746481 |
| SHA1 | 83555e5b6242ed200c50db68b319117b5636cd0e |
| SHA256 | c7f8e4df376d7a4b5f8fb045e239a63252342fcc4a14dc81e63f9d18e1ea8e23 |
| SHA512 | 1c81a975d698ab71912d27e119e66bffeefd93a338366b0fc1b48a6be9fb5ea006f2b9593d40c61a0193d894265af0c6b58df05dd998be77172e5be8d74b4920 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml
| MD5 | ca2ad4ddd6918c80f9c9db5c7c362286 |
| SHA1 | 8d1f78b8fa35643f05ade4811cd79dc335524f91 |
| SHA256 | 16ace30dba6643bb225e84be4e81b20a97d2de28144c3d530557bfa9ced01dff |
| SHA512 | 01da8cc6fc714cd06011a2adb2d4960d211b379431b628780fa0fd4fc6719aaf7ff871ee06dd725a399402aa68d755e265f625b7b7c1b6d9d18f93fe80ab7227 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml
| MD5 | 1210c765f7fb198672c7301f07a2ef24 |
| SHA1 | 66dd3ececc31a3ab7d0b8ac99795b923e98b2310 |
| SHA256 | c317b60e354e1a7f3448c8718fa0191c53cddb5d5c510dd257e7b39cdfcd9ad9 |
| SHA512 | 95cf1260a9574e525e2e6227ec2928c99379b1cd712234163f0868fbf123385dc728e3cd20dd7a3ed98326e2738244a8b72830e5c990e208a9c7b6f620b8a89e |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml
| MD5 | cd705a09566c7bf583be353c27abc719 |
| SHA1 | 86895f488a0c5c1f6b0b42136833997cf209e6b4 |
| SHA256 | 9e2601096348fe19bf6ddd531ff33ce7efe8e85a116b08073bf6b30141d74bba |
| SHA512 | 22b5db1ce3c38e2ab37092c337d1571f396b208bb14ba6a94e058f6a021468d5564fd02be46ef3451bd835f2f5174ad339aa691e645e86f03b986b6dc15dd9c3 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml
| MD5 | 956df22fc541ce5b09e14fcef8065cbc |
| SHA1 | ad97dd809c769f1e437a9716446fe8ea59899737 |
| SHA256 | 480f9c828e687414aeb0a805c03fca709c5251aabd16b62d5e277f004b90cf22 |
| SHA512 | 7ddd6eef8a4032653578e29ea4c16c6f95e6f37a4ff4780ebfee578963e5f1689a106def1c94f29d5ba784d761ec9d26aa8d21f1f25a4ac087af760be32cae53 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml
| MD5 | 52f9edc8b12e440605a79612b0f76128 |
| SHA1 | ffc336f75f81727e90b93afe824d45ebe9acea21 |
| SHA256 | 7f75d05ad21bbad84a46da1ed6b90f1370e1faef21c37abb2d719f3eb4c61aea |
| SHA512 | 80fa0a3a1fc620a0fcd132cf3d7b43801d570de30d47bc9ed39b6d3bbc2e9d12d91bc21efe6599ae12c539ad4145229d404dc340a699a92a4b570655c6aad33e |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml
| MD5 | bfd084e7a7259cfe5daa549d98267e6b |
| SHA1 | 97686fa82435e6dbb0e4d9da20a73cc93941f95b |
| SHA256 | b0ebf2e73617f164989b287d3c5e39d7bd060be0a7ec67955b10b260a10d2fcf |
| SHA512 | 092620f44fd9b66199baf55f2b1bab3c1f1458fdc1a1ec65ea151e75cab367519b185fbfe6b9158fe681d66b81827c0cb0874402b570d9e11e6f2451dbb6ca9b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 29e58ebb05829cc963da0908f773ea92 |
| SHA1 | 9b510ec9b08095349aa8d80b73d611a9e21a322f |
| SHA256 | e57158e979f621bd52cceb03ee9937f9da72134c56cc8a84d4864023458e60ff |
| SHA512 | 4bf8789f253e2b933b6ba33efcde7d653e1cd049bd800f61ddeafb08bf1d8bd40a2751408a31569854286b826cada3eb4aa570cb93fbbb011c31047b835b4cda |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 788a30caf878ce08ab9cda34bff867f2 |
| SHA1 | fe687fd1569d0d523d29efbf7e8453b509b4dff5 |
| SHA256 | cb64ca9380a89d24f8f3a1b9dd8c5e710489535c47c0a5936ea87bb5619ef7ad |
| SHA512 | b6fe77956387f821845a031bfbb4ad034c2453ba67945f40e85614fdaf4433d1c666cb63b18455cfa3fe69d84425416a6f824d7b166a5998a888fa79dc85be1a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | daa4d185d600e69c76b6a93921cb8ba3 |
| SHA1 | 4bf3cb4f6411d9dee349d1668254682411e903ed |
| SHA256 | 3f7ade0531cbd108ec89aeea5c8cf056ae1d3a8bbe02ec6051b03bf29d6e4fd1 |
| SHA512 | 1922afca2ebc9acaf82dde5ade7cbc1f509ced397056b5d57845741a4a1308bc04dc5bc0d82bc35055d1c8348dabeb88419d32d62418714b9a281668444e1684 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f72497779204cb29881caa66aa6c577d |
| SHA1 | 37cddd4e4b66ef0f50246ba16bec9bb6a1abd1bd |
| SHA256 | b49d3ce1a35d52db3b258bf781a47a7b9dba9715bf7a9fd3372a4a3ed951a902 |
| SHA512 | 16726a2f93966b666c33a3728ce340fe46287da03ec1d0fe631ada11ed34a80130551a28228774f99868153931ff83a950027df8313a1224b4a90a9ced60f6fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 13cdd533496e0382e9e57c8cb6e97090 |
| SHA1 | 3473d6fe28a96aa25193fdde185fbe110404237d |
| SHA256 | 3b5d566984886e935b3c33e85c9f0e7dc2793a285896b84960fd81d6548a30bd |
| SHA512 | fbb4061de9524474c0a61f14925fb12d8b5e27402cf62eea2b915fb85c7efcf6a6303bd9bad116f5d5e44a68270be21764300d2c9cf24b072e288c840590dbd3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e6f16a5fb32eff172a073d0d86a84e6 |
| SHA1 | 72aeef5ef2f09d178ec4e85ae9adc6139a967ee4 |
| SHA256 | 8dd6dc7b190bba454085b12311057aca607e18928dd1b7bd28340753d85010a0 |
| SHA512 | 7f1ef3660b1cdfc57faef963dda4ba452a2f0d5f3788229a380ea0eb39f31fa8176b4961b72693b775abab29f7c1296e09ec1215cf9a4a2aa382a6d76aefcd74 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d928013ad3d7d5014ff8f51ee40fcbc5 |
| SHA1 | 40eedf49052bb807924f4e5642145b2ae51f973b |
| SHA256 | 6f31972045a275859c468ba2b69912ee0b9d93884d76385a6a93336a7a46f887 |
| SHA512 | 4d3c2a831b9b3d267e5ee3f50fd487b948947a12583d21ef62b66b8baaae6de6f8b52896f4b01496a635c9eda1d5fdbaaaacb90c36d484df4b4078030e8a7600 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 806b06e5251b73146bdb2407bc45e2fd |
| SHA1 | 12a4e04ef1700bbb3e46b36bdb8799e9b0ad9fb2 |
| SHA256 | b9bc15a899717cd3bca20ae561fd0c04e00586246003d3d0987a9d9a56074f15 |
| SHA512 | f74ac984d4ac83add35424ff812aa1a29fe9557ca1a8b5d75d6487271e3aa26314315f8fc11d94434a040511426e1de8cc5b0bd008efd8137e4fd7d8f1f6b1e1 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml
| MD5 | c771a9563563084c122812ee693b2248 |
| SHA1 | d515ec90df417672a251400b08e1b2750346b3a6 |
| SHA256 | c99fedec2e973749fe5bf3b44c67bb5f2471287fe934bb7737061253e981acdd |
| SHA512 | d9b7eaaf483322076dfa6bb35ea701dc017945f906e927daf056248f9bbfc94933ad0fcd8e1e6bed79e70a21b173f037eadf685e9a0e1a2c08399baa2898a8be |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml
| MD5 | 82791d208aaa68139d5f4ededde3b0ed |
| SHA1 | 096f9f8fbfdfe58dcc5c71bc8f30ec68025ec996 |
| SHA256 | ba5e293966ff4b86f1bc21e370834552848d556e87074b80529c2c0d02f9fad7 |
| SHA512 | ce9fb1c5ad1c4545e69be0a4b085da77f8696f36cf09180fe778bb4640fd20310439b804fcd3ceca76df7af723fe5d58763abfa7295ca207ff93b04435b67c9b |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml
| MD5 | a1834a3f49bd723de6ee9fa5e412efc2 |
| SHA1 | c095d66b1ad53dae1481496d03283dfe030be256 |
| SHA256 | cd214e5746d8bd472cb0171843ebc4214a1ac2e6149db6ac1f8c9c036009c1c5 |
| SHA512 | 7fcf747a9be15c9c9d55df001e039d7b657bb6e72cfda9f9875f1491e29683b517e0ab6937f658344621a878e1099c9ee605a667a1aa150c9df8fe6a60bee91b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f66981e3ea03e2ed13fc7af97c4afa55 |
| SHA1 | afa8f6e59667cbca8494fedd89ae8f0ef25f8384 |
| SHA256 | 82356c4b7b4c749316adbeec5bf69cc9afa884223692a2d4b3cc08a952ec78de |
| SHA512 | 8c519318a79723d76cfca84deef0bfc29eace77bb3a8d516972ba6419f44661bc1ac5308f6b0b5bdfe707a5bfe1dfeb3afa553e2c858cd91ad0d53ae05a2c828 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1YB98R3E\www.youtube[1].xml
| MD5 | f5e667285cff47524ab54d86ea7fdef5 |
| SHA1 | 96b7377bfb344d27b1b123103cec93cb710ff976 |
| SHA256 | 576b4c81bf2bfec2a4521ac0159f48256cd9b53b3a5f98f56959a6b18fd60409 |
| SHA512 | 6a552da10770c3ad406cfb1d28eace963c0350fc3fee3940b7ec089bbc0ae195d8a6df43908124f2214c0b430c2ce75823d1d5ddea46dd4b5f322a2b26022593 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c4f7de88c8c09da76de13ebe9f9cb751 |
| SHA1 | adecdf6bb7a49f0768684b15d21a20ca6304100e |
| SHA256 | d338cb8312c2bacbf7830a3c1906753d40ec41aec412e74f5ddd15b48cc3c3f5 |
| SHA512 | bc98867377d2f6558c6ff49f5ce48bd9bd72bf46b9d5835c6bf817c85591d41869f0eee9cb302b492ac5bc6a4c6c123f6d0f31c77e7918d8be6a882054921695 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6935f37dda84ebed6c5f21f15861b80d |
| SHA1 | ba398f346f58034bb626adc2164dd72ef3310f3a |
| SHA256 | 54d42ee1d59c90ea5b88c7acb73d59637b4d7fafcee074f5eeafee9df81442e1 |
| SHA512 | 363fcc574d7b5bca0a6cb11bf0bc2a67bda0d75c900113fa00f8a2286677b9449a7fbb29887d46e9684233e660f8f18360f01df09c54702bb54aa036fa4af06c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 276750cc3305cb64bb4bc923e2a4c1d0 |
| SHA1 | 93188e8b1da7fb80caec9c073fa618b4211f756b |
| SHA256 | 981282b664ba344bd086406f2ddc45e9084db504af13e129f23f6254dc4e3ebb |
| SHA512 | 0afc7d2aa306a7879a5e14aea2f5f675affaa3c45c3578689212c749d0150a48bf37d89c26b9e4cb0f7501c5754e186a7ad8ade99775dd1b3c08bf3c95a80245 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3da2c7952f53c16e419c074e883aac56 |
| SHA1 | 76018929247ff774e9a260d74c528868065ba600 |
| SHA256 | 9e276238b5628706675786e5abeabda99c7bf59a1f42bd2ce46a292ba7364e45 |
| SHA512 | a09b0df244baa411c8d561f852d1aad1af481c8dcb54d3db5ea893412825ef3a0cc2f042a9f3f3429593fa2d2999ce1dde4a526f27364a430d0f8ac27258ac46 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f8215bc67b7b40cfa052ea4eefbec2e9 |
| SHA1 | 231a2d4191f7b8cebbcc4d8e2b3b486220f1b864 |
| SHA256 | cd15461efdf7719c36eea692b46cd9c900b55f4b9d7e3641542b574a2f6155c1 |
| SHA512 | 1422893c97702502c62f92e66ff88d28819635b52421d4dca13eadd729e75eb4a55743ac4f61ee78238b4df913d3bad588c707b4d82179c5a74692515d6d49d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f091d6174403fe8098d2512a2059138 |
| SHA1 | b31f3878a839da188c06e0030675a9ef873588e8 |
| SHA256 | 89c91f70d6f7cb656f0aa211eae64b75d587b2fd191c7eda7941c210f2e818fb |
| SHA512 | 18c0ec9a4689348997f2fc77f696aa1aa26fa5dbebaccb22113aa630d19f158b0b75adc8a180926a206051690dfcce431f2001cbd3c5e427a8580b5701bcc15a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ca578b234716d75d1cf09d99dd351bf |
| SHA1 | 32e2fdd25bba07dca9db53a98b1755518b8becce |
| SHA256 | b6d291218e0a4214b331ab6a8958bbb30098aace065cc18498895be9bbd816bd |
| SHA512 | 42502a294c19ae7c5edf37490cf15be93f667e57f424f0ce46cb04a1c0c2e70db721d7bb889a86906f61d455b532d5138516670d69696c2e18863c07c9bf9d05 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b96df708c94fa714edece85c5db8bd5 |
| SHA1 | 573e7f034c6420a833f13bd8908b98ce8af087f7 |
| SHA256 | 4a2f4865af2e160fb36c1998c6f2ab80381000919e35c3fe3959acf0a4a546c2 |
| SHA512 | 39f6d3a32170e3a50557410f42487081f99ace070d38efd3f6adef29b27ff8bfa6ce5195cc75f0f80fc8d5021efa104f02cb8d473feffb3aa33a31064c04362f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e5cce29ab884230a6e8d29ce52d3e090 |
| SHA1 | 040789ddb516eacdb985c379036939f34d85cab7 |
| SHA256 | d63c155212632d61e882aa2f89158d1531696c7b270d4a37f687757ec7184dce |
| SHA512 | 6bfc3ae0874f6ef60692f835162c9f235fcfbdaf0830a4ed8e5d057b47b33732fd0bf27f27c0ade2af156aea22b3283827a67d97ca279f0ca329634c9a75aafb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a733ef8012be59b05e1007de56df79bd |
| SHA1 | ab54aa487b68e6f6dde5c53f954105bd6bbfa80c |
| SHA256 | 0d961a3eca3587e3258da4de27025c63a8932531fda2d32f039b06e6211b6158 |
| SHA512 | 46516c1168323ba1bb71d67b51a1b548b88a4a3f69ba8e1ed1a95971a9a8db4219ed2186db0fdcdbc0a14ca87133e181ba28511a76b97799af6bbea677725a2f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa63cf3601a30cd6d8932316ed328750 |
| SHA1 | 76b4f4c985889d66bf7c3dc944f52e4f775470c7 |
| SHA256 | 51c0aaca1b336906b8848cad03aed83cf948345e4a1f94ebd8e56a5940e8e202 |
| SHA512 | 147da38fa4e894ad90fc95226044cd98b9253e1fa59ce2557db1dff3e8619710f1edf15df2f2ea0b48ed76eb0a7090a15e380ed04e5fb4d2102fed9e0d82b2db |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 13:31
Reported
2024-06-13 13:34
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
124s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5cc9d4678965351f6211525e386ce1c_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd168946f8,0x7ffd16894708,0x7ffd16894718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,12197245464236385116,17696474875434699107,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,12197245464236385116,17696474875434699107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,12197245464236385116,17696474875434699107,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12197245464236385116,17696474875434699107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12197245464236385116,17696474875434699107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12197245464236385116,17696474875434699107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12197245464236385116,17696474875434699107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,12197245464236385116,17696474875434699107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,12197245464236385116,17696474875434699107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12197245464236385116,17696474875434699107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12197245464236385116,17696474875434699107,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12197245464236385116,17696474875434699107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12197245464236385116,17696474875434699107,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,12197245464236385116,17696474875434699107,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4500 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.konthaiusa.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.konthaiusa.com | udp |
| US | 8.8.8.8:53 | www.konthaiusa.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 612a6c4247ef652299b376221c984213 |
| SHA1 | d306f3b16bde39708aa862aee372345feb559750 |
| SHA256 | 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a |
| SHA512 | 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973 |
\??\pipe\LOCAL\crashpad_3760_OBYPOQMVHJLRKXYJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56641592f6e69f5f5fb06f2319384490 |
| SHA1 | 6a86be42e2c6d26b7830ad9f4e2627995fd91069 |
| SHA256 | 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455 |
| SHA512 | c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 49d6d768d4a182d3bd7ad10efa146e38 |
| SHA1 | 62c7df3f8f23f7b9023718dda757d88b1f447fa2 |
| SHA256 | 9107da7e9bac262cd56fa687e96f96b7868c205ae5ed9c2177259bca87d519e3 |
| SHA512 | bdf18280a5696de9f399e98ba028e5a72ed95bd60f0ee23984d1deedc055411b2de2d8a529f8e709f3b4d3bf83796e2fccdd881ac24396f61c42041e0ebb13aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 63cce0f93f46db9169248188401770f2 |
| SHA1 | e8e6c6acbdb55c7f50908b583ca4bb67338a0ee6 |
| SHA256 | a93b0d4303ac1cf031178dffce71d47e9c40109d5fac7a7435854ebf9514590d |
| SHA512 | 31f5eed6ca3f0e3e8ccd689a2d0827b1a38f0b14d44e75450778e3c060607bc77d3df0552d71d2803436817653a814a11e475b688d93aa26ee921d56681d0460 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b0e1d772af8729de088571ad30283013 |
| SHA1 | 6377bba2646606f8a445342cef1308b6641e9091 |
| SHA256 | 48e2f8ea5354ae9b37453df84c9e6f79205ff1cb8709d61fa4ae9b7e80632be0 |
| SHA512 | f5648aec4ab8f6545a64e0e9d03a5880a5713b06b2edbab3daef09583651fb1b66d760aa029db4051a8746eb870ea405f67a99be2407f065916b304b89ac1de0 |