Analysis Overview
SHA256
1f049bd52fac4394d270c102d394026167a6e7eb6bafeacba61752be554724b0
Threat Level: Likely benign
The file c07a405a288f26a242d95a708bda2fc5_JaffaCakes118 was found to be: Likely benign.
Malicious Activity Summary
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-25 09:51
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-25 09:51
Reported
2024-08-25 09:53
Platform
win7-20240704-en
Max time kernel
145s
Max time network
151s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "17064" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "5348" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6114" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6114" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "21304" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "410" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8D5683F1-62C7-11EF-A251-667598992E52} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6202" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "498" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6202" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "1905" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "1987" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "21304" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "21192" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "21314" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6114" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "21314" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8387" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "498" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "21186" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6081" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "1987" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "14111" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "21192" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "21396" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "15380" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "3852" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b70000000000200000000001066000000010000200000009d125859100134be4a46e979be7971b05fe65675978c36bd47c1f57cd2c2410a000000000e80000000020000200000002748bf70fdc1f33943d4093124536c168de9bc39593f8e399f1ea6a566345b74900000008638fc171c7b90f3338d227e127c9e44f5af55e69825fb47642a4d805715a775d56f63117398a43ae9628780e91614db96056569545fbabe2384e2d93105a27b08365fdfadceea53544dd53bcfecbbb21a6950461649d4cb8ee53ffd996365955c499517ee156296571d805048839935a6a5257e5506e8bf4a9e1cf61d77e0626e1760c50b723460faadd3b4316fd14f400000002ef133197a84a7b2576f8cdc0717b8b8c7c77660ce8782a8a95756cefe7a1dba88ce6eeedca2ec59b0552426ac8f9e640c973e27c6d1022fc13bbaeaf28485eb | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "21304" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "492" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6202" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "14193" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "21396" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "15399" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "1905" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "5348" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "14199" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "21186" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "23377" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "498" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2780 wrote to memory of 2248 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2780 wrote to memory of 2248 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2780 wrote to memory of 2248 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2780 wrote to memory of 2248 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c07a405a288f26a242d95a708bda2fc5_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2780 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.konthaiusa.com | udp |
| FR | 142.250.75.234:80 | fonts.googleapis.com | tcp |
| FR | 142.250.75.234:80 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| FR | 172.217.20.174:80 | www.google-analytics.com | tcp |
| FR | 172.217.20.174:80 | www.google-analytics.com | tcp |
| GB | 157.240.214.35:80 | www.facebook.com | tcp |
| GB | 157.240.214.35:80 | www.facebook.com | tcp |
| FR | 142.250.179.110:80 | www.youtube.com | tcp |
| FR | 142.250.179.110:80 | www.youtube.com | tcp |
| FR | 142.250.179.110:80 | www.youtube.com | tcp |
| FR | 142.250.179.110:80 | www.youtube.com | tcp |
| FR | 142.250.179.110:80 | www.youtube.com | tcp |
| GB | 157.240.214.35:443 | www.facebook.com | tcp |
| FR | 142.250.179.110:443 | www.youtube.com | tcp |
| FR | 142.250.179.110:443 | www.youtube.com | tcp |
| FR | 142.250.179.110:443 | www.youtube.com | tcp |
| FR | 142.250.179.110:443 | www.youtube.com | tcp |
| FR | 142.250.179.110:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 142.250.179.110:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| DE | 157.240.27.27:443 | scontent.xx.fbcdn.net | tcp |
| DE | 157.240.27.27:443 | scontent.xx.fbcdn.net | tcp |
| DE | 157.240.27.27:443 | scontent.xx.fbcdn.net | tcp |
| DE | 157.240.27.27:443 | scontent.xx.fbcdn.net | tcp |
| DE | 157.240.27.27:443 | scontent.xx.fbcdn.net | tcp |
| DE | 157.240.27.27:443 | scontent.xx.fbcdn.net | tcp |
| DE | 157.240.27.27:443 | scontent.xx.fbcdn.net | tcp |
| DE | 157.240.27.27:443 | scontent.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| FR | 172.217.20.194:443 | googleads.g.doubleclick.net | tcp |
| FR | 172.217.20.194:443 | googleads.g.doubleclick.net | tcp |
| FR | 216.58.214.166:443 | static.doubleclick.net | tcp |
| FR | 216.58.214.166:443 | static.doubleclick.net | tcp |
| FR | 172.217.20.194:443 | googleads.g.doubleclick.net | tcp |
| FR | 172.217.20.194:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| FR | 142.250.75.234:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 142.250.179.68:443 | www.google.com | tcp |
| FR | 142.250.179.68:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| FR | 216.58.214.86:443 | i.ytimg.com | tcp |
| FR | 216.58.214.86:443 | i.ytimg.com | tcp |
| FR | 142.250.75.234:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| FR | 142.250.179.97:443 | yt3.ggpht.com | tcp |
| FR | 142.250.179.97:443 | yt3.ggpht.com | tcp |
| FR | 172.217.20.194:443 | googleads.g.doubleclick.net | tcp |
| FR | 142.250.75.234:443 | jnn-pa.googleapis.com | tcp |
| FR | 142.250.75.234:443 | jnn-pa.googleapis.com | tcp |
| FR | 142.250.75.234:443 | jnn-pa.googleapis.com | tcp |
| FR | 142.250.179.110:443 | www.youtube.com | tcp |
| FR | 142.250.179.110:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.18.190.80:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| FR | 172.217.20.194:443 | googleads.g.doubleclick.net | tcp |
| FR | 172.217.20.194:443 | googleads.g.doubleclick.net | tcp |
| FR | 172.217.20.194:443 | googleads.g.doubleclick.net | tcp |
| FR | 172.217.20.194:443 | googleads.g.doubleclick.net | tcp |
| FR | 172.217.20.194:443 | googleads.g.doubleclick.net | tcp |
| FR | 172.217.20.194:443 | googleads.g.doubleclick.net | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabDBB1.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 1aa607fcc86dc218e04febbf0484b0c8 |
| SHA1 | 04ff72f900cfca65306f61aabd4b6ea337740961 |
| SHA256 | 02cf8ed5e9267c2b9658c3e07951626d85e6f5ebb3eb032e58abd347bba18199 |
| SHA512 | a2f99e445d78c1107d1c000c639fa988f71faf51ebd2a35f7ae55c8fc7160798b51c3e5de69ed99b25c5bd31c31df9508b161c31ce778b548fbdeb2aafdca1c7 |
C:\Users\Admin\AppData\Local\Temp\TarDBF3.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | 22d550a3ab5f104624420fee2ee8e17b |
| SHA1 | 7111c5dda2c04cdff7f13b014652289f015e75ed |
| SHA256 | 7ec3dd95b5fab4b9ffc34bf5faeaa71c77d9f94779c20fd8ed790de076c6bcdf |
| SHA512 | 53593c590e3ccea3ac195b360d4f91e3ceef2533acc60a399c7efd0119062ee5163ee32ef2b4243462d857c081cf2aa396ffd763d56e59c517d6dd129568620c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_68D058512F3515153DEB95A1F4E72552
| MD5 | 2050e479536d164f4adfd20d992aeff4 |
| SHA1 | ca6849b71f67b0e10bec7aa554ee49317c47cab6 |
| SHA256 | 923e57862a5ce55ee1dbee014e9179a6cb727124ba368c01d23a1018008b5be9 |
| SHA512 | 4931c032196e053fc49417102524d2e03fdc4ad09853aaa3aff6768d4d02453c4d8a8cac4a497a0ee0f56960ac1be03dfe4275fc756cf73ace071559665fdb96 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_68D058512F3515153DEB95A1F4E72552
| MD5 | 73e50f3167b61d7f543301b649858a33 |
| SHA1 | fe3521a9a8490aa63dd96c5750ca55583e47dad7 |
| SHA256 | ffab5722bb1b7c00b1e4d946988b1de6227a2c6f3296f94721c9773c79a58f8e |
| SHA512 | 5bab5d1ba933603d10b19f04f5c0ad6afbdd3cc1f8501bef7737b452285ede552addab2873989c1a100312940d24b0b92c778c89cc74d174abf73ad0b8848c2e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VOGNAB2O\www-embed-player[1].js
| MD5 | 4841d7c0dc8687067a5c67940f823387 |
| SHA1 | e050231d82ac5d32046fe9c07c1524fcb85b81d3 |
| SHA256 | 5a087880cd4c7ed70516c480f29206db256642795dfe0880fe346d394f4d088b |
| SHA512 | 1a2c8a0e541ebba3f37dce4b9c4d62b310faf6bd8fa1138502c07cebf033a88499e6e745ff049df52419ea2b06bac9451be9cbfeb609239ea4d4ebd1c8785d32 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VOGNAB2O\base[1].js
| MD5 | d7ab337b769d56f2c9bd297d5ec43470 |
| SHA1 | e2d570c11052e235217e8b3cdec95a9c1ffd7431 |
| SHA256 | ffe4a2763153d6edc9ddee2d6dcc83adc31f859b20ab7ebd5efb1d422593dbd5 |
| SHA512 | a78e7eac541f402136a00c9840ca8b8f80112516038586377397405e8ae248a04cdc0f6fda71791565870d75d87943cb4b157b5d7fdd7b02b2ae433d158898df |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XWMUP5AI\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff
| MD5 | de8b7431b74642e830af4d4f4b513ec9 |
| SHA1 | f549f1fe8a0b86ef3fbdcb8d508440aff84c385c |
| SHA256 | 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a |
| SHA512 | 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XWMUP5AI\KFOmCnqEu92Fr1Mu4mxM[1].woff
| MD5 | bafb105baeb22d965c70fe52ba6b49d9 |
| SHA1 | 934014cc9bbe5883542be756b3146c05844b254f |
| SHA256 | 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed |
| SHA512 | 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\CU9Q6RBT\www.youtube[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\CU9Q6RBT\www.youtube[1].xml
| MD5 | db3244c03dd92e27179f55ac243748d1 |
| SHA1 | 25a452e4f56d51c5c41205db2d52db43c840f934 |
| SHA256 | 17d180e8e8f06e1a0f9ff798837e91c27f98447c43389986470134d001ffd16d |
| SHA512 | aff46e291862560d5e9cd73f549cc67765b693211ec08b03983b388b7ad5920f925002756ddeaba39ce7a642c5ede8afd3ac8898c48d361944b480ac3fa3dd7e |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\CU9Q6RBT\www.youtube[1].xml
| MD5 | 443bd56e64081e79404f2998774c58af |
| SHA1 | 7c618cf4cef2ec12e77d915ee7cad5809917a1ca |
| SHA256 | 896c4524c734e2659ac47cf6b501ba055b0facc3d02ce8ef0045c83c6f8edd1a |
| SHA512 | 7cdc377cdf2f2a43c929b5e00b31b0f818681136dc541f4aba7fd724aaca5c4e66f120b1588e1fdfb3514e7f24e204c5744296a3c3c378347a77b36ab97b9140 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NFAY0EOS\ad_status[1].js
| MD5 | 1fa71744db23d0f8df9cce6719defcb7 |
| SHA1 | e4be9b7136697942a036f97cf26ebaf703ad2067 |
| SHA256 | eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9 |
| SHA512 | 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\CU9Q6RBT\www.youtube[1].xml
| MD5 | 3b8fd67ab99426719e4824661b8310e6 |
| SHA1 | a975c3e965ef399cee7acb255fcc80c501f490aa |
| SHA256 | 4a8c060da2cab053e1a7a647f8fd4a8cb7463cf35f2d89babca42ef9e4e35bc7 |
| SHA512 | 4e62e460a6b3e71f19c8d05291d45b25d303cf13b83cd86b56745704027ef7790146ab1e9b0ae34291e0b65279fe85f6d9729f818a99164974de9647104b0eed |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z7V06J7Q\xJpMOPnEWHuz0bNgQKjk6xQ_v3g6-JsW9rGH7FPF3AM[1].js
| MD5 | e6d8f2665b6f7e336caad61fc02f2bbf |
| SHA1 | 1f00d7963dff50eab1afb946f1767e18ff39fbac |
| SHA256 | c49a4c38f9c4587bb3d1b36040a8e4eb143fbf783af89b16f6b187ec53c5dc03 |
| SHA512 | b052907077ac100881bde1d7a77f02a15b6bf762e1bf23131d144774e27a8c53c795e55a1b8bcf8e73e950f4cf1435813b35fbaeaeaae01262452abfb90432b8 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NFAY0EOS\embed[2].js
| MD5 | dcda3db9fe4534651fca1debf672bf26 |
| SHA1 | cc55669fca772346c54eed31fd61c08c4c6d7c4d |
| SHA256 | 521516edbb1c5a9222b3702cbe053a4602623780a49f4d8d3c5f2fe9c66ec273 |
| SHA512 | 7b99c1b615484a73f8b5281286138e07b6cf2b1912c8bdc33eca4d8cfdf94307f320b42633f04c6423840cda814ee74128fc01db79b58ff00053d1918a646557 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\CU9Q6RBT\www.youtube[1].xml
| MD5 | 874ad77ee2692924fa060c787d91b644 |
| SHA1 | 2f8f3e8db9d802d30453ac1ace7bc59706190fd8 |
| SHA256 | 6693b2e9ef3183eb60c3acc15ea04ae8440bc2b82b3a1f4d32ff009bdc847bc2 |
| SHA512 | 0a1201a3e2bb315123b7f0b0b664bdea1c79ea8d870754abedc072b289f1bd437bd9fa66615143b87227a673f3de7ff45706a79c3ca17a05e6e4a4e45c807d66 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\CU9Q6RBT\www.youtube[1].xml
| MD5 | b95439411e25eb40c2bd49a9def8d1e0 |
| SHA1 | 21e538782d63d0ff223a5ae9fb34190f207a2823 |
| SHA256 | ea014543ba7c09602afd8a6c5f37a715bb1ee79082584e130641378c3b30c261 |
| SHA512 | 86c01d829a2ee417af2076b5573c96a3d8a2f37468ad8af1467879fc9abe75b08fc27f4bcfbe16670b9caa14562c120d989779dc8409710f1327eb2c03a39ec4 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\CU9Q6RBT\www.youtube[1].xml
| MD5 | b2998a5d4247c5f6d5986a7df3c0170d |
| SHA1 | 173895bb73b3e6547d95853f7f8f1a9e11eaf363 |
| SHA256 | 436329c53bfb9fddcd8299741ea8f58d5776057c4771cc27347c91335c2d2a06 |
| SHA512 | c92709c21bed6253e59850da5ce50768c5ca97cc951645f44d8b000aafd813d359ce85933f53bb4fab21f8dd18395abe2ebcad421d72263a66a1d133b9e5219c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XWMUP5AI\remote[1].js
| MD5 | c0ecd406f233d3d15cc70444aaf331cf |
| SHA1 | 2bf373bffbc540c9a771f21c0bf0d56b01195324 |
| SHA256 | 6e6ab30aa79c992d62d2f77f5034eff02666298fb6eaf5a083e2a3bd1135ad46 |
| SHA512 | e6cd761c78b686cae4195fb2a2c32451423759059b0c641d51927a101ab6a742658ca915cb0e91abd08f7684dd693852cf3392320cb43fbe6955860ce1bbf2e3 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\CU9Q6RBT\www.youtube[1].xml
| MD5 | b4d71b8f6e9701aabb26e47aa725c14a |
| SHA1 | ae2093ca29f9868c3d52e3ff0f9b62b1f4c779ad |
| SHA256 | 3732ebf1c2e39f2e0d28e53bf521799b193a3f3e46d9a2ad9f4167e2717e613b |
| SHA512 | 4df36fad71f63bbe0269cfb13a00760d31b677c76d796195fe6a5c1351603fe8bf4f7772d0c4723d1a3750c0535e64fda15043df938380128f21396cba67a156 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\CU9Q6RBT\www.youtube[1].xml
| MD5 | 5b15e93df99bd976cdfac2b1870f1195 |
| SHA1 | d2d0bc493538da0eed0fcf1eee22b4f56f6f5f10 |
| SHA256 | b10c8bf64f59989ac2cd46c087f46a42e7019adfacdb600b624e939a7bc30935 |
| SHA512 | 1c7e232a8a073169917f5463107216b9e6ccc5d0449226237d7be467d992c519a24f7035383dcd766bdfdab7f5f2df9c6428056088bc3bb73643663805546d7e |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\CU9Q6RBT\www.youtube[1].xml
| MD5 | baa22a1d23fb85235c3b1bfc11cddffa |
| SHA1 | 56a7d3f504050f40b6d8b51a7b16ab4c33282f68 |
| SHA256 | 60b4e232b5d6f9a8df2837ee67598e8d3f537060a074cb6046c81776ecb25235 |
| SHA512 | 81462a7903a727d48eafd880377388172225cbc423f4d00c70a62b39cd70cd6159a4991a075842d7b09b06eee4945ba4372eb5468d552f78a1960f78f13605d4 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\CU9Q6RBT\www.youtube[1].xml
| MD5 | d1086badbf078c7be3f1dc4993d4a806 |
| SHA1 | abae77d709da9f1341f9e21ded9b36753a244ac8 |
| SHA256 | cb2ee2e471ddc89daedb6a2c1f004df2cc0b11b1813542cdbb66e5759e5b6a55 |
| SHA512 | cdd31ce1fc28bbec3fbfee468944455e5da1c2ba18a810652467e8a24fa231d4a91420e69c820a2dcdce4eda58dfc014c04a9a88ce822baa1b419112aac1d274 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\CU9Q6RBT\www.youtube[1].xml
| MD5 | ab7dbf375f2fd529587432944171c530 |
| SHA1 | 95d670b41ceea9dff6f8efb914a471d8f40f7c7a |
| SHA256 | 28cedd6bf6302cccae220d295df9375ea725c419446de24ea709f50a8e1851bc |
| SHA512 | 4005a4a5385a178606164ba3949903d00afd77dd85345bed3659284b574caa55bfbba67c99beaca1fbbd5f10069506e508d7eeaa68799dce5ab3af91856ee9a8 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\CU9Q6RBT\www.youtube[1].xml
| MD5 | ec2274e96d5d7bd341e0979ef69709c2 |
| SHA1 | 0793e5432dedbec43c4ef6d5b478a23fc8ce13d0 |
| SHA256 | e8fd44af30433c808ee998492f26a048b3c32d5d518d36c89b0410b092dde977 |
| SHA512 | eae22a18b8b8a2d11ebd209e3ddaec5fe31d8f9c648513648f06669a8c6c43007665d26b99a4bd85669df6558040c38768a92bba74c2b83640a0384776842112 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\CU9Q6RBT\www.youtube[1].xml
| MD5 | d3878d7d2222c837abc4174e82ce0964 |
| SHA1 | 8af05672c854e464c12f690aaca326fb1074bf2e |
| SHA256 | 60eb5cfa0ba0b445686d678acc897eef7e5e44c3e8f9c4e7de7d2c90048ef9e9 |
| SHA512 | 3e21417122cdf9093cac27b1601028c25d0c459ff9413c3cb993a717aaeea59998b2a5b3f01d43e05283495a491ffa51a25bb3a9e5d22bada2e6072255b6a875 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\CU9Q6RBT\www.youtube[1].xml
| MD5 | a2e3e867d3098b72be222e71017255ad |
| SHA1 | f6dd2fb56f7b02402a781a12c3b6267720160fa5 |
| SHA256 | c8a1f159888fa6cadf7b13dae81e8306991493f3849cff337db0504f5e1ca189 |
| SHA512 | 01b7520e87f3c06bb60517a946824dbec778c924828d96a09956b152ba580d4182f240ac86aa17cccec12577f5bd1816170137cb65f89c22e46a2966eef71239 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\CU9Q6RBT\www.youtube[1].xml
| MD5 | c7df47716428f8589bbd1a4ca938398d |
| SHA1 | e5968cbfe3da42470a8def9b10d72cb4d66ead94 |
| SHA256 | 70097e2acd57fb97336e06cfe8d2f23757ee44f405643c08a54b7937fab7cde7 |
| SHA512 | d26b671bdc6c437b16177eb2bec8ea5b6515d7a50494e49f8ff16ccceb658847885463491f9fa5721a5abc409fed900db13f90dc1aac86093eac35efd4232998 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\CU9Q6RBT\www.youtube[1].xml
| MD5 | a06dc80c3a5068df148a9c284e30d9dd |
| SHA1 | f58c9920c993a77352f1142abccc09c475fc4fb3 |
| SHA256 | 0a1054c28c9eb57e38833d094eccb90454088381df9f0ae6106648d748a5e763 |
| SHA512 | 144c9c665647bb19310de4b15637cc4cea9165829f8c30e049f2787d948d0ff955ed03c3ff30f8426d8466ee8d1bdd5f62de40d517231d6b95359d5eae6cc30b |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\CU9Q6RBT\www.youtube[1].xml
| MD5 | 07d9ac9a46698ed6a1dcd807ecc85d25 |
| SHA1 | dd9b183e357337f1c84ed3e1d41faec84e6c08fa |
| SHA256 | 7851294219efb2068a82b30974bacd84522549ae7c92a320c429673be29f1437 |
| SHA512 | c35c611f3d844c2ea7724b1ae58db4ef6be6b22b58e492deae7d2877ea03b08661a76223010be4ebadab7a90c03a0426973ae9c21bba946752aee363c4a7152d |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\CU9Q6RBT\www.youtube[1].xml
| MD5 | e75eb0385ff83be282f6b4478b7156a1 |
| SHA1 | c6fe520e2550228c68b4185befec5b3211fb2272 |
| SHA256 | fd7a375e9c05a06a2bd9b2e85bf03647148d72f92e5e28c3b9fcbf5aba26340b |
| SHA512 | 7a7fe08f2a223cf9d8001fe90f430aa94a6ac2a324893e8356ac070d9048e368a38d3ff3d8425f75741cebdc8a22c3af19b9647a7fa8cd4958739f4a04353539 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d3d87baae09947b9b68770346768be0c |
| SHA1 | c6037f6ecf1f55d845045868e179eb05a5b7ca6e |
| SHA256 | ce6ad9b8cb8911d862461f44210d0cdd5d34e9bda35c03769974026dc5c147f2 |
| SHA512 | 1d1bea36fdaf8beb37d3463efc2cd5943e20324a715f803dfd7b5194f6ba8568cb439c3ca8f3ee1066040eaa06feda294550e12d9a472ae626b1452eb3c3bdc8 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\CU9Q6RBT\www.youtube[1].xml
| MD5 | 2a115c14b2a192eff0c462b64f7914e5 |
| SHA1 | 74d5408f0306984a1d125990042bd416d7cc94a2 |
| SHA256 | e8c3d739e4e2ddecdb127c8d663396fc0a50f7acb65510a88c80db68b5e1d715 |
| SHA512 | 99996a399975fa14d77e3dc6c95624555194337a6a59c2f40120fe61c1e945e52cbcd183e56612ff7b8665f3dd70a5d35d1f5bee831550de749906a66e947ad6 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\CU9Q6RBT\www.youtube[1].xml
| MD5 | 1e09647ee3572ce690db6573adc85160 |
| SHA1 | f04067a7e96f3a1c00cf3be1625e0a546618e834 |
| SHA256 | cb18be9b2808c39468fda3a8219dc313f809ca7b73c85f76aeca3cbf10727897 |
| SHA512 | af3cb3368345b460904bf6d7c9c47df4dbcda8a11b04db0929227284c798438e0c2a25cf666f8464fab03c422f38261e06528499a7bbdb33ce03ee5d0a20bef7 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\CU9Q6RBT\www.youtube[1].xml
| MD5 | ef4e13722e93a72fc77d88cdc2a50678 |
| SHA1 | b3be9ced380fd9625c5a43bf84f8e8b88f14cd8b |
| SHA256 | 1cf0b991d55e319132fc10a3e83eb8ea48733dedfcee210dafaab982b5c7693e |
| SHA512 | a3c02fb52fd80eb55e907a214cb2a6b2ec0ad7552bdd2bff5a42a07ad58da7cc788692a5cb3de7108694f88369f6deed39d76fcc1e4a414fd81b6d0e39035ad1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3c0c47ecf16591742aa37ff69fb4c1fc |
| SHA1 | 4eb13569fe933356d24e64c34d0b187a723c6353 |
| SHA256 | 9968ae8c116956b3bda1689a3fea2d4f227697d4e5e0848983401163d7505bfc |
| SHA512 | 3ff0cc202351e03e42aebbed87afee43e1d9be80faae4d56b7559c18d36c3d679c48e00654c506bda370946b2066afcf621c52f479fb0aec56865a4501bdd2b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c1fad07ec0a51879382647c7996ac331 |
| SHA1 | 5c5207f6f0f0a6a2aa1cd587894f02a61392c259 |
| SHA256 | 53ca18d613a93293555f0b411dae78d6f988a91c5881616125cfe4769a942da3 |
| SHA512 | 9f01f8492e797f6b0aaf1d3c281ec64926d8ecfaec3afe39ee3c9c14d2eedb3fbcb5b12966a2eaa16bfa33c5a14448223352b7f8ec45f5ac850f5c9216d61a29 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b1e23b10b8dfb9b644b6e204a1b42685 |
| SHA1 | 109f363ee5ca4fbb5dacf07f9a964588fdf5dea6 |
| SHA256 | 95f2aa6cb9a077107a237c9e4f6ecbe0b04fe22f89ab9791b31177fb11024086 |
| SHA512 | 5abd5843981cdad40cfcaa339f3580058af86363a64380c5843eca7f4e17752abdf45f5e5e8020a8844441f35d21dcd3f28dac91241b8e6a903dc36ea00adda9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05a1222f69d7e8676b85bf7de7dc489d |
| SHA1 | 2e6559ed9e209160c8a23c5673f290f18335c5ad |
| SHA256 | 24d8b54b8973697aa0dedcfbfc1a38d7fab77d5ec2ebaf0ab936d171509cf9ab |
| SHA512 | 75fd947dc737c2fea77fc10fe6599d9ae444e363b3619beeb21fd1892bbe6df96aa0b5712aa8df4140f064b4f4cd83acbb3869569399971bd103b80627b074e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 50d45af3feb6443464efd1ee4182e485 |
| SHA1 | 5553f74e4aab52f464c9a6332f58dc2f181d9018 |
| SHA256 | 0aaeae463bcd96186b6c4307f009ad305e300a6c7369283c4f60481b1a6fe0e1 |
| SHA512 | 4c2f2a974416b512094e49342e29db34b2c77802be7d9c6109d2e9afd57e9a6aa755a4d9482a69527250e9bb65baf3fb76ad7c21be8e62408d498a37d8e29e9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 45de2b503c1d0d57120cad72699800f6 |
| SHA1 | ae5462bd0c068be2a21cbda49c1dea7b1a884c78 |
| SHA256 | e877218bb33347487edbee39d3c588207ce1e69894de95b30adfcb071f99b7bb |
| SHA512 | 9bb840ee28ecbf6b1b13529d7f0b6143810db615e53ba9d7f37876d56b5723100f42b2fd24c9289add8d15d8e126a37c3e3ebe006011386b18278ffc879ad458 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a2b16394495c48c2f197bd17119b8c4 |
| SHA1 | acbfae4383899968b33cc06cbd15106dbaa9f931 |
| SHA256 | 0a1edafee645b6a8f516510ef53c3e719031f0cb8587b6eef43fb8ebb53f1d41 |
| SHA512 | d9d380c2c890791cd09a95e1305188dd5e529e6b6cc0ae5b4fb7a5eecdbc254159e2e420092ef498b0b157b2242cbc2c4874d12aac40af6b7a7c9c23e1ea9d9f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d758a2adf15c209135ce07021e3ed4d |
| SHA1 | 7296c7b8217813fc2023c0d95e035576a7d0eef1 |
| SHA256 | e2a743317c82ae64c6ff046d2a1096c36d06c58d8b9876ada4513f75aba8179c |
| SHA512 | d6cef00d7d1964a427e421e78cc7b1cb983b059e8bd3d42ad23878662c86e4d0643c2df90f19bd9a6b815458b0b39debe0709c2a98c8d7b574617b00a5c9a919 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cdf3843e1932b9f42221b22dc95ef8f6 |
| SHA1 | 4d2591e60a365efd2408e4644ea102f5a4aead12 |
| SHA256 | 1f739948dee35d0d0d8805a6649cee9be8482d631fa28b6a8ed2d786323fdeca |
| SHA512 | c748097d1f8b1bd54cdcdb1423f18687dab3a0b40a75878e8502ecde55f7ef873db8f19da8141d986c2a4073ab109c29733ac3a00bafd866321c79dd275f280f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | fb2d0987db60374aa0cee36a93cc2397 |
| SHA1 | 6ad051ba3543674f85eed014c93e1971adf7f2dc |
| SHA256 | 59a9f95f5b4fd8bfda52953bb07d77328c6ffc620c5b1d56c0f78add0c5039d6 |
| SHA512 | d76340d76bc1af036d129cd89a95be6c97e9ca46fe883ad48717e23947fbb43887d14d6db4b8eea059a1168b56cac97dce82b006b4fceee4119e88efcb7148cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ddcfba9ba744ddb5db50f243f3b91645 |
| SHA1 | 09f470f81f14591291c855c12a7df800ac7254c6 |
| SHA256 | 72c6f3ae18aa24104a6fa68d600397cf6e47825e5fb9a72e6b8889be0d4aa4a9 |
| SHA512 | 41825db32dcf1603d4bb68bb7165f4aa724445bfc6ae596bbabc3d310946589ef00f3d7862557301a8cc2d3831883d8725a64235f9e7f711a177169247536821 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 053980dc92887bb8ab526488290379b8 |
| SHA1 | bd2070bf31f4d4703d6c2724ed6da35be5bd70bc |
| SHA256 | 1b3a7b158c54558215db7881ffef2c0c7064d2a0a25d857f51434fe7ebd2d151 |
| SHA512 | 34c4702f0380d4dae67acb25efbdc968131f5a467d06a1ace2aed37eb167faea5fcff6d4dc0d1dd22afd32995c02bb88229b04a0970ccfdb8cd8205dcc676543 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb58236f3476085e020c82fceb5fae67 |
| SHA1 | 1a1d6c126c9672fb2d78cdaa300eacdcd72e4317 |
| SHA256 | 3ef3525b0bb241a42217ada6d1619518bf4b7318d13494d4d8beb79f3463acd0 |
| SHA512 | b1c3de8161b66b8fe41198232577b57e28f54e95af848f892587d6bcd9b1b74de354a8693bb6362ec018a292a3282b8551530e18b4ea10e7262aff3f3cbbf46f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7bcad1b8a2d190ee26d263f8932b88f4 |
| SHA1 | dd22ec21e785c6083519e80b096eb6507baa41eb |
| SHA256 | 51514526ff42aa0d0c8f47de06d287da978741bfa3e06e4c949871fa768304ec |
| SHA512 | b28aad720816fcdf5c815b80d2bd493167be432b88f1e54aa438942ce11d2234d2e85ef19283ff889316a6ae2c80be0b3c789961bb55d59384222e447426279a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f8849039d66a46dc1b728290d7108c3 |
| SHA1 | ab4020f402edeb6bf74f61b624a528916b28804e |
| SHA256 | 6eefe64fd45feae6154a8df2c10ed6ce959bfba61dbd7ebcb43fc8dfa34a3292 |
| SHA512 | 8e1b0f562be28890fb3a783c969e9c0207a23ae3702302aecf3a12ffad8cb14df9ed51f4a6f94b034f2266bbad27501f7b9e5fc5c2a8de1078c720f4876276ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e2e677c6187bd7e52b2574c83d2f9b8e |
| SHA1 | 851047c826fccc1f767e864a29640f69c02ecfeb |
| SHA256 | e965ef7f27b83b91b11f6fea5404700fa0b51307abf63141c2081cf31973085e |
| SHA512 | 37a82784730e85e4e8baf38f5c28abf5a7e51b8841d76c18fef844bca10f0c0316c55c02a1e5c258bc9a4cfaaffa1dcc62689c25c6c76e12a0816ff49e0ef916 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f98392515434daa815d739aae88d4386 |
| SHA1 | 1fad0e953cd9d05ba5952de0141ad6037d24092e |
| SHA256 | ca31778d0922f5674f2292a01db26238ad7acdd587b64d3e04f38b679ed727d5 |
| SHA512 | ebbc4a2dc53adf45f2155f10e9a0764f8e378e7ef298284e7e501850aa6cfab3ea558e9f140f52729a4e0a0d28ddd15a29b2b417ad2d84ced12ad654f257c625 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b4d4dd06b162741e89003a277195c86b |
| SHA1 | b76bf0121eb2c2ae1f658342d86e4ea2b85fd0be |
| SHA256 | d78d91c3f1ba71c81973be6d952a51d5dfc3a4bb57161067976dd950b04752f9 |
| SHA512 | bd85bd445871e20672fcaf4987aee1db488ab59d277f5b689aba6aadf590a8b48b35de38496c113bf0cf6891d1c281ab6888dbe18f741fcc75e8721cbac03cfd |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-25 09:51
Reported
2024-08-25 09:53
Platform
win10v2004-20240802-en
Max time kernel
145s
Max time network
153s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c07a405a288f26a242d95a708bda2fc5_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff515b46f8,0x7fff515b4708,0x7fff515b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,18240397287272407925,8382788659709566317,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,18240397287272407925,8382788659709566317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,18240397287272407925,8382788659709566317,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,18240397287272407925,8382788659709566317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,18240397287272407925,8382788659709566317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,18240397287272407925,8382788659709566317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,18240397287272407925,8382788659709566317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,18240397287272407925,8382788659709566317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,18240397287272407925,8382788659709566317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,18240397287272407925,8382788659709566317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6116 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,18240397287272407925,8382788659709566317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6116 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,18240397287272407925,8382788659709566317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,18240397287272407925,8382788659709566317,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,18240397287272407925,8382788659709566317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,18240397287272407925,8382788659709566317,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,18240397287272407925,8382788659709566317,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4908 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.konthaiusa.com | udp |
| FR | 142.250.75.234:80 | fonts.googleapis.com | tcp |
| FR | 142.250.75.234:80 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| FR | 142.250.75.238:80 | www.youtube.com | tcp |
| DE | 157.240.27.35:80 | www.facebook.com | tcp |
| FR | 142.250.75.238:80 | www.youtube.com | tcp |
| FR | 142.250.75.238:80 | www.youtube.com | tcp |
| FR | 142.250.75.238:80 | www.youtube.com | tcp |
| FR | 142.250.75.238:80 | www.youtube.com | tcp |
| DE | 157.240.27.35:443 | www.facebook.com | tcp |
| FR | 142.250.75.238:443 | www.youtube.com | tcp |
| FR | 142.250.75.238:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | 238.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.27.240.157.in-addr.arpa | udp |
| FR | 142.250.75.238:443 | www.youtube.com | tcp |
| FR | 142.250.75.238:443 | www.youtube.com | tcp |
| FR | 172.217.20.174:80 | www.google-analytics.com | tcp |
| FR | 142.250.75.238:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 174.20.217.172.in-addr.arpa | udp |
| FR | 142.250.179.86:443 | i.ytimg.com | tcp |
| DE | 157.240.27.27:443 | static.xx.fbcdn.net | tcp |
| DE | 157.240.27.27:443 | static.xx.fbcdn.net | tcp |
| DE | 157.240.27.27:443 | static.xx.fbcdn.net | tcp |
| DE | 157.240.27.27:443 | static.xx.fbcdn.net | tcp |
| DE | 157.240.27.27:443 | static.xx.fbcdn.net | tcp |
| DE | 157.240.27.27:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | 86.179.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| FR | 172.217.20.162:443 | googleads.g.doubleclick.net | tcp |
| FR | 172.217.20.162:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| FR | 216.58.214.166:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 216.58.214.170:443 | jnn-pa.googleapis.com | tcp |
| FR | 216.58.214.170:443 | jnn-pa.googleapis.com | tcp |
| FR | 216.58.214.170:443 | jnn-pa.googleapis.com | tcp |
| FR | 216.58.214.170:443 | jnn-pa.googleapis.com | tcp |
| FR | 216.58.214.170:443 | jnn-pa.googleapis.com | tcp |
| FR | 216.58.214.166:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 162.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.214.58.216.in-addr.arpa | udp |
| FR | 172.217.20.162:443 | googleads.g.doubleclick.net | udp |
| FR | 216.58.214.170:443 | jnn-pa.googleapis.com | udp |
| FR | 142.250.179.68:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 68.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| FR | 142.250.179.97:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | 27.27.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.konthaiusa.com | udp |
| US | 8.8.8.8:53 | 131.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| FR | 172.217.20.162:443 | googleads.g.doubleclick.net | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 847d47008dbea51cb1732d54861ba9c9 |
| SHA1 | f2099242027dccb88d6f05760b57f7c89d926c0d |
| SHA256 | 10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1 |
| SHA512 | bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f |
\??\pipe\LOCAL\crashpad_1632_CDANTSJAKZMJMFCS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f9664c896e19205022c094d725f820b6 |
| SHA1 | f8f1baf648df755ba64b412d512446baf88c0184 |
| SHA256 | 7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e |
| SHA512 | 3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d0ce86272a48f1182921d31f3a95d1b2 |
| SHA1 | ad97e14e9d3f740e3741a294849cc7d8bd981449 |
| SHA256 | f4ea5ceba55b2e0156e04924129e1c15b8c4aa924a373d4f38978af6a49313e5 |
| SHA512 | 9b9f1887ab354d5e5eb40a1cb86b4ca20c7a88c8e088b20c8148a015361e34dac30a8bac4daea637aea2a3e6aca7533f2f21fb415e6dd18747ce0ac91cf77f11 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ac7bcc5e36cf7d81993ddb19c63f57f3 |
| SHA1 | 38d2b1a9ecaa3b82fb7accb38646727aad2a6dc5 |
| SHA256 | 7cf41b2aa07eaa7b2b3b880c6307c479b56aea1fcae27252c92166f23916aba8 |
| SHA512 | 287c30ef35e8a022078a46e63d9e4d76ad8c1f80cf6bc00c27123e92456002ca5c7254e0e42aa3c201dfa9ec3406fa70957ae7802ed0150fc22bd07ce66bcd8c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bf26d65ac6869ca3c8a8a52a3610d8ab |
| SHA1 | 4a3706876215cdcbed205ac548ad9834b8a3bc1c |
| SHA256 | b141871575e18175b8dfa021b3f8b5fc06c1e5fcf4b98356b4d45c52f46982db |
| SHA512 | c399d82b74d6acf9901b782d3eeba189b48cee742b675c9408c01810c2a79d88706b77380b03f17001e384df49a84ba39686c0485ad74c0f88c955ed84248990 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cc26ce05e384a1d79d5ffe1244590405 |
| SHA1 | 2a428c71174b4d0829d39061823d286e68de152c |
| SHA256 | abcac9479573a39c686599250cebe1af2337d8a542fbb1e3e0d04640e4ceb38f |
| SHA512 | 24be50aa1b4d95189cb33cafd4ac057186372c45b4248f5eda8a4aaecb07d56dac4a8c3a3f3da16257445e84b8cc73ccb88cfcc38f9711e3b06c5df865be6dd5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 3f5f1267a45a7712a206e3bbdc2adb2a |
| SHA1 | 270872afb84f5cd7eedd750525f2fc48b6b7b625 |
| SHA256 | 6f5129dab05c60541a354f6600bc6a3f75709838abc1eabe9b5cffa95ca52044 |
| SHA512 | 1800cfe797344794b11fd11effccc0cc9f12f22bc25801fc0c9d29e21fba6cb69a6308c23db36d8d6bdeef0566accbde584867607f8abf1f1dfe21bd7be8d8f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | bd2ed0be39da0ee4f25c355356308f9e |
| SHA1 | ea789de1b409fd0354843984e022d77eff7912e1 |
| SHA256 | c97902feeeffca2db1a06b0e754a08519551a26c071532be34418bdf407b767f |
| SHA512 | cb90413659cdf7f0238bc157521254367ce0e7b801201abf7b86b5d6184d8270cfcb2278c87194ffdd1fbbe2d89706dcbdbe484ba98b7f49f617b61af523f29d |