Malware Analysis Report

2024-10-23 17:24

Sample ID 240510-fcdclsfa38
Target 2d671f5092a158d947dd4d9443b1ca4d_JaffaCakes118
SHA256 e21bb8bf272fe86acaff7526a1ec23a60efd8ecd84937250b16c52f8a25b6539
Tags
socgholish downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e21bb8bf272fe86acaff7526a1ec23a60efd8ecd84937250b16c52f8a25b6539

Threat Level: Known bad

The file 2d671f5092a158d947dd4d9443b1ca4d_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish downloader

SocGholish

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-10 04:43

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-10 04:43

Reported

2024-05-10 04:45

Platform

win7-20240508-en

Max time kernel

129s

Max time network

142s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2d671f5092a158d947dd4d9443b1ca4d_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "17147" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "17153" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "7308" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "7527" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "11020" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "7527" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 801894ab94a2da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "17055" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "17147" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "11020" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "7609" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "7615" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421478065" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "15720" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "15720" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "16943" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "17055" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "17153" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000712553e1405abf65a0a2caf8e92429cee9f82d2c65098ef6e7bd1d7f74e8a0ee000000000e80000000020000200000004df3bec5407ed5a6203f144002cb6ec03b00938c461904d07701f5fd6e33951b2000000019dd3d1737101c5f4323aa4fb5b64513c12eec22bb030a00c95c2d143438362040000000394286ef20409e7dec6545073f55f28d76c344da311d1e8cadb61c12d3b62f3302c2c7434b2ff35602ed67a13087cfc7064cef24269d52a4abf32b334ad3e843 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "200" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "17147" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "24265" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "16937" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8684" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "11020" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "200" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "7302" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "7609" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2d671f5092a158d947dd4d9443b1ca4d_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3008 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 172.217.169.10:443 ajax.googleapis.com tcp
GB 142.250.200.9:443 resources.blogblog.com tcp
GB 142.250.200.9:443 resources.blogblog.com tcp
GB 142.250.200.9:443 resources.blogblog.com tcp
GB 142.250.200.9:443 resources.blogblog.com tcp
GB 216.58.201.110:443 apis.google.com tcp
GB 172.217.169.10:443 ajax.googleapis.com tcp
GB 216.58.201.110:80 apis.google.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 216.58.201.110:80 apis.google.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.200.9:443 resources.blogblog.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.200.9:443 resources.blogblog.com tcp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 www.linkwithin.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 142.250.200.9:80 img2.blogblog.com tcp
GB 142.250.200.9:80 img2.blogblog.com tcp
US 216.239.32.178:80 www.google-analytics.com tcp
US 216.239.32.178:80 www.google-analytics.com tcp
US 8.8.8.8:53 www.testautomovil.com udp
NL 160.153.131.189:80 www.testautomovil.com tcp
NL 160.153.131.189:80 www.testautomovil.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
NL 160.153.131.189:443 www.testautomovil.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.195:80 fonts.gstatic.com tcp
GB 216.58.212.195:80 fonts.gstatic.com tcp
US 8.8.8.8:53 accounts.google.com udp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.212.194:443 googleads.g.doubleclick.net tcp
GB 216.58.212.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.180.6:443 static.doubleclick.net tcp
GB 142.250.180.6:443 static.doubleclick.net tcp
GB 216.58.212.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.178.10:443 jnn-pa.googleapis.com tcp
GB 142.250.178.10:443 jnn-pa.googleapis.com tcp
GB 142.250.178.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 216.58.212.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.178.1:443 yt3.ggpht.com tcp
GB 142.250.178.1:443 yt3.ggpht.com tcp
GB 142.250.178.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 fe0.google.com udp
GB 142.250.178.10:443 jnn-pa.googleapis.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 216.58.212.194:443 googleads.g.doubleclick.net tcp
GB 216.58.212.194:443 googleads.g.doubleclick.net tcp
GB 216.58.212.194:443 googleads.g.doubleclick.net tcp
GB 216.58.212.194:443 googleads.g.doubleclick.net tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 a63693b45c3bccf339a0e5833532dfad
SHA1 2f2a3d5aa0d440d96f086dc04f0150e2b873146c
SHA256 044bb8c7a340d16b4f5d65a7babbadfce30042a96f4bca5fe8545adff90f90bb
SHA512 e711e395804e79dae9c5006b3d8a229d96d95b4957855afdc05899775b74ae93ed2ee318f05f15f369206abb77dec50f4f64d9600b6f3338bf3a4e2edfb9e9f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 b6e71adf7324685d8f60c97bdb99f892
SHA1 ac45dd58c3dfb5d68ffdbc27817f1e5ad5720830
SHA256 40a181e9a8b85b862afc89a604eb290be3b5cd68937feb9ccfc467d3589e8e5c
SHA512 f864a712e300632059c0678ff5f54412fc7f7a1db02e469bcdc77be452886b55cd3d08ff51076278d1a21b091b2fc459e30c53b0d8e8855dbfefa59f0ee4cea9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 8f1fb6a8eefe6f9f14768c0cd5c3fd33
SHA1 86d13c1f151e335255b69b0369c13a5aa86f9a1f
SHA256 7593f3b838cf051ba53e2810bccfca4ccadd1f548c7808b4e7f356b35431eb3f
SHA512 431e37262f6de23eb4ea3752aec67a3c6a6938760147930a9a9a4f757e9d6511d6604fc1f6699c16f959ef6ec42e6901821eec9f1e53a1a29689d50d370dd585

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_F82FCC341F124F6AC9D153F6ECE89FFA

MD5 172831834ea62b24f27ae09586544041
SHA1 1bb2f6eb9c319fe96051c9a7db6cc4b882912471
SHA256 c88fedc9c4ce58c474cbda40048f9c60ea139d81438401ca3f9f38de59e57319
SHA512 ab2e156cf49e575074aabec3dc76df497408755944acb34ea9a67f85eb75bfd1fc4eb898b445cab38d6cfb799288668ca6ca9338422de9d774264dffcda4de44

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G17BROQF\plusone[1].js

MD5 fb86282646c76d835cd2e6c49b8625f7
SHA1 d1b33142b0ce10c3e883e4799dcb0a2f9ddaa3d0
SHA256 638374c6c6251af66fe3f5018eb3ff62b47df830a0137afb51e36ac3279d8109
SHA512 07dff3229f08df2d213f24f62a4610f2736b3d1092599b8fc27602330aafbb5bd1cd9039ffee7f76958f4b75796bb75dd7cd483eaa278c9902e712c256a9b7b9

C:\Users\Admin\AppData\Local\Temp\Cab25CB.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_6E4381F77BE6F6EB436B295D285593C5

MD5 c6a161a470d1b80122ab0ccf7a940b84
SHA1 c5c70925fb262d63942862c99e7c7fe378d8147e
SHA256 9f807eb0df99d55d93ae7cd0f54f32bb82b6ade33552348f42c7396372223f37
SHA512 6e7a14c35f5de92fca52992fa84626641bb7abcb42e381bc9121f31bf558d2f52ea17fa9f5b7d38eeda107a42977b0e9c5f88ea74258abb97a25a47ad254d59b

C:\Users\Admin\AppData\Local\Temp\Tar263B.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTL9DZJ3\www-embed-player[1].js

MD5 aafc3991a4c65c32f11e3e55af0c0acb
SHA1 c77a8d5a8933d5f4189581f6b9671ff6ec91a2b4
SHA256 cf3a4809b702abf801ac1d61beea76a0307884338c26c1f970e3cb6bfc0870c6
SHA512 c81b05da256b4ee16d58c6a19100200d0fdc908d05d62536d1229d7f2c639faa0afa922d034f5e12ce9164160b0358df60278b937233681602cd48cda6aaf7d6

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNCIS1YI\www-player[1].css

MD5 69c6c2a25cfac2a8ab7182b8a91325da
SHA1 76d6c2b5a85fd1cedf7ab5022084cc982ef6f11c
SHA256 e4ea3085c10ebdcee3f4b16dd370f467847e40aba7fcae77d60eed0024155864
SHA512 b96edfe3029c7fe69d7cc2520c07a5f229b0915aa286ad5d263f13e80c67fcb8a72220c6b9b1cb9b7a885fd8512ad8a5a3a08cf54a5956a1b4debec02c8374c3

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8SD872Q\KFOmCnqEu92Fr1Mu4mxM[1].woff

MD5 bafb105baeb22d965c70fe52ba6b49d9
SHA1 934014cc9bbe5883542be756b3146c05844b254f
SHA256 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed
SHA512 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8SD872Q\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

MD5 de8b7431b74642e830af4d4f4b513ec9
SHA1 f549f1fe8a0b86ef3fbdcb8d508440aff84c385c
SHA256 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a
SHA512 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTL9DZJ3\base[1].js

MD5 ed2c629dc5e405799ef93b97876abc45
SHA1 0a2588c1368fe48fb433cad8acc58b1214a77495
SHA256 1a552e8ddfd36edc537188b01daf4f0388bb040af577451a8d0f3fe11d538e47
SHA512 990b7bb30ce84a94f364e4eaf4bded1ce041ceb3906bc253856dfa2b585e40a92e3fd658d87588b63afe35abf0111fbb616d02f28b2002ddd80e8e0e4c64b795

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HANA9AM3\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNCIS1YI\ad_status[1].js

MD5 1fa71744db23d0f8df9cce6719defcb7
SHA1 e4be9b7136697942a036f97cf26ebaf703ad2067
SHA256 eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
SHA512 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HANA9AM3\www.youtube[1].xml

MD5 e1c82a7b49a6cf245d2f98070117564a
SHA1 ee8854e1a5fe348786ca49eaec10875dacccc9e6
SHA256 1481261254fd97ca07fe090597b4cc8c1f3a236e24519867b41fe8e3f0ba9ca7
SHA512 b6ec475a10fa4e5f083bb419e95a1f2c69f69a4b6377abba7a526c7d1cf6ca95d0ebeb49a9ddd34327328e438e560efadce0037bad35268013c0bcc42661ce78

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HANA9AM3\www.youtube[1].xml

MD5 4942d7d22df57f2db94d626b7c1e2174
SHA1 eaf38948918d317c883734750b20f36d948f2400
SHA256 b73bc59282d4eef93861986def69ed07b4704fda53f96c053e12fca6f8946d52
SHA512 1be17ff8ec369dd478304077072f48b068fe2c8f7c97d263477d2a6b8324b27580e79a0068e16f1d9643e805a7b59e18bb034c0820234aa3678d107a02fa7e0b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HANA9AM3\www.youtube[1].xml

MD5 1807610c613734308927ad3cf8956049
SHA1 2f9816428b39d95f187d9043134d4af72f97a419
SHA256 627b6b15ff4680ab0fac687ce753e0cbd0f4e5962407d5e3b3ba1e000673dab5
SHA512 59c40d413bb4de25d6f0a799b3507611ee72a47596e65e75d8f4b3318119601bf543af45960ba139d2bec08e005642c66d287389c25e744ae5d258c92de1a406

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTL9DZJ3\embed[1].js

MD5 a10bbcb280cd85678f7fa91f5987a1b4
SHA1 d03518f518678e57318f383add3c26eb4c891d96
SHA256 dcd6057e903309b4cd9d73dbeb9ebb179dd625facd8d04c5578bec9e44f54e0e
SHA512 6ea2764ec8b7b63c48890f15de50c936406a60bd4805abe6a90e4522eaa4aa88f3543c9f2aea7472d80608ddaf4e1444e37618533982bfaf5d168b3ea8fbaac5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTL9DZJ3\yV2iCa5PT2B2oWfP6PUIKpFTSawA576CFnzCrmIVLE8[1].js

MD5 69bd7159b63674b070f11164c138e611
SHA1 78b6716bc5ec12b4a7c7bd3871cff4efb0281b89
SHA256 c95da209ae4f4f6076a167cfe8f5082a915349ac00e7be82167cc2ae62152c4f
SHA512 65c9fa90b27df4dc8ab949e48f04bf45b53a2d1d89cb56fead3f95c9abd210b5aa88aa1de718de555445bb0570fcf9aadd06e2d226a31ef10675a73df93c48d1

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HANA9AM3\www.youtube[1].xml

MD5 c53c393b7b6469b4d5366661270376da
SHA1 ea77e7fd39b9b62afa66babbfd5309f80feb2561
SHA256 d11374a66fc3cda1375d2bcd3a9f9fa225cb42a24366fb183ded0f180a0634b9
SHA512 266eea9ed765e1ae2b95d9b0cacb1fa8eb311c49ce598d5ad4e3daa463475664ce617e019c7ca90cb24f425c2e68fa29d6e19a023bcd8798d573983542b0106a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G17BROQF\remote[1].js

MD5 5d9fee2f792a3411c469f5c831f69c29
SHA1 4ef01de4bdd9fbaf204c53a5d03f1b3d042d4716
SHA256 8f3915b4b2a22688c994c9428621f46b2f3051a315708e138f33ac3b1131b61b
SHA512 b21d015add55ad00a83cebdbf9ae2c60f74cfba4e1824d248238dfde3f0a164cb410db35e08d27eec48361e9a2013b771182266f1f4df6c6265b23fe153677b4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G17BROQF\cb=gapi[2].js

MD5 4d1bd282f5a3799d4e2880cf69af9269
SHA1 2ede61be138a7beaa7d6214aa278479dce258adb
SHA256 5e075152b65966c0c6fcd3ee7d9f62550981a7bb4ed47611f4286c16e0d79693
SHA512 615556b06959aae4229b228cd023f15526256311b5e06dc3c1b122dcbe1ff2f01863e09f5b86f600bcee885f180b5148e7813fde76d877b3e4a114a73169c349

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HANA9AM3\www.youtube[1].xml

MD5 24308813fe4d3e14d9d486cf5560b2d4
SHA1 86d44c5cfdc868362309bbd0149a3a4e3a7096e0
SHA256 742038ccebf35dc94df0ccc4fc521b34859ffce7b9457a8d29ba06cbb1d5bc00
SHA512 193e030b7274afd9710b365858ec8198055e1c21ed6ec9f18880e8a1e9868fa8373b4ff178f04762153af78196710233f3c9e3bf0a23897b6048db12abcc7a6c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HANA9AM3\www.youtube[1].xml

MD5 1b49d2ea57d86ea8f39e20fd76140184
SHA1 056b6eec0c31c26217cb8c6aee5cf299c59d825f
SHA256 4751c9c3e8bca4ca6dad3917d10d9b7d5acecb045382dc4b99eea1095175911d
SHA512 2a9a8b42d14d289d4e7b3e73e3b6f80aa8bbbed3ff7cdb449b3fc11d1489afbcdf5be4d466d9eb0960a479ce045eca7ddad27f620ed6aa13e39bf9686c0c098c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HANA9AM3\www.youtube[1].xml

MD5 fe1d27ca816a1778994ffa44d52937fe
SHA1 9239543593c8dc1bb5f22d530c7a6fc90613124a
SHA256 b40ddd1899e1264eca11f0ad5a79393748a7b0737cee95c600cbf093979924b9
SHA512 9c5b62d671a8ac4968f45549c0b39d1e3d29d665b20a858ab3dc4b1fb1ecddbdca8d9de2febec2c6623716837eb604af416b7e0b725ba30eaf4b708efb6f29d7

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HANA9AM3\www.youtube[1].xml

MD5 6ebe9d92c940cc76dc14803089bf74f7
SHA1 63814bb3b55512ce689eff5664a7bb3f2540ecce
SHA256 3dbac73a1ab09bf8e2ab7c7b6ac799d586769e53b03024827a106930c8f5dd29
SHA512 f0e4d63e21fa65afa03b53fe3765ad50292c92cf8705de8d77aa253b99e29ca28208b9d47f7a57ba5fa73ee71ac1213eb280af8b8a513afa29dadd0cb5e2a862

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HANA9AM3\www.youtube[1].xml

MD5 d3a44fa74fc08414f275332622ef243f
SHA1 0bc87870f5cfa6fc9ea2715d74fb76788870339a
SHA256 e2420d882977659c1a4b20d763bb452875d5e9477bd25dfe9f9e77e702dbada5
SHA512 7e37b27d39534f3a6f56d830c7c7063f0ed2c36a889f6c07b6e490cfb13754aacc303437eb5fb7bc8eabec7a4f3095756bcde53bd56f649166ef3ffd6a47d0bb

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HANA9AM3\www.youtube[1].xml

MD5 082026818fbffd9474f06d5ea473e365
SHA1 d5ea04b94d9033744a61e2f418fac61244cf4865
SHA256 a6736ab57f512e169c999ef34f392f298db9e9f504a309b64d5964443e04c9b3
SHA512 4712e5f8968f1694102a6153560b2a01df88de7dc070078f28ca940493aff038be9ab5731f71e514ddf391b902c23a3b3a895638cbea19b709a7aec0bab00b5b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HANA9AM3\www.youtube[1].xml

MD5 274ba21212e98a46b1c09aca72437e42
SHA1 22059128c33928876da3e96f750e7bb68b266f9b
SHA256 6eec487eba608310a910401d33f96d5b848f87db237aaaee150a33945bbb0f8f
SHA512 5415d6812db0e257a4ac0ce72b52f1784879ff38b6f72c4ae26b956170b88c4e1b924e17d10045388f38ff7e1ca2f88e610dad042c39378de7fc76e52e57807e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HANA9AM3\www.youtube[1].xml

MD5 b5654f724b5429da0600043559ff5c98
SHA1 d6823a518a4c2a84566bdff924b217de91e570e0
SHA256 a2afcb0e8bbc83d62b206e2056adf59567c4f726941af638337d5988abbf55a5
SHA512 551427b364d6535436046bc6a43374c079d2e349dd9dee38c13bf56f7c665c6364a19f8546c461d72012c924c062056a84a14bda81e8c2f0f14948090db50bad

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HANA9AM3\www.youtube[1].xml

MD5 e56447339ac2ae9218b6c308e8073d37
SHA1 c7f22f0cfd7ea9b97e668c64461e9133ce6f487d
SHA256 7d2859e7d00b63a5d7c0da9f2155a57673c1deda536cd0c4658e5e350ff1269b
SHA512 730ca29bcd04cd78d8f59a6719b59b9d7453ecff766bef3eeac130e559371d1abdf0b2c3f4d4e5f6e50449b466dd0a60e0e0301c330c8bda524d10ac63db3af2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HANA9AM3\www.youtube[1].xml

MD5 6ccaf6b74a11085cd164a55ec669d4a9
SHA1 5b921167fdafb08a66205a10022563809e2d2db0
SHA256 fa7497a550767061859b0b87f9204b4d011f1311c5eaec1469436eea8914a94e
SHA512 bd5492295fae95e199cbbf21523f23abf26c49395972659342bab754b3df1a7314a0bbf0d89fb1d6eccdf44e5de85b106b2bd8bcdd6050569d5f11424524069e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HANA9AM3\www.youtube[1].xml

MD5 d22974d89da2185d948f95873a996f89
SHA1 383c9f652bbc2ff95bbc363920c0beaf5516488f
SHA256 4e6cd8868be19d4290d94f1c36eb4722cb42722c0b64a98b46c22757b6d88dc0
SHA512 5a2094861f5cb05757aa93a9870480dd91c214b3844b9252537931ca972ab5412fb0a6323c98ee556905616c514bfbcf2b6646b005b4f5dfe5b4c18eac28c6e7

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HANA9AM3\www.youtube[1].xml

MD5 b067e42e63950b4c1a39d3ac8c0e4292
SHA1 d96c9097478a54e12d3fa595fc2edd44b25eccc3
SHA256 8fbfc912c22d9ee597af96e9f6f44ae6c02d065af16a03bb3c1069350422a163
SHA512 b360c6d769aecc59f0e188ea4ca81a02ae74288f40b7eef46de3ba31279163ddf561bfccd137a8aa85a1fb006d7940cbedb177c2bbef091b1c148441e889cfcf

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HANA9AM3\www.youtube[1].xml

MD5 1679628f1e3f7232bf9739f890814003
SHA1 3459b2efc5c79d50668b7bd68f02479f6d297a34
SHA256 20cb7d93c62be144bf98b7f70dfe318ede796ab7ec65303e0f04cb1fe5604633
SHA512 701178e4fd53ebfa5c2fd1dc885c124d700cb46ac8427a763e47ea0ffc75ddd0acdeb01069efd40b2dddb0d95f723655f27adbc2e892a804162b82551d49e19a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HANA9AM3\www.youtube[1].xml

MD5 8d9b618f321ec24d767d89be2e4b5ad1
SHA1 838f450d55b3d276b4732cdc02d65e30b15ad9b7
SHA256 e4fb0b673782ecbc5aaede7683dd6e311f7d6c9b194eea27523ec6970d54adc6
SHA512 5a2099ac4aeeef6359ff3d67f71f33319623cdd0c86c8e15d9bdfd94c590ddae94bb6dd855aa3926bfa070a0c3413e2e7d273052e55f2c82b0ea8f67d5433366

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HANA9AM3\www.youtube[1].xml

MD5 fad97e65cdf6591e133ce3523f281a7b
SHA1 3a8bf7787030bab0afc4b2d66eec03ae144aa6ae
SHA256 d85b2170c4aa78a4d15fcdb68b5e311f2ba1ee7bfb9f8448c988b709dc193de1
SHA512 71f7775539a8046c21797fe18a8e27f5a773fec6f1e05847c75a40fe0604712d92da9dc79a0886875368a87c93f89e15cb69db558ed3062426bd94a51566f438

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HANA9AM3\www.youtube[1].xml

MD5 1f914a5d4a972e8e0fb4f22f1020f891
SHA1 410053a2e0bbff3b061f6a1dae3b754ca7a9a87b
SHA256 3891d5dd91488ff6b7eaa1559ac2a2b7feb6514b029482c4c96dbbcd3f16f645
SHA512 a4b655b4d3e09e40c83d9dd2bf7f78cb00fac20d5c2ae9b5c5b847a8594a0087835c2db8ccab78c43c285efdfe4ae4fd0e28a2f683c0dd2b2bc5f285610fb728

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HANA9AM3\www.youtube[1].xml

MD5 d9b111894153462e15a124a0fddf01f4
SHA1 486fa1e820120932e929690798dbe2b75b2018d6
SHA256 ebb18af476e795197e52fe7e72afce105b4e4925f75a04e9812b12111ad6a2cb
SHA512 634aad016b095f9338adfbc405b4c4e0808390cef4211e6118185bbfedf53ff6a761490c368406568895254a84b238fdbcd66d2d30cabc8217b260e6608ff450

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HANA9AM3\www.youtube[1].xml

MD5 e4a19011104cb84b816d38e84f98659d
SHA1 25637cda0db33d754e1ba1a80e203addf04a7fd6
SHA256 3ab5e5219759ce2e9b4844245c0dddd22f6a8af6a7815c80a6289482b78362cd
SHA512 7668273a78efea1ab24c44ece9e97ea1ce940b190e42bd9dc2c3ec8c43eebb036a36ee37e456a06936ae86dbbc579b2ba5f1552ed8883179025927c8927bd5e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e06339e7dd32bea78392a04b1eca4618
SHA1 59ddd2451015698c1dd9e4beb042cfef30a88f50
SHA256 cfb7295280cf630d57350ec64418c098ac9b93d6e8f11d410f24fbc022820bb1
SHA512 3e53e425714ad55cfea20ba6519f204f72a30b35f3a7d05f98f0968ca13aa4c5cf960900f7676c2058ac6158897c449249280f59a8f24e0e8f1447b094bfd137

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d9cc4f01d2744445649c68d4b894acdc
SHA1 fd72ee5be8086edb36f53f49379109a94cebe207
SHA256 70a1bde2aed9b160770ec12e1fe5e624e229f079e079e98348e854ecbf2f4bdd
SHA512 f75adfb6f568f3ed4976bdfe379fdc22209bf637879c9acbad6803e72734dd743cd99af49839cb0155d8897fe1164dd59e6a27a130fc5f59094a39c21d784fed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 00f5e61e171db0d10c2612581f165a6b
SHA1 669d4e125b50f8d2f6fb0dc59234b677612c4b16
SHA256 9ece3a26cc0be0567496060923a4573456aaf3937a52ca0635eb9dad30abda34
SHA512 605fda74d86b8b3eac7a97159c473b0131cd9da98d0e7204887f86923d0bd33df5c1be8d19fed15b15728c32a26fc8db264cffac150339f32be7e50ffb0880e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b2a5bad58fbdb6cf64ce990c790db7b1
SHA1 cbc8d70b9c7eebbd4092a4a1768fd0987d1ea8bb
SHA256 a60b687dca2b386d412bec500b75279c6f00e3f288f6eeaacfe2024d88acc4a4
SHA512 384e4633a09abcba764ef9b373d6e5701dea30b099870cd107d1694377f8cf62762a80252eb4582807928c2d2e13235cdcc6764e6aeb2b48ff7eedfcd27e31b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e2d233ab0cf8d9392a8d743ce697cb3d
SHA1 18d536ffcca17b2d49037534b371e8996051bf3b
SHA256 594fd3f05c50a1c3137258f65369d844c3ebc6ef0b3ab94782691b607a3b4f9a
SHA512 be9ed21eca7d1801efe140b14bcedaacdc5ac3f625a64f689d5cbce012aa9888ba6b106c3d9c0db0a7d732b1de7d7a442263cc2def2b7cd6a9fc288630da1b07

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a76dfa280be95ffc43ed5813289a7e6c
SHA1 57f4dd7b4528e7d00951d8ef23c2c4514144d65d
SHA256 ff1a78d040b99f7251a1669b321b23889ba06606c44b7b7fcd8f47feb7f5dd16
SHA512 a5b636dce36ba0c70319cf8a760e86dde22d7c7f925878cc92d39016b3463fa17b9a8acbcc185ad10248cc319baed788cca898624896e6b5864e5a8e5d6779e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 65b88e2f7c0be8f98c4dd7d651c5f9d7
SHA1 c9cb1029ff74ba55e6397bbb2f6507114eb2d87a
SHA256 e71c8ab99ff2aaf0a13003f49b5260ad507900069b1343cf72a622a16d358b78
SHA512 ef984960bb070e7139563c3fa742d49f2c1bd5000ce40f0d485a3dc5353357089dd5d81b5d3545e2cef2b9c4e12b33031a78a2addf3ad4a7667011db5b21dfa4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3cb7cd319c5001f99b3695f475a950fe
SHA1 3c1bbbe1da481bb4f649ae18571fe99c00ba3532
SHA256 436046d5bf72b901dc0c4050e0835b8c89587919c6b174b546bc8eb0e67e4dfe
SHA512 0998c09aea8b7e195f58cf06e00547ea65630d2e08ae03a0a3a2ed06e2dd9ff730bc9669c758827077359dfc544a73f0ac39d8d7518bbdd7ebf206b3a8f065c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe85c4a882968f46679420ee496ad4b3
SHA1 195948a14b9ab2d6741d9402feedac2cf67fef16
SHA256 4fc25658e386d37e766e0f933de0b789daf3f60d2ad28b11dd474cb27d67d53c
SHA512 b60a15f64569dc0da954dad7059c0250ece3cfaf5a2a6d194240be5aff4299731315333c02d71bfc220a404a1c3cc0779b938c24cceca384ab82be89b011ce5f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HANA9AM3\www.youtube[1].xml

MD5 f6258d8883820039afee192673fa351f
SHA1 40ab28b833b08434f149c255aa619083681fccef
SHA256 7d52122c01fbc34230f83e11f184be1638ab87983c8a7166aa93f438dacc2b68
SHA512 3e5feb504faa0076536f445b22b4fa42ba00741a1bc1777315101c48c7a8ecc7e78e350febac48974c13266d32495378bf619f21031e5ee1cea1986138467949

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c25f934b8bfdb1fe078878ea6f07e0b0
SHA1 e05ab2c48f4f614f43c97f10c42bf287a9a1b998
SHA256 14dedb00c7be245263dd591834ede9b4a8ca49f16ca662339f96057424773f82
SHA512 5ca55380a1dc17cff5d9c0d02e164a16a38151727bb1b21847d9654fe3ab0ac61d1499b242dc4b020d12995911ba0d861751097044a63dc30112bd239f8156b6

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HANA9AM3\www.youtube[1].xml

MD5 ab967d22f83020039e59128d5cbcf470
SHA1 9650ccf3127f144bce241b7e3672d20d9a5d9ace
SHA256 a9f664863d4a9797ba262dbb94ebe37338d428d06693a856a5a823ab4172c8cc
SHA512 5ea13c5ad1996ed9a31049c14fe07b343668eb583d624649541418f4238878d5e5c85f756ecec9d13176ed6ba8a057dbc246e16280976eadb8064110eff14324

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HANA9AM3\www.youtube[1].xml

MD5 e0e56ae1670c8e86e1c6c5a34b37ada6
SHA1 5299c78780436cb06082606722d2424cd5700d6b
SHA256 7d414445e2ac5d15a7ab7cf91cd1dd6c150e6c6c0ac0ee4136f4ef39d6eadd3d
SHA512 cf2fcf92ad0feae2f70076dd7fa9b0133683f1cb571539bd7826b55d483e97ed49716003e3f22a4e842e8a63aa8f78b46e076d1fdfd29271229ff456a41d9a72

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d1e5c9a9ceca31f3d7edd083891d34dd
SHA1 ffadd5dd7f3718b5f6d36ca654cf54e2f0aa5639
SHA256 2deec46bf106180e0342458f2c134ef8e7c57332483ddf6a8a8482b96edde248
SHA512 86349c62a46f1c52a2613972f28ee54bcd1e864503d784f81575079d3a5b22a7ad0b59b5fbe37837587cdc09e6131ebeec497e1b0d0605bf81fb58f6de64cf75

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 34d222ec62bad8f7f9e771a49afce3f7
SHA1 3c8c8779ffc05b6c8b694c7746471cc22e7f107a
SHA256 f06b9de5e3fea876c8a8b12c2740e9c9f794eb1915a21968fb2d1a13752ae549
SHA512 8044ea6eb3c4ca8754ec2279d787250236308e066bcea38b4011ea5c1116236be53b79513a9b23e2d3d4834d83aee6ba8b76b56940a4e37b1767206cab981e99

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fff211bfe66b5a023f31dcd0e850d1e3
SHA1 e7526b598937faa3b0c19c55a38ece39b368c6f4
SHA256 511caa2826925c11b7738d4112a174d186083fbbe23f2aaebe62e40418f38138
SHA512 b895c6ab848ef09c7b5bc1b9a54267ca6fca7eb00ea72aff83498070d75fc4e1ffb8963ecc4da2c264fe61912fa7c3264b656643bc7a5fedd415da8dfa0d74f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3efc0c856f39fa1c1ef64378a4db5425
SHA1 093249ef6df569e9ce5758ff7a47c0ee87f608fb
SHA256 b365166e9b9a3b8bd067326e9b83e88535badec2f3a277635ebc5a043ce58ef3
SHA512 5d11a9a7921a7bb280c5430ff1156f51f7b48059abc530b0f8f8886100bdcb2df946bde1eca46eb6a6d4dc6441e1943409e185512ae2bf6ce3e657f31ceba31e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f45be7af9e6f6b352e9bf83478bb6ea6
SHA1 8609da844779f6da7040119ae255fd7e22799d44
SHA256 3859cce2a69597423c9e7b93a7999e733f52fae9ee236b090a4933166fed8c6d
SHA512 cba1c05d9a116aaf3d988346eee7e16cb5bb7b456d8743fbc5d3b7cb1cc5e28995b2dc5e46fc45091818e4b11ca351ddbdb1f4fc7896fdd19066f758feb60221

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e861225d33cecae9b33d0226a6d437d7
SHA1 a2340355ceb5b7346c50617e8b13413b20dd1942
SHA256 29909ca4c8b02082e4b88cefe93862f872514e93c25e191c94a6fc4957e13230
SHA512 e1ae8dc153b59682236d455f45c59c76dfb4cec936e067e5d095662ede96766e4cfa6bde1e072c06218aeb306357462cd04b1bbac7f536889d162c9284104382

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 55caadc852754d59fa740128cd654b14
SHA1 b18bb8c4b2638d6a3eab476ff91af40eb4be1df3
SHA256 6a88d6f3db7a35b442907c961a56bdbfd5904e6b40bd635cce7e3ec87eaef4fa
SHA512 a5d28e6de9b4a4a3aefa9b3f6e30c496916491271675aca96e21e5b21210709996a3f69e6cd61e4eecbdf474bbe6878fc353e4cc4d140d56b9e5a666fad0b0bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a4b0bfa46d3fa99b62eaf7314494dd9e
SHA1 63773bed325f2dbc544fc374f2832b51eb13865d
SHA256 ce9d6fcd8476fa7f3aab048356916b44c843da2d1eeee1c427fbb5c6e87d454f
SHA512 17a02a0e84c20f62f71e7b5c5c28a3a68446ee81fffd2438eb55fae09b441ccd7d815692d5782ae512a86a7f8a660c5b473efb97e3e73e745f610f63130190da

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-10 04:43

Reported

2024-05-10 04:45

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

142s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2d671f5092a158d947dd4d9443b1ca4d_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1156 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1156 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2d671f5092a158d947dd4d9443b1ca4d_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed44d46f8,0x7ffed44d4708,0x7ffed44d4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,14418821766660342038,6611848942362338922,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,14418821766660342038,6611848942362338922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,14418821766660342038,6611848942362338922,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14418821766660342038,6611848942362338922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14418821766660342038,6611848942362338922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14418821766660342038,6611848942362338922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14418821766660342038,6611848942362338922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14418821766660342038,6611848942362338922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,14418821766660342038,6611848942362338922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,14418821766660342038,6611848942362338922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14418821766660342038,6611848942362338922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14418821766660342038,6611848942362338922,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14418821766660342038,6611848942362338922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14418821766660342038,6611848942362338922,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,14418821766660342038,6611848942362338922,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4876 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 142.250.200.9:443 www.blogger.com tcp
GB 216.58.201.110:80 apis.google.com tcp
GB 142.250.187.194:445 pagead2.googlesyndication.com tcp
GB 142.250.187.234:443 ajax.googleapis.com tcp
GB 216.58.212.195:80 fonts.gstatic.com tcp
GB 216.58.201.110:443 apis.google.com tcp
GB 142.250.200.9:443 www.blogger.com udp
GB 216.58.201.110:443 apis.google.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 www.testautomovil.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.200.9:443 resources.blogblog.com tcp
NL 160.153.131.189:80 www.testautomovil.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
NL 160.153.131.189:443 www.testautomovil.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 img2.blogblog.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 142.250.200.9:80 img2.blogblog.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 9.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 1.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 189.131.153.160.in-addr.arpa udp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
IE 209.85.203.84:443 accounts.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
IE 209.85.203.84:443 accounts.google.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 142.250.179.226:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 84.203.85.209.in-addr.arpa udp
US 8.8.8.8:53 246.212.58.216.in-addr.arpa udp
GB 142.250.179.238:80 www.google-analytics.com tcp
GB 142.250.200.9:443 img2.blogblog.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.212.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
GB 216.58.212.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.180.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.178.4:443 www.google.com udp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.178.1:443 yt3.ggpht.com tcp
GB 172.217.169.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 194.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 6.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
GB 142.250.187.206:443 play.google.com tcp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
GB 142.250.187.206:443 play.google.com udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 142.250.200.33:445 lh3.googleusercontent.com tcp
GB 142.250.200.33:139 lh3.googleusercontent.com tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
GB 142.250.200.9:443 img2.blogblog.com udp
US 8.8.8.8:53 auxiliarodontologia.blogspot.com udp
GB 216.58.201.97:80 auxiliarodontologia.blogspot.com tcp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 439b5e04ca18c7fb02cf406e6eb24167
SHA1 e0c5bb6216903934726e3570b7d63295b9d28987
SHA256 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512 d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

\??\pipe\LOCAL\crashpad_1156_UCYWAFJNOXDYLXKG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a8e767fd33edd97d306efb6905f93252
SHA1 a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256 c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA512 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a6f6ec1cce9ccefa75782610341f60ae
SHA1 7a86867d2ad74de9494486735d968bd73f0f2052
SHA256 eaa67d2e121b89383072f6d4672e7ee4d3bc282f6c009715d33bcb2f0fa55c37
SHA512 3b6edb3dffc3754e7d77c4700663ccecbba7e8b2ee63c8e04a63d940f7cd65929c94a79b25ff4a2ab26cd13aa07130d08d161b81fc95ba3ec4e7ba08e225c167

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 b6c8122025aff891940d1d5e1ab95fce
SHA1 a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4
SHA256 9954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e
SHA512 e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a3cead4b6ea42c706a4b0a881556ae6c
SHA1 68c27f61d1fc288f0eebe4be5387a936a827cbb9
SHA256 1a57efba7635b50394e44eab887882b3b0a9b83ce0355cfc73850476ad9fad3a
SHA512 533d23577c3b4e8b8896737a4d440b380eca627fa295779debb3dbc51e672153744a1e67d03461b48dfe61a5367ba5acccb45123f77486a734aeb8557b415898

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c4a13c13bf948d9306cbf2352105deba
SHA1 0ed28455d7828869c3011d1ac3367de2efafa112
SHA256 9fdf971c565401fb09f9d1957deb7ea444d97ef8799e1d8b55cb6042541a4270
SHA512 9dddf8126f01d25cae522b0c931bd76daebf9d518072a57c7ac731daea518c04c15dc7bb31648d0bbb1d0abb5e9a57e6d390202b240753b55b90b46a4bba9a66

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5fd128c094c8f6cbedb2bd8043c233f7
SHA1 76ed0c70d5925c3da58cbaed5c2ed58d1fcc79c4
SHA256 3f8a1db885fc8a9ae9c6a459606498e4e00958ee112d2486f86253d13c511701
SHA512 25c4c18ff3112f6aa308809f5464788073eb83ab556a15306c6cda287a343087d3784dc2605656d78d640e8c3d8c8f29b04419b16c4d99b465f52fba4c437c8e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5525348a6d5eb2f0c8cb84d2b0e42cae
SHA1 e46fd29c2638541406d8ef4138c47c8dbfcf4c95
SHA256 c705f07c7117e630aacee414276f05f5bf179e96cc809f1edbedc33f1868d5d3
SHA512 bddfc7b7cf9858cef3667b562fd15648dcb69080891619e236ccd701fdbd365426b50963406053dbe070d1ef5a4a64c476be545f23a266738c78cb9611c83d36

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 669704c0481cd8d4c2f54b6e2981ef11
SHA1 0b540ed6f40c9b8fdd7b9970d5562de65588ed10
SHA256 8da986e3facea442f22b3f3c0fdbd4d03e632fefc3d448fd26efe62b18561ebb
SHA512 86e1e640e461fff6a35a44b2114323e377ed146d3656356064fd83ee3f7778e152383a5e384661e8cb6c923b8da0de6a9d2057531134db4da3d9405662b3d41e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 de0d3e742c8c78f0a4c33aaf5eb0d880
SHA1 6cb0538ca46ee2419ed194960d7482c054dc0889
SHA256 ae77938d5368f26d71eec68364f9d2fa6f87f61a60bf7f44f223718340038b33
SHA512 c392aca6ffff284ad28efb45b1577228ab528ccf06c19974488b9cd9e4b648b62ae4e3317bbee20c33472a4f358e28419d95529fae317ec377204f262a238def