Malware Analysis Report

2025-08-05 15:36

Sample ID 240527-pclhnacd39
Target 791bed6a80e78b0fb5b18a392002c71a_JaffaCakes118
SHA256 cc9ae2e37cfe4158bc48fa4f33499732f10048fb20389e9f79979cb5f68b70ab
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

cc9ae2e37cfe4158bc48fa4f33499732f10048fb20389e9f79979cb5f68b70ab

Threat Level: No (potentially) malicious behavior was detected

The file 791bed6a80e78b0fb5b18a392002c71a_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-27 12:11

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 12:11

Reported

2024-05-27 12:13

Platform

win7-20240419-en

Max time kernel

134s

Max time network

144s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\791bed6a80e78b0fb5b18a392002c71a_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "9775" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "9401" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "28461" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "1980" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "2190" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "18767" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "1986" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9483" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "1986" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "2098" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "19095" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000008a3c61126713b830c835c1c6ba424f60dbb0b0e0e499b9f9041842058f77e0d3000000000e80000000020000200000009fd8826ee7d2b5d35c3e4bf9efeee435d21a46bb02134b1886facf351bc345a720000000d0bb41aaa31cf2bb413648114642760dc5c2417bf95b6710709d6331ac691d1440000000f17c6d1b58f7b22eaf5b7fe98cc62bbeb526d40d918763cc45ea3b89988453639965d2426c6416b7834bbc6a427d363f64011f08aafb77fb4b1e41fda4344888 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "19177" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "28461" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "9775" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000007f9a01919362646ea61b3091d8dbaa058997339203ee281ca6b7b6a6c4b4bbbd000000000e8000000002000020000000c23aa204d89b83143b82676def4d1fb67a674c001eed88ab80f31aeb54a84d999000000029c8df3769209323f959d1a121292088f884d718dabd133d0ddfe5de2bd3eac5ac9fd391140f5b99075e9e285385c8956315d2cc3a83fd2f9563a06e45c1375ece83af5160b4cb92db7d6001bd91878b300206db57b5ca7c848cd26c0485d67cb45c338dea24a5cb222d6ac427ada47fb2d3b21b05ba2c452a89fc2c9dc7c46320ecdf111d38287c8f89b5be4bde1156400000007d72e8c9e7e9ab2e9fc1f8e64eddd0ef242d2f70cae60e246fdf1a2253a599cd87f85f57cae9b4fbcabb54af44ed35ea5dbc8dabb97eac874cc77e6c31458870 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "2098" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "2098" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "2190" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "9483" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9401" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "3838" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "18767" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\791bed6a80e78b0fb5b18a392002c71a_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2208 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.konthaiusa.com udp
FR 216.58.215.42:80 fonts.googleapis.com tcp
FR 216.58.215.42:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:80 www.facebook.com tcp
FR 172.217.20.206:80 www.youtube.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
FR 172.217.20.206:80 www.youtube.com tcp
FR 172.217.20.206:80 www.youtube.com tcp
FR 172.217.20.206:80 www.youtube.com tcp
FR 172.217.20.206:80 www.youtube.com tcp
FR 172.217.20.206:443 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
FR 172.217.20.206:443 www.youtube.com tcp
FR 172.217.20.206:443 www.youtube.com tcp
FR 172.217.20.206:443 www.youtube.com tcp
FR 172.217.20.206:443 www.youtube.com tcp
FR 142.250.75.238:80 www.google-analytics.com tcp
FR 142.250.75.238:80 www.google-analytics.com tcp
FR 172.217.20.206:443 www.youtube.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
FR 172.217.20.194:443 googleads.g.doubleclick.net tcp
FR 172.217.20.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
FR 142.250.75.230:443 static.doubleclick.net tcp
FR 142.250.75.230:443 static.doubleclick.net tcp
FR 172.217.20.194:443 googleads.g.doubleclick.net tcp
FR 172.217.20.194:443 googleads.g.doubleclick.net tcp
FR 172.217.20.194:443 googleads.g.doubleclick.net tcp
FR 172.217.20.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
FR 142.250.75.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.196:443 www.google.com tcp
FR 172.217.20.196:443 www.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
FR 216.58.214.86:443 i.ytimg.com tcp
FR 216.58.214.86:443 i.ytimg.com tcp
FR 142.250.75.234:443 jnn-pa.googleapis.com tcp
FR 142.250.75.234:443 jnn-pa.googleapis.com tcp
FR 142.250.75.234:443 jnn-pa.googleapis.com tcp
FR 142.250.75.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
FR 172.217.20.193:443 yt3.ggpht.com tcp
FR 172.217.20.193:443 yt3.ggpht.com tcp
US 8.8.8.8:53 fe0.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
FR 172.217.20.194:443 googleads.g.doubleclick.net tcp
FR 172.217.20.194:443 googleads.g.doubleclick.net tcp
FR 172.217.20.194:443 googleads.g.doubleclick.net tcp
FR 172.217.20.194:443 googleads.g.doubleclick.net tcp
FR 172.217.20.194:443 googleads.g.doubleclick.net tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 d905d0444dc59ef06fa6446c78477362
SHA1 d2f2b3d0a0ad22dbb898f45f799730c5b3110052
SHA256 c9e57f253108b15e4db1cd39752c514688611a720abf650f0653a6f557c834ff
SHA512 46e547c28c4284456196bf1e74141adde3d54014dfd90c4d37ee2f2afcb31a7ee48bd189f2cc9cd073b4a0ae3f4c9d18607e22e0b56732dc4ec9200f4cdad0c4

C:\Users\Admin\AppData\Local\Temp\Cab2493.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 2b79576931f7278028f9fcc700d932d2
SHA1 84f199382ad7efa564324e559dd9d0586d518fd7
SHA256 990697f2eed9d44971a4eaeec7c0ddd2822c683683bec33dff51ac1fcc07b059
SHA512 1aaef7b8a3e8e5e9dbcca8daadef4951b1467d76c4a3cfb39328c5dc21431bf68bfb1660ba403a755504e2611f864a27847a08a5d3dd6b63c7489d230f99ec24

C:\Users\Admin\AppData\Local\Temp\Tar24C5.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 0b7123cb64cf39d7e3082b4731a76fef
SHA1 951e7781bbc56e948c8ff751346726fc2ca5aa41
SHA256 69250806c913a5ee8aa74c414b6af5b532839db4e5e2fe95099c0c8a1c8530a5
SHA512 d3069bde3ff0e9d3f47a31f12f80b0d6f0698bfa51485edc17cc68daeda7d5ab95660ab61ad783ba800cbcad299565f01063e208448b54003316fa0915ae0248

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_242CEA72AD255CEF17D8B88AD3038326

MD5 0aab1c7d1342c5ef2bbc3438b49f72a2
SHA1 0fb85515cf89fcdfac81e2285f0e8a65a60e98d2
SHA256 d26eb17bc0fce93f74ce9f1b514630b72d79d0f096023d96c6354d17e71de8ec
SHA512 c70419409859feba88a19ac81691c56d4028197aa196ccd2677c4d6216c27f5e5cb5babd2808835711d3cbc53fb649bc2bb4164cb7795fc8c0a7a47d89453a14

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_242CEA72AD255CEF17D8B88AD3038326

MD5 aa2d3032d9b65ee74989e687c6e986d8
SHA1 83273a20de29866e8cc84d1cfb5feeb5e5832483
SHA256 699e66756cce7323892f127fd407a87396864accf447a9e0b65a7a2626d0db98
SHA512 3572738c6202dcfd91df1731b62e67dffdb1f59bfc12a0f0d667a64a48fd20f1f38ed6b6c7b8de5614264ee6a2752afc5bd2a6227077368a8810a8050ff55a17

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf6b14e140d976e3b6c2dbe77fe613ec
SHA1 14b50a4196d1174acb78919f17d226cf7eb7745d
SHA256 d9d7d2d0c083ebf0be3b5cea8030b30ce24502034e8e303efd116b657524b9a3
SHA512 cdc15391e270bedb619218604f9d014a136a93b5cc2b7d0b7e442d19b2c2399510ccb5fb68301569a25c40bd1a474ac5e3d1b23fd394e093e68675ea3817b206

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRMHFE1W\www-embed-player[1].js

MD5 01ffe52cedfac91db631afb50ec0406d
SHA1 6c46d6f85c315d1b5a0f7207ffc9c11f51e91509
SHA256 5e7aa90ed8daf375a49334177305eaa26fd800a2a580efe1da3388ad51b094d7
SHA512 0f3b013d65a6bf7acbc350c0a664fbc4549d388599a9442a6a7e0efc5bbd33da5dadd8f4d0c63b0ca10c0ef891265a2921e370563ce92acc1d0b977423b67af4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRMHFE1W\base[1].js

MD5 1a07b3637d035852c1bf496244e02e5d
SHA1 5499d5010793c37998d7109f7ada060bb53f9516
SHA256 489c5db1fe048e9e5d4deb643c382c2baee253283ec1c55f5e62b12c746e0e64
SHA512 954c45573703c72322a3821d7d910bad40b20a18f5530bdc5d7389a7c5d5ff33f7a0a6815d9c59300b5441ed6b127fc238897e3a586b73c4d583257e2ac265e4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7CXNA3\KFOmCnqEu92Fr1Mu4mxM[1].woff

MD5 bafb105baeb22d965c70fe52ba6b49d9
SHA1 934014cc9bbe5883542be756b3146c05844b254f
SHA256 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed
SHA512 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

MD5 de8b7431b74642e830af4d4f4b513ec9
SHA1 f549f1fe8a0b86ef3fbdcb8d508440aff84c385c
SHA256 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a
SHA512 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\8OPJW913\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_C23811B47FBB3622EDD1969B2F2E15B9

MD5 65b6f06736bef4371b97069c73c45c0f
SHA1 42f16879bfb24a6a5703ba574454e5ce96360127
SHA256 3b6d17145c45e4726cf8a38f0d7a392a4da50a11fc87d029d4788af5a57986c2
SHA512 185c3f4fae761cd6aef7f85fb3d346a27969315d4b0aa5cb5c65e0f61a3a7411ed3df6e6edd3a8e26fd92878785c781f3a40b82fb25edd72cdcac8368b7598cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_C23811B47FBB3622EDD1969B2F2E15B9

MD5 46fedf6e1890338c7652368a013fe345
SHA1 23009f93c9c661dc828f6da54bc661605a7a0537
SHA256 40dc34de578ec13b7130f3a3f5f497700cc7ed2803ea3272d1bcd57e8228633c
SHA512 a2be98ba25abdfbd68d80b0d44c0cfe79a11d385da9b374c90ddd8cd99f7a8793d1e2c1e5053b3f66b9135630c5b011d4205b63c0168afddefa8a80124c03e10

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\8OPJW913\www.youtube[1].xml

MD5 81f27a0c1e9bef2f44c2b8e19f935dd1
SHA1 a493018a2073202f0aa2ab0a83eeefd35daa82de
SHA256 03d883b470045649d224258fcb8b8f7f67a586e075595e5f5fde36539336ceba
SHA512 5d4ccb6af7c3f397182487ab3014f5640ec7432bd7b76aae981cc36199da02ee96d265c1396a35aa4d4dbc5a303410137af8c8be0f2c51ceb262c030fbfb484d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\8OPJW913\www.youtube[1].xml

MD5 ed8d7cdb16ad4084a705835e403f5704
SHA1 07d49132c9859c1442905f6b6b62effa10fe6845
SHA256 207e9d8a90eb85c03c999fed78322076ddae5eddc1f40698d390043b3de09c23
SHA512 fff8b76683f6f24476d66b6bcca35d689837cdf9b8a03a323f9a2855493fd31466374bd8a4f5233bebbec9531451b58bf45b7522f6aeb8857da81d6c3df540e3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\8OPJW913\www.youtube[1].xml

MD5 34d2693d8306a2a078d0c4a65460625a
SHA1 3f118bd064a5019eced68f20d298d6af15c450ce
SHA256 ad4a6e5618004f23d9b678df6c516885277d9ca9e257510e15c396bf6a65663f
SHA512 9656fe1510c3506053f47cab919e0996287105579dd03e2cd6490ece97cba0e9fac35c647c707099c8114bbeb65ff30349d4bc6aacb97985ea0780feb829a6fb

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\8OPJW913\www.youtube[1].xml

MD5 4e4a20c8bf1748af53295cfe0218e327
SHA1 d605bbb882d79aeacb8b96a9d1a0111e49141f0a
SHA256 2511f1e75330b06e33f7df429f7a09911ccd92521263e5188e48df307caa6530
SHA512 29435d04b67eabb6e03000ba93b27e848b0f6bdf872ecd9d3bcea23ff1248016f22e6a41a32d685709126b0edf12e440eb2c3267a21858c0ae03fbcc5eb5baff

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OV51DDG5\embed[1].js

MD5 0691a0284541e31b0d8584e2e7f4a29c
SHA1 895b5df3472fd5da3110852f954d8146232032a2
SHA256 7053def58737c584b633c9efae1848ca99fa6130c1843b16fb72de9a656c8c04
SHA512 1173cb0e0da40bc1c0929618e565f277c7f3d97d11d33398cf309ec4f9b6be94dd474b816ce136e380bf55e10bee6edf9fd2711edbcbe36a9be8169c1193025d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\8OPJW913\www.youtube[1].xml

MD5 d307f4cc915b5c15872270a34c2af696
SHA1 bf07a03b43f5b7368fa29cf9e76f5f27dfc1ee8c
SHA256 57dd7de502ce6be3c1ff7a2b8da9b0f5fea6ee8ccf79cb8c3af853c1e612062c
SHA512 5f98a76d007fe4794310492cabef8a947f82a9482c5c1406cccc4d2bed409575086807f731eb7c852ef3bccd4c6fa6e111292207e99220f302a6dc564e544d3b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OV51DDG5\ad_status[1].js

MD5 1fa71744db23d0f8df9cce6719defcb7
SHA1 e4be9b7136697942a036f97cf26ebaf703ad2067
SHA256 eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
SHA512 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\8OPJW913\www.youtube[1].xml

MD5 b8ccdf82ddb08308008f8db2392d0027
SHA1 10927e85287638b70ef432d13c60cc81903f8f93
SHA256 f5acbad970205570407638e1819840de2f737492935cc58e532b55c8e742096b
SHA512 290929d658b7cb916549f0a92619051f1b9e64a2d0f97a2f8cd7629452a8b52a389e0c1bad576f1924f8d5669da2dfdd52861b57bb1672880a2e4f11f7ae0a81

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\8OPJW913\www.youtube[1].xml

MD5 3cded32b6d6f6c31e01ee06599086506
SHA1 ee65e35a7d8a1abaf10cdc961b1b94e505fdfb01
SHA256 fa532851c2708be447241ac586b0ec10c2a98e94eb673b83191b3a8f017c26cc
SHA512 e9b4b71bcd2272228e870d164528e4ee0a61137495001e1740575d36ca33bbb067dbd5b26bf58b329d8b5494b5b2da667047851a9cc2ed65272bfadb8b592f68

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\8OPJW913\www.youtube[1].xml

MD5 eb76f5f8f3b95e854cf0e4142a9c3158
SHA1 38cc3181ebf21ee870f6ea2d74f465b23ab2b641
SHA256 d1350543846a986a3676e2b4757f948ebca4bf71f8fcd80871d9df3039386bf8
SHA512 f00d437f0aa5a9e9afe9e37c03fad7657e9b7726f9cf7bea4be0f76a38b055cee0b304293508ea43b86f053e391b820075b011beba32cda7b1a891480c35eaed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\8OPJW913\www.youtube[1].xml

MD5 bf96a08e449df57662383313804cdbed
SHA1 f4b38f12461cbbe3abf1c20582324e8f032cfb54
SHA256 221f210022c1fdf7e7d6b63954a401a90d113e682049020e10a35a066df7c70c
SHA512 afa8365d4039fe0e1e2d2e2326b7ac915b80269f0341179e63a3a02b5ef81151d0a0eb1d56054c9312e1d92a0da81231c41d1e704cee52f7b8dc43563ca15e24

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\8OPJW913\www.youtube[1].xml

MD5 ad7b2b5e51a1a94de3625327558a04e8
SHA1 84c0b5e10062019c94a8ccd56b9cbe7e0afcd1ac
SHA256 b22892fc5688d50155d731deb6ed361e0655efa323e239bb9e68a7f934de6de5
SHA512 e084ef89924bbaeb3472429bfe189ce28712165a8502b05af95c5415e1b406f94729f86bd78c5cd8f4e704a7f73f563d58abe1a9a0d45403a3927fd78338bdb4

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\8OPJW913\www.youtube[1].xml

MD5 02e388e614fb791b90a252523bc07b6b
SHA1 3ce64de7328e66f9a90255ddd2fc309bace3192e
SHA256 9bec6b6146c01d0ede6e4c825bfa976aab7290ce3747780f37631dac66fdae4d
SHA512 dc2af7c31166566d943604b487b83cd9d5d57ea8781f6152c99b43063c1e5183388c7de2b64bb8f8d38c2332418ab99c8c0fa05961a7d42a13a3adcd99a33554

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\8OPJW913\www.youtube[1].xml

MD5 8f05702a061059e277a9ee60233a05db
SHA1 a0feb029ba37e3eb5eb344c6ffa04343f83eb72f
SHA256 2b9111de7dd86802d803ea0071045b5f53bedf9715219af51abeb091ebd843c1
SHA512 7632635c4a93b8b88c0a3c38155f838540af4013fc79cceaa5016fe35c82ba284db60e6259e7a10153b4cfc217a87f2bc571f5b5a36bf767548a887517254125

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\8OPJW913\www.youtube[1].xml

MD5 2b5562273f83b6babcba80856283aaea
SHA1 716e6e79773218d409446e2245aa83c32f36ce3d
SHA256 354bba82d5cf75b32919b7aa37fa96a76c216d1e3ca7a155ab876fd2a8cc7920
SHA512 a37aefb8a02a17b2d1277cf4ff5f72c4210e9720e0f2582a30dcdaccb028ffa8244f78baa8a8fb68fab49e59f22ad063427e72c9b35ca3d71efe325db38a4842

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\8OPJW913\www.youtube[1].xml

MD5 0ee60d43d5bf714431094bdd41e0dad3
SHA1 b611776d49c1a081a65f84e12d8db8b9ced894b9
SHA256 51ae15177d5d455868e11047cfd34019fd3ffe252958e6c3f763fb95491e3993
SHA512 49362afe14ff10beccd09549efa4633b81cb18f7bb23e52ec612f78929f15b53be0b6b5ed9422d4bbe2a4fcf2dc235a9f5f8710ea0b01e864c546dfbb7d960b9

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\8OPJW913\www.youtube[1].xml

MD5 7c2b025f509a151d649be7682a38de94
SHA1 5852611d3aabc695500527f7cf9ba0485740d757
SHA256 81e695effabf11ee11465261c44f31da0ad3a32e3aa1b813d9b79fc739134d23
SHA512 8ebd0752a244ba7c0206522320931219235a091ea7a9d015985b57f5b1a0ee07d5674fca32798aa6d2c326c6442fb7cfeac166b6ff36f7fc47a49c24dd2a6347

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\8OPJW913\www.youtube[1].xml

MD5 5662fd92b03fa2913761b09ddba87c64
SHA1 a8a2450bfaab7e7ef1de68d66a5675435725f445
SHA256 ce2047aa2a0c6070fd83c12b162a1b49c09473a6f53d21bd7fc5b1dc2bd765d2
SHA512 7dcbe0f21598d956f23edb4cfdd805c97a78a580ecfba78a5eeec60d00d2ab1e743b163430e86ca8c36c15e7c029317a637ca6801e32b7e3c6f1b27ba7a3cdc1

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\8OPJW913\www.youtube[1].xml

MD5 0c2273827a0922181235427fa4d2a7f3
SHA1 b0667beb008825c922ca8d8107a63869abd429d1
SHA256 13732fa70a005bdef76592faf378c3df6f6dc1f4ea7828d8abf89ae215249336
SHA512 27748bd19805076f3a282309f09f9761e093ed4080beaacdbd0892b653d3b8103cae4efd2cfaad501e33ce01a15360087660651261b4da551328f0fcf06b6d13

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\8OPJW913\www.youtube[1].xml

MD5 b1a0b5df351994fdb1259753d727842c
SHA1 d8e38d93f9b751db0ff43b13d76b8473cffcc4a4
SHA256 25fc65bea07c486d79e7f53470d233acd29b29c0e121b2282fa9223a80f259b9
SHA512 2e12fa4340d1009af414e78fa9125966a4de895d54871cc6ace73bb111ffd04ca2c926f38b31645df0bf7de0bc62153a61e0ebaf83a87097db83d1d61ff9650a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\8OPJW913\www.youtube[1].xml

MD5 4d516bc84a306c2c940cfdd5a984283b
SHA1 a6f695d7f57ec8c99fd840499ceaa18e9ffc0c8a
SHA256 9800a132e3f2990446704de9eb425c7bcc05b95a47adb27a067c7b4c186e069f
SHA512 d0e7910329e12f8eeb0bda17a36fea0f675043c5b859a78099759dd74382e98e21d8ed6f83d14f83d27f646433406c07eae2cf97ae3f90cbd0390be5a18a8a0d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\8OPJW913\www.youtube[1].xml

MD5 7a4a827523c67f3eb7db1d1ab5780d67
SHA1 9d7fefcc42fa6990412d2c1788c367454bb2a462
SHA256 3d767b24c218ae63786e1d4fb7be6d56139b727601c1d375b497ec6493d46dd7
SHA512 8a29978a6230768a65cd616ecb64506c170295c9d78e1b9db86b0e47372ebc6c03936a2a0246d6265465cf3f28630e38d1d41e7810acb74e7444e476d712cbe6

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\8OPJW913\www.youtube[1].xml

MD5 5129675f7f79ba660b7dd0f3166c78d2
SHA1 db0ba3474b61dda91a45519ac2d28a2bc114c23f
SHA256 f2b9672dcdacbfd471c23870909e848a3a6f90a52c6180f74a6393631e5cf0f3
SHA512 18fe86d65fb0bd1817aba915bf1c279ec8b039c5078267f214e21bfd4deba8ea4c64a9f976b66e04ccda4c42f9df5896a0251b09fc49c218c6f576b7ee626d19

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\8OPJW913\www.youtube[1].xml

MD5 d642a198c5d303702202afa814b53b64
SHA1 303a12de8bda306a7a09a9f30d4b470a2ca1f2b9
SHA256 5551a8a283f6c153ea4cbb82bba456489d43c514a4145b8304609e7dbcf6518d
SHA512 7a8d47bdc0d58995fc0597af567cd762b19795c6c3cfbf1b3baa215fc6b1ae94932aecc60521953668060fa7f13024e640c1e7cdc68a701607cdc05f235815d5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\8OPJW913\www.youtube[1].xml

MD5 4f32e81a592647b39315e1b189e8a401
SHA1 2842f29c50149578b6f6ecd73e0394a02c9cfdc8
SHA256 10a1f5fe33c2a6451d353e3c14a60f127976aba0d6fcd4470b6927b719ec48cc
SHA512 bea45b2ae3ad8b2c5614a9a72dd107b7906e0464e098b3da258157b75ecb1700afe76cc0dea31d0376d0f83242b5d549ba5d2c43e501aaa99fc75b1f8f1d2078

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5c427a627d87eab613000a378c549c3e
SHA1 ffec5c00cd3b9e36e5b27a24a122b777032275a9
SHA256 3af7d71de4bf2b7a628c42a37c58cdd39c3686b705ab6382d7e84d1154aa61dc
SHA512 b9ecb48c84fb21c04e3c841afee85d8dafa432e5df4935d785a9b9f6d05d61fa1e407729e6a0634557a8da8f93c4e82225f110d3fa43b1b06ac888a771463928

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e08e7f80f52bfd5eed49c84d38e06e83
SHA1 026f495dd26448388d829607b7426bc86634f1a4
SHA256 fc17eeceff1baa6032d51a85a200c746a4efde8663b0c349563268b50b179fdb
SHA512 327a888202664b7f09785a144efaba377bb32d5f0f09f90ef2e74866952550b52358cdff7543c4130138d09412585774287d86a88d9a645dc4f2a7061936cb9b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 228355ba5679a79d86faba8a1fc35e83
SHA1 4e15e7a4cafbd3cc47a068701afd6b36a694a818
SHA256 9da21a5e569c9fe1a38e0cad88b4c73126119745bccde6a5bbb0e5602f4b0585
SHA512 c228d36241263a973f0d54cb518132c44018bef34e4c4915b4ffcdd9d9d56a9bdd577e7a18273f00a7ba512260226db8bae33bd22ab847c64692c2c8c64fa08c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 20dd311bcd5141d18d04c32394fd8f28
SHA1 b1626cdd6ccb344ae75f8fc02d16632b60ce4bd5
SHA256 07921316959cfd7c90f2e74aff87e5d8e2149be59284571214415df1a8de845f
SHA512 55e594eeacb9ecdb43095e32f11950df844e53d0a76f0233bc8228527b0a6fc791abc74a3e70633953ff4b632ad335930139cff35ebe25500fc62ea7fb3da8b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 55246a8fd2f17f7ee95e02735d31aef5
SHA1 a4cf0ec1e331a705a103efb13b84fb929148364e
SHA256 39ef174ef86ce85c928fe0ba3f3fa6db6a8b4838c1eea3d1e8c38271bcb939cb
SHA512 d03174c0b03ecfacdfd638b34be75893d56fea38716f0506e891cef373071e5e949959b0b3573fb77e3bff0dabd84738775464de442d44f83da1606b7015b256

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 68b13722f0df0683ddf8443180af5051
SHA1 e02c5fc9e073f9bd2e3359609b267884d3661c9c
SHA256 6d940f95614341fc7f5c838f841c6778a6d8627a1a847963ea4a2e6d50361c35
SHA512 821e88591eeb1435c07309d24bf56093a27119e8bddefd0f2cb6f7b8bddda70248ca063a65f177ed7434d05aed242debcc21b077b7b7e25e5a5d181d3bd1d0af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9445d993a1c35db8e0199299f435ca9b
SHA1 d33fe521f55a4282461fdf873fdf3ec0d82e4467
SHA256 ac58c0bff8a94bc5d62cba10cf099e0517177d05eb2148346455e49162f4ae9a
SHA512 19a5a96a0e7ad7e3cdd1daab572b95ab1810ec398c4664354f974793a0c9a6a2f5deb894008060a523443433f26742199f380768058022fd2d0bdb787a7894c8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fbd30427bd2cf40667f92a821a4c7ebf
SHA1 45f529aead083ca1bce048b5a307fc384e1b1a0d
SHA256 a1a3f27fec033125e875e60cf5abd3d78cc3a64ff4be20d4acd37c3608aeb61a
SHA512 aa94e047b81649bcc2373de40584353a8b34523eb2c7159023dad9c0814f2a993767bb920a2c38eec446923274729d10ceea524820061ac94b0926e36a883d49

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de915f803a2c248f32353968f6c4f01a
SHA1 9f7c35d901b9f7e5c386dd24537b652ee8b711f6
SHA256 7415fc5f93583d96a0177e754cde0d9b4548d6dc674c7bca716fecf880d3ea69
SHA512 df4b2740ac89e64dfa4c1776e3ffdebaa50501472a9874e75b9bc3b292e989d49c6ec3c33a0e8c38881bdaf79080128957dbc151584f64f070230d102c5a8f42

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\8OPJW913\www.youtube[1].xml

MD5 093cb683228830efe0d7ee8fb60b0bd0
SHA1 fa2f73e2cb622eaf23627ba34efdfd86431d393a
SHA256 63fcc80f7d9bb0311b624f3197eb2acd27026014c97cad21fab4ab5afde6b561
SHA512 cbb2a4dc78ae3497266f817d4c975de3ac4e1e18ec3da94c748c34b91bc3dcad8caa6a4e7fa9d59e6793d0f797c0d41abfaee8569cf11efdeab43766d326a0f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 685515d10295f033e0a670124bc98da1
SHA1 83dd88d3bf469b7ccbc13aa2d77d1c7b6977be7f
SHA256 dd3484c47d45fdbb291429f61d3b80046cbe4cf5471b2605974fd5ab390994f3
SHA512 cc8a1cf570260efa142a6cd096f957895ef280cb2e5ac4233e9a6c20fba2519578fd196f158230cd126a667fc647fb4b8bddb7bb973309306c2d275e9a93ec85

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\8OPJW913\www.youtube[1].xml

MD5 e50c2bbb3e1148ff0d41609c8b3cfeba
SHA1 22bdea95f2894a4731ef4fbc70333e33ee9c0b3f
SHA256 a92a9e87656651643e808d08ffac01eaf05e7cb303b155a33ea6aecb44639d15
SHA512 b737a0bcbc6fe002d95f82c02c31b3ca3d6e4cd4928c6173fd1b09335a30eadb8f52882046a9dea3b6cfd53c88535ab6df574977092836dcef92ed3918252223

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\8OPJW913\www.youtube[1].xml

MD5 6b5c50229bbb0b332aa5ceebb8146e2a
SHA1 a7ce272091e3049e7a28f3c00922b93b3f863464
SHA256 0493645b6bb2b3295a63e7afd14eef1afca3a5cd0d55bf37d5798c96da81fc52
SHA512 2d998d5a005f319971eb24243a4371548e0054949e24febb330745f55d1e23fa1f2a9fcd903bd93e0b46c4b4a397406140426b6ec70203e9f8abf24ae3e8cad5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\8OPJW913\www.youtube[1].xml

MD5 d43df528a1f175fbb601fc840a29cd12
SHA1 6e8dd357d06d39f65323480e16e9f5f71776017b
SHA256 ee7b712140e94ca23dd8c40c96441135ef7bc38b8a8972f61e960febc50b8481
SHA512 51a8b64469c241a182e79497cb5daaf6164347ed89813bfad227f92ceda5ed11d7c7fb1809ab73750527bbd877c972be50cd8bd1d2d05725d14a45236745b418

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\8OPJW913\www.youtube[1].xml

MD5 194366907c860bcd22bb4348b892698b
SHA1 f24d7ab1be61427c09f25cc603ed676915cef400
SHA256 8c9528832df4f14baaf609d3f7897b99439fd6ad352d9dd2ea426ab78334c3a0
SHA512 20e452e38b0e15af5449316a587210cd8a593f686e5d17c80b43653ce558040d05277ae596deb5bf856ba1b79a23079edd3427b849acafaf385724dd171f5df6

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\8OPJW913\www.youtube[1].xml

MD5 31edbe8ea3700618449a0d8f6526c62a
SHA1 08b72aaf3bc7c90a999506854db3fb09c4690b65
SHA256 8139175324f61732553cd4927c4557c287fb7ded6501458e6ec5b0569e63ae08
SHA512 a7dcdda493cccc7338e3097e394d9737c9ad0f881da8e8a10f273ed72326b10d1881427200ae0835be0c5b96b9630a52628e8d0f33bb61da956d3488f4106999

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\8OPJW913\www.youtube[1].xml

MD5 c975b2e7821e7ab8111b090ce8f80cf8
SHA1 8e15deeae6c276eedeedcd0ce8df78d7bd4b36e1
SHA256 4a3803f7296a5fae05f10c76a6ffe610a0b84b16ce159d57122ecc33324c9fe3
SHA512 9d51010312d25a160a573351775db70667d838595eb99dad112ff1bf3a9765b78ec40dc818981beeaa9a3936108ff7a53cb5d56231f9c8b5115409482580c349

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d86f06ad620dc71ddecf6e37c5a46532
SHA1 f0127c8b7d78bc2f8bff415e1c76aff42122c485
SHA256 6b5f21712af0b56569e682e81069b4f6119196a4d9a0075a70c6af6d5a5f72a0
SHA512 f679c0157115d6f54ae1584294e786aa5cfce556356f8300cd2574891c487e8c05732afb99e3d379e6fe533487cb6e37fc9986f96e4d28abb12533b04a311bae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 58eb8b2299b6f698ca05795680e0ce49
SHA1 6e84b7e649f0a262e24322c5dfc333c7680e9689
SHA256 fe20bda5724530a0c3721395053c8505ff1af0e5b338ffc42377ab4b68f38b80
SHA512 0ce47f6c1aee68bab7aa875fe32dc07f8bb1b29bc3395e1fcc8869495bfbd93ea636576bc1c3dfd3830026614c3f9ec5d0d3ba8c27a483c15bc9e04fbc1935d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 3efeb55caf792b2fe8008a0d36209225
SHA1 26fb391fc115b8128c7222a8d738304e3b3bf4c9
SHA256 2050dfa5d197505057daeca4f9ca8507bb5368ab91612e18c02d8607e1171310
SHA512 270623160a036ce2fdd3caf6b40ee47be0658d9e8e4d2a250b17f2d7b320b318842201a4a93e6d2e6141ab7f2951735b0fe1c452f3676fc63c2814c808da7cf0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2a0bab1be326276ab4e787b9045095a9
SHA1 2b11ff5b2db64ae7c86ac6bf482868171db61b8c
SHA256 d265ee971382fe24dd15949f3eeacd95a874d968acfca181af75e75b39b8569a
SHA512 e96c08a9d3a76337fff0a03cdb4acadedaeb9953ee8fce2dd8abcf42dd04d66e536087c7abf00f04d84c1be0ec158835b8fabff34f2f51dd74de1ca62198bdb0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b5e355292f18edafd8b218ba1b48d473
SHA1 2fbb9ef2f0b3f8f1698c44e2b554d18553dbf494
SHA256 08541844481ceb94fcac34b568f6653ede34c082f901bf6984973fa28e8315ed
SHA512 b83018aa17ab9b8d1f8b80988d5c94a3bb96b25e03afc7d7aa4259bf7bf669cb0304df7e8abb730b4b1baf4520b3219beb161b5d6825e409763121a2101a6cf4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4445b8e519e95169d883bd8d0b93afdc
SHA1 f820c9b5cd8b6aadb8c527aaa6de3740cd40b85b
SHA256 8668c34e9afd7c435e1ece5ae77bd81a9eff4628eaf135a9f038bd1de5816203
SHA512 62021ba98b03fe80155c6e9aaa55feceada4bcc76dc068aabe9378789e7d269f5d9931f0cfb853b1a465de55b23542aa359fbb0f147cdcd8aafa6bd342ae1b1f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc4941ed9c8fdeb4c9ea985eed442593
SHA1 d4b9ec99fdb93d06d0774b49d347d8e8580b35a8
SHA256 f7f2472463e1513bf3d21ff9037838d7b892f4f98daddd0b36e4f9abd14a55c9
SHA512 c4d5c28171885bd23254ac60910aeedb219d244e82ba88f71f112c8ee670097523ac80e7571a626965cf3a3d42b2d79b746a8946f2945ba9f7ef36c904ccfc6f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d56bfdf71cdbebbc77c6f147c05a1be
SHA1 8d1a03d42e033225b2b867171f5ec1a1cf08f1c4
SHA256 25a1c54d939b5b92d4bf7c02e3c66256319e319a1fad99650a1f0c6cba70c00b
SHA512 66c0a0d1ed0add9939609f9288b26c87d14e92b4ae234e40c21bbc2ea6548b3439bc1470e27aa709b9776f17c043dc819d12add777a125c08c2630d181ae2e20

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c3bfb973707431b82149d309e3c2d9d3
SHA1 ff1d0d22825bf911c987d7668e4f21b3e06977c2
SHA256 7a9064c8117b931cd2bb3da78ec9c8a8a01c701f59515baa7b95815f42e5fe87
SHA512 091f73ef8778cbf86acafdb7fce7ad54259acde2cd2f1f66826f0b7bcbb2d2c66fca45668fef344504d3815513338f1c9b93ba26aa61f6f991c06cdda86fdea8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7fadd00c6fa612b0f58739ecd6269314
SHA1 bfabb3984dbff14e015ecc9d1986d4b8feecaf2e
SHA256 48748661a403dd9e68510183a2481fed22689de6d58763d772d9db16c71f93d0
SHA512 d2dd73b1c5915bc611b8bf23c96a67ae9da538314604b340e7a4573408932cc2419235460c20674230ef8ccdb5b55d7451480f7e93a5e63b2a6cda58654a8a32

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 afecd6907c0f9a6936d27c97955ea802
SHA1 f4c52d74174a4c7d415db7aa8d8a04565b860528
SHA256 d27c932696f2b7c47998c3ec92422db5690ac6a6677bef928f36cde19b3eeb9c
SHA512 3d35b2ea0e7716828499d3e3301b801efc224d9b620abceb58293c795dc6037594005acdd743768e2fe458337ce1f7aa332136496d531da28b8d410fa0663b5d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 315461d9da5c7bf447ebb5214721127f
SHA1 1dbb3a6a9c4197612d459653948615cd1e072bbb
SHA256 f7f8e32e6a71fe8f91239a765b66fae5fec285680e4b2a0dc22d7c7bfb2420d2
SHA512 df3c9ea92398e3b68930a5670fe14b5f545c35ebee2512f73a902c0bb934d9a5535f20be7f85a84363c533caf86a9a5479f6313717013700583daeea4d165716

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-27 12:11

Reported

2024-05-27 12:13

Platform

win10v2004-20240426-en

Max time kernel

145s

Max time network

141s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\791bed6a80e78b0fb5b18a392002c71a_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3216 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 1036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 1036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\791bed6a80e78b0fb5b18a392002c71a_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd0fa346f8,0x7ffd0fa34708,0x7ffd0fa34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,141219942458790638,8142224183687065395,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,141219942458790638,8142224183687065395,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,141219942458790638,8142224183687065395,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,141219942458790638,8142224183687065395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,141219942458790638,8142224183687065395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,141219942458790638,8142224183687065395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,141219942458790638,8142224183687065395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,141219942458790638,8142224183687065395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,141219942458790638,8142224183687065395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,141219942458790638,8142224183687065395,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,141219942458790638,8142224183687065395,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,141219942458790638,8142224183687065395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,141219942458790638,8142224183687065395,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,141219942458790638,8142224183687065395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,141219942458790638,8142224183687065395,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,141219942458790638,8142224183687065395,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2744 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.konthaiusa.com udp
FR 216.58.215.42:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
FR 172.217.20.206:80 www.youtube.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
FR 172.217.20.206:443 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
FR 172.217.20.206:80 www.youtube.com tcp
FR 172.217.20.206:80 www.youtube.com tcp
FR 172.217.20.206:80 www.youtube.com tcp
FR 142.250.75.238:80 www.google-analytics.com tcp
FR 172.217.20.206:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 42.215.58.216.in-addr.arpa udp
FR 216.58.214.86:443 i.ytimg.com tcp
US 8.8.8.8:53 206.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 238.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
FR 172.217.20.162:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 67.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 86.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
FR 172.217.20.162:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
FR 142.250.75.230:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
FR 216.58.215.36:443 www.google.com tcp
FR 142.250.74.234:443 jnn-pa.googleapis.com tcp
FR 142.250.74.234:443 jnn-pa.googleapis.com tcp
FR 142.250.74.234:443 jnn-pa.googleapis.com tcp
FR 142.250.74.234:443 jnn-pa.googleapis.com tcp
FR 142.250.74.234:443 jnn-pa.googleapis.com tcp
FR 172.217.20.193:443 yt3.ggpht.com tcp
FR 142.250.74.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 162.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 230.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 234.74.250.142.in-addr.arpa udp
US 8.8.8.8:53 193.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 163.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
FR 172.217.20.174:443 play.google.com tcp
FR 172.217.20.174:443 play.google.com tcp
FR 172.217.20.174:443 play.google.com tcp
FR 172.217.20.174:443 play.google.com tcp
FR 172.217.20.174:443 play.google.com udp
US 8.8.8.8:53 174.20.217.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 18.24.18.2.in-addr.arpa udp
FR 172.217.20.162:443 googleads.g.doubleclick.net udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ea98e583ad99df195d29aa066204ab56
SHA1 f89398664af0179641aa0138b337097b617cb2db
SHA256 a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6
SHA512 e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

\??\pipe\LOCAL\crashpad_3216_PZTKOKSPMIIZBTRD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4f7152bc5a1a715ef481e37d1c791959
SHA1 c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7
SHA256 704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc
SHA512 2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f3439a42ad117e494f2ec1af3b3df5bb
SHA1 b4cfba6a1c56660c2a0d62d96e457d223b4c8780
SHA256 7f95f53efa7b12ff7c5f3d8fbe4972dccb84698f072b1421a987ef992db34f6f
SHA512 70cfc5aadf4c2da54ce77675fe5d27405403fa1ca6a6d4175c64e43ab45e4ad2aad6ef0e2f60d751e9871b9037f1ebbb012dbba9536ee5b0fba522847582a512

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0e4dec2568c8bc34201f4840af4ae102
SHA1 b721593fe67af83da9df96a156ce11d1f8e488ac
SHA256 651d82b3dab22443d9f732eb608929a1b6109e47107dfd3da61d03218482d942
SHA512 7b325d3fe434bb51aeead3eebea8a9a4484617a82297eeab23f6712a600f2189b84f91425253d9d6682b529405f5ad842c38bd46e4d79fa6972bd5cc4ee1b199

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cfa89bc8d95b2662d53bbfc18a2b9e65
SHA1 d87d77e9b2517d2a896c8025b3b131a225c1a5b9
SHA256 61fa859dbb40a7c50e055f38dc644e460ab6cab2f9a8e6a26708365a16bc81eb
SHA512 4f1ab4d50af195c6d82e1754ed773c9703404e6e7b1b637c1bdca594ab7345cbcad04db7c4e4b2028ac0acab159ac485715018dca492d50424604d8371db1e06

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1a16586b8f5d6533152619543eca2286
SHA1 3a67e4e472a34b7df1764ee4d3ec1642c16c95cc
SHA256 79ff16f68f0873783580bafdeb1c82611b6cdb336250dd87409111f553e15626
SHA512 e15ebb92ed2bf87f56c679c5c6f0c54d8bdb80f4ae596b604fbfe91f56fc1dfccc9a273264f031dcf7ee33d4a25217b587f3efd621e8daf81f70aee6e127cbf7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 cde96fed4051210580afaa223303a6a1
SHA1 3c538c820c74e2cd7043b91448ac09699fca8cbc
SHA256 bc41a01578a11694f987bf80f1d6b5fe6d026389d65d693ea8bdcce05b713de4
SHA512 5fabd6fbc8d49dbebe5a3f9f12a9f00310044e7056ecb049e76f4450d22599ad8f8138d97a2167d14207544d1c9fa165b8be390bbfb46ef8cbea611ec5f4d7c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 832a5b46c801f19e78d6f94e18726e81
SHA1 52318d95be3f13ba65e93b222469df548214bc87
SHA256 e673af0f7e7f4ec3aeac9c0d14887a574e06bcc09b1c58270adc6a7c7db63b1a
SHA512 81abcc8d9761c152e70e214c01074b6599db8e18f6e1d32227c1c5c6cd56543aa6c3056ba000b3617f9deccc1fbca726a7e63d604d79cf4fa2eb0a176164210c