Malware Analysis Report

2025-04-14 00:26

Sample ID 240603-ks9g7sag83
Target 913054e9a69aa5ff7a0e75a19150c9ed_JaffaCakes118
SHA256 28b57b236001cce636c9cdd949967052b5702ef10a52eb27842605fabb0e64ad
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

28b57b236001cce636c9cdd949967052b5702ef10a52eb27842605fabb0e64ad

Threat Level: No (potentially) malicious behavior was detected

The file 913054e9a69aa5ff7a0e75a19150c9ed_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 08:52

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 08:52

Reported

2024-06-03 08:55

Platform

win7-20231129-en

Max time kernel

132s

Max time network

139s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\913054e9a69aa5ff7a0e75a19150c9ed_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "29866" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "331" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "31651" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "32142" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AEBED921-2186-11EF-910D-CE7E212FECBD} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "19644" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "21926" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "20141" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "9824" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "19562" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "9736" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "21920" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "21838" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "31645" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "41469" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "32142" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 808e328a93b5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "31651" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "20141" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "41469" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "331" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "325" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "325" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "9736" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423566648" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "233" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "19562" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "21920" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "31563" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "21926" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10315" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9736" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "21926" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a044a562330f6446b06cb573766e5c7300000000020000000000106600000001000020000000e291fd95205646bb0a41fd73dc6a0b2017594527f1198edb1d2a8342b2df458d000000000e8000000002000020000000795b9d3aede5b332ad5343ddacee87d1f5e00a5eccb6e434dce50d2f6a013f0090000000961ec10bd886b392b8c15bf17624a2752c6c73103fccb1a9fadbd9fada70debfe0ce057b77c2c6f862a05c640d7ba520b5e341f7d1dfc140e702d4c689025f3c4c93261c0ee7c5b786270884c78d8fcbcdd563a8084e0d66085cc74131425a7d954a0d2fef88d248bfcf859590128bae8640dda7d745fa02b071ba065ae057c8e0ed47148e51b3c12d5fafe13c57881d40000000f0cedb16fd15525db3201e24eae09e2ef91a50de72509ade706fad66ff0dd8e368e8cf04f0300aa42372679f72c9124bf5992ca8117669e6eb4785a0a2aced3d C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "325" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "21838" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\913054e9a69aa5ff7a0e75a19150c9ed_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2232 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.konthaiusa.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:80 www.facebook.com tcp
GB 163.70.147.35:80 www.facebook.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 216.58.212.238:443 www.youtube.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 fe0.google.com udp
NL 23.62.61.89:80 www.bing.com tcp
NL 23.62.61.89:80 www.bing.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar1DE2.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24

MD5 3e455215095192e1b75d379fb187298a
SHA1 b1bc968bd4f49d622aa89a81f2150152a41d829c
SHA256 ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99
SHA512 54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 7a420d561dde5dcf926738a7468926e8
SHA1 75598e2144bd981ac946977bf574caf9888dccda
SHA256 66f65d1c459bc33ae62f9f255a0bac79756563ae8d9e05c0596c125d61c5a80b
SHA512 f5b684a9db3311227aef5818343c4c8eda18b061107b24d67122fbc8b56d9132db5621d1b7c8192ccccc0d8b99db63ae44274ace69058526094c9016e81f9960

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 14a091df5d7ad4ed50834359cc5b3d38
SHA1 1b8c9a4e2504a79e5810bb08b84a1ca77f06d323
SHA256 aebef2e68c9d1377ad4f4d5a14b88807c1f9b346ff0ff220dd606efa10c418c3
SHA512 b08051f3816110991ab8bb384b5d60ca1552347b14e7185364db3745c5ec039591601cf99c6f730746d257706897f9dd1d4a8d0a9e1782eb44881ed4c1161bed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4A9377E7E528F7E56B69A81C500ABC24

MD5 8d7cf7ba3f3b4e475b7b7af502b6b964
SHA1 2f4943f314071d6f46fc30f152515c504c3a3c79
SHA256 ddcdb23a6d7961b32b9af02c8db265933bad89e09131727321f7e7f890e198b8
SHA512 358a4e6296c21b2c177c63ae9d2659fab316977d3b31999c1370073e292b0aba722dfc10d7d8b49ab051c2f1ef4b67794aec7de669bb9e5e9e077a35f35c09d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d8b497afee32d8c2c0c4de9631566e24
SHA1 1d95a9d6f5713df306869005ee8de817cc74f0d9
SHA256 a1c5d85291dd490bbd01e3c1ad8cc991f787aae58d21e2b24fc304220b46b0fd
SHA512 48a292a0dd4faebfa3c5cab70a2d23dd00762e740964dba9df571c647649f49c84cd995b0a804ca71f6c5de482c15f47c2ecaaa7cc6289b79c68b0ae7e8a5962

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76577bfc24396d93b6fde8ab94918ab5
SHA1 99bd44abc875cf1baafaedfc890463281836e9ef
SHA256 1dee5c9c1377550c6ffd353209a102ae4a78be436f98b09d4510813ad608b2a3
SHA512 c4fc508429b90d02af3603cdf40658876a5d85b6c5276c0d2e5215d023230e5970e3d55042b1641a4262e658353734b6dbb4b62e2df95099ff421bf9053fcbaa

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PYASLIJN\www-embed-player[1].js

MD5 d2056f8d081fbfffcab81d61ea45b151
SHA1 710243082f40626f64943ad3b656400f444d7130
SHA256 49fa9b168cc8bbc037cf4498e31c355509e9b438b0d19fcf750b1c5fbd1efcaa
SHA512 530ca2c291c44d3d2b5869b0ae661ac047748a5cab50de280a2c8dbd26b52cdd71a906b3730e8a849debece542eb919462a8407ef2410acf28c57d2b6068cc14

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PYASLIJN\www-player[1].css

MD5 6e076abc1095221e4e3e21dbd9d1db4f
SHA1 e908cc0f7829aea16b42d8fec6aad567c41f587d
SHA256 c7e69ec7e436426c5edb45bb5fdd943623f987ecfdb86413528b596e5b0888e9
SHA512 3ceb46ea8e5d5abca4a1a053f20b38ac6d6c9ee60594da54122f4ff09422495261dc9356d0ed0c240ba44324c37bde120a90655b2ea40556280df674ab44fe2a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PYASLIJN\base[1].js

MD5 9178a954abcce420219864651c7787b2
SHA1 f874d3e998441ba6439cfd7e89514facde08cff4
SHA256 40cc1692dd4d8e1c8ed29593ee222240494b872b734c0e31da4628014da7346d
SHA512 927bf88499cdd64ce32f3780a0cfa88b14fdfbeac6a237454dcc43ee5d56b04754a40dbcba402519637ba1a3b0f948a597260a74ddb0b316698a41559d8e1cd3

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PYASLIJN\KFOmCnqEu92Fr1Mu4mxM[1].woff

MD5 bafb105baeb22d965c70fe52ba6b49d9
SHA1 934014cc9bbe5883542be756b3146c05844b254f
SHA256 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed
SHA512 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PYASLIJN\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

MD5 de8b7431b74642e830af4d4f4b513ec9
SHA1 f549f1fe8a0b86ef3fbdcb8d508440aff84c385c
SHA256 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a
SHA512 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BKVTGO08\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BKVTGO08\www.youtube[1].xml

MD5 65ef7d86246b27cb79a465938b53986f
SHA1 46aa00c097937faf9f3c85eb15d66eaa05ae6014
SHA256 8e091e6ce0db4a6de51030638963de7b8d9c686f9c94df0c59fd00f8a03adfe7
SHA512 26b22e5f6bd02f824e92bb05d20086cfa34d593dfe020b409e5af036945fcfad207943de1e7d2f58f07f782252d817b414a21e281f344961f9b8b25a6c4bdb4d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YU4FOQND\ad_status[1].js

MD5 1fa71744db23d0f8df9cce6719defcb7
SHA1 e4be9b7136697942a036f97cf26ebaf703ad2067
SHA256 eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
SHA512 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BKVTGO08\www.youtube[1].xml

MD5 df2980765acbd53463c6f06dc134f618
SHA1 43b5d1ae97e7cd7cc6b13296fdde39f2fd64e46d
SHA256 00dd7097abcab18a01c66d265adac2194b4bf822f44ee0644c20f5755dca04b4
SHA512 f95cf47db7d4e90fd0dcbed23ce18576afe2388133185ee320d2c901a30de8df3fe0edcc3140194c85dab8888b6ef700dbded93a69ffc6492178c1ba75f47810

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9I620M9P\embed[2].js

MD5 322e970509e24ab233b6c326a9339623
SHA1 10e2ea809ae638d5f32385d05c569922ab19bc17
SHA256 99cbd012a57f19a3fc1b412866ba13d6b9de2a5bb22449dcbf14ec0a88937000
SHA512 8f8bdc9418feed04e6fc7415e9e57f0934a6b136b1a763e0e39f67efa47e004a8c3385105a1c1dd9fa48ada83ac5a2a93940f20a99d6d16722ae903c93d9817c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BKVTGO08\www.youtube[1].xml

MD5 beaecd3c6af2d482c55f28bb4b094e01
SHA1 a2783c58bf95e00b794fde4ea5cba8546572dbbb
SHA256 cd4fa25fcec0457a9b63572b144c1c793dfe99a521c96ef591f5a430303832e2
SHA512 a6de6f89921c969dcc29fda9fdfbb1958ede02bc9695ed634caa38cf2434f26b33c2d2d13223e5fbb8c2086eec92704cd93b497171e6297b9b56f30fa4382ee0

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BKVTGO08\www.youtube[1].xml

MD5 28a4fcdc4ebc9d1035de241cc320f4eb
SHA1 f2def054c004a8a0740b57e43886fa82b4ea466f
SHA256 637feee2eb11aea7aa4d59c4791f08853b15a6a81e35a3756c28fbc4a1d35e84
SHA512 d7193cadaf2d94bfb227591b64addfa757e237fda320a0a698117edc7df997037a421a5a267f704600446264653fc1769fc2bfb074f41cdd80d5c440667c35b5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BKVTGO08\www.youtube[1].xml

MD5 50548aa63882a3d407d83be796b8ef29
SHA1 88b15bc149ee0b90718d78fec095d9af5942f476
SHA256 7a3450e15b6511cc2b4e5891c5d14ac218dd8d9ea34b8fa207706ec509024e4d
SHA512 44b18cb89f0e0c4ba1d1b3c72659e97c476c37f7b19c3888b9892c78e032b06e406ac6cc2b8decc12cce7547289d293bd315835487c13759466d20f726fd77c6

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BKVTGO08\www.youtube[1].xml

MD5 eb41611fe1a6291f6f62d5515f0de90b
SHA1 69232091c169d8f6d01f0892681d98890371e8bc
SHA256 4a118bd8dbe9420d8ca9a4e9035f0a63e191e0edce32f1d2ee92b4796439237a
SHA512 9e24679856ece6fad048e016553c6e0531ece6339b1cb9fd206eca5d1c6a01372a3f44842dfda3308f52ba756c53ea180bcc562b5979f39a0699deb08808d5fa

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BKVTGO08\www.youtube[1].xml

MD5 e8835f493216830f6fd595dfbef906c4
SHA1 736098d459c9f90d8eead492b9b5acbb5b8735db
SHA256 accc70dc0fb78ff0f561165bcd5c2fd8ade1fd9eddece4099fcf60b4c54107d0
SHA512 14b4f7ecfb6f68e863dac575e2ef7212a6dc96ffc2024952e5c6784b6fdade235f5b0ba9bb0922a499e81d3ac8527229f1f47ebd0638d48d02953abe6cdc191c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BKVTGO08\www.youtube[1].xml

MD5 58c55cb8e0bb7e954956646265993d75
SHA1 8e18ee5a83cc67dc3eb120dfb875fb168911fb19
SHA256 01d9ad0c55db04eb26b401282f8bd0eddef1b2ce841d1aa18ffa669405316759
SHA512 3136503d1ec5bb9f76236597087da38f026ed9f9153651c9e801eab44c408c1ed5cbf984604a6f829db0dd50819394d98354e775a02bb283696ef5e74ab42050

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BKVTGO08\www.youtube[1].xml

MD5 9ec4e64e696169244a6950b673a200ee
SHA1 25f49114b48ece9ee0bd8d642209eeb953525ca5
SHA256 4c2c2b8e913f773ceaec673bd23175e2d1fb1f9ef4e74072d31125c142dd667c
SHA512 c3ee1b2165dd5f0f12560914443d5bddb98b42d3b4af7d0442a1adb61fd6319e0ca7873b74f40be75aaff7526ba22addbd01a6090e752197641d6ce2e1d54a5a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BKVTGO08\www.youtube[1].xml

MD5 597298fcbcdece383085ed172b5c3d38
SHA1 92e351abb51ea80f8f4cc3a08efdeaf2f1aac68b
SHA256 71ab2938c8b180e2c211b70392dbe4143fccedf0286176490002bbe1bba44c26
SHA512 e141f6ba4b81ab771f7471592f435d0f6b31361eff860214aa6f9070730625c3cfdb7e4c31eb34c96a0e3de977af4baa975a4882f9fc3e2f8ca844e8b7eda557

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BKVTGO08\www.youtube[1].xml

MD5 b97aa13efc2f5737d418c53149cac80c
SHA1 9ca7597a5d18eab42da3cba76958e2176388ec97
SHA256 26f7fa7e7c8a9332982682ba04780bc40c3309cd8b81985458399756dcdab18d
SHA512 8355e1996f3e707f66a3521d41c30c48d90c0eb9d3d35424103dfe6ea142b72219ba7424410055bcb66854c44375dd5ff12dff732d19ac8315174ab556c484fe

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BKVTGO08\www.youtube[1].xml

MD5 c7253a715b6172e77a4eeb82924e2262
SHA1 b2573aa115a465fb040be7b3b26cb8b696b7e977
SHA256 5e5aa0c40c79590627965627a4e2e2b8a88308a6f14badc8ee18a0d6b80dfe0e
SHA512 869467257eb0410655c351f8290da27599aafd0f56f19d7947e30e4f3d538f8844955fc3811256a2e68064d8df3197ce559634f9d94528e60981d82491547fdf

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BKVTGO08\www.youtube[1].xml

MD5 62fa51f3a9212523bbf7a7d87dd6e33e
SHA1 bc0bfc508901086497ff2189dbf3bb011a2130a9
SHA256 9c3f9c4d75576c56a8e67d75f878e262b514120f3f160be40dcb3899adacfa28
SHA512 dfe5cc5c260c7f3539050b883402fc25c14463b85ed0e4f2c3a5a050ed4adca8f50f2c4053a37d4e8d3e9b62f5a42febd4b49cc9ed8ca94b68d10f22275f07da

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BKVTGO08\www.youtube[1].xml

MD5 1fb7f15febf44cb75b7fed3b82cf00dd
SHA1 cbc8e4fa107076f0e3f95d69d9f41cfe969cdc9d
SHA256 e50d745ebff180dd350ec17414b086ac0807da60b4b07c858f8dcb5a112d1ce9
SHA512 15633b269a4fe8b168ae254b30140db45faf8b14c44c698640b2b566a321132804edefe940a5ca98aba5204da91204999ab0958dade586d618acf23b8f7d28e1

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BKVTGO08\www.youtube[1].xml

MD5 e8386ca98cb97a8493fa12e9976bd9da
SHA1 3a86c10f60f78e0ae07bc7b7247aa18fc61a3afc
SHA256 c13a5140d9f3ee828eefe8b1cc660b3b46a3e5ca47140ba17b72805cdc590665
SHA512 0ce75b1d4346d07c6eeff991c94f29dbb208fac06fc89356522c7ec72ecb57e3d3330d488a65d95ed10297782dcb7c72d5788c213f666cb4345f0c41139c0820

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BKVTGO08\www.youtube[1].xml

MD5 41db7d64d125de31180740ce20ed735a
SHA1 7a2c7e2d6f3a1713f3ec2d4cb61fbc4d7b806e04
SHA256 4446f804236ab4c52d4cd7d54928d22c72ebb79e992f764bec7c995fec67973f
SHA512 cd0cab26ce33e5a37981622e750de5f94ff85faa1b0a9ff0871d202911f62d63a05fa7cea5bc9109142143cae67ccfb7c556e458ef4edcfedee29f2ab72a1317

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BKVTGO08\www.youtube[1].xml

MD5 16efe83ed056e6ff161bff86eda988ef
SHA1 bf9183241317e2ae3fb731c5501fa4f64d9dd3cc
SHA256 1fc51a7a40ccefa20258342d05925a13d34815955413e47024ef1bafc4d33813
SHA512 1cf03653a17710c0d9976d297da7845a88ff13840ac2a72ede20ab341b9f301300909f27b649bb41675b21edeee68545486c75930f170fe248b291d914fcb0a3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BKVTGO08\www.youtube[1].xml

MD5 c55548a3cd54185673a5cf81aa16639f
SHA1 751b69899e0dcf76087d82b233df1b015eaf17d1
SHA256 0c76d2d7fd59f6bc2d4360f2e8846a4cbf2f8438d52906e5c066bccef3e51c82
SHA512 20c3c93bd4e352300010a2e6c2a75f9e722427c508b2533a6b406e6ef25c600321c9de0ea12e25832ab7071d28f47f82d58b73962ec361dca3c619dc8f7d42bd

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BKVTGO08\www.youtube[1].xml

MD5 d502c9bd3ed2a049c9ccaf5ae5c41686
SHA1 2ae8d55d1e3035e8ce9aef563d15865edc22f829
SHA256 bc6adbd2e243c389058230e771907ed64d5d3e902a739446857b75d02cff638e
SHA512 f7bf3dfcd850c9775cfde12eacba761b6c97bf1f1f10d219d7f5bc55bc8a85d278f14ad5c8e6b181868910c3d7209b7ad84021551419c803507ea4d3ef89debf

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BKVTGO08\www.youtube[1].xml

MD5 f2126279e967b84dae5e18ef91ddf169
SHA1 4f806c279e152869154eb346878c12b26cc466c0
SHA256 2ed4bce95aaddb6f1db5db936827f1a979dfda3b883e09ceee14d82aeb249a86
SHA512 be75458c5e3d6f75e67acf75dd180a57dddaeabd09b0272c361d2c29941b404be8da0b8c2d1fc6e43923864f80b2a6977f90711efa013cad82319d8cc90dc239

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BKVTGO08\www.youtube[1].xml

MD5 f16db58c611092d75370f138d62d3896
SHA1 826dcbffc28891a4440091a9452e96f417565ca1
SHA256 8e30abfc3202cbbecd49cf0d8613b2f503ac1f202eb02e5db681056a1bd0d3bb
SHA512 ca0816f089ead4980e962d255c1a6ab20aba4a4cb01a91421a9cee7ab9291ec6e7596a28a1d44f9adbfa48881884afa93269544b0e992f029733319d19bb14a4

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BKVTGO08\www.youtube[1].xml

MD5 a0a1153c616830bc73371335590d7da0
SHA1 d99954b3d3a73571ed101bed0e921552ef8353ca
SHA256 977dd589be9de77287012a6fce49890142cbcede66bc796542fd32e62abb8558
SHA512 6fc9cfd20ba62aac1bbca872a64a9fea7b9aeac651a339b29d7c1f42dca69b2b34e6c4fbc60f27586f6715f96f7aa5b6adc3c205073679d7ff5e96e54108232f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BKVTGO08\www.youtube[1].xml

MD5 95a3cf309682d97a3da0723264168acb
SHA1 58390b2f73c6da252a2f9af72b46af996fecf53e
SHA256 de9fef330fa5e20b8104f6be20cc7f3caf82773360e9b896f1f9a063e5843bc7
SHA512 42d35afac3253362273f9764e687fcca532d6cc84f3619188c94e70c161c3610294af38a08305d2275665dfebc1c96e3dc0a7fe39d6dad3200f3cf0eb7441d81

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 30473c425259d186e0461fed04099241
SHA1 9c821e3d67f7517ebe54148ae8bc24092b5d9819
SHA256 f17e13a4d49edf1bbdcfc3e842fd68274090c49b2b28500391e54dcda5aab248
SHA512 1e14c9131d809aba6512b0d4c04c6fe4ac0ea97165c4705dcc8edbd7678076dd27ff863c0b4e560e60c5c76715346aa975a83f6e2e7953c8909cde7ba2b1d601

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e88951da95bf6eb00e86dc4a5853e49
SHA1 fcf9a2e8b5806a010769768ecbfcd03a3b423f6b
SHA256 bc890794114bcd02bfdc5ca7aa2b81ec1fd8ea1a7e8f6e5d3be1ddad0f7ce580
SHA512 67fb51dc105a7e2c5f2733121423d87a91919756e94d4448d48cc351363a032ecab696633b4d795dd3e452a5dea70962f28a50c9e05cf888c378b5b394879872

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b93074aec3b38364ba7b579c914f19f6
SHA1 8a6bc5c2f7e7b28fd05ccfba415de206052b7738
SHA256 a315a94aa768b326e52a89b4180a37d9ccf44f8f75be589d649890c5a0205550
SHA512 475111e2eb1bd1224b4b1d2eb34d72dc5c0cdb64909f55d970406aaac33e611b8cc30a1ed683731d80f9a5763ccb3358a81eb63ba754e9c28aebc31cb6c7638d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f7ba9a69c442c4b65147046225a77d2a
SHA1 4fbc76acfe19e3d81a4369e29f7d39d898e29a35
SHA256 41012256f0b0276230711b5785a46fc73ac0856396ed6bc396a576559f38ba9b
SHA512 79fc12081a32325ddc0041f079c4164294af90ae6093b4906723387949e6d2bb05e6e9c30c0cabf1fe0fea00f5ded1e6559e2e029986ea2600ea9645a0a6abdf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ba0eab2801a4fc67c22324864e0bf0b3
SHA1 b6ebbd4588a303e55245a562c6a94c204794e6c6
SHA256 a52efcac8b4fa7b57ed856cc727141e29046accdda3f1f97392ddf603a801b55
SHA512 b5a2f5c44601a38299407a74c6ed48af5da1db4309684a0fe4456f4d21e47f426e97fc769a3df54afb23d8a4fb11b5e0063109d86636030384faa86bcc770b0f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b2590b7a65a56dab45a50539390a959
SHA1 cabec74dd1a29d497d3acb6a004c9b867645bdcb
SHA256 bd4268a08afb69bbf07dbe13aacef5d349e6a02579e4abd63a909b9c9a4bdfe3
SHA512 db4df9bdcf9b826d65202f4df9a46cb18f0cd56c98b4f5d2ae2b1be7dcaefd95b7e87cf6db4b0cf8f182f9d90fd69f14d58c8fbd0b26be510c3855f6dae4a3ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b4d7d22a8eda8a26a4c2b9e592d58e4c
SHA1 5a752aeee50da4e2e9bddecb3290f85fdf26b69c
SHA256 db8e23eb378db601d4dafeab9892dd425097c5f6734f93939783dd150dea17c4
SHA512 0f2e9bd0c0f85822c33f253e72f352779a68cb6da1341e8ae37d187496ae97aaba56530440ea331b09395feaf171de6a4a73f80e49c7566e56a81f1e0bf035ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 0ad7c93e05eb1e352a7a1fa933d0d488
SHA1 860ec60111c8d8e88dfc5d8666a6877d3d50a8b3
SHA256 e36ece199defc4f17c7df93b7ce9cf36f8bd705e0c3029163de3dbd8e949cd3e
SHA512 00acbbc307e8c98ef1915fd7ecc6696c1e692b343c45c62c1d52852ea2b33ac2c149257215f6bf8aabbe158ab16199644735ea1849928e6b3e25fa6b0eb8d3a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f407e6b688b606a762459b03c4d8fd14
SHA1 d0d6f4929fab8693117dea70bacaac7d83ca4541
SHA256 11baf478ac27072a31221524879b07420698e7e2aec42acb40c8779b77707ce9
SHA512 7755200bd1963e30bdb53f404ae7a65ca771b7b72906015525c0955f7eb9a1823752c5a1a3db5ddbd4077fa4982b11353060d0c1407077de5264db44f5557a04

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0f3b95ec83af3e0d06d23eb4132887dc
SHA1 05720509adb1214221c6b66afcd92ad540148146
SHA256 1cd3b0a719512ee6f9b7598b0fe4d519dba137c833212b3565b2846ef36e3208
SHA512 a58ba3c5fb480ed38695b6fa1d2d042bc1621e104a9eb7085ca202bda76353e8370203a0cba831a75a41c58bb44012f62918a2bd90c20463438da0179b714ca9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 789820176bc57047c76439369933d68f
SHA1 bbd72512594f93db17582d4b6abfb7966090362a
SHA256 82358e36e2d020a846635eeef8c1cba944ab14356425613cd9990c10c5555335
SHA512 fb696edcc4fb05295e98ae8c04f62b6d3f6a5082648d8762418fdfc8e292ccf04fb6f3903ee7c503b81c626be9d54508e7463ab8fc54147d943082f62e4121db

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BKVTGO08\www.youtube[1].xml

MD5 b39e36b530c6dd6e7bd8dd755d02c059
SHA1 123514925fe0c8218ff9d0a5650957bff085526b
SHA256 7d45236bc2dee8541717c2bd01e2875c2c396da69dc7305b9081b11e52f5f841
SHA512 5265ab7907991e665578f294a4d0ebe17fa7a9096584758785622e771cbfb5409465a7d46db9e1133a1e9393fe9d0489c6924c938a9f5d14b620e8fb62e1fea8

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BKVTGO08\www.youtube[1].xml

MD5 0a100d102cbbaf030cc84e0995868c43
SHA1 409e5d6f79d5600d724333e03202e7f1219e3f5c
SHA256 de235380aa9269b85a58346c70dd494b5ac274d44120465179897beb3259ff12
SHA512 3101c093ef90fbb51ab49a02befd341b5b80ce58a86cabe67ee5a30c9b25d231a7927a966ee235ed7ce3630e489957f3411d2a867823624fe86f37a44bcf8527

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BKVTGO08\www.youtube[1].xml

MD5 a9b2c8ba712ebe9a07087cbab2735f1d
SHA1 785fd26bb6acafa384c4d319656c492f0f44434c
SHA256 7a4144e00bc305108a37037cb06b9f385f3dee78cad56c38fc04bf3494c5038a
SHA512 e24efd40927c54c224f8d6732e2337f50f92c3557370a0ee03fd00921896779ce57a25b721ee75d4e4600da732706e010a36fd397000654844eac03ef17e29b8

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d5bdf8265b092526ee01ea34ddbf94b
SHA1 19dfcda908e3d562e2a2e412128d5183fbcf07fb
SHA256 5e55c2789002849dc8cdbbb505877c9e706b0349654b13830bb551e478d8b950
SHA512 758534f85d6a7330091089cac7cd41d296a4941485e2019612df88267bbc07dcc5fd0ed69ab8cd522ea43ac0593b37937181ac77c15d970ab1c80ba59fd4c6ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 65c6fb573285114491853838dc412b6d
SHA1 80878c335e21c5b0082afbd5949ce281c3c42264
SHA256 bf3e12df5ecf4241fd5d59cfcea637c5c27a21ce61881dfe67a9640a0bbe83c3
SHA512 0f55e30073d583f1f7a86fda65bd42a5cb0956fe72acce30db746f17e0614950dbfb081d27f9589fbf6e55e02d8f9958016ad74bcb3fc2fa09849cbd4284b4cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3eef695d4a57fed69b6c4983d5c09158
SHA1 0e8c0dc86310ceefc1ad3215deed95d9a2adae09
SHA256 227ff4bec10993eb3d25bccaa14d3676cc0da4320f607e863399a2e71d471ba5
SHA512 701aaa823ce57e4614af142795838876c4a386fb08b303abf82b6abe17070206a7523dfa460b37ba47f1ee3614e5ebd7d8698527183ce9b7b9af4222d43591cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d12a321a8db5c3591fdaa8a580c14715
SHA1 2d0ae5a0f90bba62637f089cb2451644960a5a84
SHA256 2b8d1725266e16a0bf1bcc6dc14671442620595f1e2d965bf6a7de0e7f4dcb0a
SHA512 fb31ef0b4d47362070d8ec2e50f56433293e448094339311a6f18f57ca4f3a697a1e516263b450422472b72f2f9333a916762226278b3318c8b25c5d0a51569f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9ff3cd9cb1715661cb55fb945602a4e0
SHA1 9ba9595966e15bb0818034f87a64d87148e2046a
SHA256 ef1645e29bb72208df6e62c8df70b17a8fa571a3e4149bc80f55ee02961e0024
SHA512 2359eea44afa57cf32062145d293f0f3d15f801cb80a2ef5da1ce3c7a7fbfd16a3622c3097bf4a2c0ebdc8beb6b5e592b2e39f62d9ea999c68a92ef8be202d05

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e2d46b201123947faccafbe9ba42a40
SHA1 5fc06511b9a1954893521b4401be31f4d338c3db
SHA256 c5346e5cb426ff654d3c9be4e38d8682bb91af8006ec96939213bd42aee2827f
SHA512 afef656801345cc76d8aaa4f979b382bfdc5c7847b7c2fe47b86ce738d0ef0f8c686dac939a1b1b0fa2010956634c8612446bb45ea1ab558fd68cca26448ed53

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4abe455db24b573fbaa8704d6c713a8b
SHA1 66897fc3667da08e5697262eb5c584ea612b0d0c
SHA256 b80aed957cf54acc80e04ff4b1d9f8ab850432f5ca17b5521529147f2b25b03e
SHA512 3f436c1e6ee9a157946ed0ff9324d08b60a970e6fae766ceccb4b85af63ca73f5235c7b207bacf2e51e38f4579e8c73656a5d4d6b310eb0fa54ad6529baf1a87

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b494107c4e96014856e9a2606f5e700
SHA1 6be03d87e470fd4c2559568812b401715bd073d4
SHA256 f3760b173430768a38912bd29d16ddb648675327c801a4d976f6117bfd3b997a
SHA512 0c0a4a4603860968965cd917a63ecac1b9099573966b94d444ed669b0213b2db460dd8c16541931e4485a830edd038972137d975b2bc268b3ef190465c218784

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 481da1e091c57f99b13f212e8134e7dc
SHA1 f598a044af8b617cacd1d4959472646788903af9
SHA256 8c32c816d469dd9c6b1058c35248bf0123bd7539731b7f255067ec4333a8b3ec
SHA512 64e2ca433795e939fee7bd55427b7ce0d6b139f2741f66213f941989bf528f57da96ad4c80b33f2005f0acd23590f606fba5eadd05dde08050ae11e40245aae5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f403ba2fe28b90811da92e870f05288c
SHA1 36fe68e77cba0b86d7260404730f8674d243817e
SHA256 eea49a341612b2ad70be7dc5f12dd930459517c81937e957dd2e54b6badd6b09
SHA512 9aee08c4723e5ae56b5ec92ef38ae970a263f57053ccd59fedc3f5d8d70adb2040a5f6d2bdf31c6bd5b130d69b291674ff093158d6d9b30f79e0b23501187eda

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 08:52

Reported

2024-06-03 08:55

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\913054e9a69aa5ff7a0e75a19150c9ed_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4600 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\913054e9a69aa5ff7a0e75a19150c9ed_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc65f46f8,0x7ffdc65f4708,0x7ffdc65f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,5358273559759896506,16948398723394362108,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,5358273559759896506,16948398723394362108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,5358273559759896506,16948398723394362108,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,5358273559759896506,16948398723394362108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,5358273559759896506,16948398723394362108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,5358273559759896506,16948398723394362108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,5358273559759896506,16948398723394362108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,5358273559759896506,16948398723394362108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,5358273559759896506,16948398723394362108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,5358273559759896506,16948398723394362108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,5358273559759896506,16948398723394362108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,5358273559759896506,16948398723394362108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,5358273559759896506,16948398723394362108,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,5358273559759896506,16948398723394362108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,5358273559759896506,16948398723394362108,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,5358273559759896506,16948398723394362108,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 www.konthaiusa.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
GB 216.58.212.238:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
GB 216.58.212.246:443 i.ytimg.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 246.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 216.58.212.246:443 i.ytimg.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.konthaiusa.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 32.251.17.2.in-addr.arpa udp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
GB 142.250.200.34:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 12.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4158365912175436289496136e7912c2
SHA1 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA512 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

\??\pipe\LOCAL\crashpad_4600_IKWJLVAZRMFNHIIU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce4c898f8fc7601e2fbc252fdadb5115
SHA1 01bf06badc5da353e539c7c07527d30dccc55a91
SHA256 bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA512 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6cdb63cefd30b741565b2b7d19b9fc5d
SHA1 ea1d21e5486f3e9011477643bbea591072207d59
SHA256 f107239dd2dde8409ded8bb79dbe94757ab2d20781471d4a0a415e920654f4e7
SHA512 9584656846f5bf025ef2d479a7127041ce5a013d00c48ce5ebf5e8f7639612516d02708cc9a3e0278aeb2e4816b4ca292eff3c6c87e3f5d59d1ee90461fa2d31

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 975126eeb6dff065c3c85bd84506fbf8
SHA1 a0fcbe173a1176992594741202b0b8a73bb933f1
SHA256 b74ae69ef27702bf915dfafd39ff249d5d460387d78d7bc38ef5822a76746abe
SHA512 02b3b69b4e8fc51646b1b7fdcc4e047da02787baf469a679d0f2a4edde508376506b7381f611a983f23b48ea39d2406161062bff2b57037ec2b77687a2fcccaf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bc5d99ab083c28d4915dca2b8c55bee2
SHA1 6d1b69c4e40241ab2354080d2a6f3f3c29284704
SHA256 3832d4b3fd7ae12121d754362557894ca614adf6ef2548b803f2108961958062
SHA512 98f296d47dd9841e9e9b1513ab9b2f8d39e69fc98df1462d4f47607af9942ee59fd6aacefb537039a9c0343a7d10e1eead7c4dd9004de69feed511430a6fef6f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6409d24158d0afea2835203a1a4cd8d3
SHA1 a8b662cce8dba5ac40b5c02198944cc236157f86
SHA256 198d8d2d0cb319b541cd9849723e77f53af362de1f6a1df4cb2971d07bb5f57f
SHA512 dfdb247ae124d57899f5dace20c7cf0f5c9ec864503764868b8a0bea82519364085fc19459b691cc7586932a4be014cb6b036b696fefa7c47d221ae9863eb123

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b43abe86bb752f649cc64c1986bfc6cd
SHA1 17ede343c5d6855b3ebe1d6507ef8bcd7f62200d
SHA256 034fcee5b20891ca4c45b366f015f3ab98a6f33be7245906b935aa4219505d25
SHA512 dafd3251b9331b568ebe256330bc2a601671395760224737502f57ddd1a18916e2941d36f8122853bda42abf39d791993551bbab2206a064bc042bf1a2e58913

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 9f0405e965c223090c6b90b4d7355171
SHA1 677d6378d6e944d9774b13712633c33a751875d9
SHA256 58e646e98251e7581e2ce4fb545adfd75344a664830bb61c018b38a639e93f55
SHA512 046055e0dd611d22ed8eaa1833d4622abd344dd2208df38a5b1fd11c095f52227907f558950961ce71c2339ce32f763195b8a3f346ebcdbb8b1317aabb3ee7c5