Malware Analysis Report

2025-04-14 02:22

Sample ID 240603-mnxzqabe8t
Target 91786440413c414f08b83e5f8fe467dc_JaffaCakes118
SHA256 61ca18dd75d7e5a3db62b598ed89cfff4673f0af77a9326e72d504dcb57800ea
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

61ca18dd75d7e5a3db62b598ed89cfff4673f0af77a9326e72d504dcb57800ea

Threat Level: No (potentially) malicious behavior was detected

The file 91786440413c414f08b83e5f8fe467dc_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 10:37

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 10:37

Reported

2024-06-03 10:39

Platform

win7-20240508-en

Max time kernel

129s

Max time network

146s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91786440413c414f08b83e5f8fe467dc_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "400" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "18933" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8755" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10003" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "19298" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8673" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10003" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10003" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "19021" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10286" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "28810" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10286" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "19298" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8673" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "7450" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e93610000000002000000000010660000000100002000000007369f3b87f276f71b5c9b2cf93353ce1bc22b08c0cd4e79ef99ec8937b156df000000000e800000000200002000000098d08ea37022e338d920746189b8ed0fc4db557ea494d64f98411a682b2b22b620000000a1860a3e1bc1fa29ff668697c672f40f6a935ae78f84e6770ef3d4628908af8040000000e55d9be630d33dccf17b38953e945988798130a34f015a01c305fc9bef5a123ed560ecbb2e5d148ec1fc0a1da118672f3f9239565d8fa18262a0f329e5de7d19 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8761" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "400" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "19021" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "9921" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000666f6aab25dc17748fb5aeca16afc67f4ce7638f4761a5ab9aa1fd0bc0d5485c000000000e800000000200002000000079fc323e9c47699204d550a41711b048f5e5317c21d48c127793dde64f1e091e90000000b752751ad5d8c7ea8f0d51dee4d4ba0fabe4dd2038cdecad7a3e6e709e1154fc832a4fd0c87f47fea555b2f1316b339e189460d858d986026e7db83fb6a125889abe2a1cf5777d9382e41be3bb101d5463e3ef88fd27d8e86da4fbd043d40d9b77b03aab67dd653107523578cac87a18e60ef929d6712863bd140816a00bdba7c673f199079a11cfd50886d8c7a28ad3400000000eae464ed7aa2a78ecd8e66de5ecb6098cca274884d25e384e430029b14bfab88210e5e49d197c7200e6a3d2c6b889f5bc8d4253b1950e92160a2f0d6f594888 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8761" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10009" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10009" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "19015" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91786440413c414f08b83e5f8fe467dc_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2432 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.konthaiusa.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 172.217.169.14:80 www.youtube.com tcp
GB 172.217.169.14:80 www.youtube.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 172.217.169.14:80 www.youtube.com tcp
GB 172.217.169.14:80 www.youtube.com tcp
GB 172.217.169.14:80 www.youtube.com tcp
GB 172.217.169.14:443 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 172.217.169.14:443 www.youtube.com tcp
GB 172.217.169.14:443 www.youtube.com tcp
GB 172.217.169.14:443 www.youtube.com tcp
GB 172.217.169.14:443 www.youtube.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 172.217.169.14:443 www.youtube.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 fe0.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 13ed5e0369cedc64c8437eb9a493a981
SHA1 880053c91809fef7b2a3d688143f554d5a05c0bd
SHA256 3560614f2f62c19498d2ad6c3b9fa8f232883167479de05e924a5a3ab19a8454
SHA512 18b3c940a3b722b58c476af4141ab987ed9f7557c1e52f3f20548b2c209abd67c943761d22e20ed59c36d69f8cd911285aff7efdf2d20f51c35cad62932aefa0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar2756.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_DBD1FAADD656881B5EBDBC1DB3D60301

MD5 10297340a6fdf3b94c75a0a3c999ea38
SHA1 bdb2a4cfbf72fb5c4226384f7607a3c915622e8d
SHA256 a05a5be2a343ea192b29857d8280590df0f85c2c6e880564b95d228178fa15e2
SHA512 c0605edebb6dc58f49fd85ce5ba67b41a31c61ec1bf7e8fbe7ba85ba2424eb4ae461318e1b34f61d03375d2b06e10a703d1515d9f47bd7a779ff3acaeb30d279

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G17BROQF\www-embed-player[1].js

MD5 d2056f8d081fbfffcab81d61ea45b151
SHA1 710243082f40626f64943ad3b656400f444d7130
SHA256 49fa9b168cc8bbc037cf4498e31c355509e9b438b0d19fcf750b1c5fbd1efcaa
SHA512 530ca2c291c44d3d2b5869b0ae661ac047748a5cab50de280a2c8dbd26b52cdd71a906b3730e8a849debece542eb919462a8407ef2410acf28c57d2b6068cc14

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G17BROQF\base[1].js

MD5 9178a954abcce420219864651c7787b2
SHA1 f874d3e998441ba6439cfd7e89514facde08cff4
SHA256 40cc1692dd4d8e1c8ed29593ee222240494b872b734c0e31da4628014da7346d
SHA512 927bf88499cdd64ce32f3780a0cfa88b14fdfbeac6a237454dcc43ee5d56b04754a40dbcba402519637ba1a3b0f948a597260a74ddb0b316698a41559d8e1cd3

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G17BROQF\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

MD5 de8b7431b74642e830af4d4f4b513ec9
SHA1 f549f1fe8a0b86ef3fbdcb8d508440aff84c385c
SHA256 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a
SHA512 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8SD872Q\KFOmCnqEu92Fr1Mu4mxM[1].woff

MD5 bafb105baeb22d965c70fe52ba6b49d9
SHA1 934014cc9bbe5883542be756b3146c05844b254f
SHA256 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed
SHA512 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\66E4LQ1N\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\66E4LQ1N\www.youtube[1].xml

MD5 2462e7b47451e61edf4d2d36136e0120
SHA1 ca7bc2b9cbb57338c8b882c4f24b56d14fdc90d1
SHA256 9361e6f330c74320af2debe1e51b2c841df7d4ca0d03db224086be6d63d21ca9
SHA512 77b9fe073daea887844950b08081a0cb7d6a1b9ccfb14235f131b21bcbe5c3d4fe30db827fe2daf58f6734cf2e153bc3bb13208632f408e883c0dfcc610b85ec

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\66E4LQ1N\www.youtube[1].xml

MD5 9ad80e7e92a852bf555bd7ad684a3353
SHA1 d7596d09302738b1fcf04f11bb25b70316872320
SHA256 7f199be35bca5ded3e3c37af8581a797ce5a2e3a109c75fe1b2a7ecb54187923
SHA512 14d188ae86e51224ac8dbe16fe02c21806905ad7e2c8d9cea64624fa5846802769dbb48e0c372ff9fdf5b5772cb794a0c952759b4522ced237366130736b9949

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTL9DZJ3\ad_status[1].js

MD5 1fa71744db23d0f8df9cce6719defcb7
SHA1 e4be9b7136697942a036f97cf26ebaf703ad2067
SHA256 eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
SHA512 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G17BROQF\embed[1].js

MD5 322e970509e24ab233b6c326a9339623
SHA1 10e2ea809ae638d5f32385d05c569922ab19bc17
SHA256 99cbd012a57f19a3fc1b412866ba13d6b9de2a5bb22449dcbf14ec0a88937000
SHA512 8f8bdc9418feed04e6fc7415e9e57f0934a6b136b1a763e0e39f67efa47e004a8c3385105a1c1dd9fa48ada83ac5a2a93940f20a99d6d16722ae903c93d9817c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\66E4LQ1N\www.youtube[1].xml

MD5 30478b65d2f28fb025d77de51e2f1361
SHA1 a55a1c26572c29363588bd6aef853fb11483fbcb
SHA256 4795f910758ffa9621c379039e874e3b656fee2fcb6c5a271c8466658b44d49b
SHA512 2244b937acf000735e98333bbcdb37c05264a08ffb52e5ccb849a3a1cc0393af339e4f0d9b38559ad7947c698cb7294ea01bd742fe8fbe9789d5f376ea4eb208

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\66E4LQ1N\www.youtube[1].xml

MD5 b8c4b20c73285591400b683559f82828
SHA1 2019a8d80888d47589ce75aff82794404c645711
SHA256 db001b12f4a43259528a4db4fb160d3ca6f2135acb5e530f3f3afd3af1591e63
SHA512 9d06d9c360ae3d674a47b30c994d6a102bb356ba61d003c5f9b53203feb93cfc3c69cbfd72a112df4f4224d3ff027824bee156077c4bc3fbb9fa95066b53be88

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\66E4LQ1N\www.youtube[1].xml

MD5 306635538714ee5483609e2d09b15f61
SHA1 ca70e5dd5efa47575e3b7e6969a409aa224cadd0
SHA256 b12c5f8e2bdcd75364126f06980ad0c8bb20a486dba22f0a8cc108136dae91a9
SHA512 2866635a11b84f782c7e1637973270532d3eeb5a7c120167ab113e471d1f79439fc84e09afdfb22323d10785697cb1497da38bb576b0cbede34385637c8c0097

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\66E4LQ1N\www.youtube[1].xml

MD5 23a93da30acf76ea3f39a28bf3f7a8b8
SHA1 8c734baabb6249e14a3ecd6691805f57a7271a1e
SHA256 0ba3f54fdb9bf4a00db0429d3afbd9b9aa67924c67a2d7e4ad6bd5bede9f5863
SHA512 983a9da3293c16e82bfc9cb96b1b7bc416bdf7f37238bf7e7c541900e626d7a7933391ac44be75e09b0beb156075f45c4563240c2918af635b5c347b65fff9cc

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\66E4LQ1N\www.youtube[1].xml

MD5 a86ab90e31d68e5ae37e014235e9d5e6
SHA1 08ceb9790908d14e11381b6036cf0ee01150e8b8
SHA256 e400e22f551957f9a818c1afb7e461c30c6b4b23c03452e2dd1a33b0a1fe0866
SHA512 620f7751601bf998302738604e5ab1dae5ab53ec085f965bfd6c9a71bf813e8758190f538ef0f28f98cbc2e026370fa88b1d0b7d88c61a57172c7286996042b6

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\66E4LQ1N\www.youtube[1].xml

MD5 5c9f29df8f5bcec89e42a619b91068a5
SHA1 9263dc0bd4d78056a68760366ddde9b0bb9b2113
SHA256 9241a5c7e6483ee2dabb5a1f7348f17c42ed4d42b11497cef71f9aec35127a08
SHA512 6af4fe2ed1d333c832b88e20436a07a83a703a4f009bb495b4637690b9edcfe3a8c4e220e61c3591f415b26128aa9f3f6839caa1f808b3a522bc33a66f7ab082

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\66E4LQ1N\www.youtube[1].xml

MD5 1f4baa98ebee18fd7e19d109a92850b0
SHA1 fe53f06dd61eec902e028caf9526d2dce54b35dd
SHA256 63a6ae31001b3e0dace70102df2f538568b8fe396f24f364875efbfe21831c55
SHA512 85228624188eecfe5c0c2b27827bf36b2853d0955640f46c58333e59867f3f25c9d88cbf29f41a7a3a846577b27623f5b8e132ad3467f1027b57e909b445f30f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\66E4LQ1N\www.youtube[1].xml

MD5 5a444f910a56374768682d63e8af1f29
SHA1 ea983d915c0bec514bbe0519e3939161521f27b5
SHA256 930fe14b4cdf4139cb70fe9e930ce0a16c75476dd627efcf8eda9d88bcad8f47
SHA512 0121fc8a709621f7ac1c963b1c89317b208b48c4cbb47c1e7a58adee8d6787999c0cfaa044695cd021a9680be8f583c2bfde1b09e531ed8fc6e7302638b775c2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\66E4LQ1N\www.youtube[1].xml

MD5 34f938909316a6488848987373b64f89
SHA1 e16ee868dc95788b0a5386e23e35aa24296470fd
SHA256 a30678c2f1003d66cd76ac10569ac8385bf283a6b7184e84476712074596eab6
SHA512 69484bf58ac7a1281b21840be3b7054357fcd1591b63494adb77d17ed71d584c11cc011a21942bc4aeed86da428e01f3d3e0c59b7c0fcbf989522710826ae441

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\66E4LQ1N\www.youtube[1].xml

MD5 ddedf05971a3cc6bd270c59c4729720c
SHA1 efa7ca86ee3c626ff69051736278971f6838a500
SHA256 432a6d748184812d69495e722072e13aeec7243c94906afc44ebef9459ac5f9c
SHA512 9049da641fd36a3ac672c12c08e1df5637a5c7bc9d41191d84b4cf42eabd8ecad9000fe6263d14f046b8cccfc20e807563e777c0d6fb2655674f0c3f107252c2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\66E4LQ1N\www.youtube[1].xml

MD5 555dd47efbceda8e84bff81eb2f7e85f
SHA1 61bbea69969605422d3c548362786b22fadd9922
SHA256 b840bc7c1023de76b84625db7eb75a699aef667ba969d5347eceb5f74474c293
SHA512 b2f2eb3056dd833c4f8f7384c9c2ea7643e551b19640fbc2d7f82dc59ef507ba33b69ef13e96c7df6da6253d53065f28b01745561cd6b39fe880392e708e2fdb

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\66E4LQ1N\www.youtube[1].xml

MD5 637d54895f5f7d2f27714f5d15bfe548
SHA1 bff4cd4b54ac83ec5563abad1f53ac22d0a0bf12
SHA256 dda3f249ce1cbdff2d5a17490783287414a865b6bb4c65c44fdb4953d1f12b49
SHA512 1af96cb0898440fb454714c1f8de10b41c63be9d911f2097f6810e230d7ce0e5b534a365fb3458c188179887be7de3eef0ed5f56d9e62f0793b7090f67e06378

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\66E4LQ1N\www.youtube[1].xml

MD5 0da2294a72e0a28b289c80d8c280a39d
SHA1 66744ab746337549374d9248bbad53a10041b257
SHA256 255c214d7f77dd0d38f0e0f2877a77da67533ff0b14d41449600c7c8944e5de9
SHA512 1c896e54c2911c2281c4d5c2c8354adc77467e429aa04de6cc4eb3cf4e4127f72814615568bbe3b6fbdd9ff393042534199405667b5c9e918d103b1ca716fe05

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\66E4LQ1N\www.youtube[1].xml

MD5 dca5779dd4c57edb7fddc1f74527d73a
SHA1 2142d55544d5fdf569c395a863cee4fb63ca400b
SHA256 631b0ad46515421752f166c40965cd2565475dc0a8d463442432dc11a7e62a13
SHA512 77f0f57177678d12db98a13ce5b5dddc4cf55d524f5030178b44caba96ce2606176695181526170f36cb8912855f07e601af087518d7d95886f7ce7c7b540cc1

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\66E4LQ1N\www.youtube[1].xml

MD5 95e48a95f3d71fffa0ae4f6f48faa4fa
SHA1 04796fe236fff5afba972c76e918c1bbcf27b64f
SHA256 09fbf6412f1b697977f9d897c6061ad9328129fa7e80b2a637790ac66080ed0d
SHA512 4599b6cf659544235d16451a49c7dd59c87077486f13386d52ab8ce6f836a324eac7f6beafd957209c710f3ad898a846caf1019e65c873d1527e821825960148

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\66E4LQ1N\www.youtube[1].xml

MD5 02f419ad658be7588fcf361799433848
SHA1 3eedc20806c91094adc8e965309abd4251a11ffa
SHA256 da63de8e68a676a60d137d3ea3a738fe71ee64fb822c40008c06d47501011dad
SHA512 106f3933c0f5917351a16a330ddf88f14632260d1f6b0f6438f1aaa2f84b989fa0c80787fb9b6bcc3090a45811edbdf43c592ab9ac025e99d729b2ab0915165e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\66E4LQ1N\www.youtube[1].xml

MD5 5e22e59dd9869a3b8e735f0aeee4b713
SHA1 0d0b33a590b3e7fc89d165959c1dc866c44fa122
SHA256 f0becd7eff8890a15eeba10004a17d44bdc592ba49c4f2b84697c9fc45a2914f
SHA512 1ca21850308bf37681952b8602b9e500f72bd518a7e2c7b2ddbe38e1d0abb70a8409a118f41e1bab90a48ef998c653c9e6bc2b49a1095796dd58e2d0871aa3c5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\66E4LQ1N\www.youtube[1].xml

MD5 3a1e21a742bbba3dcbcf805fe853f49e
SHA1 aab214f4b7e94aa6af5c63f8a479693f7fc33825
SHA256 1fd0dd94fb48a23dc1757378ce5834f92dfd9192cc858bd51a7618d624922a2f
SHA512 838a206a9f654f5106862e639300b5869d4d15e2a1ed620ef2865fa01dbeff2efb25f6fdea35684ad455b18d24e5f8eaa3da7a437fac045620bdc1b6ad3e3789

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\66E4LQ1N\www.youtube[1].xml

MD5 748e1e5ab3a9b19735cb7b81b946be7c
SHA1 759d9d24e7a65b1b2fe073b3dd9f376feff5be9f
SHA256 2a41bcd4ee44ec7cef3514d74ff2a2de904fdb14de906d830df94e45b3ac3d5b
SHA512 0aa43fdd71f9e67466e43eb73f0f839bc8fc4c64518f88f9b08e761ff69665f6b768a0fe1a7b7d53f3fb293cf14a80f5b246b8e2da2b70ce27dd2488f2e03938

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\66E4LQ1N\www.youtube[1].xml

MD5 2bd038d9e4f81129ba9ace4532158987
SHA1 b5c6085a08470a74cbcc1bce783a96c4087a2550
SHA256 58737c99c3637ae2e4ea6dc8d979b4b64e30d333fa0ff4ff5f0b1ee39df19b44
SHA512 d08ac6ba6c834e88c0652eb7077fee2065b71d6face26b0a3eded59de282d2d60a6ae4e67a93bed99e4621f3f5737a8433b2e3d958e1558a1aa8c0e04bedd1d9

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\66E4LQ1N\www.youtube[1].xml

MD5 d0f40f8049f6c5010f97cff3c5f5b6e2
SHA1 701db898e35f257984accabac77ebd1a7328bc01
SHA256 a6e68770f9530895782af189520baddb75893638b74ae245dd1a0fb74463aaa2
SHA512 d7d58aec716a6569e779a8eefcc26136e930586b1359c4634d63921e42d2d6db20874ea501895b0de6c35c859379fb31004b2180df13a8b45203a6b50d26ec1d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\66E4LQ1N\www.youtube[1].xml

MD5 62d164cda417d12eae683135fc0d08b2
SHA1 ad1304ae11e28b60f195848b6f477b5adb3db4bd
SHA256 5e80e7256ce01e5a1d6626acc4a28ee81ce98c1a2d00c1e7994d3b1de40d498f
SHA512 401b80d55bc0813ff3634f2bcec2150f889b5a6877bf6ac3a695fa5b2f955ca25fb850be1be7e829be47aa785510381eb0ab0bfbd38f2150da5e5c125db310cd

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\66E4LQ1N\www.youtube[1].xml

MD5 0d895c205be163e975c3aac21b35a968
SHA1 7eed2703c8af76f1302d3a5c52b1eabd950ae795
SHA256 c4acc39b996c3040d8f21929e9d0ea29c4b7e42f5d6fafb667fdaddea7a9794e
SHA512 aba7b9c8ac314c8862efc6825223cf750bd59026f5b4a8c509a229369efeccafb1b7f3809a2058f711a7931141afd28167c17e8d6f3a02086ab147470458200d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\66E4LQ1N\www.youtube[1].xml

MD5 ca7747519ebaccaa55147d99ecbfc235
SHA1 ca8de8f1fe292723c6d35cb4b8c69904302eeafd
SHA256 2658140a2af5d7bcf4183f1fc34b42f9d5656e7c11aa8e7fb1b93b5f8fbf7255
SHA512 44bf19677be9d8262e72584faa44d6dec198a62e9e1ccecfa9016f361483236458731553a5060993b15ddb57a5bd8209d13f71a8230722e037a159fa0b2ca496

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\66E4LQ1N\www.youtube[1].xml

MD5 7486a5e4cff31d0cd3cca52315ac4d73
SHA1 58a75bccd04206621d225f023734f5f06a46a63b
SHA256 0c413fad0e270240d67f43942da497c2162c8f1870aef6af25a7b6fd70101c79
SHA512 33605bc53943d49fa64b03a363a55eb0691241ce8a09ec7f6eabdf3b3fc93b8a7d992d925ab7acc211963389b58d583f7380e0b0a9ed05b506d128287ee37ab8

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\66E4LQ1N\www.youtube[1].xml

MD5 4e1d026b732248d55b3adcb4d4992064
SHA1 67e9798c47d3cdfb5e2ed523888eec0a825afb12
SHA256 8b5cdce0bfdab5d010c70fca1b6af37ddbad0ac158c737f13baf0577b50bb9fa
SHA512 35ce462dcc0643c61426e93929514ff60d5b89765f10635394c28329e2a68a821be151c494c3d6cb903b9c0d92ca45e8407d20b4a835e8c051f390cbe845313a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\66E4LQ1N\www.youtube[1].xml

MD5 7f7cff00d7c7d66177c1f27143eca149
SHA1 e7d1d9de94cc2ea906e6ac15fd8d488eb4aa5f17
SHA256 c8295138c58b3b5b76dcad16838278748b4e27fd17eaa6715dd30272aa1c79e0
SHA512 ccce6f0144589c9906597cef7fae6b482651f200ff2a37859473c7b29966ad5a84810c6c2870bf8f78e1669533209c11ada10f7e03416284561e2328a223f135

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\66E4LQ1N\www.youtube[1].xml

MD5 d0b49f898884f81f583a688ed59669fe
SHA1 3baa31adcc6c44bed9ee18e8b0efd85e7af61e5a
SHA256 b5bc05156f04961754701a33bcaad241290404dda24608ee3f0bc6ced71ccea8
SHA512 b625c83b8951f9f1ac16c8826cd4a672f5f147cc460864ba03620484a859dfbf9d3dcbf3a8476b90e282eb20b6f38f612350ab2f97c77e92b0aed65c631125e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 05669720d806cc1c4df927c69ee91778
SHA1 aab744879fe6a91f28b44398d519a34fb228144f
SHA256 36ef9dd800d834fa92e167efef385f5e008c9f0b60d941aa69767a7739a585b9
SHA512 48de46c157451fcabbf858730777a258d70a87d34a803f1bf5b226b1b29256b752dbfdee08eb45372472d6f4a8e3ef909bb28d66b2f67d6760144fded0f40221

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 63fe98bfc3849e92c5adc0ce5df64c29
SHA1 688c5550e7c10006e429777d608af4801456097b
SHA256 7af273a09eaaf32f91f73ded2486a34a6a8c48f05639561fe7e036ece5bbe142
SHA512 243b678f2cdec682d734922646802f2e301506a6ce91a9b198d803e32ae46b75b48ccd281ea0313fcbcc2fdedd6693157297f3b9f151e3602fed854952e30f16

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 34fff487737e11ee68c3b2f94507bb53
SHA1 cd152e6f650bc735ebbc7f134120b3c287cd7a51
SHA256 4b562b151cb970a90d27ef8946842c0f9315f1a6340a4ea0683aa6a9253d868e
SHA512 4d56a50ab58df1a2ee87f503a5e06e429d59a464e37b1df44547985b481e095e88564f1aabca21bbc32cfca3717525ecb46c387b2ffe4cff3fa27f676021ea6c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1bf08c83bc26cb730debe3ee6f99a965
SHA1 7ca732c1052ae6e318c999b421e68d4ddfb1e153
SHA256 c591a82bc261b7544a2e3f8a26200ae965f1066743d4a0997626302db63cff77
SHA512 2fb747f7d35734d9691581db96c867ba9e26daa903db51cbb0fb86b73d697b575a3fd249c2cbe0815d5df2eaf46cb1c2a63fe4c6837532cacc35b5d971c149a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c6d0e83318e501c24090eaa649f6c58
SHA1 b8836ca8dc33d841a4ffd71bd6d2107604f24091
SHA256 1bec8bf82f96ef7dbf3a4518a1a348461400a2179b9f8c656ff15de3d4f0ab81
SHA512 759872dae92f0e7090e9f4cd01480d6bdfa85106b4c32e4b9f2fc1f3ec9d94752fd302caab9f82424676739f1fe1837a497a7c211859300b571fc83d613ae1c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e8d72455539b034ac948ebca6eab539b
SHA1 3df0fe34e4779d45d54707a006654c3bbbb3d782
SHA256 128889a44ac4781284e1c4f53f1266b4f991d0af2468a3941e3b351b243f4978
SHA512 385f111ab6343b87c67ca527a22680cf4f57de825a6edaa23c1a0fc204953af4ed22de110a82487f69060942cc2b6c7a0eb3b9cad2f993f12be05445c77dda52

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d7ea685569d8a0e534a181b20d09a29f
SHA1 6bf919cfd10982a79bf73a01eeaa8c4865929db1
SHA256 6aed1c4b6ecde733f19cdb2d287826b81e12a3f783ad905db54241bacc3bd100
SHA512 56238d8196ea18b65236af043d0cf5877cc01f20276c7eb3b82e38da523c36f0b1c6b53b88c55a228bd4b5ea875e52b881800bb79c680f257d6b74775599d7c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f94d286ed93d21c5bb17109aa17e71f
SHA1 f58ac1b0104ccade06f2f1db025305e69f325e46
SHA256 d771912266fc2e9f5d596b853ea62adafba411ada1f8ab1b66c982649c6a2b17
SHA512 583d236b07f62fda56817c8e1e3815ab7d80b9c41944f259d3da11cd2b6608c444f31259a3059631502d6edc1c9730f9aa24094903a811d3549f4973a19296f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0841c15de2b6d9536d47686462ab4419
SHA1 7923161a3ceea2a9145c7279c3cf812c0c557d0d
SHA256 017ac9aaf28f6e41a15831fa5368b8e9a0267df5a1a531ef8590903eda617a81
SHA512 3f94379f93f1e3c78eefac5d5d444223f9c693ebf8756e6eb9477ac0ac26db0edd899758b85366cf36083a5cf30c431e23d1ebf273d789d0cf1f947b1cd090d1

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\66E4LQ1N\www.youtube[1].xml

MD5 3ed37243d9dd6c0210ae5457cdba1650
SHA1 dff67cc22b73cf3afdd2030a9bab0218ad0f6c20
SHA256 23f5fbaa5f28e2dbd3950d03b0f91d1ac41b04fe7a7d6d2e8b78bf8a82183c64
SHA512 a74f1efcb6acb888e62fdd167d4a77fb04561c45039a6678a58873897bdf1161b7d199c1524edf969ff15b2e9d528958627241a294ad4f41e22dd6e7efaf1af2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\66E4LQ1N\www.youtube[1].xml

MD5 48a0e874394977ee85b16fecd05f2b02
SHA1 97801e12f4766af5838556b065f1719a23f90c7d
SHA256 c931963e96dae9e61939c1c2a11aead929c2ae82b468cee50073862027b56874
SHA512 285fb29569b3991c1726d58364a470c2c7403b6cf0d82255092a8f852bd5c3376b1cc9fa7618d6412d1b1717671ea2aee87f573d30a51cd3e7c5f4c228e084d2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\66E4LQ1N\www.youtube[1].xml

MD5 1551cd9d0fab73d9b79c1d7839fb8e96
SHA1 f06e071fe60a64770639b809a0b466cbf7bfb37d
SHA256 adea992043c2dcbb61e35a44816722d7befcdb0b3d4335961d66dc25cececb5f
SHA512 d5f9115c597ab786799726da556988f020286e8890554d859cf409a6b04ce9f2394723b07e4538b7034492ba4515eed878a16fb1090d0959bbea694cf6b51369

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5ead6c2b6a1b4065352ed760cf76e153
SHA1 c12bf89659347e561b899f80c7db2f233bb27b00
SHA256 e82d156d314468969956124356ef061b42d4910c780743ff60f447be974d2f41
SHA512 f403d0c0815b8f171a035053e40b7fb0f668b1ea7198a337d95187f967302cd38f140e1bcab12836be41a8fb6fe1aa705d7c7c40c4bc501bd38b8c41c41087ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f770e113ea811555aab02e99d9ce6aa5
SHA1 97c553f05cd2a179e1d966ea8ef12557b733bbe7
SHA256 36c52e4e9d70dd85c46bfd41fa698999a0572f7b4478a62dd1b4e3f73e8bd1ca
SHA512 69130a2e87768e0b79facce29efe8568adc288c3cce2080ea3a901369fcbe58b08204c594b89f745fffc790333fa6905910e3fb6b6f2c2b2ab1d3f6e1c93a9b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 871ea6b2db60bc79356eba39e8d41ef7
SHA1 d0c87f3d8ee8e204ee4588e5a6b1ee893d3824d1
SHA256 e92b7e95f8805c97bf0f946a9729d9384b3415f263e9982dda1c3228555dab54
SHA512 a2b97e85b523f2afc97f1eddee4f7c3d1a2d0fe6d7bc48cde4a72e295e33a149a6e4fa21bbdb6b4ca1e2706bbf1a47651a4f4f791a80186f36e137ac267f51ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2fb5a2d60e40cf8e2cc1cf3dd38fc976
SHA1 07314b5de1323432f105ab9b23936e6e15fdec30
SHA256 df2afe28bf830a0e469a617db8e038c742bc80956c23adfdf32aac894563dc3b
SHA512 4df638678eb2686dbb81020fa8dccdb769d20351f4b38b15e2493dd7ae75a22ee2b48a0f64996d58275f153afdc2d9cc800ef262805e34b7892cbac0d103972f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cdacfcdf7d8d8a9f98d80ca726c60dee
SHA1 eb81b8c2a4499606003794697753069235650f98
SHA256 d66d745e3ad0eb3cfa09ee07fcefc25f8df6d1f4486fa613dbf1a47b1de1b457
SHA512 e01fa8513adae9692e505d42f25856c727050110790652896035108ca3b945e319d4b05db75e99b27065d886bede82cca206d8983bb95212fd683fe7e96b922d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b6aa4e6c80e91e790031ab34874f723
SHA1 17c39e57d79c8dd820f82c5bcb7a52c4d01fe20f
SHA256 a28a5a48a5df450c40ff7e8eaeb9cf66c7f8e06de4b6a267859c5d13b8aa74b8
SHA512 924efa0835b6c93aef8967c1712cc603a9801b2230e6c94906cd6f18778f5e78c4e449a90c82e68b7f27e32201f96895f3f0a576c4249b264a0a117a89f5fd1b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f219d7a18338da83d8a87d7bb783c200
SHA1 9df5f8341876f507863d0b9253925672f0a22595
SHA256 a4b8db69cdc7abf78763da836250f25cb425db9753c8963d091ae64e9d1dfc02
SHA512 2bc84f8c73f8d72b5390401773d08008242b4365ddcd72b3432881d8fd82d812f0bbf53115fe200e351965143f10b6f823c0fa9a76496530d3f5c5ccdca26833

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5de88cc50793e025515b6542aa0d77dc
SHA1 7325239f65f937016795c2ca585ffe3833e048fe
SHA256 44bc0972b1fdd4cd0285ff6b9e5fed1bd63bd15b106b3cb581cff831329f4536
SHA512 c64481bc60b031312750102513f318e9c01dac86ef2510956b775ed9d8ceee8b04b8188c27ab9c3a983f4fe45c040254ef0b503e5d6911526979d89a7f80e763

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 03fdc59b1584876a3aebe4ccb906da1a
SHA1 d01193e0688b446617ac48ec4a33bd90e77228f7
SHA256 0b3e12ccc6cf6f32ccf852cd3bba658ba54d1b357ea9250a4814a062a9b426d7
SHA512 3e4b86dc0b466c4c291176af77e920d7afe5afac4933563d493a187eceab54e35c397ef935011f45fadb37d55a5f961e506c571c3bb43e0ce1aa690b7091f0a2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 40f6a0b20938a70c3015b3df0933acd8
SHA1 0d7d1a520d70056f11f4120fc3eaf8c48eac2537
SHA256 189e92fc2578f65ed9c5ccbcf26fb67074b442102e9143516b966ae4ef4bdc5e
SHA512 ee79d969b95bdf97dd16b57a0995265da87c620486b47a7c2f4f9b5e0555b40c946dc0736c43cbfb3acd87bab2001ee89884e5d507f9c9e516ccbb6a870cfd8a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 46c875320044fb8e25745c17a6d00d27
SHA1 eb559ecb84a4fb1ccfcbac0212af383faf9c679c
SHA256 ae550c64933cc1d434ee94819d7850c6b701519f5387804ef3976d661d7ac346
SHA512 c74d48845937837c600acdf2439bc8505436ef4ced59fb024d2db6fe9b5713a9b76096b77701d1bc61edbe059083074556369a6e87ec94ce61da127fbf6bc6e8

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 10:37

Reported

2024-06-03 10:39

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

152s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91786440413c414f08b83e5f8fe467dc_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4556 wrote to memory of 2012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 2012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 1160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 1160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 1160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 1160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 1160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 1160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 1160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 1160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 1160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 1160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 1160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 1160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 1160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 1160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 1160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 1160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 1160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 1160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 1160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 1160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 1160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 1160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 1160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 1160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 1160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 1160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 1160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 1160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 1160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 1160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 1160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 1160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 1160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 1160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 1160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 1160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 1160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 1160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 1160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 1160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4556 wrote to memory of 3136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91786440413c414f08b83e5f8fe467dc_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd521f46f8,0x7ffd521f4708,0x7ffd521f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,5712562589766538741,9620830457236759941,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,5712562589766538741,9620830457236759941,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,5712562589766538741,9620830457236759941,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5712562589766538741,9620830457236759941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5712562589766538741,9620830457236759941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5712562589766538741,9620830457236759941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5712562589766538741,9620830457236759941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5712562589766538741,9620830457236759941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5712562589766538741,9620830457236759941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,5712562589766538741,9620830457236759941,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,5712562589766538741,9620830457236759941,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5712562589766538741,9620830457236759941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5712562589766538741,9620830457236759941,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5712562589766538741,9620830457236759941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5712562589766538741,9620830457236759941,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,5712562589766538741,9620830457236759941,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=180 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.konthaiusa.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
GB 172.217.169.14:80 www.youtube.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 172.217.169.14:443 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 172.217.169.14:80 www.youtube.com tcp
GB 172.217.169.14:80 www.youtube.com tcp
GB 172.217.169.14:80 www.youtube.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 172.217.169.14:443 www.youtube.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 14.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 246.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.178.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ecdc2754d7d2ae862272153aa9b9ca6e
SHA1 c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256 a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512 cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

\??\pipe\LOCAL\crashpad_4556_XKNGIVLMESKKQDSC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 2daa93382bba07cbc40af372d30ec576
SHA1 c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA256 1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA512 65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c0862094dbfd95e30b24047c455164a8
SHA1 abf518ce8b0a1eff347900909fcfcef800f0ae07
SHA256 a69441f2914120d9fb9bb6eeb1fd6d7016f7a5890c799c924508171fad5c665e
SHA512 2def2f2e09f56842142e6330e3efc361b476616f7ee6ffdc1308f3f8284b0035bd58ac404cfee76f89c813da3c8b5a4fa0b1edd4aa3064ab5ff48d9241de005b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1833eed4bad69dd2779da6fcf8c61074
SHA1 da0047aa3a4ffb9d5c650b4d1626bdf573c50417
SHA256 ea1bb7da1e5486507d31cc7a4ec3af577388c288a9bc57ba9203d65bc277dd87
SHA512 dc81f3340d78129310f46bddc3cb4b8e9086a790e31d79ea746605b0f7ad63750011caeb38227de64a0cf52157fdc7bbae385a077e5cc109b3272023c3bca15b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 28059602446b921d17e78d3f7c456fde
SHA1 d502595b477c59785292668152bf23b583600c1e
SHA256 08a00675b112af741a06565332c3e3e936731a3bca6c97c26d3d29bedf6867e3
SHA512 3402d49724fed8945e7b6d942475200a43812bf2242ea3906352037f5b35366a6fa055cd9a6e7e2d7a7eb4dae3ed4ea8a12c7e832dbb4a557f0dd7337a2b4b79

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7ede2be8d6a7a2dbe7029292db66fd10
SHA1 925019ffbeb0de649bd3ca42ce9edc0607babea7
SHA256 4391b3adedc5e2875c8c8e37f3f441ecbacd024569013dc6ef7227e87d76bf81
SHA512 917a5798ecf6d23c8bc6f93e50bccb4f6f12232ec12687202714d8004f6dc5062d191ca022d0b0a0e7389e35aae3dffaea23a063d686de561eeb8d7d62f4af6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 507257fe3f94406305a91c52880c41a4
SHA1 f98a06b1a37be8408cc65ffea614a6dcce4b8086
SHA256 f3fa347610309b549e915a39b5393afcb8c96c4229326b6309e66c5168d127b3
SHA512 36a446779bd8ebd953b8a7da7bc73c1b21a285c8f14d622b61d03931c86b8e4d90880ffd1c63ea46d8fa63bf88a58a1304ee4838d66cfa73b1695b22a7f90d41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4cf7292838252c36a9c4354ec80e2588
SHA1 60f9d236b66d11ac453d931ad401de3818dc8283
SHA256 51b53aab057470139e50483e6e7622d805d92680c2f761cbcb59c90019ec2a22
SHA512 1ec200986c5838dc0af967cacaf440ecb61ce79a1634b18728e6c5999c844e48db773260db56db91403710e273386c8c6100303a3f5b1719b7d99965ae9514f8