Malware Analysis Report

2025-01-17 23:29

Sample ID 240603-qj69dahb39
Target 91ecce5fc6a82648dd1a55c6cc84edcc_JaffaCakes118
SHA256 00c2290d1a6122b7b501a6c8c3fcb17bd906e709c072f70f14090c17ebf8d219
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

00c2290d1a6122b7b501a6c8c3fcb17bd906e709c072f70f14090c17ebf8d219

Threat Level: No (potentially) malicious behavior was detected

The file 91ecce5fc6a82648dd1a55c6cc84edcc_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 13:18

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 13:18

Reported

2024-06-03 13:21

Platform

win7-20240220-en

Max time kernel

134s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91ecce5fc6a82648dd1a55c6cc84edcc_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "9432" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423582580" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "18836" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "9813" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10013" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C66C5781-21AB-11EF-BF93-66356D7B1278} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10878" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8566" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10013" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10878" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8566" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9514" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a5cb63c7bda68c469436f78ea2ec593f000000000200000000001066000000010000200000009c3c20bc7c76af042c4b4078b04c4c8872ea0cffccc49358f9ac9af96c5d802c000000000e80000000020000200000002e2694b8d82316f27614acdfe8748d25e06deeb89c108072e9cc20ea75b9aa19900000003689dbeaf65a239b96103745f0b0ae39e0bc46cbadbe090d9a8c9d32e046389de6d4514461b07fbfa9861560780241f95548f3a96a211d8d63c457e83f99a5a8ac4d7bd994dfb4f54911a0bedd08a78a6ae71e433c902c4e15f26ae901c757ab2f840d92f9f166dabd0b685ebbe2110bdd1fd5c4c6ef49971c3fdc454019967be0b14f774433d7df785ce56bebc2344a400000001576dbb900361967f226a4ef87688cb62f72762daa57c91abd214037a90c78af1eae0a8510d1785455693bf91e6a2de85b08cf63036112e60b7549dd2d46da46 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "9813" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "288" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8454" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "167" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8566" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8658" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "9514" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8454" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10013" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91ecce5fc6a82648dd1a55c6cc84edcc_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1636 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 konthaiusa.com udp
US 8.8.8.8:53 www.konthaiusa.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.200.22:443 i.ytimg.com tcp
GB 142.250.200.22:443 i.ytimg.com tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 fe0.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarC72D.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9A9YQ1LU\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9A9YQ1LU\www.youtube[1].xml

MD5 f651343fd3047ae058048d200aa8d8b6
SHA1 8650280934db40c32ec5de6a0fbfc83796ff581d
SHA256 c014a5aeb9c230a4e7fe74046df6e58dbb3e23fc0bdaabdb0eb3c409acf526cc
SHA512 fafd2d51bcdefff50f142f3c840af68bfdec5dc2f6505e5fa86767d850862afbbb129fea686d795705fd0eed9eefb9c4cc60b7916e75db82139bec0274ff9f3f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9A9YQ1LU\www.youtube[1].xml

MD5 52ace38c26d5279d09a2ee65b3f12890
SHA1 36991df55707decc0c76012f1c95c7ebfe827284
SHA256 a2ef8daf88eec9f63a5661a40df65dad5e485e4499059eac5232185971f14603
SHA512 8b274c0a5de6ec5a558edfa713f142ac2df1acb78a7866efcf28f59e56967feff92759ffe5447e5e92a728b4bd222e93e8563e0b9afb400d522ddbdf5540572f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9A9YQ1LU\www.youtube[1].xml

MD5 0bff7b7e4d81f35064a0eb86e6e6a8fb
SHA1 05d7260a77bedabbe4880b9893b50ca8ebf8b058
SHA256 4cde1a084f744687a83c04b4cc4cfb85f62e66f2a1b0e668bc1396cd67263807
SHA512 894b2510fbcb9c78d62028f6cd4a315bfb324158622f819cca46d054ddb2a3ab4f9c0d96b68791dc4df7cd75cd72921b72092dbc91eadf07c8a21caa960caca8

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9A9YQ1LU\www.youtube[1].xml

MD5 e1a308cad6232611341c303658290257
SHA1 cdf5e21d6363ccd9bf63563dbe080e76bb0124f7
SHA256 09e950d50e909ebf8f0d0474fc2bf39e4cbc9776909fb98554cec524a696d947
SHA512 00c8c0f646a1c79d1b42be6005d6f8b5c553da29cbafa27255f13ebbe435c739c234a04d0468ee37b0b13f1e076d7342bfb27618d868dc4b8b0cfde28dc768e9

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9A9YQ1LU\www.youtube[1].xml

MD5 b103b924974f71e8ce3e0119fa6fb654
SHA1 f16fdc0fd9750047d695d59c699a70ccad1bed10
SHA256 b34483aa94e2f15612ab00d7d116c09f0269c160fc04861b88defbbf74e071eb
SHA512 34aa09e37cdebb22b11154e8575c870d1e87922d89a522037cc9e0114465d2b8edf918f0001149c4e3cdbeca075829517d5b5553aa1317c88b82cdde870fd312

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9A9YQ1LU\www.youtube[1].xml

MD5 daff1fe910850a8cab2471aab183e778
SHA1 6a732c57b2327696d8688b7d84583f81a10bf2d2
SHA256 e01e0beaa07a74a717a29fbcbe986df0982038ac0e713c477f2260a19fe15e31
SHA512 1aa1e9e8c060fc6bd65fe35163172c4ce277e350d5f2a5732a93f1d3348fa034026029b71c34106718ce462a8f1ea7ceba71809d4545faa39e74929a1eb6b42d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9A9YQ1LU\www.youtube[1].xml

MD5 e8b620eff851320ff766e94e9c441e72
SHA1 22f63bc5021b206c434df42c6f799454938ddccd
SHA256 040fff387cf2137cc02f3028f24448d253bc796150e857dd55716a3b33930174
SHA512 8c6646440f52994c33afcb8e1a4ff5f4a4db35e1abe43ef7c1c0be4000e39cd27731720da9efe9c5c58afca5048f44856e987ca67332c6aa7bc2cb600a0a93aa

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9A9YQ1LU\www.youtube[1].xml

MD5 2107e0d8cde11e32cdeec6070304f19c
SHA1 c99c1612af71de7d37f154b816890862cfaa2b4b
SHA256 bed5a80598bd3413c1eb153b747ae39cbdda961fdde6b542ade2e49a252f83cd
SHA512 1c69289c66b1175f5db6b88fd1f6b63e5230e35a37924973623cf45400bfeb4572301a3c2796fe9e07e8e8532950be5c3ef61b11e40a12a1fcec294b1b735009

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\www-player[1].css

MD5 6e076abc1095221e4e3e21dbd9d1db4f
SHA1 e908cc0f7829aea16b42d8fec6aad567c41f587d
SHA256 c7e69ec7e436426c5edb45bb5fdd943623f987ecfdb86413528b596e5b0888e9
SHA512 3ceb46ea8e5d5abca4a1a053f20b38ac6d6c9ee60594da54122f4ff09422495261dc9356d0ed0c240ba44324c37bde120a90655b2ea40556280df674ab44fe2a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

MD5 de8b7431b74642e830af4d4f4b513ec9
SHA1 f549f1fe8a0b86ef3fbdcb8d508440aff84c385c
SHA256 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a
SHA512 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\KFOmCnqEu92Fr1Mu4mxM[1].woff

MD5 bafb105baeb22d965c70fe52ba6b49d9
SHA1 934014cc9bbe5883542be756b3146c05844b254f
SHA256 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed
SHA512 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\www-embed-player[2].js

MD5 d2056f8d081fbfffcab81d61ea45b151
SHA1 710243082f40626f64943ad3b656400f444d7130
SHA256 49fa9b168cc8bbc037cf4498e31c355509e9b438b0d19fcf750b1c5fbd1efcaa
SHA512 530ca2c291c44d3d2b5869b0ae661ac047748a5cab50de280a2c8dbd26b52cdd71a906b3730e8a849debece542eb919462a8407ef2410acf28c57d2b6068cc14

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\base[2].js

MD5 9178a954abcce420219864651c7787b2
SHA1 f874d3e998441ba6439cfd7e89514facde08cff4
SHA256 40cc1692dd4d8e1c8ed29593ee222240494b872b734c0e31da4628014da7346d
SHA512 927bf88499cdd64ce32f3780a0cfa88b14fdfbeac6a237454dcc43ee5d56b04754a40dbcba402519637ba1a3b0f948a597260a74ddb0b316698a41559d8e1cd3

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\ad_status[1].js

MD5 1fa71744db23d0f8df9cce6719defcb7
SHA1 e4be9b7136697942a036f97cf26ebaf703ad2067
SHA256 eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
SHA512 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9A9YQ1LU\www.youtube[1].xml

MD5 09351a8b4e664e9c2bd39df42f7350e4
SHA1 d21b87a9ac4925cbef929a3e9227420e0f5fceaf
SHA256 f2036d482c5b7455896efa5649d5b6a3f4e183d290f28b351b465884e2628b51
SHA512 97e4506822894bea3b20394fbdb567cdd9fb77f331f6ef9d2b4abaf56a63b8a74f0f01fb3e0c675fc3ad0f2373ea911f2c30309319f211a7de8a19ccfa4f5abe

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\embed[1].js

MD5 322e970509e24ab233b6c326a9339623
SHA1 10e2ea809ae638d5f32385d05c569922ab19bc17
SHA256 99cbd012a57f19a3fc1b412866ba13d6b9de2a5bb22449dcbf14ec0a88937000
SHA512 8f8bdc9418feed04e6fc7415e9e57f0934a6b136b1a763e0e39f67efa47e004a8c3385105a1c1dd9fa48ada83ac5a2a93940f20a99d6d16722ae903c93d9817c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9A9YQ1LU\www.youtube[1].xml

MD5 b10d1fdb8ec57bd64bed1ca527eba74c
SHA1 086e645b0fcfd15b7079effd38eb65a9e0f328ae
SHA256 e9c8d0173028ae86856146697a24300245eb10a7cd7f6fc68064296db2c26397
SHA512 b5b9fb994229dab9e54073ee2da6c673e37510e0bff3d511c62a4739fd560a56456cc3381e81c87fb0587ea3f2f4851f3733ab41da98f56664ffdd113a55f792

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9A9YQ1LU\www.youtube[1].xml

MD5 ac1e79fe65d6bf28834fd0481307cf6c
SHA1 a3a27a9724f40307c78455b90455d06368cdf981
SHA256 739d6cf06ee2fde081fb12118d8b5497d4309e2051a08dc803a8fb35cb78c384
SHA512 8833f6693abfab83f6ef286173e2595a0594eeb96e5e2fef7640c47c4741cb287cc36e9a033c6162445be7fc2035d85d338a99d8d4a898dc50e7f7a26385cf8d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\FuC5FHNNqx6hIMPHBLFutNLSO6Lu9zn3BZWWVNvRnX0[1].js

MD5 362511387771cc02e5d769462fbbd6cf
SHA1 70a77448643daa84347b0eb76ba64ab54a5648d8
SHA256 16e0b914734dab1ea120c3c704b16eb4d2d23ba2eef739f705959654dbd19d7d
SHA512 94874f96004e9bbce4b9c32c8941764a60e138614c348923869dc294601ff6c5026999660a3877708242df7f286c744ff7c6ab37c3e9f759d6fa95e52e29fa55

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9A9YQ1LU\www.youtube[1].xml

MD5 7508859512b9020a27502c59a3691221
SHA1 d71ea976f11e1830b13ae6048992a5931028f472
SHA256 640086e70c0c7f99b27223693603fa673b30595b2f1d1fa235c93c96e19039d4
SHA512 2b559927aa64944baeff64e296227bbf402b4462291e8c264e2bc56975bf68c100c6bdac96cd0e752a170bf5f61b735c157f8dc99c7e8745cacfa19e13720644

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9A9YQ1LU\www.youtube[1].xml

MD5 3f86be986d7756430b665c0e06dd098d
SHA1 8c7bf708646747a019f2319228cb3802555f5366
SHA256 ae66692f08bac1b528e28cb4bb09449bc6438df1c00c3d6f6661d9510db0e2c9
SHA512 9b0d6c1a412c78533da840cac3505481c8a49da5bc1149cfae4338ee47b5bea4cd3ccf9cece57b8fe21781b35b412e3375d2560fc32abc43e1975d8658859b64

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\remote[1].js

MD5 9a260ebfcd9283c905736047a6710016
SHA1 abf83fabe75adada9ac80f1ea7478541a7af32ae
SHA256 2bb23e82fc1dd04738a92658823f00ba143cade8c16ab948bf7778fa2707e352
SHA512 ea0664517a12754450d940f5dab26e14cd3b6e30219b65354465f13faf59649b709131836c660096244e3188f425de428ef53c1d21bccffcdb707f39479304d3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9A9YQ1LU\www.youtube[1].xml

MD5 57a42ffa6377d9b380e349eef1034b33
SHA1 07b2f0b2b127c81f0b8dee095e5b46f1c99871db
SHA256 4b16b4a48d09f102c21abd2974e4084923e4bd1ed00c42be49831e7334f41b51
SHA512 f8f3e7faf0c2b6b409faffa2dee1ecf89cacb87756c7332b2e29bf18f03acc166f58d353877514859ee26a5720e3790ea410b566257005450a32f577c9dbb1c9

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9A9YQ1LU\www.youtube[1].xml

MD5 256c6fe58354954b0940d315e49b7140
SHA1 77a9ad8ceff0103797e2be203b6e7717447be58d
SHA256 78037214be2b16c2aaad9928eb320f945ba6cae87ea1122378d9ea3183553c65
SHA512 75a31140232cdf4e1655b8c1aeb7bbe5bf36f1c42d6b75dd6a3ce04183172e416a68678f3dd891ff9f768a512413fbc66f8a358920ff2e8ff440dc57001bc315

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9A9YQ1LU\www.youtube[1].xml

MD5 4b6080290f78252e4c94391660772903
SHA1 8c48de35470f68e2d51aebd6bf4fe85eb8e9844e
SHA256 255c41048641aec9550f0807f581603834f4571aa0ac15807ca6a4d7cd84f19d
SHA512 20603fe9d0119053e132fe5fd39c100bfeab44a184751854b2c0c88ddae4c6713c5ea31eac4eea510ddade2552ff60316ccc867dcb10170a02c20bde8315cede

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9A9YQ1LU\www.youtube[1].xml

MD5 2a2f33dec38073ccba0f3a423e72d632
SHA1 ebfccfbe7c62a8e1c535cae8a8c759be22a75f1f
SHA256 af7a5cfb0742f7697c6939bfe9e36b665cf2f8fbd0f77519713734f1dc6cfd51
SHA512 665939444d8dad446dce06be86f48d8b5e084c9a0885b929216a78d98570141fc87e0813f3f2d27c9d50d1987af64e88bf19fa6dbee03b50d4694b778b9faa7f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9A9YQ1LU\www.youtube[1].xml

MD5 5129675f7f79ba660b7dd0f3166c78d2
SHA1 db0ba3474b61dda91a45519ac2d28a2bc114c23f
SHA256 f2b9672dcdacbfd471c23870909e848a3a6f90a52c6180f74a6393631e5cf0f3
SHA512 18fe86d65fb0bd1817aba915bf1c279ec8b039c5078267f214e21bfd4deba8ea4c64a9f976b66e04ccda4c42f9df5896a0251b09fc49c218c6f576b7ee626d19

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9A9YQ1LU\www.youtube[1].xml

MD5 598894705298bf068f602c6ee38e64b2
SHA1 e6773e58c03cd968681c8e164fcc376fccfa4455
SHA256 6ed4a3b6efa957f0d66e6bd5ee6587e90ddae0e0205353dfb81c529bd9da20fc
SHA512 c4fb30ac3a30ddfef74e0f0c9be8f68e28a084e9092f28fe2f23a16faeeb286ecaa145255d08b64d5267b8b44d77000fdce531c3a9dc79d1aaf1202198c5e16b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9A9YQ1LU\www.youtube[1].xml

MD5 6b595db917404d2307fce6c4ba6d51cb
SHA1 ed0b1b555b6d4ebc937aace961abc077e377a204
SHA256 09ee73e2d502194dcce2c3645636bc654b360480e8c4205daa5a63f28bfdf153
SHA512 75951fc7e77277fa6a0f6d4bbc8b2fa979cc1224d7c36df08f014b6cf2dc87ef0a79a6427d3b6964d7584ff108dadc29f4b4d0d5d74598c11d179870b749c495

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9A9YQ1LU\www.youtube[1].xml

MD5 6227b0245b7648c6ae2b94435618f111
SHA1 bc1e66eb4abfbef97b1f554230af6859e9bc3cdc
SHA256 163866b785cbfdb7ec61e9be8925d1fe95e6adcf24a9f48af1083b29d3122587
SHA512 030e5a483816724ece6bec11aa6ff943bf80780aacbdf28c00b777f66056e31f8ed76d7c2ca49fae0b4c8710893491b8c771a044a5b00d5722f38a971870accf

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9A9YQ1LU\www.youtube[1].xml

MD5 8e3e85819f1316d58cf572b1e43c398e
SHA1 8901da015c5ba54ce1c7ab57bc5536f3a18cf106
SHA256 7c320321d284d7efc36c2ed78ca2d8364eecda30ab3b7f942dab4a744b521a63
SHA512 4f06ae674d5feef8fddc6c125e615446144bdd980aca6e01751696a481853796d5ad36cb53bda746311545c9d739db88a80fb693a7bbd4e0feb9adf72e4d8e34

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9A9YQ1LU\www.youtube[1].xml

MD5 9a5a3fd276cc1fb2cc4755da4ebf72e9
SHA1 d741f0dbe45f20f1c240b9ca4de8c26e5639ec0e
SHA256 247bb3ac3db5471b3ba54a41bb32c127bd92fa2692b97afa1f678c05bb14043b
SHA512 098a9c10c7caee6f754f5082c3d872dbedb04645af14ea8fb391161e85d11ae207e94a1dc27d50e78e21f23f395e682d2df6c6d922d8e00843f738be46248c09

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9A9YQ1LU\www.youtube[1].xml

MD5 433369330161c4b5c31a34494d240ba4
SHA1 1b0656ca7008ab6a4b38af452908db4f629169f4
SHA256 b78f28aa60000704e09112aefbb8f38ec8797489e3598aae59a0556b85b8c212
SHA512 32eba3aad1a6a61f105738154fb82000a76a25939438665e72d55985df6de75c620f9dd80d7cc4f16487097dcf4a77b5f1230f50f122d1eaf4d6e42e74080dc7

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9A9YQ1LU\www.youtube[1].xml

MD5 588f9fa540c99e7568ac11feb82fcb34
SHA1 7ee4a8126f24aa562dde24c184ae8e482443a092
SHA256 a6360cda6d514033312965144714de8a61d1f7572923fba1942b7dddcda94669
SHA512 2dbabe553e6a94755ec6646c9773d05cc0f5a080fbfc2b7a3bb4afcf53a9a1d73756d2020e3208d827e33fbf3389287260e91a52f47780255b5cee2a231bcf64

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9A9YQ1LU\www.youtube[1].xml

MD5 2147f78bebb0007ad0620f252f17d2ed
SHA1 3836ecded33e6035e7f2f5e7bec8c35428c46443
SHA256 7a4337a3d94f113c9375f38c77cf1ffdd1922a1b23de0501d4146d9373b44df7
SHA512 0d29d57c08d4ef2c728e816fa0f53ecb875f103a9e9955a1b0746552f6bf99d6fb40d806e82fb931d4e6333d38b72f6163e8e1bc32e15804b9ebf72e2033eb72

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9A9YQ1LU\www.youtube[1].xml

MD5 f7991628511e4935fbbafb61c150407d
SHA1 f41a36460e1210a0faf3007901d5f34b8c532231
SHA256 1cecee0a4a1783ba0686b767e42066e43c4cfb41aa154828b70083d20b6f608c
SHA512 7ba3a10fe5c15d0ec3b27d028588d895f6414da95cb2be178072f50bbab069a2abf3f97c1649f8c936a01a15f52e87868f058d793cbdc4cee4a168565a16363a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9A9YQ1LU\www.youtube[1].xml

MD5 23ccde4c37808289bee79e7795f3376f
SHA1 eb756e2a94cdb9c87f07afee692a1ec9c308477c
SHA256 42cef5aba00fd54899d1a3ecc918d8cec1cd282955f7d957d83444485b4e6486
SHA512 69619c0313ee1427f0df4f28bacac42b3bbf1de777fdf9823c7a452ea236e31697466e0853da0310e363cc2cb3626748d80b12f3b378fb25f086db048e73ee1b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9A9YQ1LU\www.youtube[1].xml

MD5 72faaffdfa96b2a345fc69d00e5212ca
SHA1 92188266442e80284089bb51dd5da85e4c9d7bf5
SHA256 b8252a39bcc1ef02f62782956d4d3ac2a70cbb8bc1f84cfb382d244553d9e1f5
SHA512 b3e1d2fc2ff6f0e29f771727b390dc4967d66a0f6d053f86b1a47bc3de3b4c9a3ec78ad8c2756361a073057ced87440b6ee4765f756e139e8f3d35fa5f36675a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9A9YQ1LU\www.youtube[1].xml

MD5 f572f2f899eaaa91ac5954bd560233dd
SHA1 62a2d29849043c113e5a8ad8b4d77b3c10b81159
SHA256 7501d2c2a4dd4dc85d9df763153e4cfa03eff8899ed89283fbcf5d0591b02e78
SHA512 4b2d926a4efb0d8268cc720d8fd152b816babb616126f7e6c98d7114cbb677120355786e5026ef688111621370ee5f4b149993e838bec358b38686efe08b0b8f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a4585b584cd106e8d94143bb091b033a
SHA1 1c0767e025847f2dab2b78d55a410d3bb472aa61
SHA256 e5018d42952879aa3ad8cbbf1167bb04e2f1da03d1cdeeb25813b837cfb062a8
SHA512 5e0ada84ce1191c9e6fc9761211cd853af953353c8e30153357ef6ad130928d8dcb3ccf86919cb9798306a198614c0dc47a910092b8727de8337fc630752b617

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df8a96315c8463611423b61f30e79ea5
SHA1 fbb62bd110d006fbe43705fbe1a7c25ca660ce41
SHA256 4bff83730b9ee5513c7bd7ecddb7577a8da02ee0e739ce7c827e4f2819565e52
SHA512 38deab16362ed8a5c34c2b5f6dc19ef18d8ead0f36c54cb27d418c02f976310e4d04eb8e7a0bd87878a79acb92065dc09f9d824d0f5e9dd1355f92941bb55974

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bfb61a4015cd59e5650f23d72d3cfc5e
SHA1 8d52dc18f5d48d9981c029d198fdbb60bb867611
SHA256 cfc413766a7333e39c75bda4f489110e6911fd2b3b4dc016b181ba7e9394a5fe
SHA512 1cc87e87b6d70168f0addcc13aa2a539d2763b97dae2427961bb8f68aaec4daf69f94deec549d73765507d10cdc8d7c170b95932eaef889a5604144a10a6c5ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb850a2657744a1a23aa5569283e5863
SHA1 3a9e041bc0949cf76330e331743535373d2ba3de
SHA256 c356e0b9389b06034c58e032ee4da5be8d4bb15faabebe8ce203363bac63e899
SHA512 a8f46f65e81495657956649f862c31afbdb67949b1df3d08b22f95e84a30598e43a5813d0212c5db483d7c2be9ffd675a5f732ffc6407507529a08ecab63bc18

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 48ce318076241b9ab00faaf1ac6cc72b
SHA1 5839d92c158c7e644c73a4a3f48d6415f0305dae
SHA256 c7d19dbc349930448b01bc4fc52d9a67bb7e89d53cb0dd7c9a4bc422e8d8df73
SHA512 bf5dccf6b449195bf3d77fd583a8b9448d2df448e345f27040c4177ce9b0b9977d1cf1e5960c6e16afd5cc73ca9ec7e5d10d533966252dca227f17a3d5dee7c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eab184db7b3596ca67eae195a44d7b79
SHA1 b3a7573b1d64910009dc834166178a55b20d2264
SHA256 6e02c2bafd79e03d1a1ab4d3e841d9d59ff7b84252b8c1245e3030195f8bba07
SHA512 986a5225f62ef08750aeca687e992cee39d46696c425a6f5d7828b210f5c957b191507a3a1be98c46fb61f7725f7473026cfe80459f53752e9d4adee34d0d505

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7197697f52d0c956dee5f769591a9605
SHA1 4e343078619ff4e95451944287dff1d22cf7e2ed
SHA256 d7050088071e0e92bfcc1bc3160fdc203ee70cae1c7876f5b07b5bb2c3bec1de
SHA512 0e79e61bad1aa47b797a9548f4520e400be6a0097af3f2cd1b3678bc852b4f4e11abc9acfcd598563ccc79823ec009552137206560a64f263ada25f5a87d4655

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 903ffacf6fc08aa634905931a2207e61
SHA1 cc39997e6baf32575012dbed0bd709202e2d685a
SHA256 7c32f261a16e227cf9a657e638511a37a2e2f55fa970df56fdfc8ae1b01571b0
SHA512 0e8b8eba11202b7f5ceaf280d09b8b496eef1cfc3f47b5c740c0b2b3ff92334decd571d1a7fb89b63fff324c1d2b292bbc305a64189cad99482df6e2c6be0633

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 29a1746ce4282c3ea74a6a0113d6503e
SHA1 723a66d1d2d5f45f3da11747344a9fab32baf064
SHA256 a2205c04fe5bb5541898627423554472311ff8d6fbcc5f12235a50425bf1e18c
SHA512 c48f4deafd1845c34c18e8de814607674655aaf9a92e999db58d92c64fdd0c6fbf4210b86d343ac5469d72f9981c21fadb081aab854ae1e932d961185aeb846b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 77042ad86f00371ff8ebc6b9b078864b
SHA1 67216eb34e633c402a88722c9ca35369e87619a6
SHA256 59f55876185a82c6d53a00535ee4ad08797f95951b43c5d932fd5dc3b313d0f8
SHA512 6123f57399f544428a661a4cbbd39a25e05d51a287b507c745297323a2b67b06937c7e0d4fca75a9982c3995a0183cdcfd66538c57312aac1ea8bd987924d775

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 54a332f79b663d68d244f618c8f7c7e1
SHA1 8c5dd5281a5a7329ee4174d04b65e4fe4d32c3f0
SHA256 051b3a59669b8c1fe59a97732299449fe5277dc475516d89885c2d3efadb0072
SHA512 418d24f48795d90af01b5fd0cf23c48a6c3180706df174f8748fe2cafb47c4fb3f76bc97c036fd95384ee084ca0e0ba57097c4b9a8237822c0ea66f3b5abea92

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa75dd205f95d4a944739827f7ae9a91
SHA1 4c4b52d30473ca5217470986c16650ca9341fffb
SHA256 904d148966c8b6a632decfe1c406ded5c8fcce6eecd5e2a9385e3fafab9ba637
SHA512 63a9bb4d03397f977f9c71dc3247b24158d74b7cf85fdae0d55be80bccf40e8a83962cbd47e9c1da15f58b55a352d830c0da67246dd0dc80ba7fb5b1e1672ae9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e717b5e0624b04455dff1ca80936ac20
SHA1 ea0d9d6c12ca16d59d788ba338f0389f918062f5
SHA256 60cc3fa6accd41a08169854fe2fc9a166519df77fd1cb4772e6bd409c4f9ef15
SHA512 4d3a56187452666349a7433ebccfc0a76d3d28364704cd76d6a907a8a4c4b2322fe4fd1ba8f7e6ffe914313439525bd25eeedac0e9ba1a5b7fda25ac4fc1addb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 efba00434b835624621ed1a4b3546b04
SHA1 cd5d97db68f8296b5316f24ca0a9595702ca8374
SHA256 6a71f0e770c0d23a019ad18987055c1432c6ff8a5201e38b4d5c54c92d535578
SHA512 9cc0e76464c41bfa534d8c23508311792bd4528482c6cf60560b64f68ac30aeaf765562fcf880623afa02f066faa374d372a03916a4904172284ec53bb6bde84

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 deb73bcd181a2d7d2b8504fd96b93ebf
SHA1 8474081cd987a8f7e5221f365f8002cf1ac38394
SHA256 af550ed78023732d357a93bede21feb903ed066b9135acc492480b455222e903
SHA512 fc72201cd5fa9f1296b5d335a557930abbb5836801c88c1f6c534a0e45305b01c91e2d5b7cc17d56e34217218d4a35a8656f561cdbe24b635a6552b98f8d6d9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 72fbd0ac9753e848a2e7a5a9849d5b5e
SHA1 bed1c06d05bf58bc079e1bba48b24048fa1cb9dc
SHA256 ab117219eed9718540aa569873e4ab93bdbea71f9aa4740ffdf88c5ed5f14b0a
SHA512 71960da7ecb97ac77f61ccea1d85ac7b0ea1fad86aff2088c6912d9795f28b961a08b9f9ed72a3745d533b06674e7200112b40f0c037f305377985ec35ac1f26

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d1ce0318e3f8a46ebd6d042217c313fe
SHA1 98ed9e73d031569334cb5294139d778b1c02bdae
SHA256 18bee5eb39d11d7748b72e138c32d27d4d8c26130e4ef1b2935b5fe3162067a5
SHA512 1450a8c82e12e12babe3021707cfc576e44391d1c71befd062fcda1662677171b79a49ae2a088a0a17f8305520532dd0bb8caa7e2eabf240d0538258fda17d95

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f4c7fb2b5997a2c8b264808e7429b541
SHA1 c72755e6eb052bd233f030f8776045ba73694425
SHA256 bec92f02d9323c28d352d790ffcba7d2c183c606c61c0e38d3ee11cbdb07ae9e
SHA512 00604a37af14bad2eb1a6cda57aef537c749326bf8606e7f79d2ca75f9203292ba5196943c36c0831fe374c9a859987e97a5c7d9b7e3ea1b34bebe3343803a88

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9A9YQ1LU\www.youtube[1].xml

MD5 ac65083c5eb1dbb35b49a799af74cf91
SHA1 cbaca1c6d01aa9d8638cca11840a7e88c7aff7c5
SHA256 d59486fd093b2ae80cb85e51109ccc05e49db7bf011cc12747eefe9796f42825
SHA512 9a731035903c85abd2de9b4524fc52102f87bb6ef22a1eaf22a7e4382349f9db5faacb03c250f4fd07c47f1029c765ef651476551569ff336ee01bd64d0306b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 300cc20fee5a15074727a6463c352ec7
SHA1 f1be7005063f95c3bb8da1acaed2659aa4e24e1f
SHA256 f612387e8b65856fd0d5f63032d91f9b675b1bfdc5b4a7e9ee8f5fc04a39ac72
SHA512 24c7ebdda9c5873dc7f0cf656ca733bce13ce07ab41ef76a5ea75212c18ec9ea89c2fc7dede33da2d38b3c429feea523c35de3ce3f80b0ba1eb8e470bd35a450

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 684e0b87881fdb51b1523da0fd7ce42f
SHA1 c819b4b2b843eeec08596ffe0a3aef02ce567e46
SHA256 593dd3f718ef119a5c832588bf99e7c8f9d37d9d089db0388d6d9e6e58e41328
SHA512 a668f8a253c796c030bba29b370cef424f737d1f25c70c6f80342e57ae20e6d870eab8761cd53f455d8fdc79a40cdec1a475ecb6b28b1f13f37095cce6978284

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9A9YQ1LU\www.youtube[1].xml

MD5 5edd36a603d84e8a8c819817ce28af49
SHA1 30d0e1f88fe83538fb2a9edf55c2e11f6faf138a
SHA256 3e430c65d7fe17a95d1a261d4832ffa390570bc0dab171e6fcd99d7893f798e3
SHA512 e1b848b19ff6f552bcf368c713ea452b2cc4167eab6ef291fec19d162148b17a1f5e781107fdd45c53f64b369c4bdbff1012496bbe072866406f7c1716f398a0

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9A9YQ1LU\www.youtube[1].xml

MD5 73dd7ff98706188f699750975e6ce413
SHA1 966d87f73de5687c73485552c3b0ff4cd76674ca
SHA256 dc9a207ed5755b5a2d1d7f5ac37d0d1901fa0c86851486cdb5db731817b2be6c
SHA512 8e1f97c99045209e7d3bf742a5fff09ab05ecd7edda5d2b0cfa54431de496afa7e8722365ac5343fc1822c4c9f79b4ee948dd53d77e408a8d982ec5493abe4b7

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 13:18

Reported

2024-06-03 13:21

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91ecce5fc6a82648dd1a55c6cc84edcc_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2284 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91ecce5fc6a82648dd1a55c6cc84edcc_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe86fc46f8,0x7ffe86fc4708,0x7ffe86fc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,11931335210596969149,10271587967151960471,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,11931335210596969149,10271587967151960471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,11931335210596969149,10271587967151960471,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11931335210596969149,10271587967151960471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11931335210596969149,10271587967151960471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11931335210596969149,10271587967151960471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11931335210596969149,10271587967151960471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11931335210596969149,10271587967151960471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11931335210596969149,10271587967151960471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,11931335210596969149,10271587967151960471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,11931335210596969149,10271587967151960471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11931335210596969149,10271587967151960471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11931335210596969149,10271587967151960471,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11931335210596969149,10271587967151960471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11931335210596969149,10271587967151960471,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,11931335210596969149,10271587967151960471,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5460 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 konthaiusa.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.konthaiusa.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.179.238:80 www.youtube.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com udp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.200.22:443 i.ytimg.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 22.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.187.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 204.79.197.237:443 g.bing.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
GB 142.250.187.226:443 googleads.g.doubleclick.net udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4158365912175436289496136e7912c2
SHA1 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA512 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

\??\pipe\LOCAL\crashpad_2284_SUZNPUWJELFKHVTM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce4c898f8fc7601e2fbc252fdadb5115
SHA1 01bf06badc5da353e539c7c07527d30dccc55a91
SHA256 bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA512 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7662469b1fb49d3d7dfdd529b2110a1f
SHA1 0309015c46db8bb01b0be105d9488c18800a3021
SHA256 02bd831e746321167f642ad53dc7ec909d42d7a49bd9b4638caad040fd17613c
SHA512 c8849826a007702fbaa4340e2a54c95405ecf5d32f7df0be4fb9e26045c6764b806d2a711a93f07713a90f16cbc89b685b03af0305f9d5bcd6bd607579d8b1a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 46ab8b5913bb627cb0d76a8f16998893
SHA1 2bde0463903ab44613de736cc74646df2ed4295f
SHA256 3ba62a333987c7fa2fb6ba2b30ac86cea07ac5ebdbf9404808e348f775021352
SHA512 f0a30686ccfe156d2ae7b590a7b7bb376a766f8cb68d4df524aaff59367e8b0b92dd1874b72a05ebbb204283eb07dc76016ed14d951b33bcbaa420960e76d4fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c4977ec740ec58dfb915e544f950ac31
SHA1 32331c8918f6331e6c6b0e7863c111291d2800c2
SHA256 595e842334aeb4d4769d3cfeb4daa10373dbf3a4eb3565fb248bc802b0982a79
SHA512 bb556ce26ae5505a40523c57d823e211ec9448fcde1f15bc11aa04db100a9069710b2b9bb6af373d9bd69eb767e14bbddb745901b087a88d7cb9e2b13c5ba72d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f999fb5e593a9cc226413b53c8b11ce2
SHA1 9e4dc1d164315af6af5286828cfd83e44288d893
SHA256 1494d4e12551604c092592834c1f3ac143507f24fe334ddedbe7470ef70149a7
SHA512 3bf7deadbea30ec0f967109c46e1096987910d65cd1bc0b7e4d83b03279860d8d4f3fc8a15e010a2849a136f862c49a6c69eda9c2c4f5df7452e1dbf8e7f0c85

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8c0a3e191c15614b2d374711fa8ae45a
SHA1 a65c88e669a93b83efa110db544d8bc3f337784a
SHA256 e47fce6103c7406fa224ff3ab82edfb2b9eb5a5cc50f3363c6b0339ea76f86a4
SHA512 91b53eff6faffda64933e6fb6b0c5b6edf1b81fc862369ec9326d1684b6af51bd75b0316c62ae4adfd94cf0bd71ec6df08e38f4199dd999e8335a98a5be576cc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0b7d8da713bddacf6bf79316213f8754
SHA1 1bfa8f1f2ce34679f322eca19b0d1ca1840de209
SHA256 f390a7d05f04d688eec245c20a3979c1bae2135c462d28ab6058ad7d19898b37
SHA512 65bd859524c611d720646b1b96d273aa030ed5686745b68ed1a1909c23a3da0cb69366951e959eabcbba5b845703f46517f22ea92799dfb38a5bf00b8935cd38