Malware Analysis Report

2025-04-14 04:45

Sample ID 240612-11krtawdkj
Target a29e450b8f485e275d2b8463e31f93e7_JaffaCakes118
SHA256 ffb2e958cc9cf85a994951fc29e0d32a43234fff59d24b340693c560adb05365
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

ffb2e958cc9cf85a994951fc29e0d32a43234fff59d24b340693c560adb05365

Threat Level: No (potentially) malicious behavior was detected

The file a29e450b8f485e275d2b8463e31f93e7_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 22:06

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 22:06

Reported

2024-06-12 22:09

Platform

win7-20231129-en

Max time kernel

128s

Max time network

142s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a29e450b8f485e275d2b8463e31f93e7_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "7584" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "19451" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "19451" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10540" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10175" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "20316" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "7584" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "7699" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10458" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "20316" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "7584" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "7699" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9767" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "19451" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "7705" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003fbfe22c284b5a46ae3a4245606bc68e000000000200000000001066000000010000200000003b0ec1d4a256e26c8271bb3ff35c4b2067ed8c6f550bab2362b0389fbec94ce7000000000e80000000020000200000005fd582bcd468fc30c226803b963acbdb12fe645fb02673509429368add481e5590000000e3cd779afeba3e464fe7b360388d01e42e6338d77d07462f8009838d86543e9b7c2b0323928f7c6fd62a260e45c83d757eca32d74f57212b9ad6d8032cb3c7b1d143cfc297520d4689e1a470331f46dcc09774f37339671d225e211b30a113e20d423831e949072b6bf198e1edc4c82b599c863b8b63f1fbbe353c588c6375b5a8865fe9d5a74858cebf5d57737f524c4000000033ea93675c57e5f3b5ab7c8daca680e70493915f3f5e06c1a9907065c2e32463156128ee31f9a54be3c52862d0c3233d1f36656c088c898d22adac0ea7ddd8dc C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424391891" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003fbfe22c284b5a46ae3a4245606bc68e00000000020000000000106600000001000020000000d5a554ca4a2efd7ea1f2d9b598914affbc5553a902dcc16b61c36e899429faa2000000000e8000000002000020000000392df5bb1d50b11c757dfd41375af43cdc5af4328f7edced03843693aec1681c20000000ac26812f99f5e7a2d4833ee61583b6b76e9cd38aa2a91f192ab1ba5e140cb32940000000583cb7073298869342ec8b04392475f5d2a5aaadfd3e206822b3c5d4bfc3bce53fbc4c67b4775e417bccb170513af444f266e2161b4b9e4693de2d9cdbc95668 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "400" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "288" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "400" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10175" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10540" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a29e450b8f485e275d2b8463e31f93e7_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1108 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.konthaiusa.com udp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.200.54:443 i.ytimg.com tcp
GB 142.250.200.54:443 i.ytimg.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 fe0.google.com udp
NL 23.62.61.155:80 www.bing.com tcp
NL 23.62.61.155:80 www.bing.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24

MD5 3e455215095192e1b75d379fb187298a
SHA1 b1bc968bd4f49d622aa89a81f2150152a41d829c
SHA256 ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99
SHA512 54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar170F.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 47e7d8660999dd7a56a6f48c02cdbaac
SHA1 93696d518d25cee7534a509c37a302c358e1f470
SHA256 8305820b7b05879c450b80f0eb2d4a8f7e80312a41161fe06d18cc9ececcfc24
SHA512 b74cceddbf931575179fd88821cb6477997a4cf463e03b07887113650591de33fdba93aaad363b1c24f7715a024958702523bdbfc7aba1f012cac8023977e585

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 87274ddfcb2ac0c48b00250bffd313be
SHA1 1c7109ff1077de419346b3bd7993807837204d1b
SHA256 2abf4fc3a30c39c498f10bb881996bd3444c6ac52d6b7459ad56122e03cdcd1d
SHA512 a252336cba33a50bc6ea003187e0147761f0f079048b32c77182930ec08477a3c09499185e68462cc72d5549c1241676ba09a244171ffbd3790c57186be7a812

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 00b624fe2654ecaf25bfb39c45eb4004
SHA1 3ff1186e40f85f1ef66e780785f28909f8424155
SHA256 768420da37c6897f94ac98740032406fafb66b30d18ac54b6bb7bb8cb3bd2a8f
SHA512 fa3211cf5a2a7a18a91b56dcf5e2b4f271e8e7c93c4f417c7dbeb473b011baa1f0e1897c829ca622e91cbc0a2f21cfd28a062d84ab13db76fea4e990974cbe6f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 e56e8a78c63bf428e8186c359188db32
SHA1 4b93123e24fd5fb6ae6cc24cd34f10edcad3c366
SHA256 923d62615b366a5efb3ecb1eb53d50aa7639815b1d6418fd44f619d810709d59
SHA512 d4d2d26ba9ce9fa36de6f0c34ee296a557fe8ca8258a003fd8df3555f3448cb26e64ab01ed89fb7888e9cc0608d6502192052a1d52d6030f192f6096353c274e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QHFUQRZW\www-embed-player[1].js

MD5 8940a491297381a0ce25360e21b39bb5
SHA1 43d7a4157e78777fc024415969c3a7bd550a4322
SHA256 afc766cb1c4a339c40d24ad926f05e8b4927eed7532b876291d0bd19adc9cf3e
SHA512 5772d7e7485db888676e69cbaf4c88af01872997338bc61e8e0344d5dba208c2909e167d54d8edcb782e17d1a2b4e9dba955baeb0ad0e43ba932b3bf25ae7dde

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QHFUQRZW\www-player[1].css

MD5 d32700adacd5d982244c69736b87bedf
SHA1 813dfe8ce4ee3608ed3580113e3b82730ff03c85
SHA256 2c7426a5c6bf00c328c96fb01c89c3e23ba7791e87455cab5aa3b546942f1fc8
SHA512 bbe35704822e0a82de2da2890da6c06138514070fe93978823601079a9371386915431f98e613adaa9566112d728f5f0274b3864e8a0c7da538833383ea5d342

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QHFUQRZW\base[2].js

MD5 d0ce66befdade82bb7d0897bbeb3c7b3
SHA1 a8b4f3197bf359cafad7d360681a6273670fb905
SHA256 32b638cf9466cf241be0d7137c07ff73d864bfbbb338fc495eac64a59f39d984
SHA512 f1a033dde6b3fe6d8597a589b7e3fc5635793eaa60b741b9c2415055e5ac76856b26a90dd3efcefbe980b15e341afd28a466589686bdfabc4fccde43d13a9bc4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QHFUQRZW\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

MD5 de8b7431b74642e830af4d4f4b513ec9
SHA1 f549f1fe8a0b86ef3fbdcb8d508440aff84c385c
SHA256 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a
SHA512 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QHFUQRZW\KFOmCnqEu92Fr1Mu4mxM[1].woff

MD5 bafb105baeb22d965c70fe52ba6b49d9
SHA1 934014cc9bbe5883542be756b3146c05844b254f
SHA256 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed
SHA512 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OX9T6XQ8\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OX9T6XQ8\www.youtube[1].xml

MD5 0921963a9e0353636bb68f3a949a8ec3
SHA1 0b60fa248c338fc9d3f2987a060a81d26b79310c
SHA256 ca8612b479b59173547c388997e8563885c89875697ab08e3a48cd2a76a57348
SHA512 76a923a2feafde8c0c7de2ee82361021fe8e70a328fdf27a3ddf74128dfc3803b6527be9ca1daecdc487b5f21016d98dd273a8d9fd37ed943ef6d063e24d52cb

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QWUYP20E\ad_status[1].js

MD5 1fa71744db23d0f8df9cce6719defcb7
SHA1 e4be9b7136697942a036f97cf26ebaf703ad2067
SHA256 eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
SHA512 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OX9T6XQ8\www.youtube[1].xml

MD5 40dfe42ce9e5bba67443d8b016df2aca
SHA1 f2e8f03ecdbc56587c068443240e5f0ee568e2f1
SHA256 d64cf29f05c4f6196ecf03fa4a20157e73666cfafa27d9748e74881332d90875
SHA512 b0306a8433102042533543058cadcb08b3cce5742bc2282cbb05d48f191162aeb4ece425264e9b7d25fb616370285a268d0e658df447e28914bf7b77af6de8b4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I2IM4YIO\embed[2].js

MD5 14d69fc9da4a63c8ad5013b3d3781842
SHA1 e0272f8403d95fd27df22dff5fc014e2ab5d8a3d
SHA256 e2a5632fec9da56d272ccdea5ecfa7000dc70659673c52a11966802e37a2140e
SHA512 0f85c67ae8969570f6cfa4d265013da7d4820ea11349b11b886d480d7d78df5c6aa1e7484724d6b21421db18678d22bae6d478d3d0e35506673fd609805d1976

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OX9T6XQ8\www.youtube[1].xml

MD5 e0db13193a5c8ba498f7b400e0694135
SHA1 e5394bbfb07d946cbe32ea57fa3fb8c53dc77eb9
SHA256 912894a02ade0bbdc402d871f9060545f1a23d454a985ec428e54ff2dfc6f2e2
SHA512 72a6878d6eaf633a55f23ef174180f3c1df325593ab789af74ed0bb2a863601191bacaac47b46bb4dedfecb869636feaaf1a94e8fc6db5b336af45399aadcad5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OX9T6XQ8\www.youtube[1].xml

MD5 9a77a4d35194d02bcd65e677c6caebc7
SHA1 66e11fa6a34f95da7db631df4d16817d9993d2ba
SHA256 41691073a87943f38078a012283eb1e436408686f058286ac7c10b13f4fc513b
SHA512 b20e955fb88266afc2f26f474e699a14d8799da5eb214c22b4c796ca240011e8ac8cf19ea7ccc081339fed1ca5b709e33a7571e5114a0d28367d0c8bbaad3a5c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I2IM4YIO\j85XBmD3K-auBXRuR4gFy-YbXrRwDWE2e6ZsFqyJZWU[1].js

MD5 c31f785afed7c3bd94e48286a26482ad
SHA1 f66156197cf74e58d6e0a327e8a1e6503fe63374
SHA256 8fce570660f72be6ae05746e478805cbe61b5eb4700d61367ba66c16ac896565
SHA512 8932b515493774d5587a01fe6d3fd08c404fdb694219898ee32a44ef00cd8773ceec0f46af1fb2834211a64a7eb698ed6d1ee7edbf70e80593997ce65113a6a7

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OX9T6XQ8\www.youtube[1].xml

MD5 568a1a5c9560c8f565d9af9ce242e2cd
SHA1 6cc6c57cf51362b915fc6bdfe1795f9309996eee
SHA256 9bc16b3593084f3c9edcb151bf80a547ece4691cbab4eb6f2b52f069bd92042e
SHA512 6fc67995ebfad22e5eb06364bd227154dda1d0cfc260f2654c54a649fda0d5359e9dece33597e0d46e33f44db40f8f5468a12cdb273231b0eb1cc80e5d153cf7

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OX9T6XQ8\www.youtube[1].xml

MD5 c3abedd6806f65ac173afeff05967ad3
SHA1 b85f997e0db23d29edc6746be644d9ef275a58a1
SHA256 614e0a085bac2961821cc2d6e54f8154a645550daa340f1267e50637a8ea6309
SHA512 59b33a3946dd2e42e570aba56c6750912785a7030fb12d521fef5f886fe88c202b867a545cf845adab9051e904d1fc9f75e1369dd56c996d6e0e7462bb717ef3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OX9T6XQ8\www.youtube[1].xml

MD5 666c2982b8af6fe503a5c3aebebe7776
SHA1 1dd564a15f103d2a8f3cd3a52b3c28c4d536a732
SHA256 df3df40daf70897c41c9f579e2ba7bc0b984b8597fb33a316e015d5f4c79fd11
SHA512 bfc485c42eb53e8f540f3b4e06533a86d7ef2de0f8373eca1b919eaf0c44c981bec8cfdf61abc401ca0320fc4b3baae2016a966b6b1aa8373b77cbc9071ddd25

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OX9T6XQ8\www.youtube[1].xml

MD5 ee5071991adc69752abd778603d80f67
SHA1 4d3b880ff20dda939bf868ff3da208d68b13c8d8
SHA256 eaae07ef54851899d2e57a925b34ee4d1ad9949cb8c264f4eedfb254550d9876
SHA512 11194ad0add6c4bcae05db9498e61f045dc7d6bd4e754b42e830d731a560a434ad566ea24975884c43796cb82185c55da4fc38d1d513ba1d43b36f00756489cf

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OX9T6XQ8\www.youtube[1].xml

MD5 fd2719df3f1b39894dcfdb40025116e4
SHA1 0348494655fee2a2180e986acd6b56f0ce66a229
SHA256 bfbd9047295a2376fcb8ef90808d4928319d2359eba9ab5fe49f4b0982d5785c
SHA512 032c6024dcb126066959848c950a42481500cab94d9d721aaba14a12e0280a9c4a33454bd5d6861b59f740492110d921074d41745c84c67b2716ad40bbb56e67

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OX9T6XQ8\www.youtube[1].xml

MD5 d00c078a206a6135dfd5390d8fcfd066
SHA1 7001591c7df43f3c0f815d1652ece9a07417139d
SHA256 7cb66a520d2df9e2330a7f2f70c040f87d07a8bdb54be44a16d53b04a6a6ac4e
SHA512 ab221401709185cd64944d4d78ac20b81ca91f389ccd0d00811a6c0cab8a536ffe6259d576b2fa9f88b21f77b7b6c013b6b64ec97db859914c915d19d74fd47f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OX9T6XQ8\www.youtube[1].xml

MD5 f6e65a0683c05173acb4a07b0550c22b
SHA1 18a9b7193a60eac5149aa0c7bbe677fb40126c66
SHA256 eff201ba236ee85cfb6a7a36453d4ad226b9b0cee88d23b690043563c8b2f256
SHA512 8382b353ddbe432da670769ba388d244cf0cd5ca1eb441684110aa35cf04a5706d03e832508c71d8965ff0baba4cfebeb3509714aa114ab1622f873c3ff5c654

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OX9T6XQ8\www.youtube[1].xml

MD5 f133aa1d669176fe9638bbbd338398ff
SHA1 8521be434613956b50642e4031873652b388e30b
SHA256 ffff7b0a156aad7c7b45fdd1e9aca9c5613605faf52722fecaec8e0559729904
SHA512 963ae0b23743d7855d9bf7a49740b851d397d31341ec1958cd19357a78b1d960689d04deaa4b96613c92436748dbc55d7d2d29f842f85965b21e134ecf344e31

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OX9T6XQ8\www.youtube[1].xml

MD5 e06f2e10a0e3b6bd468944f3eb3e40e6
SHA1 bd0b9404f9686f1a5b3f252845ac945aa8344c4c
SHA256 c472e4a896522743a00a98bc6fe1840eee3bcbae72a323242b1bc14ba8f6cf6e
SHA512 3cd727a846c5d3f57197208839910a4177800a2da2b1537112a3abe3dd8fbba192b4ce8e27bdd65672bcea82a87aad69794083d23c855ada3b8be062ce71d051

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OX9T6XQ8\www.youtube[1].xml

MD5 4438a292e053f67a900826b8df2a7256
SHA1 0d68cfe3fabef548bf0916e8cf10c17f8eb32710
SHA256 cd06faa47f845ad6f35a2cd03bac8cb6d70848afad4c6ee60a314f1e888e0ea3
SHA512 de20e3b330c553da271afdcce3bce03bc74db406a5ab2a7efc96a78d7195b7547bbef3bac973f44dba43cdf539f942d0105458999b6e2527d7d8199cb646f338

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OX9T6XQ8\www.youtube[1].xml

MD5 d2f86dea380173ba72ee790eeb442866
SHA1 4b005bd98a4a81d90f51dc73878c2164f86cd601
SHA256 9b297741d3b18abc1191586ded795c17d78e5d7849d9767c55b02c140283a669
SHA512 3258949a9a3c391399a7a4f18b920f5c93f8524b07fa70d243442786ea93499ee5fa1c85d95f85f3bd55a4c0c7d7b623bc6abf1c1b5686fbd30defaed3566c26

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OX9T6XQ8\www.youtube[1].xml

MD5 6691504ecd1d8ba753200285b723d767
SHA1 697a7c3dc30fdfa02a2c8c83b42577507f4dddb2
SHA256 fb99b3a2009bf7fb9bfb96686af2fce41eb53a9ea8fdfd172cd718b32bd6f71e
SHA512 6cd77925b8e421382069784f5d4dce37b08366fe5df63d19b8f49c6fba47d52ceac795ead000663d676aff7cc4f6c97a038ab4e558cf50967c0b54310521217b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OX9T6XQ8\www.youtube[1].xml

MD5 b2c1e44ed840c490e36344df7e0a022b
SHA1 83f6cac9a381796b7da2064539a3e1142e59f4d3
SHA256 9dc03827af186db388a9ca861aa2a3ce853c0b017c5e399ba0ccfdd1c657e801
SHA512 c2208db0087daa06c58f84f088bd10fa5ac6e92e007949bdfc16267bb55ec45e687f6ebcb61d8d35436ab1e416adfc035eb6eb3d7797173640bc8a364edbc6cb

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OX9T6XQ8\www.youtube[1].xml

MD5 5ee8d7c15684050db6903a7a09cd6940
SHA1 3a2680add1c123735ee687b8c3dd34edebc3eb90
SHA256 98be14e77be4c3ab0f451f7a9b7ba1857e4cc13437c75233046a747c323197cd
SHA512 3beec96152c36526f29ce0f791e9d47840d957b77c7d223050b9e0fbbf63d39b8a76d15693da9238c7dff48ba71bff003b5a68f3f1cb4c24f17ceecd676b3a77

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OX9T6XQ8\www.youtube[1].xml

MD5 36aceb6e93cb2982869d5a162c22dbbb
SHA1 1ff035418b89b0bb0c77b59711f7c2fc4693bb84
SHA256 5b88698396380123d751e7db237272be1005af4d83d875242e1aaa8e3bee195c
SHA512 1e8f801977a27065a7d1b7c694bfde816d2c3acee3f44ee91f91b657555516036372ab75f986f95099084403e22056f8b682e961eb809df641f4d08e50f2324c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OX9T6XQ8\www.youtube[1].xml

MD5 8a604f3c937f0636593321dfd14fd549
SHA1 5e04de6e080eb2de12cddb43c0995fc9529439f7
SHA256 0259d7930e85b2ab97030fb539d43806c3844d0ffd1a601c8ba0682accc526d8
SHA512 dacef0fedc01c0e22512156364e3b37fa2e8fa8b41b7b64ade33b36c5825144fd0b35ba46991271001c60ab48286ed19fcfb21055136b22f10c8358b60ac28e5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OX9T6XQ8\www.youtube[1].xml

MD5 a7ecd7d9a97345438a0b83579a13fb56
SHA1 4b5a96f400a8e5e82e07f46718b4c1e9596d7de2
SHA256 8a2c3212d679f7fcdb4a993afc03f2770bd67618c67ca989934bd6a93dbca217
SHA512 e7cd523b25c5a83e3a7e4796fc688bed971a0a53970f937a8a83e11ee817dd894d39b114f8d2cc14b30a832a5e40ddd66019ec549969589bafdbf5205918b08b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OX9T6XQ8\www.youtube[1].xml

MD5 540da72b46b1b895b81740a25fd57102
SHA1 fb146df2d909b88d3453564682fe41f6a92a5d37
SHA256 ce2017eae34b999efbd9bf6bcf3b6a38bd05dd1dbc992482577bfd7cf9a443fc
SHA512 e82d5cde2f7303755e0967976b5067e80322f5ad0bc84eb0c841709d0d94196cdb86077a44497b9ba9fe9eb07f359b3c9884b2a9ace9069404da25ec3874f437

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OX9T6XQ8\www.youtube[1].xml

MD5 0b077e53409b9a6f34186e00de6e5c0b
SHA1 8d27f74fe329c7a1bdd28183c0b2ad5ec0743378
SHA256 80226e3ef96457a7eb58b0e563262990a25548c4660e11b759ba0e0ab5d9041e
SHA512 2927192a0219a283d44ce15621e655501ab4023593b17a6d1fe1a206ab4a23b6779fa84a5b1afd30810361b6f693d58dff7613ece426d2288d08950622191df5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OX9T6XQ8\www.youtube[1].xml

MD5 1b55900e01de2c0ea15825756275537f
SHA1 5ea03414b0d7b93b1b7e60268acc900b2459c1ba
SHA256 f1283a4c91e921d9132c05864a5a2b871017c85b5757f63dd4761398598c047e
SHA512 159fe39d0746129afb7ca46c261a7c65dc3ee87c540c639ae783a45983bfb5f76dfccaa07cd3a857ee90db1c9622a80c5f1d901f53cdbf012afb8a52ce62d708

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OX9T6XQ8\www.youtube[1].xml

MD5 07501eb9916d108c97da750ab050d5ea
SHA1 2ab0ebdb5ba2a7259985cf95528f021f6d7a88aa
SHA256 c11199f458273f0c1025520f6968734dde237d6a39bdcbd909132f1763db18fb
SHA512 7a19c6f927ce6f06ee124f4bb11628adbab7bffbb8b63dfbce2f9467120f6e6c658d8ce0e4ecd7ad48dcbfb4ee60d9c8b9e5f2f1198c5aec0fd6d5ab7c0c0c18

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OX9T6XQ8\www.youtube[1].xml

MD5 1a3e016ad37ba727bc1c1af961c19350
SHA1 b310d565b2549629dc55c3962c1ac4ab074fde12
SHA256 3b0ef8d3cb2a2b775098fa73daffa10d98de602d10230d3fbaebee17e2769563
SHA512 30c10cff978c1855d5d1b7bc484291d5db20b9bcb8a007fbfd59189b3f2ed5afe828aa80ce1e3310d871013f0e232f98267e2d0fae71749baa3e39141e94b85d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OX9T6XQ8\www.youtube[1].xml

MD5 37ffcc72b17fae7b1f1f09f2c8cb2325
SHA1 4590f5c62baf536ee28931a1fc3c882a62e81004
SHA256 fa98e028bf9ef75f5e947bd6515ad8a5eb3e8ae58c1d8e3061654c037dbfe98c
SHA512 fb00f6789d2dd097086b608794a810ac7e957a43baf7331d445ddb2d73342af5c69a0be3daba8c0455a5845e386a711eb3ed597cde0e5f97f4cec9b7791856ec

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OX9T6XQ8\www.youtube[1].xml

MD5 3d192be5797e2f57e2ba5fd5b55b8381
SHA1 d638a579a567a8a23d1abea9f4eb0f91121b7198
SHA256 52f10794c8c87fbb37f5e0ed2b66c1648c930e147936cd5c03527eb37d795a44
SHA512 28d3b62b432a724e05e1d8e2a4272552a540a9ac81c29af93f147ebaa3ef2453fd3ead4cb4d754434f4b17fd210eb9fa041b27b87cc3760f4f90902ad83405de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f0f801a4eebc3151ae62be11772930db
SHA1 9c1463c14d48c003a5e65658b756b32a8e33555a
SHA256 c9cbc664328ee738d03001ef07d74fb8647555eb4b38da2efc02fc53f18acc7a
SHA512 f47a8a0a4eeba9fe3c49a8c79c30572aa8f9a2b60fb3e456d00b47955dd93b3f737275b4f639395c0c95b638b466f51a866488b474c752fd3f0f9054a7677383

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f1a1c3602fc42ad0c59bc5a5e82c9b8b
SHA1 1734e4f70ab667484076df770618e76f4409359a
SHA256 9e4acb12c9da1937283e2eac68b0ee45fb1f1773bd15efe1140704abba53354a
SHA512 25c720a6386fb8880b335ed599a198d16612c93836ca18ca5905ec8dfcff90ce212b481f4583441e23a72cf49fdbf79bcd52bcf42b4e2a293e1a0b6f8a886608

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 85624a98ae77836e27188654233059c6
SHA1 77887754e91b060ac8b097683c7955d5ab384144
SHA256 cdcd67d91e3241cfddc4a456216da73dd7e2d2ab01f766b0c23b77481197db37
SHA512 91dee199c64e9840714c5dbc0a02cb4bb54b5fb9c9ed9ca94ec171cc60c0b5da01c134bf54f71c0b6a1de5fdc40fbe11329baf9892f8a25e9c657c2300b5cdbf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9a3e4e1e6a277e6d1eb133f0eaf8ccde
SHA1 c969fe9a684864623f950bc075b15523200068dd
SHA256 41cf4201ff5b48460bfbf419f79294d0801e6f6b7b6459bee52529171b14126a
SHA512 92813defd71397bcb4b53fc2d917de5c620abf626e9c2601d62e46f3cd3c14e158ea5b99dbbf65c7cf42767ef8c4dcd340b6ab1e7ca30b7c407a10c259ce39a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f4449073fa42a973ba86c5493b3ba52
SHA1 51f22d20b25a8359f7ca66492f1aa3b21f6d5aac
SHA256 26988bb8a54563b21b00e139ba9a40e64488b0464f65a0bc5436468d546b3869
SHA512 ba592fa147b0ec2b80be8990e8294cca6d97d2aea3975e146816ab10137c930d8920da137ad088548dc1ccd1d3a982509bb40083aaf60d8407a407cd23747eeb

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OX9T6XQ8\www.youtube[1].xml

MD5 edc0fb27f5c7dcda2b68f25c7f43ce40
SHA1 957938652c505091ba7fe0152b9ef478aa944960
SHA256 4cc58123a6bf8ddce31ac4ab03cb926c839cd241667dfefb98d627001a78f2be
SHA512 9e55d58b7d0e1f344418236a0338b379565cdf34fc6ad4c7571ae09c8a74c9ccf36b8d69257c7f5dadb9adb0a3afa6b81eccbe3a0fd9f7ad12d214d5354f1935

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OX9T6XQ8\www.youtube[1].xml

MD5 1a3e356dbbc1245f02c7c7f1fe64ebba
SHA1 42ca7d84d1001742040fe7c68314174aee84e703
SHA256 b004b284051c11885984ce0a97e1c0f5d760674bd1cc03f47855e86fe58777f7
SHA512 29653b7f0c4cad3b61e96b97e1450f6293861e36fe754e03011e96c95aad7383f153a83df958e5fd726ad32d0525c9f2938948d55003536bcc682ee9eae9cdfb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 638ba912a297d72ee68f3b79ed076dbf
SHA1 229fd3a31a2afa6442da96cc2f211cdfa4160b1a
SHA256 5dd2f29512c47c80fbf3d839682de17feb2192fdd6a59146820f643f5365efcd
SHA512 f4a6d88384bb74304340e55764367443763f57de304b618edb2b69337a2662eb0a674252907448baa13f7f94c72d336e5146b587fd1503aa2a19fa3924405924

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c819f262cee165763f89e2ebadf3d07
SHA1 46e53da772092dcb11ca4e828d7f7f0f7835d0ef
SHA256 74cc5ad09064480bb7f7eb3c438ca565821ef030113c831ebbdc6094e1ca7c2f
SHA512 eaf9bc17ccacbde3ed9ddd5259c27d8d61e209a3e99c47a2f3e6358b516b0b66545f9187f2738e44ab273227766f565c880b42342dbd5b4b27f7bdc2b272a335

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 8417069fa4235cb42690eb4c5876db21
SHA1 55f1bd679ae6d775581fe102a527c038264042aa
SHA256 d534cce2cbbeb3e72a37ca8fa0eb1c28741ec31f31d67e2b41bcfd7b757907f9
SHA512 71ad5cb77f011c3d9fe5e5aac143023cfacfe43584f3e342cc6c13c4666fa5971aff7823dbd0665c472d50f89dda86adfd0654ead54a6099e5e77975de4cd85a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 89d0035c80f37ec0de3a1eb37c401f62
SHA1 c9a0f506d8a41a9e3540113e157089c63e8434a5
SHA256 1cdfed47439339d98627977d8c177b05610eba9a45e346af0d40124afd1c326e
SHA512 174fabdbcb6f531f386932a23f9b4745e9b76e9a94137438fcd5e35b8178a8e000394248c9d5c0c6523a7fd3252fd51dd2e976108408466249f5894d657ab50b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a6643dbf5cbb66be009cc6729a229880
SHA1 da2b048124ce4e8756e50ff3dd9d4828b7b006fc
SHA256 b668eafaa44a7f47f3181167ad4176342edb82ba38f80181df68a112f31ec7c4
SHA512 443e0e0e8f48417e26f5a8eab77861d7cd953e66986df87536624b4ef34499737ed4f4a85d00372889b77017979f10cf87b6f6513a1bc76c2398c57350ab93f7

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OX9T6XQ8\www.youtube[1].xml

MD5 b0bf8cbf052050cae12e44ae4187361e
SHA1 3322d25fc6dba37b776ef125df9d14807187c849
SHA256 e38497e118d094f1296d20b3d333dcd805de94638c0a24f6276ab18e453a45a2
SHA512 44c14a70a7b940c9a8564f91c7e81c39cf9615172a7c11bc201af74f24d6fd5436e234dc843fecc953746588a87a92b0fc18e92a3ab1e87f000c2b84e3feb8ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c8335f08fd2fba53b894c098efbc9e29
SHA1 e441714c1fd2d7356dd808aabd901335139f7ad2
SHA256 37b08dfccdef23a1885db9a63c9fbc8f068315557f628cadffe7b6bf1cece1f1
SHA512 d8d4055fb66b9cfc9c943c2c3345814d53a533619cdfafe8d90f7d70ead7192018175aa3e91762d5b96d057fb5f1a488eb3098f3a6d9b0217cdc5c372f02d794

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2145e897d56a2347b3817cb21f9dd750
SHA1 1c02040fc17f1ca749df88e26dbc27a426f2c208
SHA256 eaa1de84b1feb6500fa00eda538c30145131173dc58c7476bcd030b598e7829f
SHA512 d156593ef8fa20d2513fd4cce8874f33e5fad8061437f610726468ba27d55c80cd5f50f6a4a1092d41ef2254b78ea8715a02577a3d00560a5523f5dfb65156ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 565b6806083d91366e1a30ec40f38ecb
SHA1 bd53273127289c235b42038849ea28d804a6e4b0
SHA256 8c7276e229bb9b18738181ca5eae13d88ed05b3362d91f4f119f308f243cbcc5
SHA512 2db74ff3303dde7c22ca40412da1947f0c2828a5704067d5a85c7fe611757ece87e785f6c38dc4d8a0a190563a18971dd7743db5832b56316fe3642d491c3994

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 789908cf0a12c1af5637cb7da7552d75
SHA1 f91e29d2424154da3e7de1e1db1324f097fc747d
SHA256 5c1948837f343f500229f038759272c2b0ed220eb05f10f004c730d4073469af
SHA512 a11de0e95df84c0e11190602145da76614b587387bd008f7a1f77e523b393a53185d931276dfe1a224f5652e6da17c358c7a119a57b38a9ac15c1de9d52d79c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 84261cddc9308fd2bc848278d106a329
SHA1 e721f03b1c8a3aeae84aff455fc85508fb4b96b8
SHA256 56f4e76d5d2b8532cb49a260cf7c38f52b44eadde610260edf179f63a79027cf
SHA512 9c3af9e50bfc73ca43843a2e9939a117282904c51a89cdf5e108d23c1f81441e6d2baaa7ada641e3ff7904a8db9e22a9ca75c3e13d6501865a5fe3e8574e3ece

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 184e57a4b8a17f8550cb3f794b200e86
SHA1 3f6d67d285ce1086ff02117c83c8a92f90438d2e
SHA256 a16c636cbdadc07448e9ebb9c070bf487cc14f4d734854dc729a3b8ed7ffd1bb
SHA512 39c8f61888dd8fb5bc80c7916a69a01002c356cfee6ffd323a7da0fc61f084d954c6deac5eb7b4be3e3918ad7d7ed0f24f1e5fd4e5c121411b5d2d0d41c15147

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ed027c2854ac6f7c5b0b7082aa7ed78
SHA1 c4a00541bc0e583651f5e56c7dfc10207b3ec053
SHA256 0b0a15e0a5fdf81a07bb24007175b6810197d8df5998624f0f404a8fa44163cb
SHA512 acc62b0b676e9113ec618b19c9c130d92de1ad074e6756809a158bacc1d66e789cc649284b109f6892d25643d77da3ed75db00af2fbdfbba934c1413a8d2b1bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 70d6b681b045af944675d3179c20a1c2
SHA1 416fd1de29e664ef83eb1be5f7dad516d862b7f2
SHA256 0eda54b0c56e241d5415378eafdab25e6bb9c6730f730f3c0eaf9fd400744e31
SHA512 a92f13022d3d0b90f6f8ba0820aedd673a345a5f4dac27c418a1dec55a432aebaf56b45ea9790db57281bc851c9e637bdd8e1011e4b5208bfca4a3ff61e2ebb8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1dcfe863d3cd49d64cdcac0ecbf7ba69
SHA1 62b3e97753bd7e2eaa99962be3ee9d2f8360a2bd
SHA256 03071c3f15e75fc2837ee933b96212501a93aeaf755a19f875209996e66f7f32
SHA512 a3268802489ba5f09d269e4f0232dd81fd084f2e1a3757d9fa93f21865d153cc7fc64ec75fd2392533b9a45980581a537c118df2e18471a3c3da9c8d90a248d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c4cf9427cf74d480e213df07f9fafa3a
SHA1 e56fbd60a3531fc4c16d1dfe18f1b3cc37d3840a
SHA256 1b991251c88a1971abea76b86eca1f2b3242cf797a20c625ea31f294228cdc57
SHA512 4260b908dde4fc89c4ff837290676bebbd7df0746df87aa26a9258c51ae1f995cd9a92867100893b3f943ef69e74b80c88708c7fb59f6d588c478d007afd8214

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d90d9dd82ff5ec97fc3481c0b0b71709
SHA1 ffcbbb180715e7ba555785280f468d34f81df90e
SHA256 5a0c2e0f10cec7e5401fc6e668913c463bd4d73072d09ebc708a2e36d0567157
SHA512 dd3aae86136682a63164de9a48020d95f3775ace7019be61364097f1a9ccc1878882521b8b15ae42e5b3fbc1e79657185fccd0585bb7bc734189e8d9847490f1

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 22:06

Reported

2024-06-12 22:09

Platform

win10v2004-20240611-en

Max time kernel

147s

Max time network

149s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a29e450b8f485e275d2b8463e31f93e7_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 328 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 4440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 4440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 4552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 4552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 4552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 4552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 4552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 4552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 4552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 4552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 4552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 4552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 4552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 4552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 4552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 4552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 4552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 4552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 4552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 4552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 4552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 328 wrote to memory of 4552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a29e450b8f485e275d2b8463e31f93e7_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff86a1346f8,0x7ff86a134708,0x7ff86a134718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,3088924697755387830,5293009170436643370,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,3088924697755387830,5293009170436643370,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,3088924697755387830,5293009170436643370,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3088924697755387830,5293009170436643370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3088924697755387830,5293009170436643370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3088924697755387830,5293009170436643370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3088924697755387830,5293009170436643370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3088924697755387830,5293009170436643370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3088924697755387830,5293009170436643370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,3088924697755387830,5293009170436643370,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3472 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,3088924697755387830,5293009170436643370,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3472 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3088924697755387830,5293009170436643370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3088924697755387830,5293009170436643370,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3088924697755387830,5293009170436643370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3088924697755387830,5293009170436643370,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,3088924697755387830,5293009170436643370,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3164 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.konthaiusa.com udp
GB 216.58.204.74:80 fonts.googleapis.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.179.238:443 www.youtube.com udp
GB 142.250.200.54:443 i.ytimg.com tcp
US 8.8.8.8:53 98.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 54.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.200.34:443 googleads.g.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 g.bing.com udp
GB 216.58.212.202:443 jnn-pa.googleapis.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
GB 172.217.169.46:443 play.google.com udp
BE 2.17.107.122:443 www.bing.com tcp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 122.107.17.2.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
GB 142.250.200.34:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 200.201.50.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b4a74bc775caf3de7fc9cde3c30ce482
SHA1 c6ed3161390e5493f71182a6cb98d51c9063775d
SHA256 dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280
SHA512 55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f

\??\pipe\LOCAL\crashpad_328_BIDOIUGLLQILBMZN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c5abc082d9d9307e797b7e89a2f755f4
SHA1 54c442690a8727f1d3453b6452198d3ec4ec13df
SHA256 a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716
SHA512 ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 34fb249b6898d3eaa87dcc7376340631
SHA1 2043a1f6444742b50a5685c4dbdfd09b9fe60ae7
SHA256 a4d26adb314ac5460a8c57ce33cd8de8165660cb62882f48052f1bab54dbee23
SHA512 713a284764cc281fb9247a460dcbff390c5e73b9f32ac819631ade064c1e99ba4e48c6af50f15fdcd5b59265ae0981a0d4dc86207578560e3c11e9596dfa725f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6eab7ac6589143568b940d9d1241bcef
SHA1 11eaeae394ae399fd272c102fbfd3c359be60d59
SHA256 9500ebd560d2458397e1d59d0b012f449d5511e10f2a69fa0d395ed20e4bdbf8
SHA512 f0e550f4073408e4e2a665c4717063a2344aafe276de35cdecb108b53157ba04d8df952ff7686e75ac4a9673070787c422cb03e3102511aaf9f9e9bc0995d99f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5399c4b59759ad8d353db809962d1965
SHA1 2765821b54a15198598d1e05986691c6a7da0203
SHA256 13d491c14497be1b6c7d1074269cd510cdb15742164c301b448dbce10e5baefe
SHA512 9a4cbf6678892084a454c7307c774f2c2f51c0f2364f3840d04ae532a48022939a8d08ae2a32429d8b4d9631923391c78bc58a041902d70c9ec2d623733fd62a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 dcd937023d4ca858d35082c2d66aaf20
SHA1 14e891ba8a86f0293218d5f2dfb686b17cf0ed43
SHA256 7036a0c771bf6d64078594698fa7a3d2a0ae5d5757e34b9c0d3966bd5f207535
SHA512 0316cb3512a086fa99be16ea8a17d224b024b64c27b261add0b05042876f3f39293cae096519df0d515d043421f60f767d408142dfa79611f99039778ffaed80

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8cb02c30afe6127a2019390338f8ea10
SHA1 e125370acee253789d435ac8bed257ae2f0e8f6f
SHA256 bafea7d9d0ad3cb8593ec128f83f365ff8df17d27cc309572ffdc7da440cec0d
SHA512 03ab3a72c0158725362511337ce603737eb714d10819fd46b84321b21ee4873d35d077188eda6c4e13fb4ff18cf092558f3779e4bc410c0718296a7c82ab66dc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d479d83415a6de3fb9ed3dd4ef34366e
SHA1 787d21ac6dafafc45d3542255e7fac6ed1628eb2
SHA256 a9da7a07742239413abd78ecba75dd99a60ae20dae2079927ac180cd2bfb8e0a
SHA512 06f3d4d41f8a6c0ccc34b35616e6d8c8f8a51dd004a30f83eaed8f4b745c71c11e20a550a3b256e0f0d3ff50f10f749cffbf750217e2678744169ceaca0a3bc0