Malware Analysis Report

2025-01-18 02:06

Sample ID 240613-jed9gazaqc
Target a472b54fe6337fb051ca31754469ff24_JaffaCakes118
SHA256 ee687e8cab5132988304a7bd7f3df36ed57bba2d41858320211aec4c593f2bd1
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

ee687e8cab5132988304a7bd7f3df36ed57bba2d41858320211aec4c593f2bd1

Threat Level: No (potentially) malicious behavior was detected

The file a472b54fe6337fb051ca31754469ff24_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 07:34

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 07:34

Reported

2024-06-13 07:37

Platform

win7-20240611-en

Max time kernel

139s

Max time network

146s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a472b54fe6337fb051ca31754469ff24_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6150" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9298" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "13464" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "15167" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "2720" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "3684" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "2720" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "15167" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "13464" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "2714" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "2924" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "2832" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "2924" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "1984" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "200" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "2924" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f039414664bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "2832" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9939" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000ede1e9d266199935f91aadf6c54d6ff1c3c7ec9ef7bed48992af2d4271cffc23000000000e800000000200002000000060fd11cc8c8c9d062aa9937134080e68553345327cbf6f8e0a2f5d9e9c7ba7569000000047eefe8b4b23ce8714b2d5b3e29517e32871fff9de0ae73581d0820f2c5ea45b2b35b3a1a1b2affa3518b7aaf2a2ef0f3cbcf89cc3feacb6c0784a105beaf7c101b4522b57d14466848c626c1179ea68228325635c1f3672affbf099733f94d3425c4b2b817b331ccdd8cbcedd0ade4bf4ff8ea729c12c898c0073d157fdc08e6b67e03315fbbe818b6f00ff7ebc6c1e40000000661ad7f846306f8776755663e71ebd286d418e3c75adc0b7da39b0a15fd2cef366faa3994e2892e4b3c9c30575c309e39540d26d3aea29f9f0a63739f6652bb6 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6068" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "1984" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "9298" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{660C6A71-2957-11EF-BE23-DE271FC37611} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "200" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "2832" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6068" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6068" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "13382" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "13382" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6156" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6156" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "13382" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9945" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a472b54fe6337fb051ca31754469ff24_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2540 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.konthaiusa.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.200.14:80 www.youtube.com tcp
GB 142.250.200.14:80 www.youtube.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 142.250.200.14:80 www.youtube.com tcp
GB 142.250.200.14:80 www.youtube.com tcp
GB 142.250.200.14:80 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 216.239.38.178:80 www.google-analytics.com tcp
US 216.239.38.178:80 www.google-analytics.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.212.214:443 i.ytimg.com tcp
GB 216.58.212.214:443 i.ytimg.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 fe0.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 9d8598b89ed3a2d1ae00f451d56d33cd
SHA1 7876e4faf4f9ad1da1d245d53b6e7f619cde6c46
SHA256 ba7afc098d6adbea38fa77d057753ebe23d9e9c98cbd5bf2ca5a62c7df6d4fc8
SHA512 8e1ef8846b24ab0efb318c57aec1dff6ef0f6175ad172a2af0e9623f128f8eb1efb745bee2578be031b975d4a67a6e39f714f4ecaa30861f7b74d820ede7adab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 cb85f3fcf86ef0de7ef258539cae87de
SHA1 c73288fff07885a62f8c7033b348863ed3b8cad1
SHA256 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f
SHA512 dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2

C:\Users\Admin\AppData\Local\Temp\Cab828A.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar82CC.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_89FBEB9EEBFF8AABF1EBFA20B87AFE7E

MD5 60c593c796591612a55accb66d6448da
SHA1 816aeadcd13ae6c0829aee7c247b5dde70c7af95
SHA256 0a7ef74ec7fbf8eeee4907e58fe82af1928e84c8585a1684c3257db3ba58f40d
SHA512 fc0b1b8d6d428ecdeb395894b6eda967b75f1835a81fa436abb6fe8b3a0d89b5bbd45292bad2eb5531155b4da048ce579b57b59c94338bce58501d60c8f4b176

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_89FBEB9EEBFF8AABF1EBFA20B87AFE7E

MD5 d7850250ec900697da739acdbfd65728
SHA1 8b685be4a6a99a62fc13d199b32991cc668cbb98
SHA256 5a28b7a46436866c7483b7dd6467aee4671fdf4828184dd38caa1884f289d2bd
SHA512 85d77daaba8843731f7c2540dcc31b0522244b3c8ead0228749b3b90666d2c73a643eaa799f4e820b486cdbdfaac51ff12c0743060bfb0c069e645ee8f533f5d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3a6d6aa419a8545710ceb4cc4691422d
SHA1 b4a744372ac0c2f94a1460384003b700245dfa73
SHA256 5f0dfc6a0ce81d0310e3fa33ddbc0d28dd7faa0b13fc494beb5f0e742ed8097f
SHA512 249ff98a0aa85532bf096bf0c4e96e69dba0307ebc8907d98deee05de93a682b11c55571d82970065bbb2bf22d554c01750d947d3ca48cef44d1cc76b4ec2034

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec022a65a986036cc7f8cd7926929b75
SHA1 e721feb707662939475c7234571c45be19fc7c7b
SHA256 627772ec5da48c057590559d2e724d08b64e90e478d80ba98ac0906c10218f57
SHA512 50953fb7e8758ef82e0e256cb0d09731fd2864aea1be1c226db816c497caf9b5ac16431bb084e957e8528061a0cf899b064d3ca1471be4acfba1278afee69b38

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\www-player[1].css

MD5 69958caec43c10f1d36a71ce83ac69e8
SHA1 d363274a0f568e4bfe98e978eae59441fc17a1fa
SHA256 d24493147c49a7b5d1a21c66aa87d11a0c976cd4e9392b89add880139aa2b1ff
SHA512 8a57bb5c5a1f7a91057493bad34133f7a2da0b7322ea84638a82e4df13045a584b11a0bc5beb90c018e9d5fecd323bc73cb35e2c322804ddd74ab0e4967bb84a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\www-embed-player[1].js

MD5 8940a491297381a0ce25360e21b39bb5
SHA1 43d7a4157e78777fc024415969c3a7bd550a4322
SHA256 afc766cb1c4a339c40d24ad926f05e8b4927eed7532b876291d0bd19adc9cf3e
SHA512 5772d7e7485db888676e69cbaf4c88af01872997338bc61e8e0344d5dba208c2909e167d54d8edcb782e17d1a2b4e9dba955baeb0ad0e43ba932b3bf25ae7dde

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\base[1].js

MD5 cb463df0a090cdfabc77af2691141830
SHA1 e3dde6a1f5c4803e69839154013496a781137473
SHA256 e09e2e8a3cfbcc88eea12d0b17161e1f2c8c75f1bb21100829c09f9858db3f24
SHA512 099374f7b03a4635390b94525105884fa101d93a583eed0d92def7d2de3199d2bd57fc63d885e8e9af0863db40cf521d2fb770eb09400a4c6285f7c37ad88e8c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\KFOmCnqEu92Fr1Mu4mxM[1].woff

MD5 bafb105baeb22d965c70fe52ba6b49d9
SHA1 934014cc9bbe5883542be756b3146c05844b254f
SHA256 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed
SHA512 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

MD5 de8b7431b74642e830af4d4f4b513ec9
SHA1 f549f1fe8a0b86ef3fbdcb8d508440aff84c385c
SHA256 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a
SHA512 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XQ5V20Q6\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XQ5V20Q6\www.youtube[1].xml

MD5 d1d04982739ae2f1c1278a4d15a98dbf
SHA1 fdab122a011216efea4506dbe45f0f931539ed9b
SHA256 206aa3ebf8dcd8578e7a80b3656164a715267799a577f33802a564554a25e62f
SHA512 64f69b773bcabce6ce85c126830732c15737a430905278b5e547a1d26edd176f8df0ada0b1f5ef3e3d34b8eba51fdaf4336121519c92a039156cd7c71dfa00c4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWTP8BNA\ad_status[1].js

MD5 1fa71744db23d0f8df9cce6719defcb7
SHA1 e4be9b7136697942a036f97cf26ebaf703ad2067
SHA256 eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
SHA512 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XQ5V20Q6\www.youtube[1].xml

MD5 065353d744fc3f731689c621137f60be
SHA1 48dcf58a2d27a90e22a8876dfa523e6876932bda
SHA256 4b2d29bc8310340cbfbd4ce875f61f6363ec4ca911bce40b757f5ef8197e2155
SHA512 63bb7c45334f6812f9c99afcd2c7c495a01240caa22eee6d57d30224555b2cc62790d8b4e15660cc9b7ba31957e14a3e39052c4186c84af65ddea7bffd4ca59e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LT06Y3\embed[1].js

MD5 14d69fc9da4a63c8ad5013b3d3781842
SHA1 e0272f8403d95fd27df22dff5fc014e2ab5d8a3d
SHA256 e2a5632fec9da56d272ccdea5ecfa7000dc70659673c52a11966802e37a2140e
SHA512 0f85c67ae8969570f6cfa4d265013da7d4820ea11349b11b886d480d7d78df5c6aa1e7484724d6b21421db18678d22bae6d478d3d0e35506673fd609805d1976

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XQ5V20Q6\www.youtube[1].xml

MD5 5abc20091156d5f29b1ee7a12eb262f7
SHA1 185ee29a902a10a134e11dee09ec3e4eba852205
SHA256 a74176fc79224af5dc8724efb98a5a920832ad0d2155f720d72ad65f2d3af51e
SHA512 d39c1ade90fb34c08bb3408024f1cd0365782bd7a48b4e94d26677cab933433419b41cf12d7f1c8d098de920c5df94e632f5495b76840d8afdc5e6150081141c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XQ5V20Q6\www.youtube[1].xml

MD5 05e2867d8a47e92e6581ce151fb31a5b
SHA1 cda4da06164fb9a25f7e216e86342124988d0f7e
SHA256 613e2687c3adcb402e6b59389bcaca5a7f458766e5b72393387f49ac011c3ba9
SHA512 dedea934e41ceb334c175f471b54358572a164eff62eda239042acc05d57a546c936f303c7e91dd59161491c6835383a13ff1713c9fc620eaad99b7bcb436fbf

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XQ5V20Q6\www.youtube[1].xml

MD5 38bda5645d2b238f44e765c14238adff
SHA1 eca8f6d07f8fbf280989093a213545a243314ce7
SHA256 127336bf636cddeefc520e0c0d36a3570db1cdc4e2d73121126456300d7a45fd
SHA512 719b95220400f8c52b20edc29e6db479cd52a5ad188a8baa3a0313a4afd6d252f95f654ae0e1f7f5586059ff721feb4d820defd52f34b45d56e75190136b2b74

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XQ5V20Q6\www.youtube[1].xml

MD5 061813b618c558e7f15d190fad7834bc
SHA1 bd320162a98464858472aa5664c9216f30dc3bd1
SHA256 5d71d2f98a6ddfd58f0be31ba9511c85dd55ace1af0f0c598f3ce30215f701b8
SHA512 ca5b0136c32253e68b0d9fcf0b1c4716d454001d0191203b515d0a2c488c7f518bf82d433a68eafa5666ae763c5d8f5c3be7823be5c974f8bd3276d07ee70c00

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XQ5V20Q6\www.youtube[1].xml

MD5 0ed3c2273254cea2a60b68306c7b28a1
SHA1 06897f96eb6012461d18bf206cf724146c545fb2
SHA256 dd0d950dfabe9038c5c39d6218947805a1887cf844b22430193c2126d5f480aa
SHA512 9968878d823c02e036f2f929b6d978d15aafc78b66a5300c28471fc751a6f75fcc37adafe60390bf64027c49a40fa2f5b94323fb600d9dd72687113dcca5f452

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XQ5V20Q6\www.youtube[1].xml

MD5 0cd84bf3f34aa845cd6e83f1a08083e5
SHA1 9b6b09462afaa611fb2236793261f17438826724
SHA256 6dafae77e4c6aca1c993f2d2ebc7dc914083a63458d3893f89d6c830e8eae904
SHA512 66580ce24b6dab0c27439a9aca1fcdeb8de97697b61ffc9a213a55880701c2a86931b343973083b4f8c8753e46d53fc85ca9b423e589dd949fa7a417d53b6452

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XQ5V20Q6\www.youtube[1].xml

MD5 469029a92097a5c34d7e5940d7aa6f9d
SHA1 0d81f2f337412c003dafa826cafd307819535e2f
SHA256 e4616bf841cc5de84cb474e285d26d2d6bc8ffd7195cc54b075d731cdf8282c0
SHA512 7b9e386456f62e7b2f41e99e9f58291ed2c2cc073395bd59141ab8990a1ead53973339b071e9a90725b8857d98860d1dc1c34d8306a95a4b51b686b811eece2d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XQ5V20Q6\www.youtube[1].xml

MD5 4be966b0f12122d2b4cba666e5e9bfe3
SHA1 bdfe38651881080af5df9ba182aded9922a29d37
SHA256 7bcfdcd2aca60e7aceba2231352e029aa69c599c6e96619aa3a9c43d7a2b0991
SHA512 29e97ef0d12a9e521bc8c741ac6861c1361ce6dc2297b054e12f79056c6d4818943ecd6cf3b50c2cd1ef5fd870350017aa3d6de14fd236e9e7c070aaf76ce7c1

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XQ5V20Q6\www.youtube[1].xml

MD5 feeea0c737c4480352c21c8f03c21091
SHA1 0635a32a12dfe028929c4171d55926a47568dce9
SHA256 c6821d380300e860f890f721bf7f1f44102b7b0ed68b1efc61bc851615f36c5b
SHA512 486ac83e5e2613eacba4792a53fe9102af071ba692bc5967bbf3c2bf6361f3d41a47177785fb910f3658a5fe2d381ac6c4b2af448613471424782c5ba67553f8

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XQ5V20Q6\www.youtube[1].xml

MD5 5eb9d475f88d27075393ac5ef48b80a5
SHA1 dac6eb749606af6c89b8b73591c161ad459d0b5a
SHA256 bf576395531ad86f9a3d6a7666f42540e92caa607bf9e2c1f528cee1502d5651
SHA512 49dcb1be635cdacb6062861f7ebdbfcdf5039c5d3526af58ef912819bcc6b74e41c7fb13cbffbd29a84f5e7e4fcd0c8f3beed85e9b6bf61a449a5c061d694b14

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XQ5V20Q6\www.youtube[1].xml

MD5 0d9d10c27f659818bfc0b297fd534988
SHA1 322647753ca46d5fa7f45b46b6a0c8e08530b5bd
SHA256 6dd7e02f7cde77b1b2a9b5e2b7a68cfb82b888be2201f0d3ca3ec7ec2273cba3
SHA512 a6e901fbdb9dedc081b0cb343b3e06a45f741d95fe770aa430af0d08fb6517091882208d9167d7a7ee07ecfe169c67addb9fc3d50055cee9ac7b896f13319882

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XQ5V20Q6\www.youtube[1].xml

MD5 db33354f6e4b388d0d31035a6a92e34e
SHA1 3b3709374bd9022fd9f6bb9dfac2b0e84033283b
SHA256 0c9f99d68dd4861c46e5e5ddbcb03344fb750146daef3bcc636b24070d6d1f81
SHA512 37f38ef3130c6106114167348d4454b1d5778df91f6e08dc1369d6d3a67795774e6483fdd613a19e6151deb992549462931e3a685c8792271bea1f13b7747048

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XQ5V20Q6\www.youtube[1].xml

MD5 7be970a3ac504d457387e2e0902d2502
SHA1 3751cb638ff26a64484e8befb631b06bbc667e60
SHA256 92555058400013dea0c840eabbc7bb1be381c042b1adfe0955f28a4b8b0a3f9b
SHA512 dcdf86312f5e80d508d93c3a01faca7fd381df9fbe35c1c8d3dd2d303419387bb35e8e2de8a84f0e137672c5faa72e7ec45e1e2ec968803cf547e4bf36c3f677

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XQ5V20Q6\www.youtube[1].xml

MD5 6d1f517af1fd47c26b47cafd19123226
SHA1 1312ec84f4c1da66e34f74da4913c7bc7f1247b2
SHA256 a6dbca5d49fca5f593cdfbf9bcfae28718a37ef820006909b277e8110bcdf4de
SHA512 b1d8460b83d6b52cf81894d3922c76aa6c59ce3578dd82b1223dd639e7f59ef50b7cf2dfd720481c1b20c1b2ea18e7b8ee4545a22c6ce708cbe06b68ef565962

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XQ5V20Q6\www.youtube[1].xml

MD5 6e5592b2508acbfa44d41156cfbb83d1
SHA1 18ce01cd925c56b40cd52b55398d864a05f06664
SHA256 0d9add63c6fb164373fc8e381c2d5aeaebb71f04128c7005414ecea0a9f882bb
SHA512 c66f751a0583fb64d935369ca3efd34e0c5bf4a2b88ad66f9dbaad83eb8429bd7c57c8a7914145d9cad83da4fd697ad2dca02d2c9a95fa9062728fdada5d4d4c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XQ5V20Q6\www.youtube[1].xml

MD5 32fc1f119dde3f82ad1beebf950ffae4
SHA1 8fe2f6a7e3ee0af1835a056ce4d385a87cf884a3
SHA256 7913a2ac1d66eacbc291a6810fb488254aa9af61de6f50b95f9d5ec319d5283e
SHA512 888cdc076d702548bc62eb7848bd903e0efcba4a81461f2d2fa128bcd0213e0373d725fdc81ed7776b3621275183a3b9aa3bbad0fbbc74e5a7154d89f0519f1e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XQ5V20Q6\www.youtube[1].xml

MD5 94fcb11af903c76d12ae34c9c97c815a
SHA1 276f362b4136b6a5ded33c1ce13bfbefc1b0810d
SHA256 dcf6dc92f4a2d0942878d04a3c1f24c496fb2fdd7c9d9efc66bcad27e12b19bb
SHA512 7ef44523c9dccd67d410d92b64839e844377a6d930924faf13c02f84280215f94936a791ff8ad10b8765e412062d2d4d9cca52f47363d65a3e77ff8fdef96d90

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XQ5V20Q6\www.youtube[1].xml

MD5 4e8bab92ce7368033adc54c4dd52db8c
SHA1 e32c54ecf388937258e9669418c74705d456f624
SHA256 65517a0dbdf4391ad9e7e218b4cc1bd2919cec6c977437fdad762e3b54dec20b
SHA512 9b63b9190e9ed4ffad270f450813ce6d1dc41ad7778df81853a7b17d2feabcfe7577bf26c7de2f3d4397b38ca4f254b0a9e7cc1032cf1cb84d0b182a9f451914

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XQ5V20Q6\www.youtube[1].xml

MD5 3d54925f540aea8fe219fba8e75282c0
SHA1 4c0b43f277a6f95a7f20447e66a0bd6a6e96e5ac
SHA256 0c73f1ea8fef23b55bc81981005e4bd90e68062d141643d0afc7d50b5672c394
SHA512 92cd3ef776d00b59511e9c33e76a2fc8e7b7a21b52e93fbfb6dbcf035bbe6dcc9b81537712b4e252edab04618aea133e6ec25f6c7a7b3e1eab42dc28fd7124bb

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XQ5V20Q6\www.youtube[1].xml

MD5 45ee28d0c9f4b872b44fb7a376fca8df
SHA1 9a50d8f3933d4bfe9e9e83b2c2e4c328dd18dba1
SHA256 8943eea8a722341c7b623168cc344c40780f98e9ee79cf8a2e0516060dbec669
SHA512 e5323eca5a76c07b1c3527d65689c2c7cbbbe406ef9cee34954e8b1bf59df81174417319cf779cfbf89df86119a107e1a0966dac23def600fb813ae8278b7734

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XQ5V20Q6\www.youtube[1].xml

MD5 8129e6c12c64090995b1e973b48d379f
SHA1 0b5878d0c4864af1113a5992cc624050a7211eba
SHA256 ff7560c62a4c3e1d70f399b2fceab48b9aa99a2abd11b3b31323200b24a8c99a
SHA512 6eb4c20e1279abd53f14387f8abce42fff2ab716539169a9f77e6b2fef35b8ea67b139be5a3e4748f430180f11cbdf8c5120f48102fb3f04f59e1919a6e2baa3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XQ5V20Q6\www.youtube[1].xml

MD5 e2e3bc9ee3221c39a3f4ff534bd5c5c0
SHA1 89b1723100200ca02f63cb3f22e4dee773ab87cf
SHA256 e0558a0ce2352eb1ae3f4ecd52bd3936bc12176de294afca8d5c7c4d82f3566b
SHA512 f5cbfae48238edc26bed376005d3085e4ed5dad10c388fa3671c8b5621f9c1f3e3c6189c4c2135dc15c6c0ed1dede06c0cfe20b351f828379cc11f822dc16eb3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XQ5V20Q6\www.youtube[1].xml

MD5 602645e197e9b90976f7151e22cc2453
SHA1 a03c7f6f4d910567033b4e482d26553df4a657e9
SHA256 7ee6c9043a9ff244f1c6de485b7ebd226d06f6a5512fa90a772bd2229915af3d
SHA512 4735de941fce74b004784069033bff4e113c9e88c924d94bef787482a21669da7699751689ab800438d46beba4ee205f4136ac71bf3c17179b362a154f0265c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a54c15076d256533b46e116b2ac91953
SHA1 4332e7c5ab215803f4f2759819c89eaaec2956af
SHA256 7449a37b5744d7e229dac5ba1b568eb8118b1dd78d92b41207b189da347de985
SHA512 519effb924cf8bf890d056ca65cb6873977af9701e2bf39bf87fb735f4bb452112e92e153b11f46ef8c8d3dc09389bbccc5b66c29f15a3a5dcaa56a7fa2a72bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bb04ad5a0d961109bc9e5b0113224c2c
SHA1 d411ce5ce68ed43deaa813871eb00b7f2809cb83
SHA256 d89feeb51231bf069a620f948fd9a4bb162261751bdde2a7be9fb561e9c11d6f
SHA512 5403f66fbf8f03bd192949d77ee813d93f841587e8243e4a85a40f18e8ebd9b5debf86aa7dcaed40e3efc5963051173c62c1e5277ef99c851a82aa57c7a85289

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ae3cbc9b8a8dd96f7d8c41a468ecdf38
SHA1 df8d005c180af38199f8b520da8790f96dbc4c2a
SHA256 c74c74f2d0d133a16668195faaba71633eb2dadf67cb1024e0fd0b812e08df96
SHA512 c4e5fb4d36b7fae63fb52911b22b0b8914255d3f490a93ec2240d50fa6757c37be3361b86c4e21b976a466558eab025cd77e382c9116c9ecede2b96a4938ed31

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f279aebb816763e458399a070695546c
SHA1 c5fe73375634980ab35ae07832c60ddce4d70ed6
SHA256 46a3ee91c470c8e6c414e8e2bd9d77700b4afa49de173b81cf0e71d5b9f554f4
SHA512 1d2f7078bb8fb95da10d89b94db68c29e047b66396e8cc76b0fb4a6f5d412fd00c14f852166ff3fda8ee1fe826affac45386994ff1bf81f2689dc6d26d9e3b05

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3fb7f2688e9dd517bc0491d9207ac8b8
SHA1 114af28605bab0a7771850699cdc36a03ca03786
SHA256 8dd8cc0664674071f0ba6b857a3a41eb37f7a73b855068b0fd2ca4e2e93d2520
SHA512 4e5327c760b3e0b378ec15ed39a9457ead2a7d505a2cbbf31b3ec963b92abc2cf629b7e3470dfea23fd8d436bc4865b1f08c3e13223b02b7aeba0d44c07a1b7a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ad514c40bccf052040bc9e0030e6b656
SHA1 42f28caadee51e5dccc47138098c64c27cfb8c13
SHA256 eb8a02a4a9a598987b5b14a8de42dfedb09bda8dd6760c6b4b1b4d2d083d05b1
SHA512 784b4e0777e3a7a2fe8c335479948cb3abf4ca14eb6d507b7a93aa8ff056e0f627e6827ed220ec7d1d1ee5f0f1e6921e273f68a4791f04b4bb6b260fa86e3307

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cb1f67347e939c8a3dd88ca88843de11
SHA1 3582e659d8ba52c72b53bac158e9f4d2a2958556
SHA256 bd20d454a8d8a76930a34bb29bcf08c062fd881d025213d7fb960f4f689f0fbb
SHA512 d28269e544b2bc76e7385fe0aa1ca95c75e28f5fc1b4b6bd6d0f843c0d1b5222aacfdfbf974df4b1a870661701fe32292aff5f5877924aea221fe477a8583fae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5bdb7908cea6bf0b9057ed6e1d219cb7
SHA1 2e55f61e7e966fbeeba6655df81bbd788605cbfd
SHA256 0260f7693f2c1eafd4d470c3d45cdc41d464e7efc4e7c3fbcd6ed7e1927852e9
SHA512 62206b4f59935c5c975e61a0e670ae8927ddcb42da6fe1259f62908599dd48ec51a4922bba9c5932d106ff37392ceee29ce87c85e826e18986fceb5aaa97dd80

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XQ5V20Q6\www.youtube[1].xml

MD5 1940c73f9d9c172998cce71cfea858a7
SHA1 2871f19a11613712fa8684d42a402db3652cbbda
SHA256 caa7b63355e0c54aa8f6e3694ccf72f65d2c23d3ed9d4db56657d436c48b6126
SHA512 b2873ff95cfde1cab258da43c0c0299fc74939b7a7a25da3cb0c054839810357eb6ca613f4dc3b0de888cdba2f7223706f143e491fa8eb37d31c025909439eb9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06378460ff257c5ad9af12404c0153de
SHA1 223b288d3ddefc145e3553ba20371588d9759b2f
SHA256 cc5d84f61ebfb0f752af4e5c0c7c71895c6db0db2ad1df76a3ddf2f983eb9141
SHA512 c15e2f95acd8a270611264ff7aa128c700c95b769b4cb4d10716b366a586f738978760c6e306acbf91fcaa00e727357a2d97725856d7263128b86b33a5ea1712

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XQ5V20Q6\www.youtube[1].xml

MD5 619e0e34aba317615f7ed46fe8084160
SHA1 6f633d9131fcb32ef9e288105ff4d4764978c60c
SHA256 03cecc24ddaf4c040642c55a9ad05be81048176a1f05dcc717293003b2edf890
SHA512 2882525899f4ebeb1f52a9e245d96cd39d7cff0c6e19f7402576416ff31c532e04f142eb7ebdb1271ebbf537032fbe85f57cbd9b3baf09161ccf08d742bf0d1a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XQ5V20Q6\www.youtube[1].xml

MD5 15bdde3b66c50ad8716b25f327a52d9f
SHA1 6c9b97cf57bc95c02879bd5e039837b1f26a7a2e
SHA256 a2dfedc1c0fe35e1467246db093929aeadfa83071512804df90c9c932249fe11
SHA512 27aefc5734929d774a06799ff5b2d288a60caba47549b4c72b3f26ac35ac52407da79c6f8dc1c78cb5800087641af47ad0e719e6138cb3666cbb84fe2bb6328d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XQ5V20Q6\www.youtube[1].xml

MD5 e6f5e1a0c948fdd6471a3bb27d4fcec5
SHA1 07969c211ad982fcd2e0cebd751512ded6435590
SHA256 371e9cb2baf57169202192eebe41ecd2053770c312778c0b3d71e8e59c04656d
SHA512 3035d2cad2a864b3ddd141b8c5ed6d9dfd694805923a58d3bbae2969d53da2bdff4a05821bbf6d528d1f629620965f664498c49ae2ce6a1656ae98778d7d0634

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3d2b65f784be6265b877f7a4625ea8ec
SHA1 703cdcdb2b1d0a99275de6a41676d07984dac863
SHA256 9ac0244363ce617436d860d082c1d5cd40167cdccab5e790dfbd331a612fb69a
SHA512 f5b14d6332bcd36c4867e8235cca155c2d20d58404c2c17af18ffb480dfd13b32b4ba19f7df3bcd83b0a9c17e1d94556d326c3fafd7e43fb3ef0b856ef833bdc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 906d14efe19cf9d712fa61a5c5264f45
SHA1 e985f3f5c2ba60d30559c827010a7cbcef3ec8d4
SHA256 7c6e3d0318c356929a2dc839be4d28e6d68d4a8cbd438838ffda4c2258776128
SHA512 01e7622a3fc2efd872527b2011a570b161ee18fb6c4b2eeb0988473e076de02b0915b431b7805c58345f67ab40f2679d384faabaa74aeefd87d744685f673dd6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e22b8ff3e0d4a8ef19a29613676be72
SHA1 915b5e804b05a795fc42937f2fe05e96f6371a64
SHA256 6d2a830b38747e7e742a09d5204d278a2ecbe598c6b5811cac8c326cbdfd3470
SHA512 a0eb5a7606892009a1f7d03e8f9e869ce3b2016d852811a964b532700b8adfc164ef37a84e3d97fb617b9bc074953bd1d3fbc32e263778a1c61441fbb5c45a23

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee66bc4ff65c604859db61e45a889c5e
SHA1 2bd5c8a7f99ab0b1695d080f1ea29acb06931b75
SHA256 c192f0db1b9dbcd79689fa702740b5c08ae8329333a38f9990193ceccce0fc92
SHA512 afd40704af03444f343ee91413a7e7f7a92273319d361db6988b402866525771b3857d5f22ebe2008d8a8fa4a4e4b0f07ce5fe9c7a49f237a6bb0b826e8ce111

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c39da14bb8ad56d9daa8932b0d8cf8d3
SHA1 26d81631c47df309746baf12e89db2bb2a832d10
SHA256 187c17c1cefe849b474bfea73549bcb95b824c761a5b6ad4fc5dbf2b95bc5584
SHA512 2bb8600656239d04dcd662e9485e9ad6cf0ae7c48d78ae3fcb0a1ba8f10455d95f8a93ecd0564cad06007d779b09f51f0f886713dcd8df5777f0893d1c6060e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4ab55196f10c80ba71a68be0b45f4a5f
SHA1 0f189766e140f9fc3c02f2bc971a2d10b15b4c34
SHA256 dc454c671bbcf6309eee0b775b035180e086dc8d3c3d23a4106a64e8fbd62662
SHA512 fdd9a53fe913db0faa9cd4dd0420e7335c84ea0c4ab12adf3e6b9f22672b385b6500e4269ef929bc6727821241863e248a1ec0f5c5e8ab8ac41fc4fd4e9a7379

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bd8b24c4a70c9a6018ee1cf63f398e69
SHA1 306fc74090c5ad1efcbf9f2614eb62dce8b6c244
SHA256 5ffd443e2cedd0ea6bb45948ac381ef8d4b995e2569b256894d7cc19b88af06f
SHA512 967ee50fe771ee4dafec51517702c644ce875e11ff2118e6cc3470c7c919765cba3e4308f0f580befb53b16ef307741e017490575b4ec20eae20ec000a2af4cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 691840d473b1ac8a4627a67c9aec92c6
SHA1 ceb3f58aef277b8f9f08219d1631936282ee233f
SHA256 a48c85d4178e9163ebb6d9165c5d76809a6113deadf1a848fa70610081f5fa80
SHA512 9404966c5efdba5eb5d57fe7e6ca1cf482566dc84bd76a345cfa5d984955128ee54d37f36bf8a06dbfde5a227b6776aed2e2fb0d9fea48f6f1b441650327b5a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bcc56d4ff22a6dc629ac875deb63b512
SHA1 f8e96b13bfdc80a420fca6eb706f1ed4b62e0e70
SHA256 73e70841fde907973a8d430fbaab7bf38bd43109bd194231b8511ade19da1747
SHA512 b8b3ce0cd1bd4b2341610fbca8a50b512c62fd0fc35bffc8d7d6fb2c62ce3730d6714d4b9ecb666eee8bbb16b1d2e4293f7fb6b68d8c1dd6ccfbad46bc3e57ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 858e7b866710112e69ea0f2ea8b4844a
SHA1 ad3f5f5aa88ed6c91bd45feb8fed81fdc5f8be3c
SHA256 dcf1222c251bf64128e03615287afb4901e3bca26ecb34cc1077f47bb3846e46
SHA512 73acae3547449b0be57fa28a3119c713aa5d68418f4644e56e9f0ad0a69c5ea1c260abcb80d9c1b123c1f376e66b36d1925fcc2ef24ff11a7f8268e5174b1a57

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2e090e79683acacf77a9d0665e1011df
SHA1 e871b0d98ae7dc0cddbcacbd807ecde5e9b1f2cc
SHA256 0eed3bbabd09ecd22b32e182a6a089b4c27ba8a8f5f90f02a6dcfda91f1c114a
SHA512 5118597fdd34ab9196c0beb403ad89ca2b5c2de1d1e054abfe2c1b3a1298009cac9b0cb60be59d72974f472a54795f1b573af97047b36c5f95bf07b5c3d76ecf

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 07:34

Reported

2024-06-13 07:37

Platform

win10v2004-20240611-en

Max time kernel

145s

Max time network

141s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a472b54fe6337fb051ca31754469ff24_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3492 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 2220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 1252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 1252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3492 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a472b54fe6337fb051ca31754469ff24_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb4be046f8,0x7ffb4be04708,0x7ffb4be04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,7164093027731216734,4238160488745982490,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,7164093027731216734,4238160488745982490,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,7164093027731216734,4238160488745982490,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7164093027731216734,4238160488745982490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7164093027731216734,4238160488745982490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7164093027731216734,4238160488745982490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7164093027731216734,4238160488745982490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7164093027731216734,4238160488745982490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7164093027731216734,4238160488745982490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,7164093027731216734,4238160488745982490,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,7164093027731216734,4238160488745982490,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7164093027731216734,4238160488745982490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7164093027731216734,4238160488745982490,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7164093027731216734,4238160488745982490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7164093027731216734,4238160488745982490,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,7164093027731216734,4238160488745982490,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5056 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.konthaiusa.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.200.14:80 www.youtube.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:80 www.youtube.com tcp
GB 142.250.200.14:80 www.youtube.com tcp
GB 142.250.200.14:80 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.200.14:443 www.youtube.com udp
GB 216.58.212.214:443 i.ytimg.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 214.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.187.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
NL 23.62.61.89:443 www.bing.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 89.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
GB 142.250.187.226:443 googleads.g.doubleclick.net udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c39b3aa574c0c938c80eb263bb450311
SHA1 f4d11275b63f4f906be7a55ec6ca050c62c18c88
SHA256 66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c
SHA512 eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

\??\pipe\LOCAL\crashpad_3492_XUXYNZIDKPKIGAQE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 dabfafd78687947a9de64dd5b776d25f
SHA1 16084c74980dbad713f9d332091985808b436dea
SHA256 c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201
SHA512 dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c859d786f329c0f4a83715ef39797a02
SHA1 67a6ea90d11db6e343440e0df7ff1bdf9ff385a7
SHA256 f915cfa2fabe40edfc419388a369ccafbd4333d2dea7fdb6c61e0f6dc4016558
SHA512 93d0b56b30a00f177c79f8eea9e9c4a24120e54c39293560c5eecd41da59fff6811a414493f4196e48b0362f3faf2ca7b2195774d13457678f64cac9431d051d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\5f62f00c-8acf-44be-aa55-6daf2ae5072f.tmp

MD5 26ceb191596251e251cd12d104b85473
SHA1 8af608f1f1107efd83d390cd8617e0990e3bb4d4
SHA256 5d430869e990ecbaf7e22e35fc64989dc8c889ce8d1e3d2750c09c0a203a7a58
SHA512 e193ccd67af868ac5f72cb1cd133591267da16bf031f59125ba8f11c35d1971b622346fb6e266894e725cb7591c14fa6ba5cff0a2b217ab57451276b216334f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e02fa30361bce432aacf31cdba63f943
SHA1 4a2349444213e73a7c3a8943de2f63671ab8d7b0
SHA256 4a8b74090c54f10e4470b1af08d7d3eac3d60bb7389dd2b1b93e1a973e6afeb7
SHA512 67c9eac223e95c65c1d28c804f8c70267b7f113fedbab6cb0edd6d7b7a04df0be25d41f069b6ff9c2bf705a3fe662b2926d7d0828dd219c93da3cc45e357933e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 42328937ae6f05421e4e826538d65c21
SHA1 a11f1860dc80f07ffce6fa19d872a1dfed356d40
SHA256 bcd381a22533caadc3e550b4072dbc2ac592b57947e54ab1a7be8dff7beb48ac
SHA512 e63289d776c29847ed4fe5636663ad8e368feab47a3314dee96acf70e3f9d761f332c48a53a36a4569ed2ebb90506a591688e0a922d08157938917a7e71e95fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 cba7522ad485a44f88e8c54c8d6aadef
SHA1 3d3ad78282e7e57973d93c02ee43eb9b7a115f12
SHA256 4faed60f3b19d144e1a1235063e130f5d376c533873ddcb3215e43ac63137244
SHA512 dd0a5ca768a66cf2d0fd0dd9a5fcaa4494ff5def2958193b2b065fc7dcb8334fdec4f391165e7118ca0d38742897ba5c73d71bfc578f870247ae12208f86df15

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 cfd719be4319b1878164346dd787469a
SHA1 a1e1182cdaf5ae1c954b5357698f3afb78d831a1
SHA256 653a7de95d2bc41f97dc443193cef0861f9a80f307a9698277f1522fac816af8
SHA512 130fc3904f2e8033582b66201e9dc2b5ab03a67ac59f18d0b1fb80cb581474a6e7e226834f4882f95c52b85ea6058753eb52006b1d0cfc5903bda3988d3e0a19