Malware Analysis Report

2025-08-05 16:29

Sample ID 240614-bdvk3aselj
Target a77121ad93ea9962f55e96ca0c6e10fe_JaffaCakes118
SHA256 a66c85eff0d0f2761e3690b5d8ebe257dbd539686f9e560015dea8c8b3bec602
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

a66c85eff0d0f2761e3690b5d8ebe257dbd539686f9e560015dea8c8b3bec602

Threat Level: No (potentially) malicious behavior was detected

The file a77121ad93ea9962f55e96ca0c6e10fe_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious behavior: EnumeratesProcesses

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-14 01:02

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 01:02

Reported

2024-06-14 01:04

Platform

win7-20231129-en

Max time kernel

118s

Max time network

146s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a77121ad93ea9962f55e96ca0c6e10fe_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "200" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "5550" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8191" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "2965" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6895" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "2965" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "5632" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6895" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8191" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424488837" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "16161" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d0f5c6fb32820e4aa42e1e9c660671c400000000020000000000106600000001000020000000f3dc88efcf8201e93168924ef36bd0e6711a2fc168c06ff89547c10a7ce759d0000000000e8000000002000020000000874135668383206e5dfeedfb613e85f3378dd6a5b5586d14be5193e00566ca9e9000000080020fdb6c2839c788d3f3e3f5457bb7ca78f0ea4a2b030a600a73147cda5514e1707b05fc80873d99f78cc8d6ac2106a1544b1c0e2834df825f5b9751728aadabab2e236ffd13f2230d3f451c92aa532604ea10da09f444a2637d42cddada78401123b687b5d796c2f4c0939e0c5332ea0b7ac147b560006d29d5a01ab1c0d4982fb5d877b2b91a1434cc909794e27a400000009a7ec17a097386af135f28cf75fc3c76ad76d975da20c2ede248fb339b94e1ba1e9ebcf2e81974d4dd7d4f3550e79b8cb76685e494e384ee35adfe2d83f451bd C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8312" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "18388" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "1463" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10817" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BCCCD511-29E9-11EF-87B3-6E1D43634CD3} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "2959" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "2844" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "4221" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8306" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8312" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "1463" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "5517" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6895" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6812" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "2877" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "13489" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8223" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "5638" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "198" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "16161" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50c30394f6bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6894" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "18388" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "4139" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8312" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10817" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "13489" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "5632" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a77121ad93ea9962f55e96ca0c6e10fe_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2060 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.178.9:443 www.blogger.com tcp
GB 142.250.178.9:443 www.blogger.com tcp
GB 142.250.178.9:443 www.blogger.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.178.9:443 www.blogger.com tcp
GB 142.250.200.34:80 pagead2.googlesyndication.com tcp
GB 142.250.178.9:443 www.blogger.com tcp
GB 142.250.200.34:80 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:80 www.facebook.com tcp
GB 157.240.221.35:80 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.212.238:80 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
US 8.8.8.8:53 widgets.amung.us udp
US 104.22.75.171:80 widgets.amung.us tcp
US 104.22.75.171:80 widgets.amung.us tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.179.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 fe0.google.com udp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
NL 23.62.61.194:80 www.bing.com tcp
NL 23.62.61.194:80 www.bing.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 142.250.178.9:443 www.blogger.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 142.250.178.9:443 www.blogger.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 172.217.169.78:443 www.youtube.com tcp
GB 172.217.169.78:443 www.youtube.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 142.250.179.234:443 jnn-pa.googleapis.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4A9377E7E528F7E56B69A81C500ABC24

MD5 7387f1051526f30e598c01310467b09f
SHA1 5d16308c45eed2195ad6234aa3c49712e6f3163a
SHA256 59322e669447a04f8fc0e3d0a6c6b3d63fb0b3de4b398b131d7681d84b114e02
SHA512 df7dcd754dc4e3e121c68d1faf266a5228b0b8b3b6af5ce59e3a1dd94635e30e8507bfeeef3387e98522b55f3f1bb1195c084f3acbc0090eded0ddf14ca70140

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24

MD5 3e455215095192e1b75d379fb187298a
SHA1 b1bc968bd4f49d622aa89a81f2150152a41d829c
SHA256 ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99
SHA512 54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar1FC5.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 acb20d7f1b3652fbe2f79f6f55057100
SHA1 beba8a4b856c1d796fa7e5fdef20ed799fd9cc28
SHA256 e29ce95c8f8001a01f4b3dbefb2c81cdacef25c23d53245597fa30ed311d7e5d
SHA512 ce452dea59b8eabd6a69f70b397e53abdd90faec75f3d10982829bf617ee78d472041570137b384869c6dd5ad4e5c0461031a9418940a42872cadfd45adced3f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJJQSQ8Z\f[1].txt

MD5 e01a1f754ac7953d51cebced25ca7985
SHA1 0b5d2a27b8440872be320906d3f82feb1271c029
SHA256 67d0d9e9870d972d7121df1fa998b2b240b6e0460dc0c532df88514075a5b6ee
SHA512 19b77efbe2ff3deee88ca8092c45235c7b08aa1ba7cf9523483e355a78c1336adf764eb2c940568906d1a81f1ccb8cdad7c89be3a0778bc9356a513d2152c475

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 c3455004fd83361721a5d394c332745d
SHA1 9f58e0518de2daf9057e677be2db31ac26913fd3
SHA256 54f2cd5356a0540bef56f18576bf5cb299f5dc8c4997385289dbea0b04b46864
SHA512 51b5591d0521133c801a76734530d8e609a169ecb3211c9431bb62c3deb93c7c758225ad36ffe79993f2540d94f6e6d436f6528efdbf5aa9ff48f37c2a9b63ab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f2c5d45ba175047ddf4e5c9f21538a1
SHA1 1d959f73ae53ce4bf53e97d7626e8fe0769e80f8
SHA256 b0e6d2007359c5406018b4acae451a9bfa08c2f490dabe4dc83adb45d55ede2d
SHA512 0c4c9438b53fecc8f916acf7fad5c630e41844e246eb1e7b86902dcbc72c0a5d7568b8aa1a750e6d2ddf3962c7655c9165f688b382757605b679220c8cd931ab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b04fb4290008f510656a2d113fbdc03a
SHA1 cbc4c6bbb90f4ba2067256baadcc50ddf47f31a8
SHA256 7095ac862a94719291c26ee8ca9c339276467df22a1c4e0bdf4727fef77775e7
SHA512 c7e833f45b5689fc081a4fbea8dae48fa4edfe4cd2287052bf4820c642cf3b3ece5dd7e64025ef896f10c31bfdb8bc8882c63c27f450754db26b3a40a70ba1d8

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJJQSQ8Z\platform_gapi.iframes.style.common[1].js

MD5 682c26af19b240f98d2cb951721fa54d
SHA1 18e58b652c7f82a55ab4b1910693686049e25d62
SHA256 96428f0f585a874c185d560538ad83ebfad0365d760fcf9fcefe80add9e3c980
SHA512 078aeef086271b7f9cf0f6e3a1e7908d7e38465a1a7a4de6f2a785147e9130551a2995e80600824da9341d58e5425d4505518e90eea9ffe1c64f4f41825a9660

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A2ZMH65P\cb=gapi[1].js

MD5 f9255a0dec7524a9a3e867a9f878a68b
SHA1 813943e6af4a8592f48aeb0d2ab88ead8d3b8c8b
SHA256 d9acfd91940f52506ac7caeffea927d5d1ce0b483471fa771a3d4d78d59fda0d
SHA512 d013be6bfc6bcf6da8e08ed6ff4963f6c60389baa3a33d15db97d081d3239635f48111db65e580937eb1ea9dc3b7fc6b4aecb012daeee3bf99cfebf84748177e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QKCBPF08\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QKCBPF08\www.youtube[1].xml

MD5 d923699dbf8f5186e57730905ee8ad10
SHA1 4599f64f45fe430c99c246d26dba927e43406b42
SHA256 9ec43f82ec72eb07d656fd1c98c9ff3005633a49bd630ad80a4bbaa6296a55aa
SHA512 92fb847e5abf8abe5eed949ea47337fe9fc786726d4c8c02063431311a8ccc6d3b24d5f8176dd27d86286064395c2a5690a1699be0e900fd865959ee5eed0c10

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QKCBPF08\www.youtube[1].xml

MD5 f033bf3047d61cfc4e74f209449df0f2
SHA1 3ea182073099bbc353d92d44fa75b3ed5bcefb76
SHA256 97468b0c181262d13e7403dcdde128200e8199aff3bf9e024f64f231156a4abb
SHA512 0b2586dbaca0ab5ef309011eaf5b32a41b0d70cd6c23c7c384d16f93d1570d13d5ca0e201d2b33ad73dddc5ce46a5d788eb383dab3e934ca25db872223aa05e7

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QKCBPF08\www.youtube[1].xml

MD5 aaca418b82f1a64fce48954b549c110e
SHA1 5bc272bc9718ecc882de30e769153013c8a35612
SHA256 67ef3a8dee0160479b0429d5f4a6f4a9669230eeb075c38f6c0a47f7b6bda56c
SHA512 a253af28062bd564c1cfb074e585741ce128065090d142b2aa7ca212ec808ca6c36223a431a8c5d3ba7b0ec355a4a2a1da5accd450ca726013731a7d772163df

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QKCBPF08\www.youtube[1].xml

MD5 4c45a730250affc93e657bc715fb3768
SHA1 28ecff97381f71b6ea9396b9c5ed32a931196175
SHA256 c56fab660deddc349bdcb433d0ab675d8a3a6079c2f987ca3e9d212e218f1df2
SHA512 7dd2146808449703bc84a8d267cb492169a665130a396eac1de9da1d907414afa3fb0ffbfcdd4f1019158aa2293c89762205757582c51424b337fe8336aecaf7

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QKCBPF08\www.youtube[1].xml

MD5 66630005fadda538dc468b119228d285
SHA1 b53cd85b551cc1efa0f0a7c051904a5690624415
SHA256 c253f13fcb910a2d57cf66703758a58fde301e2e97e5392d0ee80d421f70e9d4
SHA512 9eddd5b4160ced21546fe83e718634c9f609463928fbe0649b359600afa61dcad865dabd0ec1a2968316b6c9d592be6f82b2d4738c65aa5c02f2058a62fafc57

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QKCBPF08\www.youtube[1].xml

MD5 27f12088364a231ff0a8106d4b5d062c
SHA1 56e6d6d67c1fbbc508fd8009ecc7ad71574ef79a
SHA256 f71534d7f6bd4c55839d75df4f0a0ff9eaf4a4872667ea6572ac757a6562ac03
SHA512 b745ffc7717547cc8c513b0d6323f998d0a9d99e01d6d72f875e4161d1b4addce9e786595192b4682da02d639cbf77c24a9ababf4ff8b3c0e2727e3d2461b053

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 99bde9880b070aba1f8ee48a86118e02
SHA1 37f1c79671de4cb66df236c8c0f42036789fcc97
SHA256 e79edee2be175b34e102cd8d674de2e9a6348f37665215df4b3552a9a9118d83
SHA512 31c7374b3efeb961ad8bf5aabaa83b021377822c014276aa33a5b3c4cc08013daca725d6ad4830c6685c1dc5e31e0b735f594995bc44f8e82036e9095f0282ca

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QKCBPF08\www.youtube[1].xml

MD5 6544489e398e88acc8bf068f0f5e5078
SHA1 5621311787645fb34548e36bdf522ef0b41606f5
SHA256 4632b6b15ff56ba65cf46f10aa5ea7aa258656173821daf6478f86462fcc571d
SHA512 7582a02337d77dafcb4a52a026e552123ec9058f7a9f7287014a81101a0e6be72b31b8e37adde725d3b196d3b30588bbd348b1fcb956b226e9c9f7858c94695b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QKCBPF08\www.youtube[1].xml

MD5 1c4d473bb48ac4aaf7deb827f480a35f
SHA1 7e5238dc86abb18a6b28a0b516dbe95993f75c22
SHA256 9bbca3fd486e371c2db3de2cfeb93f5e7c778b5851e86fc08c908a3d6d6792d8
SHA512 08c68ff0d7cdea6f9d14141ccc4496e2638c7cd53bf3ed9b3cdb1b524ca23f96cbb00e8accb4bc7113d7c4cd2d5f6e885ee23c4e5f704f502b688418fbc1455a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\13YTBU9B\2727757643-css_bundle_v2[1].css

MD5 c6bef00b7471799fb84ecd3c7d93b889
SHA1 a6396b397197c482524473491da5dae89408e93d
SHA256 797e19ac51bd552cb84849b171fad7cf0563b4a14bdc3f751d1edac71064ff56
SHA512 d44ae98a63a5d828c4b2ee0f62edebc8477f487b4eef21417f8957f752b888c75eafcbff6c8c81a809fd2e75e5d588d0b2a8f345c3c644831551a9a1b79af791

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a3a7428ef82e913f9c162c37ea71f89b
SHA1 c9f2a4fcdd5714dee13f9ca878f66c10f9f48c9c
SHA256 fe6cb57c0ab9c91b6874b48774671a9b298991b62e3fdf3dbebcca9e5285fbe5
SHA512 fdaea49a41adc467dc42d1310a34333f7a07646b683d09d0632dcabc7c1e9ff4b450a7c0a7ebef009986a023c3c79c4b75d846a1a7f7fa5e8d6ae334710fb0ac

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLDZ6GUW\f[2].txt

MD5 32a06cd79fc48217a3cdf25973a30d40
SHA1 60b8c9cfc43fb578e40db217b32c8cbcc2716f5d
SHA256 99ca5b86cd6654672cb48c4f4102049c9c234baba0c251ee8941ad81a56f850f
SHA512 c79f8fd415587dcd88198ca866cfe6f2b03ec01b4b1f27a46bc67089153bbcbbb47eda80bb8d665b41e77e71708cf0fb5749416e6acf7054650585e7955451fb

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLDZ6GUW\1171408283-widgets[1].js

MD5 d00519171a8003d171f9d411ffd6c6f4
SHA1 4bc93f48b3c829066e634f20b9fb9654d5a1cd5d
SHA256 cc55a782516eeef4c3ccf18235882d9b76aaea5ab747b3f91967f35927a29a2f
SHA512 4420a26864687d216c2eb7ee3aac7c3c5fc153eaf75f589fc34d3581471f30e8413b90fa54bbbff0815afb1336bb0224e034cc2c51ae303a46a4e4c9d2339340

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJJQSQ8Z\cb=gapi[2].js

MD5 c04a96a32e1bdaae41c01eacfb6d31fb
SHA1 85565d4044533daa3f3299a5b7f4eff50722bea0
SHA256 26dbbc454d8fe1a45505373d52d6fac8fba69396d0146ee04792a48759d2cf95
SHA512 cda140904dcf9d7c9e07978cf514f96bca438101d7b631ad1419127690bd732b8aae38a2966c27f6c423736c9e079150314bc1564a9f1542b6fbc3183193b626

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLDZ6GUW\tab[1].js

MD5 8fe8954e18b3eafdb2dcf03b218e88f3
SHA1 17bd6b26816b4c9c7fb9b7552ccdca95c2443c9a
SHA256 ff4c07f1e5cbcfdcfeabb37e8c1dc21d3edc5e3e20edd2d3da16ab5aa22bc600
SHA512 b1b5aee74b063a3093e0a8e62a9be580432b7430f0759ae8309e6b4c2a8a66805a9ed9aa35a42715bdbec1fb85ed6b808e760064181e5e2e774d0551504be87f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\13YTBU9B\f[1].txt

MD5 12bc4f726a502afa95ef462d2c4e22cb
SHA1 ae729525b96b42f37794027251e76544b861b714
SHA256 e3570000c538de5efcf6f2d2d271446e3affa1be7074d5d0b67bd6332727c989
SHA512 09a91e3f6342a4b608f4c6d2fec8810f44d15396e6c21fac7012a1cbd1bc066daa636efd4efe745fce89b417611902fb2ed3ee10b0b878904663ce2521e30d99

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 fbe98b39d1d484d28b7ffced99dc00eb
SHA1 154f3aa0d49ef15f5edcc3f46f5b9da233d0c22c
SHA256 3c96ac9ca2ca062aa9e680a97ff95c825bdf558d531058d079a37e2a5c68a910
SHA512 380ce855b37fa76cd5c979277857bb77440a1b55f3890294ad86ab943f0c40e28dd1347576a418675a64f95f40f1d62c35bde5077842d1420d4cce393bd8386e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A2ZMH65P\www-embed-player[1].js

MD5 96d68f40492ec6dc50850df320a57f6b
SHA1 58a61845be050e4250834de3b0910753b49c93f4
SHA256 144c131cd9805a29c1b3b4f0e2007cc26de65bd6ffc7e33748edae0031c903f1
SHA512 6c0fbfd787ea532eccd85d278adfcac4016db7e1bae459e1794767a6d015f4fec3e2939a9bf51e1d62bbececf0fc0eab25aa950d716ec3c352b1861cb3ad6ab4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A2ZMH65P\www-player[1].css

MD5 d32700adacd5d982244c69736b87bedf
SHA1 813dfe8ce4ee3608ed3580113e3b82730ff03c85
SHA256 2c7426a5c6bf00c328c96fb01c89c3e23ba7791e87455cab5aa3b546942f1fc8
SHA512 bbe35704822e0a82de2da2890da6c06138514070fe93978823601079a9371386915431f98e613adaa9566112d728f5f0274b3864e8a0c7da538833383ea5d342

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A2ZMH65P\f[3].txt

MD5 cf979ef7db7b02de9d552fd2147fa5e5
SHA1 dfd8052aee8a2c750de21174ca714901700c7afa
SHA256 95b333b0cc8e9210523290b115b6e67ba60760f74b9c9c98041c27b866d37f4a
SHA512 b3ac7881dc3bc0b232c367275e081eff291d710f7c91d263a8fa5ee1521b2d7e7f490c72b30c964de761477b20b4470c38bacf4e2668f690368578dbcac39034

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\13YTBU9B\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

MD5 de8b7431b74642e830af4d4f4b513ec9
SHA1 f549f1fe8a0b86ef3fbdcb8d508440aff84c385c
SHA256 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a
SHA512 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\13YTBU9B\KFOmCnqEu92Fr1Mu4mxM[1].woff

MD5 bafb105baeb22d965c70fe52ba6b49d9
SHA1 934014cc9bbe5883542be756b3146c05844b254f
SHA256 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed
SHA512 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLDZ6GUW\base[1].js

MD5 d0ce66befdade82bb7d0897bbeb3c7b3
SHA1 a8b4f3197bf359cafad7d360681a6273670fb905
SHA256 32b638cf9466cf241be0d7137c07ff73d864bfbbb338fc495eac64a59f39d984
SHA512 f1a033dde6b3fe6d8597a589b7e3fc5635793eaa60b741b9c2415055e5ac76856b26a90dd3efcefbe980b15e341afd28a466589686bdfabc4fccde43d13a9bc4

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QKCBPF08\www.youtube[1].xml

MD5 f2a89f5663040bcc53c713972d2c1945
SHA1 b80dc6f1b4575e9301b313177812a22096287a07
SHA256 e0c57c3982ab4eaa7dc337938fad40964a49b0b92a4ab84dce8e44317d8c8e8e
SHA512 13e9ad7bdda2e1ddecc9de77dc229e8540f77beef1c280bb3dfd801415960dbed1eeaf260ef2353468a27f677fdeb75c0b8d58c15aa99e8b15399d09384e701e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QKCBPF08\www.youtube[1].xml

MD5 805fbd12d8cb24bdbb925b127039c99f
SHA1 239da715a97cb38f7ea8ead80ec8f2a63891a1d1
SHA256 253c5561b70e863783330e282cfcfb42afdeb02b50d4a5699c393a3e25c66290
SHA512 6f551552d1167c9e74e6079fd58cc1c2d0790c13fc953715354d9c0c54e812daf0bdd5be40d4d06707c9114c959d495ba20cb128b0c9ef88658a3c254edb48cc

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLDZ6GUW\ad_status[1].js

MD5 1fa71744db23d0f8df9cce6719defcb7
SHA1 e4be9b7136697942a036f97cf26ebaf703ad2067
SHA256 eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
SHA512 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJJQSQ8Z\embed[2].js

MD5 fe1a5011c3a3220f32b6365240503241
SHA1 e4f78b28f19652327b60d07c154c57cb727579fc
SHA256 00ab3bc15602e04d00ac5de6b553c6914b10c62a9a6492e6c0239523d2d40964
SHA512 80282e77dd310060bd5e8add02a63cf3bd9b9f629dc4fc1cc0cbac801ba33f7601c1cdf1e62549b898de2fdaca24004f01061519ff39cf6360594f02576528fc

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLDZ6GUW\sodar2[1].js

MD5 2cc87e9764aebcbbf36ff2061e6a2793
SHA1 b4f2ffdf4c695aa79f0e63651c18a88729c2407b
SHA256 61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
SHA512 4ed31bf4f54eb0666539d6426c851503e15079601a2b7ec7410ebf0f3d1eec6a09f9d79f5cf40106249a710037a36de58105a72d8a909e0cfce872c736cb5e48

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A2ZMH65P\v7vy2rkjwnBS7GaGPCj4lDHg7-uqoQBgCnu8qUCxaM0[1].js

MD5 bf735e758a2d6f078e2cf03e6da174f0
SHA1 ebf369b18285533679ea285fa27223dad500c83d
SHA256 bfbbf2dab923c27052ec66863c28f89431e0efebaaa100600a7bbca940b168cd
SHA512 7517b019d5846adf2f8003f43083e93e6e2a8b71cd5b02f8e3ecb693a43b3905c2f30e820936703205f993d464e8840f64196d9cc09f9614dbdb2dec45a03615

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QKCBPF08\www.youtube[1].xml

MD5 973a2eff62052716400969863294ac19
SHA1 cf0f23d5a8bd63d03ea8279153deeb05513b1de1
SHA256 6eaf6d179d32159c83dab6f714f944be5595cac9674206c1325914354eb3e9e0
SHA512 90393a55b7fb9ece4c150e21a50f9b43bf85cfc4d2a550411053d9ff05dbffe959ec18d919d7ea75791236014be1980a999a6ced2443481ca0badb2a0335e858

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QKCBPF08\www.youtube[1].xml

MD5 8567a66c2d97e2b4ec674271de9d22b7
SHA1 b9f0dcd2f0e5094c893d634b7eee62b25319c8e4
SHA256 3596293a72b9a6cde54b169105381042cc43c9a8fb469dfed791d1b8ae7a8389
SHA512 b13241d80a0497b26ef85cea80e94bd06da4b8bedd765be09363c52764aea77a57882d981cefbd075ca6c67d47bc3ab3d6bf8589aef54a5f01f7d328f22a1b5d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QKCBPF08\www.youtube[1].xml

MD5 ad53bf39b25b84731ce233c059b6c951
SHA1 7ac1cba1f6eb521ef7bd30365b545ed9e5a34a84
SHA256 5b831bb7b79486af49be7dc69590141ae252a40e7278ed3dd507fe8d3b2cdfec
SHA512 5aa17dae9730971a20e558496ab162627b61831bc6711763a5c052d0fb96c197724d85c2938de674e2e041391b648a817a34f345cc4b2e8c071023fc75e77e97

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QKCBPF08\www.youtube[1].xml

MD5 37222790999be8da84098e026cc2ba99
SHA1 6abc20d7965be793ea34896371d96b6a4a5d8148
SHA256 95779c4d053af9d667ab748be69c98991c84876ab8e67ce05686f8bdfefc991c
SHA512 1e957b1ba32ac2a8d529e564b58619402dde3a25a255a2510dddc0ed24e0fe77018a9bdef900bb3cfb9c031b46868570e3ef6883ebb1ead7e3e8c58cc2a286fc

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QKCBPF08\www.youtube[1].xml

MD5 b48b9e81ecde9e1ea57e3be65f9f6acf
SHA1 8dd33f39273608834ed8a66e7dc7ab647facdab2
SHA256 e632b296589efdd0e182c348b98a367d2573ca9ca1ced9f008a64d4b9e6767cd
SHA512 40236c159abc1e948eefad421815143713b5af440749cf90984afa831cebdfc2219be266c928647907a68e8d46dac628116681f19373379ed86e944c767dd979

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QKCBPF08\www.youtube[1].xml

MD5 d78c1046c1a114f5c4b4177cc2589144
SHA1 ad4fd4543ab7db9016788e313989197daa35940f
SHA256 8eec95eea62015351c030b6f8bf0a59bef40fb3fa640beb99e139c572db8ec0f
SHA512 03d9f48bbee23a7614fe3674d5bdf42aa76ee9f04ca8125c51416e96dc0bbeb04bfa69ca2e349c5e2137b3023a363c03853560a1ab16876f63817b3daa4ab4fc

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QKCBPF08\www.youtube[1].xml

MD5 9094ea6ca5210e7554b4a3fbd0695d02
SHA1 3aea0fb165af330a6e6614edde707f8da3da51ae
SHA256 cc8e1e5090654393c9e627e3647a069fad32c3e0bf5b45592ffb28a6f48a5303
SHA512 ac30daa96bce7c5a955bfe6e338a0fdb20728be938640289fe51ca19de0ca5d5a98f9e2f64b9978b055d18d16e84d11012c0d354e367bfa9643a08a55c45fb14

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\13YTBU9B\navbar[1].htm

MD5 4c1c50e5a1de5e27dd7f4b3460c35cf5
SHA1 aa5f21c4590fdd92beddebba8304fcfbad075439
SHA256 9da72851373f00527c343a8d873c602aa71457382b0bee3d08e9a1674a473b81
SHA512 2dc505c1c5b8b09981b41d9d4e2266c50734f6a26bfd601a1e261218137243a38efc7dff553a253c93af5393ec512fe12e8ab4b24e52248b047bbb21aafb0f44

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\13YTBU9B\zrt_lookup[1].htm

MD5 39a8e18ffff25a9f023b9bfeeb5f7b7a
SHA1 81bf1031014c2ee5ce9a71c82ec4049a34d18927
SHA256 7773d264af49fe550a3bf4ec73b1cf82430531f33e286226906a20a034249a1c
SHA512 d0236a62f9f2bd5b78666786f6668a61c1866d94e7fd53229e57b5dd866208b9282b63dc8ec0c639ec0419c419bc4602d815caf286baac5af3d28b220a82fad1

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QKCBPF08\www.youtube[1].xml

MD5 8df7659962635a367ba1a6724d58823f
SHA1 e2af8da378dbe9d28e8e57407b985429adc70aa0
SHA256 6bcc2ac3793dfdf1408c0f79856fd9bf9b78d8d8088bf1c7e192aee63a6dd6ab
SHA512 eeff3d68caa318f771ec9986514930b1fb6e92434e3f396b0d3d010f7b1d9c1de0c40f97e715d9f72ea07d8959214876f8fdf0e99569784c0115dfbdc5a6b0f6

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QKCBPF08\www.youtube[1].xml

MD5 4ccaa717fefab2c637ba4cff6cd15516
SHA1 a8ae7d10782d83a9d3c3da5f0ad5d1f0461e4747
SHA256 9885fa84396924fdf283134fb0dd1d860b5bf9d71c4056111c2a1adb2327fd52
SHA512 052376dbe353b5b6c180a6fdec27a313741d46ae858fd67a161aa326e5e56871f6c3c6a5835a38e78225b0058fd743c8a3c44d8b21a7b4d8d093a1a6ef774581

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJJQSQ8Z\runner[1].htm

MD5 1d3d22df067f5219073f9c0fabb74fdd
SHA1 d5c226022639323d93946df3571404116041e588
SHA256 55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
SHA512 0b6b13b576e8cc05bd85b275631879875a5dbcb70fd78e6c93b259317ed6fd5d886f37d0cc6e099c3d3a8b66fea2a4c2c631eb5548c1ab2cd7cb5fa4d41ea769

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QKCBPF08\www.youtube[1].xml

MD5 38d966b68dd0f0765bbdb4d75a33c4b3
SHA1 ba82ba5c89b53f5cbbd00ad0b63cebe6e7203375
SHA256 5d86e415a2d2db24e4ba5895385b5d3efeca915eb34f5113660768c8ec4da472
SHA512 e56f5cacc25c129cf11a3980cac88b549b7e4221b01756251c559e12ef66a4c5ff2f6577334fdc95309bf0cc42a79789d7626dfc586fef16c4463e16e0939fb3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QKCBPF08\www.youtube[1].xml

MD5 df882b520ffa82d2d40ce8f414e50532
SHA1 ea3b5d8259d89b5b00218a688921fae35d838c35
SHA256 10b2be7569020b778c64cd6a04ea3fc025e6a0c7d4a8cbdfe72dc474afccf47b
SHA512 062402c03ce84211de2c68a278624a6baf3c40d3dc1c7336616bf883c5d10d7f57e90095bcdd736226ae7d63f7ec4878d804c986d94c436ce6f885cd3a493723

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QKCBPF08\www.youtube[1].xml

MD5 73c8a971e2cd7dd5058601888323c030
SHA1 513e562a45a645299392e3beb7bec574058bc1e1
SHA256 707b08b71f78baa7dacd23bcd307042929579262008797e888a6864348445c44
SHA512 52a2370b93866440e4216d644502c5ada7b41410693f1b05eef987f4b7676044b576546bed9869a4ed3922a7b65786cecd81ff41bf7a5c66032f80404af39ad6

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QKCBPF08\www.youtube[1].xml

MD5 7ad9fababed080d05af4dbf01c925be0
SHA1 c0dcfaef6e4759e51bcde0b875e987a521a9e752
SHA256 911b6b1954b802b0ec2b997252d2440a9af40c1233bc7eabac3cb3eafe237501
SHA512 1f816868aa0473e17efcaebe1609b188a7f8905cfd4544cf8dec1d1f7cc23cd9e5f18f8414b874769b2649729c94dc4782be771537144029c63336321aa9b7be

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QKCBPF08\www.youtube[1].xml

MD5 61efbf4dbe349ebe0e904f2abef464bd
SHA1 eddbf7ff6b80e64c451075cdc81f28dd696d5950
SHA256 12e03c80604d688ef46814377dec9a8d0bf1785003710387f42b8f7f7a0bc8fd
SHA512 3d160bd99b2a3ca9f4f12670b67e873bcaea073949b721a0d231769826060d846ad1fc71b3936475949d6dd03e04ec4463d4e764a89c5e5299b7379cbd9bd86b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QKCBPF08\www.youtube[1].xml

MD5 d7484b4d4aa585596a3ee6ec26605b54
SHA1 b8fe028129a9283616910db56da5fd09681f4e34
SHA256 e2695e14bac08e1c1b9a88c2581a5dde2f003af5e89560b0120292403600c8aa
SHA512 d75e1ef528180ed1669ce3034c2a3a9e0cf64c7a186c5ce7921108584d5cb1aebbcc4322f958f70f15a29367995fbeaf4e54394e9e045008a0cabd62979bb954

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 46ddd4df3fdf9a472a62b7c71f6297c5
SHA1 ed7d9868873a36120972991a5f04708f64cd7a0d
SHA256 01bd0fc56d20cebc3b11cccefed6df34fc8ee1efc3950371c6efa2d25642b564
SHA512 5f93f1dfbaa54099eb4003d8a884029b930332725333e15b9584c91936ae22bed27456e7eca4f4ddcfc13702da13d91b45bc9e30374af75528809beddcb80275

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8144859c50a7b43168e83c99af422e33
SHA1 94fb89a23ff416e15329334457f47fb50c4beb6c
SHA256 2239eacac13e65778e63876c9404574737cefa62a00ca95188be517e5f4d75a2
SHA512 98973efd7985142c178e8f30cd288144e9144fbd899719e22429904ebbf7c8383d33ad52c781267a8722215206bc719d139a664a62863947f9f58d603bbd8f95

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 01:02

Reported

2024-06-14 01:04

Platform

win10v2004-20240508-en

Max time kernel

148s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a77121ad93ea9962f55e96ca0c6e10fe_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 964 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 1744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 2608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 2608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 964 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a77121ad93ea9962f55e96ca0c6e10fe_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe8b2046f8,0x7ffe8b204708,0x7ffe8b204718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2316 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 resources.blogblog.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 www.facebook.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 87f7abeb82600e1e640b843ad50fe0a1
SHA1 045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256 b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512 ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

\??\pipe\LOCAL\crashpad_964_RDWHCYRXBDUKQRVX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1 df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 368a93a716547dcf4ddf35bd4fc3a01f
SHA1 3162f458de4bf260a6149b1b1cb49a410db63c49
SHA256 bcbc68f386c2a0f78d41381997b5b842055ba9bffb15c54884c7e23ea7f0fe1d
SHA512 ae5c37f6406b1e7130e0903d6064c4cb2e036bdc31b2bff20989a655b19359f71213583c1d44450635fe9fff03ab664bde4865b7b833a23110624269db05be34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 eeb57e1d2e61f0ef596d777a3be15fed
SHA1 f84019b414ef7f3ce6debb4642ea2019fd29af79
SHA256 f0f583a19b899bae40fd631322f30150ff2d01513763b9faccf145c967304303
SHA512 e67c08b67d5958361ac0c316db57f1788aa01e933a1441c498ed67f61404436a6dd1a5d6b80ddc7a8300c3dd156332a349bef08f4630f900cb06f89a89a32367

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3ee71c9e7b5386201a03d1fb06bef61e
SHA1 341047f365b64b5ccbab4e8e72aba74ec5dff03e
SHA256 866ab16863c4a96d13e670f645674910267d003fa19228b027ff84669ec50edf
SHA512 9abe2e933c48aa87576edc668f92e122d2c8a204482bcc11a14761bccb849da0f378f175067780d38934469abc776864b2998c07ad7744dfe6dc325360b4f3ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4416b2e6fe17db31d410765012271b96
SHA1 121ea3993b95670321356f73356461dd4d0181e7
SHA256 30f493025632d3f2878f6c4190ac26afd45d140ad16964e5912252714e86599d
SHA512 efb812e50ec2b49d48af85acb511044e1284e6d3a8a9fd24a25de0b077770981fd8e4dc069c5b4beaa9858ca9bc423cede835898a80e134dafdc1afc27385811

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c188ee755a577733a3b41230f7cddeb0
SHA1 43d488ef1b1c53e0f83d5914c9d451058b227f72
SHA256 f4d03cb771fc0e1f514c1f2ce345490a06697935ad461bcc3158d51738d97c46
SHA512 7f0f135752805f39b3559aca6116cbb49cce674cda6763541475c53cedfe881f9301fc1204f6fbf63b6375130f35e7a14355a78a316df96dd9a21fd7e035672a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f261e8b0442d45c6e6c927899fcfe80f
SHA1 674bbb69f8eb31e9954454bb10efb90e048eae7f
SHA256 33303e3c53ec8246b724abff27094363e3f1acb165430ea9944b94f5d2960b83
SHA512 07c74c881a3565e2ca053515e902c58523e661ae47516e533cf73ab887c56d622590bcf04f856d204e909235e9148db5687c2708ea4b493098063d37fe5135cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ab1e1098bd8ab7afef59eb210e3e5f39
SHA1 3f7446a294b5e464fac088df9009ba6f16c8b0da
SHA256 94a4782d9da156240d825cf6283b3828f9302d1df0b4c13ebebf5d3087fbe4b7
SHA512 d7201e73b565ebc12a349ab37f08bcfe3347d7969967f5e4686f3e5689072c24be3a7d933848512c0cfee649e87c1a8e9a8cf463781a20244a6286605383933e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 258f84a1937eb567627f30a2342413f7
SHA1 7a7055e2748521b1daf99c3b9cadf9b07af29709
SHA256 c3a40a0c0640be489691827780a8b09053235372f121197c174800ebc6191185
SHA512 a9798080dce7d016ccd101066c8ca3612a6413426325c393b72e69c1e4588f0ccaf4d5ecd81aa26497d3b789183660bf124b532ac2389c80fa9cbe35bebaf8f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9f29dfebbde323fd9353dd4bb9a4650c
SHA1 5cb1d89c65e1f55bfdb1e1f6e3f41efbbc53fa11
SHA256 6e64420d7aa40ac2fdbe8a3c0268d43a52d76e26372c4611aed4301a4e1b2c49
SHA512 c71e7d8006a03dcbfae07f0b58ded97681ce1e8813c14b70c11640552d1dbd53d7f7d09835b93b5b89948df2b9af5f09ae808c9328991cef1911cf151acd6dba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0f220b22790922bef02802a706d6fbde
SHA1 53c37ac71a19da3b256a265a49d1de3a5155247e
SHA256 05ce0a2f6a88acd9a49c8497371b8ff6b8f8c0735dfa7f585d6eec003dd50273
SHA512 3298b07e668fc2e34eaea288a9279762a461c4112be6ccf1fffe7f8b0662b60707d787a4e36c26d96f32713f2eb139a2d8b422e5a1f91b3188db8f00c27b7ce8