Malware Analysis Report

2025-08-05 15:16

Sample ID 240825-hwpwvsshrj
Target c03466bdda39a251e7b4ba51fd96d8f9_JaffaCakes118
SHA256 e6482ead6680b93e24be08e4665783970fce43b177e823b77f6194e8de61a4f9
Tags
discovery
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

e6482ead6680b93e24be08e4665783970fce43b177e823b77f6194e8de61a4f9

Threat Level: Likely benign

The file c03466bdda39a251e7b4ba51fd96d8f9_JaffaCakes118 was found to be: Likely benign.

Malicious Activity Summary

discovery

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-25 07:05

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-25 07:05

Reported

2024-08-25 07:08

Platform

win7-20240708-en

Max time kernel

132s

Max time network

141s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c03466bdda39a251e7b4ba51fd96d8f9_JaffaCakes118.html

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10613" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "27741" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "37945" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062974e5b5f804e45b98349be16bffb7800000000020000000000106600000001000020000000048be418f41809bea827d3bd92bc802668e4a0d811ade793c9bb3d3808bca453000000000e8000000002000020000000bac66f51c08fa2fcec4ca818486c8d8b4bed4ef95787be6191771b4176731b0a2000000052e46cb3bb85d9c85b594cbc40166cf208b93943c734f1c8a2cd743194fd24db40000000475668100e5211a3debfdd91e0a3c450454589a496aba34fa6861b0729d9ecdeccf1dcf3e3772d349c00b6262940813f58c0ca48fdab3c74812e0fb31e0b2d31 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8199" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "9341" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "19457" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "18670" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "27829" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "28610" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "7989" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "7995" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "9253" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10613" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "18670" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "27829" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "27829" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10613" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "9341" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "37945" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "7995" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "18670" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "18588" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "9335" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8107" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9341" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "18676" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "18676" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "18676" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "27823" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8107" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c03466bdda39a251e7b4ba51fd96d8f9_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2372 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.konthaiusa.com udp
FR 142.250.75.234:80 fonts.googleapis.com tcp
FR 142.250.75.234:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
FR 172.217.18.206:80 www.youtube.com tcp
FR 172.217.18.206:80 www.youtube.com tcp
GB 157.240.221.35:80 www.facebook.com tcp
GB 157.240.221.35:80 www.facebook.com tcp
FR 172.217.18.206:80 www.youtube.com tcp
FR 172.217.18.206:80 www.youtube.com tcp
FR 172.217.18.206:80 www.youtube.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
FR 172.217.18.206:443 www.youtube.com tcp
FR 172.217.18.206:443 www.youtube.com tcp
FR 172.217.18.206:443 www.youtube.com tcp
FR 172.217.18.206:443 www.youtube.com tcp
FR 172.217.18.206:443 www.youtube.com tcp
FR 172.217.20.174:80 www.google-analytics.com tcp
FR 172.217.20.174:80 www.google-analytics.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 172.217.18.206:443 www.youtube.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
DE 157.240.27.27:443 scontent.xx.fbcdn.net tcp
DE 157.240.27.27:443 scontent.xx.fbcdn.net tcp
DE 157.240.27.27:443 scontent.xx.fbcdn.net tcp
DE 157.240.27.27:443 scontent.xx.fbcdn.net tcp
DE 157.240.27.27:443 scontent.xx.fbcdn.net tcp
DE 157.240.27.27:443 scontent.xx.fbcdn.net tcp
DE 157.240.27.27:443 scontent.xx.fbcdn.net tcp
DE 157.240.27.27:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
FR 142.250.178.130:443 googleads.g.doubleclick.net tcp
FR 142.250.178.130:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
FR 216.58.214.166:443 static.doubleclick.net tcp
FR 216.58.214.166:443 static.doubleclick.net tcp
FR 142.250.178.130:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
FR 142.250.75.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
FR 142.250.179.68:443 www.google.com tcp
FR 142.250.179.68:443 www.google.com tcp
FR 142.250.179.86:443 i.ytimg.com tcp
FR 142.250.179.86:443 i.ytimg.com tcp
FR 142.250.75.234:443 jnn-pa.googleapis.com tcp
FR 142.250.75.234:443 jnn-pa.googleapis.com tcp
FR 142.250.178.130:443 googleads.g.doubleclick.net tcp
FR 142.250.178.130:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 yt3.ggpht.com udp
FR 142.250.179.97:443 yt3.ggpht.com tcp
FR 142.250.179.97:443 yt3.ggpht.com tcp
FR 142.250.75.234:443 jnn-pa.googleapis.com tcp
FR 142.250.75.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 92.123.142.59:80 crl.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
FR 142.250.178.130:443 googleads.g.doubleclick.net tcp
FR 142.250.178.130:443 googleads.g.doubleclick.net tcp
FR 142.250.178.130:443 googleads.g.doubleclick.net tcp
FR 142.250.178.130:443 googleads.g.doubleclick.net tcp
FR 142.250.178.130:443 googleads.g.doubleclick.net tcp
FR 142.250.178.130:443 googleads.g.doubleclick.net tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabC592.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarC622.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 4ed13233b14fb10108a3622bb33cf471
SHA1 11fd79ed360332f2e8582a8cd7f91d40070b05fc
SHA256 381b202acebbe5c1414d3427a8053ff0d1896afa73b103689cf513d032c620df
SHA512 41ac41adb18d4e1ec79025043fb415dbf1accbeff7e9400c16b9b3c6c6ce9dec07f1e14bb9d591d37f016ca8baf7da9147e0fa459f80ad4dd05b71729f5f2ce5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 1aa607fcc86dc218e04febbf0484b0c8
SHA1 04ff72f900cfca65306f61aabd4b6ea337740961
SHA256 02cf8ed5e9267c2b9658c3e07951626d85e6f5ebb3eb032e58abd347bba18199
SHA512 a2f99e445d78c1107d1c000c639fa988f71faf51ebd2a35f7ae55c8fc7160798b51c3e5de69ed99b25c5bd31c31df9508b161c31ce778b548fbdeb2aafdca1c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_68D058512F3515153DEB95A1F4E72552

MD5 73e50f3167b61d7f543301b649858a33
SHA1 fe3521a9a8490aa63dd96c5750ca55583e47dad7
SHA256 ffab5722bb1b7c00b1e4d946988b1de6227a2c6f3296f94721c9773c79a58f8e
SHA512 5bab5d1ba933603d10b19f04f5c0ad6afbdd3cc1f8501bef7737b452285ede552addab2873989c1a100312940d24b0b92c778c89cc74d174abf73ad0b8848c2e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 93ff357eb6453d02358e9b5b4ccf134c
SHA1 4cd04b8c55dfb4a8da95dcb302e1f6d159039340
SHA256 e92ea351cbfd232fea125092acad8150ed69b7ae5c247dc49cb3503a6654b734
SHA512 8114f759dd265caaa714c237963d7ce0fddeb356b21b7a6d99ee7e95ba948e4f6d17a381c11ab8d55aae989303d2e2164fe07ab859a4443b7a4146ca629e032d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2UK8J8K8\www-embed-player[1].js

MD5 4841d7c0dc8687067a5c67940f823387
SHA1 e050231d82ac5d32046fe9c07c1524fcb85b81d3
SHA256 5a087880cd4c7ed70516c480f29206db256642795dfe0880fe346d394f4d088b
SHA512 1a2c8a0e541ebba3f37dce4b9c4d62b310faf6bd8fa1138502c07cebf033a88499e6e745ff049df52419ea2b06bac9451be9cbfeb609239ea4d4ebd1c8785d32

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2UK8J8K8\base[1].js

MD5 d7ab337b769d56f2c9bd297d5ec43470
SHA1 e2d570c11052e235217e8b3cdec95a9c1ffd7431
SHA256 ffe4a2763153d6edc9ddee2d6dcc83adc31f859b20ab7ebd5efb1d422593dbd5
SHA512 a78e7eac541f402136a00c9840ca8b8f80112516038586377397405e8ae248a04cdc0f6fda71791565870d75d87943cb4b157b5d7fdd7b02b2ae433d158898df

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BDYHZM61\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X761FPIN\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

MD5 de8b7431b74642e830af4d4f4b513ec9
SHA1 f549f1fe8a0b86ef3fbdcb8d508440aff84c385c
SHA256 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a
SHA512 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X761FPIN\KFOmCnqEu92Fr1Mu4mxM[1].woff

MD5 bafb105baeb22d965c70fe52ba6b49d9
SHA1 934014cc9bbe5883542be756b3146c05844b254f
SHA256 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed
SHA512 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BDYHZM61\www.youtube[1].xml

MD5 4d9fadee07c549a5f5ddc58ad1033ee7
SHA1 9b7721bee118d5953e1dd03b120c0d9fe04af329
SHA256 05957881325ea561dcd883b20c913e8fc032d488e9d112280747baf19c6bff1c
SHA512 5e2ba83e05480f5b19f45e3408068ee280effad76195ec8bb6f66634516758074b0020749c85b63bc30f21eca2a1dc52c1326d4838fa663d5b88b58d0c2611c0

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BDYHZM61\www.youtube[1].xml

MD5 a47e9942c1bd356e43cd501761ff7fe9
SHA1 a0983ad22cfa112295fd1b510b3f99333c67e695
SHA256 8506f5b522aac180daa9fabe8611d81a1c8db71887f33a51f5aec2261c9205b5
SHA512 abc279c13095010397764c1cac96da0804173db7ee1040675aa636f966daefc9803bbdfcdda64db1034504f3191d2ecad7a7f83ffdb3d20a4d9d31975948536c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BDYHZM61\www.youtube[1].xml

MD5 36e0298ceea0a76c548c19dc36e33845
SHA1 db57ab00fc8b58dcdb9de2f5d7985d019c8143c8
SHA256 2cd5a07e5ae3330538bafa1ce8a2751e3500ad393de7b28c4c338faabbf69254
SHA512 d548bfb2c98b8acca9e9010615add3ab5f41dce0d1f3bd86d1c09da09e1576930c0bb0079324fa5b6746b7a0106780e05869b05b9645bde15229db2b9a91f67d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2UK8J8K8\ad_status[1].js

MD5 1fa71744db23d0f8df9cce6719defcb7
SHA1 e4be9b7136697942a036f97cf26ebaf703ad2067
SHA256 eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
SHA512 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2UK8J8K8\embed[1].js

MD5 dcda3db9fe4534651fca1debf672bf26
SHA1 cc55669fca772346c54eed31fd61c08c4c6d7c4d
SHA256 521516edbb1c5a9222b3702cbe053a4602623780a49f4d8d3c5f2fe9c66ec273
SHA512 7b99c1b615484a73f8b5281286138e07b6cf2b1912c8bdc33eca4d8cfdf94307f320b42633f04c6423840cda814ee74128fc01db79b58ff00053d1918a646557

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BDYHZM61\www.youtube[1].xml

MD5 07599725cba1a6ee875848975fb35b1d
SHA1 ef6d3ca486588ff0515a81fa658ecded4dea8a7c
SHA256 44d01a340f2e155723ab1e525a94055d0a67d0a412cf27a0abff0669187f26a1
SHA512 31bdf4715c3f2be3cf84e595acab2fc9da2b1f4e22a149a918795670c323cf4db60669e493b182c46904f14f5ccdc1560a211124a4f5f48233ad18eb474be3a0

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BDYHZM61\www.youtube[1].xml

MD5 4b5800bb4c60f3ff4595eee7543ea799
SHA1 3c0244254d1ad1cec4c9b26ab7edb04dcf7000e7
SHA256 a36f8412c579f37e0ed28e8c64ab8d68519e1be0cf331fad247945041a154efb
SHA512 d4d9eb5f43b896ad047c9ab88ca87621d4b5e86ea7f02645bcf5780000e2479402b5acdb24f577dd6a311346c1d87eedefc7ad36dad8b460697f19ac0783b6d7

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BDYHZM61\www.youtube[1].xml

MD5 4076e58722d778beb3a3ae8d54715763
SHA1 1308aab678f5da2d295ff187cba0aaf9d4c772d9
SHA256 bf2fddf2588edd58021892f95ee5cca2f6b3cb69285c902d45758ac6b51d152f
SHA512 52e2da053021496a0d38eb640ded8d64fe4a82a5f55e2ac77c2cecfc1b0ef6e513dfad8332528f69506688c542f8b22be45831cb68190ecf3b7fba8fb596e581

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BDYHZM61\www.youtube[1].xml

MD5 08a76bc6f03e6cbd829d9caa38c9b3b0
SHA1 fee6f6287243422d6a55d30df01362b51b2b0a6d
SHA256 64e06745dc7c2ea18900565a4e15ea3fe675b62925f1505ab56bb41faf04f4b3
SHA512 ccca2d707fa8d51ceb124bbc24fca82b3160ab47a9f26d92c03b90c394de6b8b32aa4f9a527077120a4182d351ee5d7a98b9302fefd28cda948ac31442c1caa5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BDYHZM61\www.youtube[1].xml

MD5 9790cccc3c34968e941cebfcda48b9fa
SHA1 56f0d4fd6e6894646395861e156558b7324bbc24
SHA256 f3f6d81a8e580404a9fc406a80b2bd9e2ecf9ee9b8974a0ef00a87d92e890fee
SHA512 a057bb0440b4db0897feea1d967e54bdd612d28ae30b947f90be7f8f45885625fffde4f0b5955bb3998701473c30f551db3683d19a3c60610858c88fa52dff13

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BDYHZM61\www.youtube[1].xml

MD5 b1c8908b3f262d043cc5843c07eba66c
SHA1 c1a3b377fadc774a1efa5e86f97760e295c1350a
SHA256 14c66ff01b179f2be73a1cb3f7a89c9fbc0cbae0737fdd28da99af53983cccfd
SHA512 dbe2beb18b64726822154cf011147973e580c4e757d81a7203848626a9d8af5bee17fa5fcd8f62c8f313f26390985eabef8eb233ac42d63dd179a84ae4463d46

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BDYHZM61\www.youtube[1].xml

MD5 3f6a46c1a2f28344e5b5908393182f3d
SHA1 21733cf2fbbf0d5995f0b76dbf7096ef8c43d10a
SHA256 b3b7746633108230a03f577184583372016149a5384bc45b58c2d1e31f19a05f
SHA512 2aa8f1cc67f6048fcdc2809af3e701e89547c2d8007d76f29d15558d06d66d5171e07fbd6e587b02bde919c73e3a1b1ae07a0b26f1fd51c601430bdd42149833

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BDYHZM61\www.youtube[1].xml

MD5 8390a00c6e3332fedc020a153a10d6b3
SHA1 e89a8c1193dd173af4dd652af552053e33baf508
SHA256 c10fed7078f50a7b8ee274d3edc25147852c30156cbde62a5a045488861bf0bf
SHA512 136603e591c01454e19e5abf27a5722cbd446a7123fc6cd86eaa2f5035c60b7626032ee3d5beda01e1416041d8d3cde182447f4abf964861c33a53fb5605d159

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BDYHZM61\www.youtube[1].xml

MD5 9df174335346b2713f7cc93ca6891cfd
SHA1 b157b143a9ffb8d6f19bed11324c420055c50607
SHA256 2e904b774a6c39985b12f3963a3422e840830f3767c6626b38b0b3e2ae6bc38e
SHA512 c707d31e8fc02a2e01de92d785bb8bd440257242baadad47c34ad7c4166fc283c72afd660b1abd8daad3ab12a738c9f5d61e87a367bc4cec3664f3944511494c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BDYHZM61\www.youtube[1].xml

MD5 1bb034a1f92ce8b383036923f37fec07
SHA1 70c85f565a045444434312f940881f9860c1b33c
SHA256 0cdced857ea5c15292bef9a7223a9f2ec85a65ab306c7c31a37ab48a5f94a619
SHA512 1249905ab76364f79c30188ff945a62390392434aefcf95eb9a152619be381c6b6337da1c56180111b5ca15f5bca7d4dba634205a5b878ea9c0dcccf3f2ce019

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BDYHZM61\www.youtube[1].xml

MD5 ac2e6d8e88eae65d61f1f153971ea12e
SHA1 18c4fa8ac140f9be5a617c07501cd66252aea092
SHA256 36c4207b0fdd0dc94021362efd776d18141430b64746f2a42e34488912300a08
SHA512 08afeb2c698d0fdf12e4d0bfb6e2235e77f7319d3f81a56bc03928752a9ee97cb423dafe5576f6c6345867b4eb0f3f80e4ff2048e6fe8a715c9807dcecf975d0

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BDYHZM61\www.youtube[1].xml

MD5 9b94770397ee201d1851cc80c6168371
SHA1 7a713aa6471e659b7d1fce5e9c1809b090d6c6ad
SHA256 a0bec94741f44aeb59325ee7f757621036f3e2e5e4fbdb564f5373238b613e0e
SHA512 0e1b732f39af24fbb5bb092d389a23fe130ab37b7ea3b7f4fc7eafb10e5fbabf0a073b44d61c945db51f0c9556b19a9ab713daf4c8135de4adcaaf89d58320ef

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BDYHZM61\www.youtube[1].xml

MD5 e4b8680d660db20f31b7cb4875bcb8a5
SHA1 4e825b0e05905599aceb5ec319d08cc38d6d040f
SHA256 3bd78dd663e0ca529419f838bb864120aa1f70f4d5722f799aaf6ce64c633765
SHA512 426101653b6fbd0fd342c12a0a01964ddfec6cd3438e99712d74b0afc99310cec5d5919bb8f729ffc6a3eb8a0dbe1345bc43394fb98e8b906ab7cb811e99526b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BDYHZM61\www.youtube[1].xml

MD5 edadbe6ee2443aeefbdf075203d6d088
SHA1 e7cd2e27d225266871fb79b26fbfd0c13d8c44ad
SHA256 5d9341d15d477d57597c93c097460c30bd881a6c7e1f805f600cdf7c9fdd8c2c
SHA512 661771f5d04c6316b6e998d1bceda7e7af29bec7b6b32c082f911e7c7a3780b6a2974010667b64db7df23922dc321817f52e6c76fec9e9d773467963f129028e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BDYHZM61\www.youtube[1].xml

MD5 aa11bf63c62d04181ac49f7352db2f59
SHA1 4d3ba1274fc45b6f4202d1cd0d53ba4ccfb10ef0
SHA256 59fe4012d2295d5fd2bf6faa2ff371b1ac9bf058ef67057e5ea8fc67343d33a7
SHA512 812b8104e3a05c44e28b653ae4c9c3daeee45fd1b09a246765d0b62d2c9eb2170ebea98b09d9286945cb92f20788cffa6c733baaa6999473e67577902da698d2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BDYHZM61\www.youtube[1].xml

MD5 764b45babd0e3504067e0131de30790a
SHA1 2f241b12e04907751cb8b89d75449683c661f448
SHA256 78c119bc0a3816c89cbf768bfc3b3361d987fdf792bd8734b7dfe6f451730ec4
SHA512 b9bff9d38bfcbf07b8de1c46b0979759aadf5e350918c6e3a94a0fba9bf5f6565715c5f8464a89589864e371015b2b91937b4cb20d40b2c7d5cb9aa74637cc65

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BDYHZM61\www.youtube[1].xml

MD5 f7e48d0ce2658b5dd5afa3e7ec96782f
SHA1 2b7bb475d13d01ea203fe7212c93d1b6844e58fa
SHA256 8ab5fdbb16f3d4e3d91e9114d6dcb99a1c03abb9a9fbd24e8aad463760220145
SHA512 a2671eb96a03c9b18e4cb8b399f3216571250ab2a46f82c3942924167085a719947c25ac9b8d7f30e731e2003343197ce15a816e185157f66109a82735744b79

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BDYHZM61\www.youtube[1].xml

MD5 7805cbba401cc93f209c8ac65f3e3540
SHA1 98cfc0f4a0448b5f40ac23aa76fc5521b78fce4d
SHA256 752e2a6a1b3ba3f179451a9c5fe039d41cee8794d5c6072d07032b823f13f76f
SHA512 491b49b3e87b11ab25f6cb330b3146c73c9c28f43c0bcc3133d86f606dc93abdbd44462dfd3e15065ea022b11ff14cf19e972ddbf6f116bb931209d83e3a1fe2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BDYHZM61\www.youtube[1].xml

MD5 391bb1bbe2249a422ae9d024f25b1057
SHA1 8098b5c6c9bdcf8614266c8b39923c438ef6ea34
SHA256 953d131b011f3c9d722a4069427b8bea1cf965678814e02ea69ea90081ce2af4
SHA512 eba03573692369ceda9314c86718bf1302ebc2a72d10df373cdc7d7d2f1e0b37cb5969092005190b7c6f5bff62797b198900c2626573ffada87798a842e9968c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BDYHZM61\www.youtube[1].xml

MD5 0cf8e954eb013166e772d31116368a84
SHA1 32ea8b799126c177fa56dda043c5798254bd3d91
SHA256 be97b8427545c44247b7b5c9aad6dede6188b33714d1a8ea64eaa3b62265367c
SHA512 2caa3831a0e50676da984be57d68255c281aaa6535b461ce5ca1424d97b98fe4999a3bdb348aaebb8e5b6d326e1e6955887f2b2959b14fd7e3fad0d522df5ff8

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BDYHZM61\www.youtube[1].xml

MD5 7c97756c2c035ebcfe9208dd86591df7
SHA1 57e29d637804dff916a207896274157342cf68ab
SHA256 b7fbec450a4da215d0f778737445d0d3ad164d12e33b31e982eb75b64b4585e0
SHA512 5b44f363277a9902132cdaba7b84e2cab60592d37c39fca6c64074e62fc6189f72f6ad4d3d98f65562ab435de1b213b42824f8319b678e845314d68445733208

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BDYHZM61\www.youtube[1].xml

MD5 4473a417f27965137c8ff14cbcdac651
SHA1 5b4618ddd58fbe54d393d9a83c74299e065cf9af
SHA256 8393da4e4ec81887368b10c4755b09a8b492fc22d7ac467ee907e0a98f8f2506
SHA512 0323aa45c554a7cebff1be29213650ee87ac2a6181d2cbc63340a33b67e4844af3767fa6a40f765fe3be7ff0918c6d5fcb4d675b1690c0668f9df79c954a0363

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BDYHZM61\www.youtube[1].xml

MD5 a9bacc1ccf4247e753c79c631803bfd9
SHA1 7d7a018a11eebcaa86f228d899071061ee6ff4f3
SHA256 1c9e990e227de6631e027875fdd435e2893ead1306acb04e7a487ec3d282ec67
SHA512 df80b7b3c2fc1a9b06c57e1d82625f96e4a03e898cfedbe009c814931f787c472af552a962d6725dac2088268b370f2c7c6b83ac911ff61e9bfd3f9653944dae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e317fba2923976e9a1d7b0a21a0e801
SHA1 17aaa39b239908a178a0e07eeb41dc387d67d889
SHA256 05fe36e237ecf65db7d289703a48847bf38fdb507f87c9f6e3f8ce1b72244e2d
SHA512 1ae5e8c0d118fda5a3cffdaad4a9ecb575c24448a5ef1d18c6b94823600d224bff559b671f5bf4f002e768235323f5fffde98e4ad037d2ef8fae5a3b270049a5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BDYHZM61\www.youtube[1].xml

MD5 33d7cdd35a68047d36be2ea344fe40e2
SHA1 6b6ffb4eb1be80c102391a112a87cd93d1f584fe
SHA256 6f2904ccb59fc19eb26aab6a8d6f9602211d0d4cf3ede9de39a66e740079c648
SHA512 ef1d1bcdf0680024c0f0e60aaae4ae44fbb448bec5cf574f10fb438df1ebd802a8f8ff12972f1de30defc499ebabbc736f89a9186a0888da2bf8ee1f12aa8b78

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d19192c67eef23665d1a13fb9eda5516
SHA1 30d3157c1b9b21860b4530d121e3be11679c4d5d
SHA256 0d54685294f56d013a53e9deb8799ff69e0bcc79185e3c1d3a126c974c8d49a1
SHA512 419da21c7ca00e0c14e11dbc05cd7d1f4c6c9d50e83d5c3fa490e673c780d2186d71d8dd7911776e28f076f9ad71394ed806602dc1dd3a784500c51efc87558b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 38a4be4b5644c958e685416e63e5855c
SHA1 fe8cc0d6adc294467a67d08b4a0dadadb0aad56d
SHA256 1d3d924751957c1dfeda51f6ebe8b688fb77125142a593f47cec59f7adb06faa
SHA512 eb36907f631d0c4ba316af352c40cb926ffe790b9834ff6802f956bf225b8b5662ef37297f71e90c81951e40c95862352493cc5f8ef4b4eff5c54b0eccbbf132

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9f36c1f3f8761ccd4a659b8cdadb33f7
SHA1 a46894a427f66979235912ca486536f6058df582
SHA256 b5dcc9a08e8f8b43bc5736b29a586fec17c495366f780a8bdb04a960c3a73473
SHA512 dd11ff97de0c1c1ef3220b4b9c3b00ed8d98f1ad6a68e1baf8e785723053a2ce54e1af048eeaa46751037c740899a7fa32e781823bcff0fbf499554dd32166e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cebce821b6ee66d7ab6597a8584b7f17
SHA1 e39d7212b32837d697794843bd04c5ec538f573a
SHA256 53430f011c405a7769c52260c9fe5dafd6b9acd59368bf34934fbe4dcfd482bd
SHA512 7483b0b43bf82b30c78af42efdfa5ee68d1dc43bc12c4387e759e6948782b08acf051ad29215a5ca47d552c9f391a8faa08c64b1eef1680279fee61b104874d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 66d50e847a2716ba8ca04129c880d75b
SHA1 294594ca45d33ae39b0f2baa2b5518d757d8973a
SHA256 c838bd7780450774672f77788704725293db645f75ebb50753721715b11ea441
SHA512 25008af77e67602a55fa483276a912c99100a575a26d54c6d7f94ad140abc9d616e74394da481492148354303647cde0a320717857609e01436f058ee4680038

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2bfc00c122ec6988addd8308db2eee35
SHA1 46b8ccce41a1308ef5b7f88496fe86747330e579
SHA256 9db545b5f430978bdf377c8c9476eaaebd001fe4f4b9cfb0ad7ff90b86655457
SHA512 e65e498b9f27e7ff2a410539d304250eddfc04b15a74b51b8dbfad597fb1b70a19b185467187fb6cf735d965e9ddc527771b750ab7caa059aecb11c5eb6a91e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 31a2d01ace85d0db3e9437bdd9d8fc3a
SHA1 0e2a481bdd8ec0a293d3a1f9ea5d9e1133989d4f
SHA256 c8534c8a8cae50c7dfd1f3f39c7300fd8e18ce9562ae82a1ecc394c08a2e6721
SHA512 c253afed27a158273f3e0b9f6962c2457827ca32f012ac92aa5f3edd92beb92d99022695128e1f6c0e257fa1e7a8de3cb60450befe94fbcdf768062c46994ba0

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BDYHZM61\www.youtube[1].xml

MD5 e761e86a96dce49614af61a6de131b79
SHA1 33abeb3dd8a2efb9c47ed52c462b1fe38f28a46c
SHA256 b79c8828b231e6bf6946315cc506b54f44e31c13a1f2f5ebb400bf52ba4f45f9
SHA512 1043588cd6e81ea0fcbf3fb939c83dba8172a7889233d600935b4562d62f69736c3e91f2f245d015d7a28b5cf776922b2fb8c33e2caf5d2b08ded18ea47429d2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BDYHZM61\www.youtube[1].xml

MD5 044a9a496f8037f8a1534e5019846fb4
SHA1 8a3fcb20b2f8776dbc636b2d04b23b5336ffd763
SHA256 92c3ce3b890f70e9d1396e472d3f544a32246bafece3c06923eb7b89da230fe3
SHA512 70f5a7f723aa2714d794e1d3ef11b00d0558d529de39d1dcd48151f0170da1b637a17294d1dc8381248681f3a2642a505d5de9a39b40d5969a47c80b824f43dd

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BDYHZM61\www.youtube[1].xml

MD5 40409a8b8b6ee97663ece1c2d90fab49
SHA1 dfa4adaf89fb961b2ba007bfa480b20da6fbeaa5
SHA256 af349db838382b6f1923098865fd969a9e4b2c7213a178393f7162f4a9bee6cb
SHA512 2a5739b56ba85b9a1325a53ac649d44054170bbdd2d6fe7afa0c3783ee525f0f598e7ccabbe8280d0d2c9fe420f4eb871247cfe265080631fd23ea23ea62c209

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2fd234f09dfa29029a1a98ba87ce0ff6
SHA1 2fb1815c1f5e18b87145500ebdef1e106278feaa
SHA256 2eb13260b3de15a9b7d624cd368df7ac1a1c0c7a69b5106d4521f63c5a5e92c3
SHA512 7455e6cd207fa3b05e06a20858c94a988a6bbf31b3175da52fd62a1deb2c09b242fabfbbe2b68484196b845a0c664c59a7366cc0f0453cec4409dc9235cd0423

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c2a9a31604854801f1f200b8f1ce1a6c
SHA1 86a4bbe7f6e7cbc5dd6a45db55e44a3d5020a3ea
SHA256 16bc460630a0af67dd3a659998c0c278361b4a80357edbf302d6b2b2f6e767ec
SHA512 6bdd11f66aa9cd14d7bf32c3fc48529bcfba95ed9d50c74ab4bcb208a3670a905170d0e116a0dd8b8211e74d7223166f78147a2f830cf5e1dec79875f56b139a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 68a4ad2fe723ab1df8b4e9a20ebadde8
SHA1 2eac1a46eb1c21efe4945cedb49c363d42a3f3b8
SHA256 e2b621a99a0377fb23e7061200d0f03e85f0443e1b6ce835e2daca3578fd1346
SHA512 aa159e65d34840fa7a0ff17a55893d7802f72040239db2456a98117df749300e2bc83224ddb584d34259f779c6d8a713b853c784e6b0c594910a7a3af67fcf12

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c236e0e4356fedfde1e1ae8a30a84d1c
SHA1 8b8e0e339b916bfb6f16f45e49183c3700a3fbd7
SHA256 e6496873e6443e856d995add4809b5ce491f2f1915c6fcf5130df8c0f47e4540
SHA512 a6c20a869fb496cbcbb6869ec05e9a9780ded0fe2de111bfd4cf77ed0f8abc11272f6bf22a894e0d6c292d09451bc476c5332fa5a67a3027ff35735343f86001

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 52c89edb517fa6b298326411774c2a06
SHA1 9fbe9186720e55796b10db1eb50b2d1cf6ecf476
SHA256 c7626a6fcff818b9599d70c7c89dde930d714f35e4d00eaa34072d7ff2415a6b
SHA512 22741df0e14f4d3bdd703586a736d6cfafe5debdb2dcb94d810f2ae65775c3c755fe66567ea831eab9e66b8bda6088e35a43167881aeabdcca3b3a1274df9d3e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 01a0d42373ac14634375cb38dc91a004
SHA1 06ea5a9b9a9d80c26541afa319caf1ca0a020301
SHA256 833d05e1aba89f23a87a5005c3e5852a11616308a6492065923f4fdae898a07d
SHA512 f2f12cc97c80344139a045ec94fcc5fc478654181834d97fb2d2a6c7b95f2912080bd8be0d61785ec88b309a4f4c471105a9942c94f9ea35044281dbf908a16c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d0c1d8550bdc61cee69f7f4d2e4c051
SHA1 174e7032b956543ed7ca3540adb3bc2caf2c56dd
SHA256 70a0899b62ec973c98702cf4fb3163d2603ea7e304160af1315fc0f985a84207
SHA512 5244f6adf2375ee70bbc7ca070a2882e5b0d06013277b82f215058ea59396901522325d07e019395d6c4b9a4aa47c51dac3441a3b6b59c6f909661bd9692b4e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e0af7999ee539dbb472a69fdd5d56cd9
SHA1 2330e230237f589b3b6cea231519cb6a9ebad325
SHA256 f4edde862d928568b2d46c57dc73619e6bf670704e50e79a229ac47ad063fba4
SHA512 105956d09909c828a8b5537f2b064cc1294946f299fb4048f52d795b30dc921ea94f1f293feca676306a8ec7dae415abeae7d86b3bc94707abff9853bf8686ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8dbd659b030e80e0c77b9de1af6dd188
SHA1 88f8ba03d89f8606af2ceffe89763d0ac5267a68
SHA256 6345a62eb3c50bcd10f477cfedef3c110f5b2f6a120790a4e1f459e7c45cd634
SHA512 a8ea4220b392b8f16b6ecab577fd21068be4770d98d1c551122455ad9a657986281bc24cf99fce8c12efa1fe439e36b59c36a05dea780eec8116cedc3c90f60f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2d3da9936b494be1aee199553a168a9b
SHA1 add6ab123c9798604e92f3a9cc3851575b27319f
SHA256 0d7bf97bf612e27ec87e56c6b868df70cc185528c7c30bd3ed2e723b8f957bb3
SHA512 868bfe74020dda89ab7e4bd1b5154a8234488b96dbe27beaa31939a792e76e847279c537e858d7a674389dcaf59431e0fd88334b2761c73a2b300cc0dc48822c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ce81d865bd57846ecb8794d3bf039942
SHA1 a38770b305d9f636758ab27c7116502cca90e192
SHA256 eff2fe8b203744df60dcca025d1be41b7c03289ff25502ecabf6fe2f25a08eb0
SHA512 1a98e7a9779a3dc0609673a0c7c586f15ded2f67b3f704e3254a215bbc5666a15729f11391087976a4382472df6defa752637f123d2b206316f41c8f29ada751

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b92305084de3aaa6279c997df1a2c2d2
SHA1 3cc7b0d84617b08cb06c52938d416314435cdfdc
SHA256 cb4c2b4a2aef08c4c2db40e6aa5c2b73dfa1aa706238b198f363d5fc3a5c1243
SHA512 7412d41f4a0a2918d4b2ca9415baaa2bad0ee084d222fed9be18b141625c67a27018d56597c0d1efaf5ae7c4347444c8a70ffcdce4ac19c3cfe802d4773afcb8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dbd901c4e2e1964d24f595150a80274e
SHA1 2ccb8c7726874cd3193ea192e8f81b5685eb8c91
SHA256 79a4614241a6d035f49d6aec1a31e6a481a62eb081dc95528f2594eea82ca7c5
SHA512 b0f030c519d147083ae3699c19974860d51cdd3273e8d148bda22d1a2f22c6008499cde2db60136edff5b27e6c763103669b6c7947952fe14928beb669a1bd9b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b8defeda773532a2abc096e86c3869b
SHA1 883f029e6fb22caba34f5064149ab58eced907ff
SHA256 504798066c060daf385bb1b53bc4fa8416f23854c50eda49751176923c4dc8b2
SHA512 8da2f05294ae121fbdfdcc804486089917f2db9a9a5c20607450fa277142a0852b43b2aa3131edb06cff13d8870b13454eb394f166878064f43bea862c679851

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-25 07:05

Reported

2024-08-25 07:08

Platform

win10v2004-20240802-en

Max time kernel

145s

Max time network

141s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c03466bdda39a251e7b4ba51fd96d8f9_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2536 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 2808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 2808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2536 wrote to memory of 4024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c03466bdda39a251e7b4ba51fd96d8f9_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8841246f8,0x7ff884124708,0x7ff884124718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,17065672303164832762,4082925246656239388,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,17065672303164832762,4082925246656239388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,17065672303164832762,4082925246656239388,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,17065672303164832762,4082925246656239388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,17065672303164832762,4082925246656239388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,17065672303164832762,4082925246656239388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,17065672303164832762,4082925246656239388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,17065672303164832762,4082925246656239388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,17065672303164832762,4082925246656239388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,17065672303164832762,4082925246656239388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,17065672303164832762,4082925246656239388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,17065672303164832762,4082925246656239388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,17065672303164832762,4082925246656239388,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,17065672303164832762,4082925246656239388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,17065672303164832762,4082925246656239388,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,17065672303164832762,4082925246656239388,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 www.konthaiusa.com udp
FR 142.250.75.234:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
FR 142.250.179.78:80 www.youtube.com tcp
GB 157.240.221.35:80 www.facebook.com tcp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 234.75.250.142.in-addr.arpa udp
FR 142.250.179.78:443 www.youtube.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
FR 142.250.179.78:80 www.youtube.com tcp
FR 142.250.179.78:80 www.youtube.com tcp
FR 142.250.179.78:80 www.youtube.com tcp
FR 172.217.20.174:80 www.google-analytics.com tcp
US 8.8.8.8:53 i.ytimg.com udp
FR 142.250.179.78:443 www.youtube.com udp
FR 216.58.214.86:443 i.ytimg.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
DE 157.240.27.27:443 static.xx.fbcdn.net tcp
DE 157.240.27.27:443 static.xx.fbcdn.net tcp
DE 157.240.27.27:443 static.xx.fbcdn.net tcp
DE 157.240.27.27:443 static.xx.fbcdn.net tcp
DE 157.240.27.27:443 static.xx.fbcdn.net tcp
DE 157.240.27.27:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 174.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 86.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 131.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 27.27.240.157.in-addr.arpa udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
FR 142.250.178.130:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 130.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.doubleclick.net udp
FR 142.250.178.130:443 googleads.g.doubleclick.net udp
FR 216.58.214.166:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
FR 142.250.179.68:443 www.google.com tcp
FR 216.58.214.170:443 jnn-pa.googleapis.com tcp
FR 216.58.214.170:443 jnn-pa.googleapis.com tcp
FR 216.58.214.170:443 jnn-pa.googleapis.com tcp
FR 216.58.214.170:443 jnn-pa.googleapis.com tcp
FR 216.58.214.170:443 jnn-pa.googleapis.com tcp
FR 142.250.179.97:443 yt3.ggpht.com tcp
FR 216.58.214.170:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
FR 142.250.75.238:443 play.google.com tcp
FR 142.250.75.238:443 play.google.com tcp
FR 142.250.75.238:443 play.google.com udp
US 8.8.8.8:53 166.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 68.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 170.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 163.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 238.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
FR 142.250.75.238:443 play.google.com udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
FR 142.250.178.130:443 googleads.g.doubleclick.net udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 2783c40400a8912a79cfd383da731086
SHA1 001a131fe399c30973089e18358818090ca81789
SHA256 331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5
SHA512 b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

\??\pipe\LOCAL\crashpad_2536_CVRCOBKOVHIEDEAS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ff63763eedb406987ced076e36ec9acf
SHA1 16365aa97cd1a115412f8ae436d5d4e9be5f7b5d
SHA256 8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c
SHA512 ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d2733df883c123b3a8b5c7754b0ce539
SHA1 44138fdeed5d625c1e695c94c39de3071800315a
SHA256 5b3e4f0ed5da1709702207ee8893243f52c42e77263718c970727275d82601f6
SHA512 6ffa56cb3ea33f9192dc1a11eaa25ea739c3c131db75499849fae475fd77c48f5f7a32a57cdee6926388202ebbe73aec84f55edb3e879449679ce3cbb48d0029

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\50c1dc5d-7b51-46b6-8c97-fad2da1c5206.tmp

MD5 131fcea82afb15e5424097d28397f3ff
SHA1 939a9e8a6af9df77bafa468ae7ca233fd178d714
SHA256 bbc13d556e0b2c71541878952621cef89838fa5adc32b2752d627654244b0497
SHA512 098232c8b19202e9aacafca13f0ff0538d4fc52308d253182b9d527fdfa804738f80277ba8eab097ccf03b84b9712910afb8ca1d093bab1f12603493abca79c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 04a0b2759216e199123ad54c149a3e44
SHA1 f78c3501b0a7b4b9f664f9fa9c79b0395f0248b8
SHA256 102d832d215fc68733e606e86aadcc5cbdc4c505e82f9b37238bb5b1119850be
SHA512 e88e73b5258de51bb4ae7ca4cecd4fcfbd0c0b442ac6dafeb37b92e7795815e49fca3d39d4e2e5a74d31a32334bc88552ace9e24075ff51c84cd2cf393a6c7c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 688409c14586fcd1e8a0571083ce9e02
SHA1 d650e8c979d76e3b732cdd7cba916f308534e004
SHA256 a5588d487d25b8158c95dac5c03cefd449cdea9687528942b0be81aab8cd3d15
SHA512 f26f96d58724507876ac6c5828203f26acad404431992a60b479f2f1b1cbf5db31d806380b845f1384fb71e2b0ff0a7764c3c8db803fe83d70bf490c9263153c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d1803266ae8b08eb46dbe07e8910e447
SHA1 f4d7dc0056d0b25b50aa9aa9b3b2d58b862340fb
SHA256 e54ed4b8af5b769c1aa6e0bb5cf739c6a6cb23c9dfe17c60c9f385ed2c715f30
SHA512 032d31f04db8ce0248525e4a80a1d16119b0bf256a0c9c6f0e84035c2dea4110d2c1fec62f090e50a1052b76f7e15e41784c40967a321a1b134dc41b9cde45c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 62cce2e7c46ad0f2f860d0260988a2ec
SHA1 4ebb7f34f3cf0229225e7029d9ed45bc6abc7e5e
SHA256 127606b0319199f332b29b493a7660ccbff56a29392ebbdeb7a7aa2028b3ae29
SHA512 8e81587c33c7abb9d825390b4d62cbd00d49f34dfafbe7f14628fe7c5a45831455635ee8d5be66724ad7f004e2539c9add8a0d9b8a65b5a005c5760100559c60