Malware Analysis Report

2025-03-15 04:17

Sample ID 240825-kcazpswfjq
Target c055a6b97c1642c34b7088326e637a0a_JaffaCakes118
SHA256 c53157a6908839c427f6fae93ac14aebaa05f7437ead973b8592e37baa8e7a07
Tags
discovery motw phishing
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

c53157a6908839c427f6fae93ac14aebaa05f7437ead973b8592e37baa8e7a07

Threat Level: Shows suspicious behavior

The file c055a6b97c1642c34b7088326e637a0a_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery motw phishing

Mark of the Web detected: This indicates that the page was originally saved or cloned.

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-25 08:26

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-25 08:26

Reported

2024-08-25 08:29

Platform

win7-20240708-en

Max time kernel

144s

Max time network

145s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c055a6b97c1642c34b7088326e637a0a_JaffaCakes118.html

Signatures

Mark of the Web detected: This indicates that the page was originally saved or cloned.

phishing motw
Description Indicator Process Target
N/A https://jira.ops.aol.com/secure/attachment/688199/failwhale.html N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430736284" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10424" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10418" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10424" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "20249" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10418" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "20249" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "20249" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c00447c1c8f6da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10424" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10336" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10336" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062974e5b5f804e45b98349be16bffb780000000002000000000010660000000100002000000007a1c867fb4edce41995f90e578e224e9dcc0c99d0b85c298839cab3e4fe7b96000000000e80000000020000200000009256e32b33f98f53d4c51efeea94755e1c783c093c5d1c36e302fd5818added420000000bbea4e4574a3f84bc0c4cabf7c2a1e86849cf5b8ee83ec8669cbc7be4c896a6440000000ba8c29a3906066ab06eb818976ad0eeef774d911a71e9a7dc27a79a1f2420ed3f1af1aeb5dd644f8bff2b852bb4d6a1b842c4e73ea4c03e669133d61a894f923 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10418" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062974e5b5f804e45b98349be16bffb7800000000020000000000106600000001000020000000a5e900622a1e14beecb9720dfca35a29404664fe1d4ff0b274acc6401bd9b86c000000000e80000000020000200000007f34331e094d98ac34c26eb9096873b52bbe5c0922d568f67badad94ea3f097e90000000bd09e5f6b287685902ddf5674d620f9edad237912d626b904e597ee73d421bdba8f41ced4c088a4de4eda311fdc2bb12be03281b575f55234d7800e6fbf0561cf56e923159c1ce297bfa6f7063a27fc344934b229c9d9390e94e16c1c9014d19a51b829bc492f006eb7cb57577f6065358c4c83c0b07ea2ddcdd6339fcf4c26ff4787c57f7383bb63edc3489e6d8c02140000000a4a0bcf34d97b408ef3501e9e8e37ad469ad37d1cdac94758ca977021b73d8ca5668fbc651148065200d60e1cd9a3dd83a0d7a5268546776e4b30593ac6cb64c C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C8791E91-62BB-11EF-B903-D22B03723C32} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c055a6b97c1642c34b7088326e637a0a_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2372 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www2.smartadserver.com udp
US 8.8.8.8:53 www.universalwwe.es udp
US 8.8.8.8:53 www.statcounter.com udp
US 8.8.8.8:53 goviral.hs.llnwd.net udp
US 8.8.8.8:53 feeds.feedburner.com udp
US 8.8.8.8:53 www.feedburner.com udp
US 8.8.8.8:53 us.i1.yimg.com udp
US 8.8.8.8:53 buttons.googlesyndication.com udp
US 8.8.8.8:53 www.bloglines.com udp
US 8.8.8.8:53 favorites.my.aol.com udp
US 8.8.8.8:53 www.netvibes.com udp
US 8.8.8.8:53 www.newsgator.com udp
US 8.8.8.8:53 widgets.bitacoras.com udp
US 8.8.8.8:53 img233.imageshack.us udp
US 8.8.8.8:53 static2.bitacoras.com udp
US 104.20.95.138:80 www.statcounter.com tcp
US 162.0.209.115:80 www.universalwwe.es tcp
FR 142.250.178.130:80 pagead2.googlesyndication.com tcp
US 162.0.209.115:80 www.universalwwe.es tcp
US 104.20.95.138:80 www.statcounter.com tcp
US 162.0.209.115:80 www.universalwwe.es tcp
FR 142.250.178.130:80 pagead2.googlesyndication.com tcp
US 162.0.209.115:80 www.universalwwe.es tcp
US 162.0.209.115:80 www.universalwwe.es tcp
US 162.0.209.115:80 www.universalwwe.es tcp
FR 172.217.18.206:80 feeds.feedburner.com tcp
FR 172.217.18.206:80 feeds.feedburner.com tcp
GB 87.248.114.12:80 us.i1.yimg.com tcp
GB 87.248.114.12:80 us.i1.yimg.com tcp
FR 193.189.143.34:80 www.netvibes.com tcp
FR 193.189.143.34:80 www.netvibes.com tcp
US 15.197.148.33:80 www.newsgator.com tcp
US 15.197.148.33:80 www.newsgator.com tcp
US 76.223.84.192:80 favorites.my.aol.com tcp
US 151.101.130.114:80 www.bloglines.com tcp
US 76.223.84.192:80 favorites.my.aol.com tcp
US 151.101.130.114:80 www.bloglines.com tcp
US 38.99.77.17:80 img233.imageshack.us tcp
US 38.99.77.17:80 img233.imageshack.us tcp
FR 142.250.179.68:80 buttons.googlesyndication.com tcp
FR 142.250.179.68:80 buttons.googlesyndication.com tcp
FR 5.196.111.64:80 www2.smartadserver.com tcp
FR 5.196.111.64:80 www2.smartadserver.com tcp
FR 5.196.111.64:80 www2.smartadserver.com tcp
FR 5.196.111.64:80 www2.smartadserver.com tcp
FR 172.217.20.206:80 www.feedburner.com tcp
FR 172.217.20.206:80 www.feedburner.com tcp
US 8.8.8.8:53 hjefyqznki.igg.biz udp
US 151.101.130.114:443 www.bloglines.com tcp
FR 193.189.143.34:443 www.netvibes.com tcp
US 8.8.8.8:53 www.aol.com udp
GB 87.248.114.12:443 www.aol.com tcp
GB 87.248.114.12:443 www.aol.com tcp
FR 193.189.143.34:443 www.netvibes.com tcp
FR 193.189.143.34:443 www.netvibes.com tcp
FR 193.189.143.34:443 www.netvibes.com tcp
US 162.0.209.115:80 www.universalwwe.es tcp
US 162.0.209.115:80 www.universalwwe.es tcp
US 8.8.8.8:53 www.aol.co.uk udp
GB 87.248.114.12:443 www.aol.co.uk tcp
GB 87.248.114.12:443 www.aol.co.uk tcp
US 162.0.209.115:80 www.universalwwe.es tcp
US 162.0.209.115:80 www.universalwwe.es tcp
US 162.0.209.115:80 www.universalwwe.es tcp
US 162.0.209.115:80 www.universalwwe.es tcp
US 151.101.130.114:443 www.bloglines.com tcp
US 162.0.209.115:443 www.universalwwe.es tcp
US 162.0.209.115:443 www.universalwwe.es tcp
US 162.0.209.115:443 www.universalwwe.es tcp
US 162.0.209.115:443 www.universalwwe.es tcp
US 162.0.209.115:443 www.universalwwe.es tcp
US 162.0.209.115:443 www.universalwwe.es tcp
US 162.0.209.115:443 www.universalwwe.es tcp
US 162.0.209.115:80 www.universalwwe.es tcp
US 162.0.209.115:80 www.universalwwe.es tcp
US 162.0.209.115:80 www.universalwwe.es tcp
US 162.0.209.115:80 www.universalwwe.es tcp
US 162.0.209.115:80 www.universalwwe.es tcp
US 162.0.209.115:80 www.universalwwe.es tcp
US 162.0.209.115:80 www.universalwwe.es tcp
US 162.0.209.115:80 www.universalwwe.es tcp
US 162.0.209.115:80 www.universalwwe.es tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.80:80 crl.microsoft.com tcp
US 162.0.209.115:443 www.universalwwe.es tcp
US 162.0.209.115:80 www.universalwwe.es tcp
US 162.0.209.115:443 www.universalwwe.es tcp
US 162.0.209.115:443 www.universalwwe.es tcp
US 162.0.209.115:443 www.universalwwe.es tcp
US 162.0.209.115:443 www.universalwwe.es tcp
US 162.0.209.115:443 www.universalwwe.es tcp
US 162.0.209.115:443 www.universalwwe.es tcp
US 162.0.209.115:443 www.universalwwe.es tcp
US 162.0.209.115:443 www.universalwwe.es tcp
US 8.8.8.8:53 c.statcounter.com udp
US 8.8.8.8:53 www.codigobarras.com udp
US 104.20.94.138:443 c.statcounter.com tcp
US 104.20.94.138:443 c.statcounter.com tcp
US 8.8.8.8:53 app.xclk-integracion.com udp
ES 62.97.140.11:80 www.codigobarras.com tcp
ES 62.97.140.11:80 www.codigobarras.com tcp
ES 62.97.140.11:80 www.codigobarras.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
US 162.0.209.115:443 www.universalwwe.es tcp
US 162.0.209.115:443 www.universalwwe.es tcp
US 8.8.8.8:53 stc.xclk-integracion.com udp
DE 157.240.27.35:80 www.facebook.com tcp
DE 157.240.27.35:80 www.facebook.com tcp
DE 157.240.27.35:80 www.facebook.com tcp
DE 157.240.27.35:80 www.facebook.com tcp
DE 157.240.27.35:80 www.facebook.com tcp
DE 157.240.27.35:80 www.facebook.com tcp
FR 142.250.178.142:80 www.youtube.com tcp
FR 142.250.178.142:80 www.youtube.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
DE 157.240.27.35:443 www.facebook.com tcp
DE 157.240.27.35:443 www.facebook.com tcp
FR 142.250.178.142:443 www.youtube.com tcp
FR 142.250.178.142:443 www.youtube.com tcp
DE 157.240.27.35:443 www.facebook.com tcp
DE 157.240.27.35:443 www.facebook.com tcp
DE 157.240.27.35:443 www.facebook.com tcp
DE 157.240.27.35:443 www.facebook.com tcp
US 8.8.8.8:53 c.pki.goog udp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
US 162.0.209.115:443 www.universalwwe.es tcp
US 162.0.209.115:443 www.universalwwe.es tcp
FR 142.250.178.142:443 www.youtube.com tcp
FR 142.250.178.142:443 www.youtube.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
FR 172.217.20.162:443 googleads.g.doubleclick.net tcp
FR 172.217.20.162:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
FR 216.58.214.166:443 static.doubleclick.net tcp
FR 216.58.214.166:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
FR 142.250.179.106:443 jnn-pa.googleapis.com tcp
FR 142.250.179.106:443 jnn-pa.googleapis.com tcp
US 104.20.94.138:443 c.statcounter.com tcp
US 104.20.94.138:443 c.statcounter.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab1B9C.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar1C0E.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0189513a039344e4ffcdb335d56a9d3a
SHA1 bfe9e29de3efc8cac724353c2cc49e7b449cc9db
SHA256 62544d00d74d83ee2aa65946bb638ef89d3fe28aee39b5d8abb210f6f229b168
SHA512 ce7b9e1b5e1282a20c253c30229fab7f24218c1e33e4c822b233c9bde73722f7c147cd04d66d4e11b7e25a303e63b209c412a0b9885d029a6b6f8d3a75f60a63

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d4012f677750db99c06a49199815f4b8
SHA1 c96ba1a952a7c7221d3437a58ceaf8420c2fac2d
SHA256 9b09d8a7ecbb48c2ece36234e2ea5565d396ae507e179effb4543394346aae85
SHA512 eb69bd9bb562a7ea61a1a01fc3449e9bb2119b300ae8470a04df5990b983a81b7641708bab1c64ca004cba466f4c8b03f75d7686ea6bf54524cc695749ed3489

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

MD5 87e368fd6a69ac8a45f3de7f4f007774
SHA1 292cd5e694d8fbc3e33ad08cf5c566c885679395
SHA256 c240009635919df42531fb1b4576bf8bcfe5e012aa9ab0ff3bda3509404210e7
SHA512 474869bda2e52f475e3df7be2447ad1486e6c6524b06fce74931c74b7b6ae49428b42a541d9c59cb55d791a51bd2490c0a0bfe40c0daadf03ded1d91bd255104

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

MD5 c5dfb849ca051355ee2dba1ac33eb028
SHA1 d69b561148f01c77c54578c10926df5b856976ad
SHA256 cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b
SHA512 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2UK8J8K8\print[1].htm

MD5 5d8d79c3cb9af023240b1be6f5057aaa
SHA1 df22980677b134e83d878893f7c7984e0d78a240
SHA256 e8b101a7c7f64aad528cc734513cbeb02243c0af37930dc0f3239749cff184b6
SHA512 66f432b622cee0bcc06cbc0f833de1471ea36c295b4cd93eb848d97e69c2252acd2fc8972db51ea35475a424f4d6cb5001325525fb04f71b8704eb24de1c4008

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dfb012f3360bcd898ba0d8db79bb6356
SHA1 6fedf73adb46cc6f4a878d7f52116d5ddeac2937
SHA256 e76126c7368dd39da66033d130603652ab273317dc3872a4213a85b3083ad7ac
SHA512 8cc7cf463900e05464dd86d6ec489a0e62bb28cff5f2b03acbbd70a40c229513fe00e7a73fa1e2d2542c1ce7d0c628db039c73541c4b50284975c16e68789424

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09eb835ca5ee242c33ad1d38e0f7158b
SHA1 6265999d45635408d4e473246275306d83ac7902
SHA256 e27b0c7fdee87ef38eeef8d517de7e8ffe4a5d01c53ea9255b5a84e129f407c2
SHA512 fa5d0e70c2b7968e3e2a4fc7f93ee9d337406d970eec0f6d03156a8774966547b52e8dc259ae544be31d14e22bba1af51bfa6c098a8e5702e7d1d2c88bfe40cf

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X761FPIN\f[1].txt

MD5 35e751e9ad4488fdb799ff2ee5c05093
SHA1 bb6660f96662615a468de0e613e2ce703730877e
SHA256 120541cf1ce005e98991acf361a6f8d344952c46ac18aeb2edba61f3dc3cfe74
SHA512 e1cf23aa3fa90aa6555b3176f262aa79fdd2a8b9119f579d45da012f61a9f32b5993c1fbefb715bdcbe3ec8563d93c239fd623b58a46070dc4e90937fcb31914

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a760c0a77acd37ee6a11c5785dddf703
SHA1 0762418a09d188fc05f2696e5015a7c0fe6e1a1e
SHA256 9685f05e769470c3a3ebfb5c54fe8462f778c4c4b4c5347ba50c5b2fddf4f1fa
SHA512 81ce15788d214acea4877d23c5034e176585c24658b0e594ded4788462d45f493c413da45b0acf7e524679204d6052f5383781d2bb596d2260e8ba2a51827f62

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HTBGGANG\counter[1].js

MD5 b5af8efecbad3bca820a36e59dde6817
SHA1 59995d077486017c84d475206eba1d5e909800b1
SHA256 a6b293451a19dfb0f68649e5ceabac93b2d4155e64fe7f3e3af21a19984e2368
SHA512 aac377f6094dc0411b8ef94a08174d12cbb25f6d6279e10ffb325d5215c40d7b61617186a03db7084d827e7310dc38e2bd8d67cf591e6fb0a46f8191d715de7b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X761FPIN\ad_tpl[1].htm

MD5 1596b434f89bdbaed9a2ed3f0f4fe4ed
SHA1 4d045ce1787ccf38d5cb7ae1bb9de50d58975ffb
SHA256 5b281f5d510dcd5b8a4611267635d4b62a3632108f254bf7e325f663c6c05159
SHA512 9ee6fffeea5056ade5d6665cd009635be0f5511f522011b6bea697a9788010316e7f997cd873d02698ead63ac21bf01bca753ce4fcf7e40c5217f7615357aa8d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 7b0a567ffb62d41c20818bb505ee5e55
SHA1 e1d244c8f9bb4b1bc504e766a2b368ead64cf1ca
SHA256 c040512fceee5e1f821782c1da0f0238163e9ec819a1ec2be9077e3e49e78b49
SHA512 0e9856a73e0b638d414ffe9199f2bf4ef90a3839d2c8b2c0150a325898b7c5ed7df11c1280d733063a9bc124e324f6fd8484e4a252a8d099a4f71f1c770b3381

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f941f7933d64f302ad0c6e30c9b4e67a
SHA1 3aeae47cbd13f54ffd4f2aa4437906fae93361f1
SHA256 38ff509c60ca0b1d4dcc3a92d4a1d323fc3836abcaafdd8137f1a7957526e175
SHA512 cd10c071b7b6c54e8c9c43f7298daa66b347400adc2350020e51d6702f3cd99d3e9c06abbaa597496820162c5efd1094f0b4f3cff1777022128f45905c6302f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_99D900F12B8086FBB953F0E33A55DBE5

MD5 34615bf555bbeac6effa0e57c9e75098
SHA1 73fd1cb920454fccb0956034b9f0237dfbafd358
SHA256 3cdfd632424821982992388387b7c9b2d8af59bbae830a4ba922c5b4a8de32da
SHA512 e0110d24e7f3c33d6c7509f4dfc910d8412c7821ccbf15a31d33b38c1865f296359fcce04e24f086d8bcef0c9ff7f791c27169dcfc148cbba296b11e53a2ca36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a7c8797dc4c425b2e4c9d8dd84a980bc
SHA1 e98ae42bd63f770c891022bf80a7489acd9dbd6a
SHA256 99f7aaa710ce516b14d4d8d871863efc0bf6bd84f60922ad0fc62e9473416c18
SHA512 09964f6851f6e7ee4c96a105ae7ae24cab2c134f12751f33bcf813502b30547b7bfe1438c29a39e04e8bb8a47c14111b7a51b97a0d71ee56928e3d4b3825afcc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9283de414bfb62f8a7400c3a7de12518
SHA1 6bb3466613ef73dd901eb282fba6a19297d83042
SHA256 60ace64a34cbdca45f1e966ce34f46bd94e64ac3753505440146c2af6f12bf23
SHA512 27742343bc082b4c2d65d63d6bdc14164988d177a8f921bd4fc5eab8657a26c2fb426f774906eeb4649e52bc2101d96cc54e2fc72fd74d7af9c500340fca71cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d42fa63237f1c178be339c3e3784b51a
SHA1 6980c4b831eb8f27c7b64c448e6d6b637393d8e1
SHA256 7e55197d1256370ae31a3f62d7a794f5aa74cef13c201f6864465f24e81172d3
SHA512 7a14a2047cec7212eb81009020d6f47db5b80cb21087c99c9f533c4446157ce8508469fe5b45c0a5a4f7166e9278225a078399b5e4fbc8916b445e9e839cf6f1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 27dbe4696e8e4fef2a25a13fd723e10a
SHA1 63d74047b5f80ab00f4899e80b0ddd880f2de528
SHA256 f820f76c90aa0931dfd614fccf60597496e0b513ab128140d0f486a5ac08c063
SHA512 a5ea38e98b00e11c29817f60cbb12bd7b8163a68f14424a410664d9f12dfb496769de8381ee7bfe32a6ba5ccb6f182fdf04b16c1f2ee6cf2d5dd63b397ee15d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db33520e412acb28a935a9c05ead499a
SHA1 4f74470076dc67b49750aefc187bdc9a202a7eb8
SHA256 ab66621a92314bb73e368a542f9c58a371c1d498c5fc92a67eb05c0d49b113d6
SHA512 daa772f3d88d1a1cf4388934bcab3e0901e35c069c554188313a21d9c0401c7f9f19224137253cb969dc497d22f71230cb0eb202b4995623d60fd9931a21cef3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dbd3b93e886e9b8146c339a2bce99bb8
SHA1 8186d93a23b210134c73736be09e20a1659c164c
SHA256 941ece01b47191637bed43d8ccf01f069809ba79d3d31cef1b51f736044d995a
SHA512 cf17eaaa41e884a3b208c00c261f97b45d9581da85aba46af2f0c73a4e0565efe03108efa0c839d5eb6d51c63c09eb1e7ebf746a8c088c4f7a47dd4c094688ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 70598c4dcd09b2e0f21cecacb7b3cdbc
SHA1 5f55eebe5ec7f2dfae836ca2cae184a5589e1f44
SHA256 ef66a4635db842841f09d77e8515321b9735ee54728e17d85b912f307d8a2280
SHA512 db125950e87a0d88e4f30a4d76dfba92823f3ee569b80d9e4c09701c165c25afb60d4e9150495d34f301c35fe6b537be79b9cad1911b1ecb9d3c6bd95cd34963

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e9e43aa8123e3e0a772115219b2d7310
SHA1 666da5c1fbf89bcd04cb4f24a295974fb34d4edf
SHA256 05a910ebdcebfb21b893242666c7a1234b028875bd382783f6865e80b97fe26a
SHA512 2d86aa26b3217d4d259df47e2c87c6ad1223225dc0c661a43c68db50492679517df1e6bff2c86987a5953574fd552e90d272e25320c1b2db0055b94393e0c26d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y0SZ0BG8\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y0SZ0BG8\www.youtube[1].xml

MD5 97cbbe20b69c8f3c3209742bcdfb9ede
SHA1 07a31184f68fb7dd0f73fea2844533b332cca1ba
SHA256 e5e8cb72f948dd4ff9aab95990a749bc051b14e8f09b7a8ee0d7b922aaee97cc
SHA512 a81cfba7530f9f319f46ee61da8247298b3e0d995c08b6aa199da26b2e515017440116caec6d473ba8ab57e7f166da6c0e5167e31b85cbc6ce0051077396b315

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y0SZ0BG8\www.youtube[1].xml

MD5 e777461de24821fe0a3e3f3191ff1940
SHA1 207e38140a83fc84e63325738fe2f9e8ef8bc786
SHA256 25e3e8a0199ad0106cf80c1f5ac6fda7396331bda37309220d8e6348083b34e6
SHA512 48f579fa7ab036ec4a44e806f2c1aa5c31316da4ca2a90e4031cf2b92b26a8b06274d402e193f83ec439458ff4829ce7522a3962dae7a403bb68d72dcb8f85a2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff78b9f764c24f81ae4227d36ee85e55
SHA1 15520757bb57df65cc01dcc28a2011c64aa57105
SHA256 a23bc45991c98731c2bb30859f6fe6df9037f515a6822a13bcd96357e1bd1f97
SHA512 1fdd4f02a276ed8677955af1ee655a56a4f7eadb6300b97f5765e79d422c0f5f7c32aa2825ffdba639041ba728456eb3b9a535215b667c2e4b8bd5965e0df705

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 565f112389f6a3937394a14e85e799be
SHA1 5a60417705507420359aa1ab836f4346757c5515
SHA256 c5f31557bc21dde2f5415851de64c6b6b41ab3be339e8cb7c77de2028c9662ec
SHA512 9ad9010f7d4542cf7166c927d50e418ece0e11b8568ea16e0537195683f4e73ee11f99a854aff484840be24f37a2f976b0b18c5a3c01a557c6aede8ed4cb7d5e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c6a0ff5cbce87c4d6709512cbf08443
SHA1 d1823d5b3b49cb30012eb40cb8a2947d8262de19
SHA256 cdc47f88cea799a1e58bb683fb0fc0fbc4079eff4fd083683e3ade30168f1bec
SHA512 93ae98bb4cfddf4f2769c96d80b7339f1ae909a46d2b68352589178f89db1e4a2b16dd31b9163bbcfc4b919948875c0b2125f3c86a09c41b650b197892dc8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9610fe6c912f48051dda26bb2b7d3c85
SHA1 7aa46ebbf43831de714b0f6274f3a945dee54ad4
SHA256 5b2feef144e8b65bc88b19d3def5c6b3a77b992ce779f3213a2ae24940a79b4a
SHA512 3ef3c36682779be0d21b389b102f9655ff35f812b9f5db7941c3d423cdd0640ba37562bcf0fea42322b7bbbee863776cc3272c156e8d0efcb29e86cc960e55c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c2eb360786ce0be2a5142625171e79a
SHA1 64fc732435bc4a38954b2d2a779ba0b44a2f05b4
SHA256 74e8821bd4ee1b0430f5e29520a14a4224fea66d68a528f2a04fffe96c7354e2
SHA512 8109dcd421c4014b27589acd7fc656698876a9769ce419a38b8d8e16f149274319ddf7b2165b6f2a345c457a93ce0c4f8c308d387946abe560b3b8a6d66f3584

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3cee7e8d322e60e1439823d72c697e88
SHA1 a834072558e67c046648ea784e908bb7c16e1211
SHA256 23da70e765f8fc877a0aba8ec096ed3fa19fbca5e3071e29048962d791796aad
SHA512 d843fb5818848289eb69bc93a9d6c13e78978bddef7d2707e8b8b6061fe0a0d604b19a8da1e51e8ea83914ec858377c2192dc13d8b7982103396961295930356

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e62e5fd0621d8525819938f3e50503b4
SHA1 ef65f3cb3b8c545123cd56fc0f2bc253dae71b9b
SHA256 069aa390a8ac5222a912006edd2b21b92dd1e7dc3e271a5851114084b77061ba
SHA512 f37caa247979b492b233456490587a64cfbc928902ef7fcc7f6ef30cb314376e2ed103ee3efdd94c2b52dec2fb69fa3967fea13c2df0fefdef168662b3b48396

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y0SZ0BG8\www.youtube[1].xml

MD5 3b868e29bc745f4657f7aafc972fc6b2
SHA1 fa5c6150da08dd8c756366b62db69dd238fb0f5d
SHA256 467f9e4c4d4ea319d18445bee9e2adbc9499fc943288296936c613a8eb230148
SHA512 22bcef7836f49f816e731ec0adbbd88e1f7ab9198d490cc1f59a7386c7348d4b95475299df669e1895333bf87323160548538aa337ccec638330a3288a4ede37

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y0SZ0BG8\www.youtube[1].xml

MD5 ab16d63885135a6e7b80bda87f892453
SHA1 fa2fa0bca18a5ffb5e889c48021252721b147fbd
SHA256 d8822f2727d7a9f61e21dc98c3b406f6ee1e061dc05a02ca75762c0f000c3bae
SHA512 7a92e363d892d265fdc893627714e6c3baee39044fc217b8c1c992590f5f046bd37cdab4ed69c3b11e97fb9752609fc57a9733b4c93ad165f7dcc67cff4fd638

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y0SZ0BG8\www.youtube[1].xml

MD5 6881069ff3851462c9c0be56cdd5d72c
SHA1 847bf3971f84775c63d6285b7f12846ad0670c4f
SHA256 e6a49ab1d7ed0fb87d9cf5c7bbba3cff15c5119308fc4c72ebb5ac5386fd945e
SHA512 582b04d4efe6180804e50f88562c736005310d1ef27112c5f6f651c24de3395c4b7981ffc5affe3573ebc5941fbf77ce986b1167d58ff436891ba93dc2ec5fb9

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y0SZ0BG8\www.youtube[1].xml

MD5 52178f82d14cddfb966630c63ea6f3ee
SHA1 971368196931ddf7127652620783e56810b9b347
SHA256 e226db8bfeb0ac6027f39ecaa61f516866bc1256c378dee3a96e3a2d6f94b7a1
SHA512 ea033c998471ee45227a75817623eb1ce185b5ceb31e6e49396e945ee617c3a456da21777a6d89bb2343d2004a78ff551b4e7089780f03a2a87b9fe2ee6eb6fa

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y0SZ0BG8\www.youtube[1].xml

MD5 7e3e38a428576cd0f279e6f2496d76d7
SHA1 24444f588e520078d8d4bf0f804c0d7c49316c94
SHA256 0dd6b7e9d2885dc8762d1211dd67a26d490dd2538d83e978f22f7e8d13009266
SHA512 9f54c427261e197cc5a814bc7ea01a1685155d9cfd5a0aa2a3e09bb255a77b773b42eb8b9a6b2a95cf4d4342f8dcac229d8a2f807483d77ab2ce33ed50fe7788

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y0SZ0BG8\www.youtube[1].xml

MD5 13845013fec6d048792e98f814a6cc3e
SHA1 4e9669388ca2129787d540e8ae9c066db47243ae
SHA256 23be981711182ae2a6996a7763edbf85a3589958ca056835dd5f364eb7fdc19c
SHA512 770d968671df0b74878cbfe11c24b5f21fbe46e00e984f3fe6eed285b08391e3da4cf89bd39a572ae0a4a08642d660e3f3c457568f972ac8a112bce8333d3342

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y0SZ0BG8\www.youtube[1].xml

MD5 174c87af2a27f4d6121ca28db820b5a0
SHA1 d4d69dc1b3fa287ea92d2c1312d01e47aedc60dc
SHA256 b68a1b4ad2a07aa3631d9bc88b3b42fcb9e8d06b2adae3470a1d4cdebd79729b
SHA512 3a6446c6fb8466066921b1b80f4eabb238099d5aba21620c259d950cc5c1f110c589375f539aadf8021d0a139aeadab313b8c5d0b3bc19ae069706cf772ba281

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y0SZ0BG8\www.youtube[1].xml

MD5 0f94c1dc363140b6947bf6770b8bd2dd
SHA1 2978f9174d375f5e5bea73c93cf27b15621a366f
SHA256 06699b23b3002f7c0384a69bba1f7aead1d48f04fd419052bd902b8a7f83aca8
SHA512 32802ba1647377b6d4102d0b0da626398c617f8754dafb69c90c52d9712458a51b71c7797f6b06de0f9f660f083af37d55d3db1f39ecda2c57863dbe13e5a0a8

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y0SZ0BG8\www.youtube[1].xml

MD5 357230fd901a71061ae033586e46e47c
SHA1 9c55db51d4d4a91693980bb5b88e1fcdc38a85e8
SHA256 fd48a27253b89c052ed94e0cd01e42ee70b3d1bd54470c4fd9f4bc09cdd7ded4
SHA512 22f745ed6b19801ab7bda549f52b7777d77a6e419f78430a67b0fdf05186efb0da6e3594c9df8e191b6d1f58b55271218417f276552dc8b13039b98472485df5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b5865e8d75ce05a40cf506fa281f5c1f
SHA1 10155cc994182164f7e8973487bec81c1132c79c
SHA256 b317c3b9879c71ae8bee17673557eafdd518902c67f24544fcabcc5190c234f4
SHA512 b5278a321cbc89e4481df031af4725ac086486696d06991e4d1b7606e575c89abe64c68a9bcbfa173ae2436c62fd9efa0ff4e803090fe7aa5879622bdff8feb7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 65f62b043beb4da3cc9f26d6581b0474
SHA1 6eeaf2df32611547b0e80255f25d412595c13a58
SHA256 f62bf9bab39fec13be705538eaab9eb4e94b042b53fff3445e168c882077c290
SHA512 61e9226b5e2f0cd6073cbf4e2c2cd78679a575420d17433db11ca3985d4eece762a7ab22a2a5bd59ee42dff037439fadf12edfe47dc6f6e80ece4ed294e5f5cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 551af9ff57e1238188810c7b3f658804
SHA1 7838516a2e73dd70acbc6c50b725b36792f922c3
SHA256 9a3a848820547e7c051b517f5405467d464676e7d473e2add043e90f34d62041
SHA512 aa85daae7cd4f86323ca0f1e2a87f7b1b77f3e072316436a979cc0425b2f5e57b1809237f1eca8760fafc96223b770d71549ba2d14ea7194332ebae353e08524

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 476216e4a3c3c745dc870642601aff4a
SHA1 a863a493aa42243bdefd6e236385e982343114ed
SHA256 4fb8678b664524e26ee90b22b3b2f970d5dfe5d032b776642f0fda7ff2db64d6
SHA512 bd7d8f31f2815f22e65030907eef4000f70e7982fbbf10b6346a950493f6c425e41bb71711fe4d0f216354a3f4204d63319ea1fff9da1ca5c6b61af7cacb0d7c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 595cd10e78009931c01ed6731d929fb8
SHA1 b051f6d3ee5824b466abef92a62d1e493984eeee
SHA256 0cda7cd16d6aff5fb7ec7d533420a8f2505c85aa907034d52b087803418d476e
SHA512 e283252a13f3d40ec0c8eaf69436400a0b5ef7d60f693f524279fcf35787f7e8ad626ecac7bcb7d64f18a084335d36496dbc8a49222a425cbda0bdf3c7984b2b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fee9eb5fa3aa4143f2cc7a746db1f131
SHA1 184e6fd8e313f876f80f3cf0b349fd2b6d20cc7c
SHA256 7a7853547762f1bfff2963b8e72171df9f2685004f89bba72dccc6c14fece0e5
SHA512 906fc465e55da7e4985450bc896cfd9ce7c594e780ef6b390bf42ece32267fe289eefd1041a9e16e5d9046beaf599c65021eee7d4b152eaf869008e6138ade90

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2000cec21fd0c0c3ac315ee40739ac5c
SHA1 20925717b4676a02767be691d2cd89cd201b6f05
SHA256 798c897b2fa01367fa41b289b184a61ac4154f0bff9a026a3a8bd3ed5d24f386
SHA512 758291c5e1554ef88a221ff3b40fa10e9360dc9b53b82da3f3704bb23bb6c0cf9f7445c4bee14411b2b8eff3a76f3cc51c313d525fbc8be38c158a81b7e0f259

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ccfc8cfca7c91df928da39fb64d642c5
SHA1 1b4efcafb98256fb5e7349ff5745538ab7a03b96
SHA256 d337ff7e253193b1435d87985f67e242befde725c79352d6ba332deede1bed45
SHA512 bb2354ff2ad7138051eef007a54f3991c329d90837e75f84afa50f858f570033dd6bb5778da77cab281ea6537c13fea27f8f61117e36c907b3d5afbe5dfb0de4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9a26b862a875e7b7a50c8572d395c3ca
SHA1 17ed4024424002bfdf2fc76c09f45d84acdf2f7f
SHA256 aca7f8afceed53193c792e420801132b17eac3120118fed28b16cdcf4e0226f7
SHA512 7e590cc064c9cb5b8b38b4cef9f9207ec194a0e5f1f1658192e596db45ede00b46897d371dabc5dc21213a0457733f9e945e0728ede733a9b61ced1d45dd803f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5a077e338a464b00e76a62c4a3ec2020
SHA1 cbc8752e9dafb714a88cc40b4d8f858756b7c626
SHA256 55206fe843987368081b229af31a6a87644ddb521d3d722f3db9b1f519ba72d1
SHA512 e33dae6fd6f878dbb82a6a2fbe7560574ea18fa8091ab1bc043eb038ff6be1e2ff64501dabbf0dbc337fdcd748b68410dafb69c6b68a5ed188618e405ed9e5e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8cdc030c458cdd68d0f4956108c43e14
SHA1 ec1600c88b17a48d9527eb3b00c9291ccae81b2f
SHA256 afb5ff5ba75a43df46e504e0ff0008070e16b711a5b1f8aee252d1ee198c0f82
SHA512 da974a3f8314151b919464e4bffdf8fb8ee4d7cb5177d5e3d0027c6073a27ea0e2b5bc5faf744dc05824466a0ed002d14a5550ddbeb13b3ebf730d40f2140388

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74f27a72edd4a178940e4b397b566153
SHA1 85e768f022599ce25a3d1012dd73873efba4165c
SHA256 72700179f59468af1cedea301c972d65ce169890fc63cb9af2a3dd165fd8fbfb
SHA512 4faae5253a7cf9a935a7bbfa988e6e4444b441baf70fcf78eeb3ce69031cb0aff05668d415b6a538ec6331fc9d3e4c879f9fccbe95d80e7686a2830526f2da59

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c33d4c932fc761933146ad81793e1d96
SHA1 4f1a72fc588ea44079bd11dab581d6c795206440
SHA256 feae3d7bb248c4197e2ee2424cc65008fb16edd4d2d5a9d2a3cf10adb23dfb59
SHA512 c61d457adbaec984fa5bff610c01b9e9eaae3c7c21b2ea31b47db229b2e5beb2523471ed2d1b676db27aaa202c3b1426c6f4bd3f96c821f6e860317b268cd410

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-25 08:26

Reported

2024-08-25 08:29

Platform

win10v2004-20240802-en

Max time kernel

137s

Max time network

152s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c055a6b97c1642c34b7088326e637a0a_JaffaCakes118.html

Signatures

Mark of the Web detected: This indicates that the page was originally saved or cloned.

phishing motw
Description Indicator Process Target
N/A https://jira.ops.aol.com/secure/attachment/688199/failwhale.html N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3960 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 2412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 2412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3960 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c055a6b97c1642c34b7088326e637a0a_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff968a046f8,0x7ff968a04708,0x7ff968a04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,3408856307478649094,6810524129574468160,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,3408856307478649094,6810524129574468160,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,3408856307478649094,6810524129574468160,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3408856307478649094,6810524129574468160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3408856307478649094,6810524129574468160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3408856307478649094,6810524129574468160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3408856307478649094,6810524129574468160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3408856307478649094,6810524129574468160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3408856307478649094,6810524129574468160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3408856307478649094,6810524129574468160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3408856307478649094,6810524129574468160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3408856307478649094,6810524129574468160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,3408856307478649094,6810524129574468160,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1260 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,3408856307478649094,6810524129574468160,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1260 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3408856307478649094,6810524129574468160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3408856307478649094,6810524129574468160,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3408856307478649094,6810524129574468160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3408856307478649094,6810524129574468160,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,3408856307478649094,6810524129574468160,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5404 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 hjefyqznki.igg.biz udp
US 8.8.8.8:53 www.universalwwe.es udp
US 8.8.8.8:53 www.statcounter.com udp
US 8.8.8.8:53 www2.smartadserver.com udp
US 8.8.8.8:53 goviral.hs.llnwd.net udp
US 8.8.8.8:53 feeds.feedburner.com udp
US 8.8.8.8:53 www.feedburner.com udp
US 8.8.8.8:53 us.i1.yimg.com udp
US 104.20.94.138:80 www.statcounter.com tcp
US 162.0.209.115:80 www.universalwwe.es tcp
US 162.0.209.115:80 www.universalwwe.es tcp
US 162.0.209.115:80 www.universalwwe.es tcp
US 162.0.209.115:80 www.universalwwe.es tcp
US 162.0.209.115:80 www.universalwwe.es tcp
US 162.0.209.115:80 www.universalwwe.es tcp
GB 87.248.114.11:80 us.i1.yimg.com tcp
FR 142.250.75.226:80 pagead2.googlesyndication.com tcp
FR 172.217.20.206:80 www.feedburner.com tcp
FR 51.178.195.208:80 www2.smartadserver.com tcp
FR 51.178.195.208:80 www2.smartadserver.com tcp
FR 51.178.195.208:80 www2.smartadserver.com tcp
FR 51.178.195.208:80 www2.smartadserver.com tcp
US 8.8.8.8:53 buttons.googlesyndication.com udp
US 8.8.8.8:53 www.bloglines.com udp
FR 172.217.18.206:80 feeds.feedburner.com tcp
US 151.101.66.114:80 www.bloglines.com tcp
FR 142.250.179.68:80 buttons.googlesyndication.com tcp
US 8.8.8.8:53 favorites.my.aol.com udp
US 8.8.8.8:53 www.newsgator.com udp
US 8.8.8.8:53 www.netvibes.com udp
US 8.8.8.8:53 img233.imageshack.us udp
US 8.8.8.8:53 widgets.bitacoras.com udp
US 8.8.8.8:53 static2.bitacoras.com udp
US 76.223.84.192:80 favorites.my.aol.com tcp
US 151.101.66.114:443 www.bloglines.com tcp
US 3.33.130.190:80 www.newsgator.com tcp
FR 193.189.143.34:80 www.netvibes.com tcp
US 38.99.77.16:80 img233.imageshack.us tcp
FR 193.189.143.34:443 www.netvibes.com tcp
US 8.8.8.8:53 www.aol.com udp
GB 87.248.114.11:443 www.aol.com tcp
US 8.8.8.8:53 www.aol.co.uk udp
GB 87.248.114.12:443 www.aol.co.uk tcp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 138.94.20.104.in-addr.arpa udp
US 8.8.8.8:53 11.114.248.87.in-addr.arpa udp
US 8.8.8.8:53 208.195.178.51.in-addr.arpa udp
US 8.8.8.8:53 226.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 206.18.217.172.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 114.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 68.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 192.84.223.76.in-addr.arpa udp
US 8.8.8.8:53 34.143.189.193.in-addr.arpa udp
US 8.8.8.8:53 190.130.33.3.in-addr.arpa udp
US 8.8.8.8:53 115.209.0.162.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 16.77.99.38.in-addr.arpa udp
US 8.8.8.8:53 12.114.248.87.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 162.0.209.115:443 www.universalwwe.es tcp
US 162.0.209.115:443 www.universalwwe.es tcp
US 162.0.209.115:443 www.universalwwe.es tcp
US 162.0.209.115:443 www.universalwwe.es tcp
US 162.0.209.115:443 www.universalwwe.es tcp
US 162.0.209.115:443 www.universalwwe.es tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 www.codigobarras.com udp
ES 62.97.140.11:80 www.codigobarras.com tcp
ES 62.97.140.11:80 www.codigobarras.com tcp
US 8.8.8.8:53 c.statcounter.com udp
US 8.8.8.8:53 app.xclk-integracion.com udp
US 104.20.95.138:443 c.statcounter.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
ES 62.97.140.11:80 www.codigobarras.com tcp
FR 172.217.20.206:80 www.youtube.com tcp
GB 163.70.147.35:80 www.facebook.com tcp
GB 163.70.147.35:80 www.facebook.com tcp
FR 172.217.20.206:443 www.youtube.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 163.70.147.35:80 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 stc.xclk-integracion.com udp
FR 142.250.75.226:443 googleads.g.doubleclick.net tcp
GB 163.70.147.35:80 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:80 www.facebook.com tcp
GB 163.70.147.35:80 www.facebook.com tcp
FR 172.217.20.206:443 www.youtube.com udp
US 8.8.8.8:53 11.140.97.62.in-addr.arpa udp
US 8.8.8.8:53 138.95.20.104.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 66.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
FR 142.250.201.182:443 i.ytimg.com tcp
US 8.8.8.8:53 131.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 182.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.doubleclick.net udp
FR 216.58.214.166:443 static.doubleclick.net tcp
FR 142.250.75.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
FR 142.250.178.138:443 jnn-pa.googleapis.com tcp
FR 142.250.178.138:443 jnn-pa.googleapis.com tcp
FR 142.250.178.138:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 166.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 138.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
FR 142.250.75.238:443 play.google.com tcp
FR 142.250.75.238:443 play.google.com tcp
FR 142.250.75.238:443 play.google.com tcp
FR 142.250.75.238:443 play.google.com tcp
FR 142.250.75.238:443 play.google.com udp
US 8.8.8.8:53 238.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
FR 142.250.179.97:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
FR 142.250.178.129:443 tpc.googlesyndication.com tcp
FR 142.250.178.129:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 129.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 udp
FR 142.250.75.238:443 play.google.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 719923124ee00fb57378e0ebcbe894f7
SHA1 cc356a7d27b8b27dc33f21bd4990f286ee13a9f9
SHA256 aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808
SHA512 a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

\??\pipe\LOCAL\crashpad_3960_FJDAVIYMMXHIBEPR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d7114a6cd851f9bf56cf771c37d664a2
SHA1 769c5d04fd83e583f15ab1ef659de8f883ecab8a
SHA256 d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e
SHA512 33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\749d0d19-5b48-446e-a3fc-fefc5ca9589e.tmp

MD5 16d859076f9cc9f7aefe9342de741f8a
SHA1 2f360d824ad4e6e02177f52d1fd8081e69ba3847
SHA256 9279f624a7f8d34e2b3ed6e7010bf0cc2faeac7b1991d333f669ea244b5d5aa7
SHA512 af9c9b54840caebe7ee9c3960809cddb55a5ff8386ce2f25fc4428547a0930da1b112a7f6c23c0a7a6ff4047bd02b32d4d2ab3731e626ac741fc81ec5dd9c5f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f1c93838d0af4f604cd57cc7daa94780
SHA1 2b5aa1790de58b4e0bb98f8becd47ce7548486ad
SHA256 f4ffab8129de1ed8659b20745d84420f2bb8eb00d20d7ced09c907726c4a254e
SHA512 fd54baf1b5a73dfbf61f70fe0328be7fd479be1f07a649844ff70f85235771438fa6597734a258464b23e951177a1d5c5eed022f001adf07f31bb5e9bbe72164

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8f9e5e77bcbb965e0d4b330438467a3a
SHA1 d42bc9ad04546fcf190c61a17ba8eae20cee384c
SHA256 c361145cde9fe6117ac346c5fbe15d76beefba737cd1bc0e0a5ea9a32c88312a
SHA512 60a563c77c9788a1fe7b86e3fbd3ecbc58298281b4ec8007eacb53334cefea9c5d445746fd39db2605c6a3cb7d8a43c4989a3a06f7cfe323334458ab28f085a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a7936868202f47bc8f176c4daaf720d9
SHA1 8397ffc1aaea68bb54757f11db76bf9205f5f58a
SHA256 5f804cb7dae0698fc4a9d8004cda99e9d5966911aa06ccce7a601943e2d5bbe0
SHA512 283607df92717ff555014df11b4af209aa5c3b12bd3d7874639b4fd29c7186757cb80c68a58a6f60ddcdb34064edfd78303bd9d9bfa84c36ae00a54b27bd11e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 da932bfd29d07e736c30681fb0719cb7
SHA1 15e70656c83547d21dcf1d97ec9be55b95c7ce9c
SHA256 50ce84ae7022313cc68063d4e46bb98f85da5e3414fa40bd585f4716e78869e4
SHA512 934a5d38fdbf6733abdbe1cb917c4b8ef37bb42d7fe4af5c844b5536ae46c77da96ce591345c0e41e5f15ae5fba5b3b1ce24d29b4775fabd8d6db1e0626ef98c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 16ba2faf46fd04c719203a771ea4c7d6
SHA1 34b54eebb97feecf5742bdb4efbc7f446e69e8b0
SHA256 813361f601a4baea0e458e6f54f35828c8b52c920cc619a1625d063e2af18826
SHA512 869fa53e82cc47791f2ef9c888676fd2afd532e05fbc740434c3c7efcffbc8c7da71cf174550c2444af3db5aa57e5a5e4a0da4711539a63edc4e3d1f3c6c2b35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58f5a6.TMP

MD5 dd0c357ad5fa2b3f29c4083f621e136d
SHA1 e6f87f41c01546d91d3166869bbaa2fec4cf160f
SHA256 134f942235179e14c2b6bcce783030e199c0c2fcbf9105764f38ad0f399a3c58
SHA512 397b445a4867137bccf09d46d22d7f49ab8cd305acafd09c3918f34f37acfc1627c19798fb2278ae5b00835a7d80ac08c4afeeeb7d3f8bc46fb38326d5002b5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2414b9f60404e963131203aa86818703
SHA1 42bea2d0c8de015b5c6d425d211cfc5944efd6d0
SHA256 54efb4cdbe24e469d137e9e4f0455d82b9602164b2b0c88e0a0afdad0440caa0
SHA512 5df8398718fd4065f4d19dd6c274a7bff131e4e44c93bf91ced8e03b00644b077d18edcf9b11a8311cad357131a42fa55c54955bcc77367f0364003dfdefd961