Malware Analysis Report

2025-04-03 14:22

Sample ID 241211-f2xgsatkaq
Target e00d4e067a6da43ab464166c09303294_JaffaCakes118
SHA256 79062e4e21fa19a8009b5800d9603237c658f138dcbfaf950b78d951ed54ff26
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

79062e4e21fa19a8009b5800d9603237c658f138dcbfaf950b78d951ed54ff26

Threat Level: Known bad

The file e00d4e067a6da43ab464166c09303294_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Socgholish family

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-11 05:22

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-11 05:22

Reported

2024-12-11 05:25

Platform

win7-20240903-en

Max time kernel

137s

Max time network

144s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e00d4e067a6da43ab464166c09303294_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Socgholish family

socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10956" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "11755" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "233" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000423f766303957a4d8c4f55ae40f38d6700000000020000000000106600000001000020000000f2cc0d82129fcd69199eaea7cc0583bf2004d64c468600daef72d160a302671c000000000e8000000002000020000000756ce0eb6dba3c95259dd7dc5148d5bb1748847257434992a0203ca19822a47120000000cb89ac178b6e02457fa49531fb949216a3ebe2ed31fd309a583f4fbaa1c241bc40000000c5dd9d795c7d4140d6eddf5de284cf10a2517bc4a24e7360c4576ab5dbc5f62d85c1343fc27110e4c79377185259a5c6c48738a360fabac57961eded7f96f33a C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00b84ecb8c4bdb01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "23152" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10956" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "23152" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000423f766303957a4d8c4f55ae40f38d67000000000200000000001066000000010000200000000e98238f40c2cd8d3bfa517632d2ec83b224d13bf907e2f0a7188745bf6491e0000000000e8000000002000020000000de6db411425f6a066127faa550a8334bea3b4165ca8804647f739a92dd97dacb900000009dd2bd7a1a7ede098d8ec1c3f9c57416a9c4f800566623fd93eef7e865aabe528699074375a35b5c351e1e96e0fc5ef9abcfe12cef8d9648fd59e57cc7c5454c840ac17214709a9e490d4ce01986b592441699af9ecbd5d033783fdf4ad3f0220a9f09d838f87915bd331636c4513e16bca718f426c0591d47895243d3ad4062562cfa4baf0bb27f438fccbcab2071a640000000739c9fc01b32320510941dfa4b091369a4bd4ad6a8cd98785b7b0c5c0001777fc1fa4b95f93222301d25426c6dc1efad35f1aa677a82a882930a471a0a3c748f C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "233" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "325" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "331" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "11888" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "325" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "331" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "331" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "11673" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10956" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "325" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "233" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e00d4e067a6da43ab464166c09303294_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3004 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
FR 142.250.179.78:443 apis.google.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
FR 172.217.20.202:80 ajax.googleapis.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 172.217.20.202:80 ajax.googleapis.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 142.250.180.9:443 www.blogger.com tcp
GB 142.250.180.9:443 www.blogger.com tcp
GB 142.250.180.9:443 www.blogger.com tcp
GB 142.250.180.9:443 www.blogger.com tcp
GB 172.217.16.225:443 3.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:443 4.bp.blogspot.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
GB 142.250.200.35:80 c.pki.goog tcp
GB 142.250.200.35:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.200.35:80 o.pki.goog tcp
GB 142.250.200.35:80 o.pki.goog tcp
GB 142.250.200.35:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
GB 142.250.200.35:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
GB 142.250.200.35:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:80 www.facebook.com tcp
GB 157.240.221.35:80 www.facebook.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.blogblog.com udp
US 8.8.8.8:53 widgets.amung.us udp
GB 157.240.221.35:443 www.facebook.com tcp
GB 172.217.16.238:80 www.youtube.com tcp
GB 172.217.16.238:80 www.youtube.com tcp
GB 172.217.16.238:80 www.youtube.com tcp
FR 216.58.214.169:80 www.blogblog.com tcp
FR 216.58.214.169:80 www.blogblog.com tcp
US 104.22.74.171:80 widgets.amung.us tcp
US 104.22.74.171:80 widgets.amung.us tcp
GB 172.217.16.238:443 www.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 173.194.69.84:443 accounts.google.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.200.3:443 ssl.gstatic.com tcp
GB 142.250.200.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
FR 142.250.179.98:443 googleads.g.doubleclick.net tcp
FR 142.250.179.98:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
FR 172.217.20.198:443 static.doubleclick.net tcp
FR 172.217.20.198:443 static.doubleclick.net tcp
FR 142.250.179.98:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
GB 172.217.169.86:443 i.ytimg.com tcp
GB 172.217.169.86:443 i.ytimg.com tcp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
FR 216.58.215.33:443 yt3.ggpht.com tcp
FR 216.58.215.33:443 yt3.ggpht.com tcp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
FR 142.250.179.97:443 lh3.googleusercontent.com tcp
FR 142.250.179.97:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
FR 142.250.179.97:443 lh3.googleusercontent.com tcp
FR 142.250.179.97:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 88.221.134.146:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 95.100.245.144:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
NL 173.194.69.84:443 accounts.google.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
FR 142.250.179.98:443 googleads.g.doubleclick.net tcp
FR 142.250.179.98:443 googleads.g.doubleclick.net tcp
FR 142.250.179.98:443 googleads.g.doubleclick.net tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 c222a44bdf6ee65ec24505e7d5330065
SHA1 ada38094aced27603949f33504be1714b0957b6a
SHA256 f555aa76d903ce970056b4f5d93448dae439ef5dee6f998907c42101509d37f3
SHA512 b4c1631ce07e34d5a9f36365cfa2031bcbb32ffadb640d33909a549680434b4ad9a3f850fb22465f664522c07bc78a07650fe9fe631433545292f27cbfd40044

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 c9046546e635a0da6dd9b09ab8626db9
SHA1 7ec37b9358be9d7d9970e31f3dc35f0556475524
SHA256 9b38191595f1fc841f273a3dc94a88a41bfc418d8f23488737a31c9b91e84821
SHA512 84170bb0875e581b49549764810bf5fd0bb04dd9ee2f0fce42e8a9aceabe94da99e60bac513dbcc53ca8d2727d9acf50defe10545fbf2ea72a3c6e6dc09c2497

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 6de5ce7b224e6b3fc7d4f88bd5f36daf
SHA1 8c155b3e98c591fbfe61e3829f822a2720663cd5
SHA256 695b7b96d53bbe6bf46f5257dfb9003e793f112271b1a8cd72f1fdd3a93abb05
SHA512 f2c764bd5dd59c99d6b70379b8641b6b05f262c5fc6acbe70002713e43ebefe38664ddbe8471e2bb4e461e4f4fb58a73fc16e2535554b1da69204fbfe8fad129

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 037ad5f1a6193e7becf42d9f376b9b54
SHA1 8f7ecc95fb9fc9cded28dfa524c8b829ec45225a
SHA256 2ac2cd05c702e4090c2d49a7052d7cb8cfd148d432332f12259554ee07fd8505
SHA512 ac551a4781ced26e686dded808555fd186e19799eee69cf8c75895d55dde6a7f2bd625b291241f3f2318787d7c85d875ee0cfa976f9be04addef180b7b0ec655

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8

MD5 75de656defd632840ee6280b13d5ed66
SHA1 7d5df0a1f158fbdf43a19e767707acc86466b367
SHA256 05984f0b5fc82e4ae6ec1f40cc3085d7258959abd51f707b1ff340086dd7d6ce
SHA512 bc2aba609ac0a4a774bdb071fa3814a0ebfa364399fbabb352c26e09b40c05782c769f01c46ab354a6db11960d7137bbb5e69d100401b0e6668ee237e6812f1b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8

MD5 9c3b0948db323b5b4fef987ad7f811ef
SHA1 287907021815e217db585e90920067b47076e984
SHA256 0da7fbb4e83265fec74d854f67e885adfa7e77b5f986c4f12e6e219819c3a16f
SHA512 d06fe79285bf13b8fb304e815e5a3e99a431433c7f6a05f267da92f7a4447f9c59f90647d79de515d3ed003d3bffc1f07e2b8ad805ddb702c3457fdeb8f94a25

C:\Users\Admin\AppData\Local\Temp\CabC515.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarC595.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QS2MOPHD\www-embed-player[1].js

MD5 e5922d7fe2f8c49418dd2d79a2b22c38
SHA1 4d658b3b5252628943057c96a8ddb6792a063fac
SHA256 1f8cc8d48764248195a867c7c4ed25fba734275fa9b28dc466e7902f6fa86ddd
SHA512 0d36f01835b28dea96cbafe054454960d4165f42ef06bfed4238d036e13da5ecbef7aa3bcf800b9b6c0eec6546295424a1d16257fed1f048ed19538206a904e6

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QS2MOPHD\base[1].js

MD5 87afb3c7b9c6bf415919f458f79f6394
SHA1 ded226702f8e0016e9e1c591c9cc931f97b55248
SHA256 4443e8dc982c7a2bb329cf6eb2f166d6506b497c92975078913a6e0252647032
SHA512 c33f3dcfa8ea436c3186767c09875a4322db611de2f585f759c9c436b816037ea5a3e0eb6a2671af32d0d73964e23de5552d7122fabd859f13768c9a52f5a607

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ATW63WFK\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1738IZL\cb=gapi[4].js

MD5 84e3d54be3ffd25a24bf3a514490b86c
SHA1 490f4a059114c7704703a7c67d193083f551ea1a
SHA256 dbae2441d55a51b1d10c5591a2ab27141b3aebff8e75816a3a4b107fcde4b6f5
SHA512 718ddb866adab289ea6ed942b18ee9d74c185d5739c642340b6ee827265e3fce63b768021aa182a8fd540b4a1f82f555dc9e668c4cd187566fe19336bc3464e5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ATW63WFK\www.youtube[1].xml

MD5 bff293be93855e9c179bd6a2d397fde0
SHA1 cdd7694c7717ce883175842e3482000de5c11f39
SHA256 5031bcd2aeb645b18c93f1546fab70b61ba184f2932bd94f1fffce551a63e094
SHA512 f29a00f956e7ed9d4acc63ed8509cf62c17b6c3311174069011ce5a0e9d5b2105202ee344810f33ef4722158253201697341e80a052d0d0522f49737c63115eb

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ATW63WFK\www.youtube[1].xml

MD5 c4496f04c2755abbb47942d1e4063bc1
SHA1 c4e4e8e6628aef0cecb49fef534bb62e444cc7a6
SHA256 236f79ec149746cbabd6d4f3c57b66118dacb4aa5b5c8be922c2a2e56d8c6fcf
SHA512 2ea9ec8e8079b8f9fd939ebd76e9412dc9e263b873e2f0aad9e1cf214c7ce89692995388e4cc8144ea118f58f58a8296aef6ece6ee580cc311b98f55a2f01b2a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QS2MOPHD\ad_status[1].js

MD5 1fa71744db23d0f8df9cce6719defcb7
SHA1 e4be9b7136697942a036f97cf26ebaf703ad2067
SHA256 eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
SHA512 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ATW63WFK\www.youtube[1].xml

MD5 593f31d2d0cfff7aed24eb7d28b61178
SHA1 d08530d81a7b3971172cbb3a141e0efd922c80d5
SHA256 65deade53b5ab9ef9ea915e1a43d9cc2b788a90cb7af16e5ad321e8ba04c2149
SHA512 31677ad88af4a207b83ac5c261e1a36dd2ebc06351ec80a5469ae7eeb70bc56dd46789e4c35b926b0a41d3e3dbbfbe4c731135789f85cba683869841312b9d95

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\633SXO0D\embed[1].js

MD5 f13d27ad4004557aa532e6e2074a41de
SHA1 f5d928573618bf404c420d17b749d488381b6589
SHA256 61408882b5928ef7fb98805f0b6f7d58a397926f62418b81f726f92e110baeb2
SHA512 797df8751d7104e0b120611d3a3922a685e99f0baf87f9d0d8fb738dc8cd03b960425c9f85eaeb33e82bbdeb694e91c7d5a8d86a841735714f3b790a49246f80

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ATW63WFK\www.youtube[1].xml

MD5 29adacd344e8f77f3d9a1c5c1ae54088
SHA1 e6a589d0ff8bc1528f96276fb08c3b3a7dc0a436
SHA256 8a41021403307d30b07021f7bd4e162667b29379053955d98e7019a66f4d3c02
SHA512 327ec82aeb054657d53e1e870fa8a78d31634137efe64daffa47d25811a01fc992334761434380dd1c97eb4eee864654ae1c274c85cfeabad3558d54202a7bd0

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ATW63WFK\www.youtube[1].xml

MD5 8e2f9321deac3a4309eea059a7e92d46
SHA1 105a2a141f3a86413973bc84bc10d967f055a908
SHA256 cd74bf5ed2dd2f8e14f1ad950b2798506debcea7fd5838a45f68cdb34776f4ee
SHA512 f6e97438c2cd9df0ebe1d4273ff64b398cc3fd212b2accb837f5cf3fdd73ad1692e97dc473333f9dafbfcdaa5632f1c2604ee110be91948ccffcef634c78252f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ATW63WFK\www.youtube[1].xml

MD5 9af543c67c0f9aa2244ec95ddb4923d3
SHA1 813f454cdf2242ed0ff7eb84dc20ddec8a45f804
SHA256 bee8a7e6073d458109e722e6d1704c11424c5aba18aa7d31f18459d3e8ffdd15
SHA512 c6fd05172fef04715d1eda1e07aaec73d805f6a3b3d90ea7eb6c44245115668a760bf2f868d4c59698bd6b4ce14aca21777e2575869ab603557070a04efbadaf

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ATW63WFK\www.youtube[1].xml

MD5 c68c00bb76ae59098a57af9636c6e280
SHA1 f8f0bfa19cf0b50a0e2d9874f45e7dc3a47081a7
SHA256 ee067c4c71020ee45587f94f57760d9a329d497be3d7be1c82dc5272e4b80578
SHA512 82f09e723804d4a22f719da5e5a4ab3a8c5ea15a08ec68635bd1b207e878886369ff198013ba9202dfa8886ec8ea881e8c663159313c473cc91c6e21410b3c32

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ATW63WFK\www.youtube[1].xml

MD5 d4f3a3b19518a462586151b7189cc53b
SHA1 d0163352a446636efa0e4b68d33792a7f5507166
SHA256 1f40688506a2f07f805ad012fc6a99935e9fec55bdf2cda1b5cd61deeb0e02b1
SHA512 0b317cd585126d6d6d4fb29aeca229959bff885dd2a90d29187655ca178d79ffa80663aadb6371998ad947db263d085068cd565a6f996917146e8da464afa920

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ATW63WFK\www.youtube[1].xml

MD5 710d73881d3418183e4f48052f57d3b6
SHA1 9dd85bacf57e1685f515198cf2a8504c56dbe28a
SHA256 64f4d71d61ecaed4ce7821426fa2c6c26d39545c517cb3bf8366a26a6bc99573
SHA512 4a2c0836b7393b89ec014f95a72ca5a44fdf250216bd506a9961a06ab2b3605a0bc0a042f0013ec7f31a5013b52f46569b0c49c78eaac20721d3b2658c47fb16

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ATW63WFK\www.youtube[1].xml

MD5 82466163c164bfd9882b82fd9ab2e0d4
SHA1 7cf5e36ee0c4d823fd0e23b06b5539582128304c
SHA256 e351b135976768b40106ce2f2fb4bcbf99df3e4d407f5483bf7f99189c44db28
SHA512 0c0f545aababa7ef4f2f5bf553269059f06661629a378b594881e04fec05d8fd7c056162be6bf8b60f24ca74538f905f2c5ef6a575c0886f396c4a734beb9dd3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ATW63WFK\www.youtube[1].xml

MD5 ab89aef5b42f65956412bba189b81c93
SHA1 3d1c72fedd7b20607a3219296cc5d67dcdd99381
SHA256 e4602a5f4b0f47654f2fbed6dafe12f0469b03872bd1f38fac50159645e4e10e
SHA512 aa2b81c789f84f830d8c001e56c8f13203489fd4230633e18b7501ffffaadbe6c0242973637599948fcf639f3afbdb55910eda68c33bb9f80a5993e7d79c20d1

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ATW63WFK\www.youtube[1].xml

MD5 450042f71b9aca1e9298cc488f7fc3e0
SHA1 c9c010cbc16fa9e26cf095e968415aca52832961
SHA256 8e9bee2262585e2d8e0d98950a757b47540ec7cde25dc22531714a02b68207ae
SHA512 598b27061b27d1c66de3f4adc6d153c7dc673b25f1c582aa63c2b92af03f51ab64bb0b7621c2f2db0597098d9ad0589f69555f81de9479020b5241025b90cbae

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ATW63WFK\www.youtube[1].xml

MD5 4bd060d70687fba0cccd5918f9b3de5e
SHA1 df724360597c6cd87da447b70ec94089d0caa24f
SHA256 378ed6e1f4a529555e56474fbb5ea7f91d09eee333dd11ffa4ea9492a4827104
SHA512 ad32edbb00c0516e87a599fca4ef451f5fb953bd57d1958ad3c7634118b06d5d5fe6f451109e548620f2469d29fda4762c3408e866c994f542e461c9be7cf3e2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ATW63WFK\www.youtube[1].xml

MD5 5f6800707095a54cdbb01cc31e819751
SHA1 3491e7ce18226bf53f0cfe21e08c36d1176c9160
SHA256 4bd3774d1d9a4541caf70673807df15ed4a12be7bb6d9ffd33b9d4097e91dec4
SHA512 cf7466fc263f9094871dae4067f71b0f19483d308b5bc648e62dfdfdf7dc1b89911679f7b3687654c44b5ec4e7100321dcb38fddca34f86df66c9376cf3b9b6a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ATW63WFK\www.youtube[1].xml

MD5 9b0d078d123d0022c64e7797f9ee4df4
SHA1 3db3bd9a7b9a35509c4c463f566515435e1d550f
SHA256 dc79ae47bf32b6ac3f2a4a1073964db869ecace7a0a329616dbc3a67fe1ad2c0
SHA512 fae225e17d0931dfc4d93a09366cbf0af0ecdf16f97c9d1c0430a959ddce539a36f95cdfb6bea4b5c216ba3a60a1068b989d0ae937768a50a91252219687e36f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ATW63WFK\www.youtube[1].xml

MD5 7f48d7aec3ebe8b19b8ab6a16827d0af
SHA1 445728e192c1aa9274731b9b62a7c89f622325ce
SHA256 b606329e0f7a43d4f491c271e2f8990a0fb383f3463ee5ee4ef371d8788e2c04
SHA512 227b93d0b8baefcfa0dcc3782c643e16ec713567f0e695d020b50b0068ad58c23b8c5610d2b5f891c8a3667720d1aad41a47e63ca6c5df3720c7e559bc4ca561

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ATW63WFK\www.youtube[1].xml

MD5 37c13daedae5d54f38e38065ae465928
SHA1 9ab627bcf839e16a578249e191ff3347d6bfa248
SHA256 3fc7f0f3c6c18471d3385fbc0f720bc795cd213a6be360f520bea4a10e3b3ec6
SHA512 396a92ef05529434d4a6d1334d2494e7d8b17521222e5f6234827c9d9acf92515f03d95ec41608751b0e2497e238c8ee7f1f4e5353574997b287d7bb73e887f3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ATW63WFK\www.youtube[1].xml

MD5 8d05c1cade87c4936fdd80238f625760
SHA1 d6881b1bfa1d55b1bf8a180159ff7b0b2c82ad22
SHA256 71fc67bac523891d45a65987b4befb5c0f63310ed1ea64887eb0681e218f1185
SHA512 fab63501fb3e7851d7dea4167f35639732c5a29e1ff44873a71df15ed2dbffb7f682b1bba49bb299803d91998e980c2042ec9e6efa1c414c0308d1bde5893ac6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d738cdffd82e0fd951e9e370e0287f81
SHA1 9b178187d1ef21d83e1fa246c3412b757309d5e8
SHA256 7b9b619f246b774909d37da7f0e75e931980ba7db2363c0442517b4441ec9d9f
SHA512 bb958652a15696fe5d4b2b098930971bb1142f91e7ef599e35ef70d1c966ca40824fa37348bd6f22e93f2e9d4075f0f8c53c1ea08e599e557959c0f498b8ac23

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d17ed7bafb1dbb1dc9898e26d81fe3a2
SHA1 adfaea8c35694fe0e25655765a603799d369b152
SHA256 36649745a17423beb8e149e1677c890a7c44aa5c19100f7e2d305b3d000bedfd
SHA512 15f32018e458a80763c9c7d6de7af0e77f8b4b509167a4a87c78a3435ea485361c09eba95b9ca75efce7e99e17469b4459be49ae57dc45edf6a2475ed5d64443

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 037270f0f4b33a5d20a45b62fa971b76
SHA1 35d01e474f4ab86f850950eb0046a8d4f042ce15
SHA256 1e8ffc9af7a3b5005b69c1d5dee9b8302b56401f9672e1e3564f5d521848ef5d
SHA512 97df72c1baafb7847a70fbfa8ba29d6d1058e3ee3ef1772d3bf73ba5084255a1568ccfe2b941d4cb7c16860293362cc1ec86ff2be9a8af56595aa7f36641bb25

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 347ef441c0cfb00d4f900b2546c0a768
SHA1 3c96514f1677927ae8a3ead68a9abac59329b106
SHA256 fb1f337037d51f84c9b06d76b080f0e357e313259c50ef8bb49d4235a2e0d3d6
SHA512 e3a951d863d3b0f3dc41bce7de5a145082709c8afea032e83c28b0ec4f39032b30817ef978c90924c5c43042b025688ada268d52861d8305f3c75ee1c92fdef1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d107a5ee9c6d584e7820a0c86a10f36
SHA1 d121e7e16f93c0a60862a5578ef77920cd5bf918
SHA256 f01127d93c713b5180c96c5c9d330af9cae2c237a933480b7e49157f75859f2f
SHA512 8bc4108a2bca1a31eb104bf022c999e6efc9e180c4b541282234dc5604ea64c41e354966f1c73df1237bcd9bb9e9957d274aacc08f26c60d4359ae08e161b5ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f1e447c01a41e43b4afbc125c80951fb
SHA1 dde19c25b013234c57adcc05dd4313e05913dca5
SHA256 8766e9eaf6db13a44bc05d27f3644669e52a50f51511126e8e57a6cb13f3ab56
SHA512 ae001f06a02d1daa211043760455ae61ab37029170702be1932b665e0ce233d946e7bf189f29583f1a92432b8c77b8544b9e59be6c3d5882386eee6d7a77ff2f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6e7c4af9f64de23caa40e4adeb202884
SHA1 01b59137d62579adadede93504d66ba7b5b5c6f8
SHA256 42159c02f073085844e53b369c3f6f5901292aa738c7b4ba8c41cd3ff6cef237
SHA512 81106826c970c4bc8eb6f5c9db979797f107d323071b7b96dda0a3c2e4bc5de06cae313c546b74f4435a002493d9e5bffd5935a600b0a853a51c48cc44ab0e78

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 17e5c3c7ae4d4891d8a7cd7044cddb0a
SHA1 3f1b9bc8be108711b2c02f3239a675d73d727a8c
SHA256 113810e0c35cf71f0072d20b78fa26586e2c4b2ec4ecdab8781b4ceeb6935c04
SHA512 a91189259ca182cd84d1d0c9ffd9e812a6dcb6c1008fcb2dae8a167488036fb1cccc70ef3862e343e58e46e42f8a800870a45f93003f25b2d391c96f8283fa6b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 efe3b876b4a36bfd11efbd624740ffcb
SHA1 48896c0addadcfc8aa6e8b25011e898422625748
SHA256 39655db995f55bbf978aeded1cacaa1d5b0dbb89b7fc020ce57db4b290814db6
SHA512 f7b8bac6e5807cd87aed39f6a281f87b1bf70564b81251662f7368fabefe10662d4e20b04934ae965443f7432739c4aa5296ab60c12098ed14409c85dfe57737

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ATW63WFK\www.youtube[1].xml

MD5 6681fdba336289d15fb47a400455559c
SHA1 9fccae3474a78281b5c4c21d5522b0f2eff17051
SHA256 5c266ca156c31ec10b0dc62675c726ba468e66b256d2a617af2e37af84e26dbc
SHA512 093082c054ac1acc5d1d278ae889ee3eac43ca4939a677db9a6833c543a53d4072de2d8714e1b9c8449b086666d7bf0a3c0a1bc186a9d397f1b054ea0a8dbcf1

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ATW63WFK\www.youtube[1].xml

MD5 e999451c25c5e78bb25e02020848cc37
SHA1 4260eff7b1ff62453429fa670b2a74c17db38bc0
SHA256 5cc1eb2932d480eadabf2b3e5243d78f18dc8ea67cf409beed5667868236fc0d
SHA512 1f5c5a17f2a4e6e2007f8793c73135197747b149b4f27c9863ecf1e1bcb2380b0174adb7ec951543660e54c0d419311114d844b59b0fedfba1464578edc22f5a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7e23d46c9248c1c1b3a2c813b82c4ab4
SHA1 3689bd8854c953163c66e25ebbf59e05b76329c1
SHA256 f0c54108e32cd225561c320e0fad5da8a7f5a8bc333f80de518fa540ae8a9b43
SHA512 6f79f552ffc53eff4716066c2dc97a903a6566f33fd9f996d2444105077b0779801365ac403d37b03b649e1322888493293dcbc389c03da5cb25cacb91ca3f02

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 24f2c26c43b33ac3dc7943cd920dc5c2
SHA1 79c07446fa271519163cad599e557c4a8697db12
SHA256 53937f802111a5967adc6fd80052808b66a614dfdb4465ee018258be2b39b4f6
SHA512 ed2ce2b9803d89e0cbe7f3b0a2ad3c5a6dbdd84cc13a7a045809000776ecefc62e4b4d759f6d14e2baa4ff7e1e93ce3aa486816b3765a365bff9e2a419676715

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 746179c9a7778df64fdd5a28b1f7dbee
SHA1 6ae50e10eea0fe050cbb71d6605e84a014d43bfc
SHA256 d7872e82a0965b545ac39d524033174e504db3c7a596eb36492a713a882a02a3
SHA512 8fb4aa51cb303bcb971581a76f4b79a6bb6eedd2ee781301b67f2fbfabf5ab122cc94c3388d199754619d6eb78ac4770d6645ad07da2ebb894f3a3dc54e3a97e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e64b3afeca2a65112e0ebeb183d066fe
SHA1 b17300f25b7626eb950340566b9f372ec330546e
SHA256 4cad9aa6675eca2e7bf2662e0e8fdc6dae909cf6215557b23c2b2d8c7697a997
SHA512 71dd805e9df98c0700eba7a2070c2bdd5fcb39298ab637c7481456b746fdf43950ee3880b49ffc9c4de5f9c9d6ffeeec761a355ad70ec969a12b1670dffd8a7e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e41e60356b3d6f6f69108a304bb80b8c
SHA1 ea5201c7ef51ece11847381dbfe1f80825964861
SHA256 5be9a46792507a8f6e951d0cc02f5469b1346c7c3579e84e45988a676d8e489d
SHA512 4b57b95467b450571bc02e020166fa705aebb439f2e51a79e32b0936fde76a1e78b195d75bd06248c56ecaae5e44c89c01590f0ced827bc1bb008c287f8af405

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 80dc4b869f8b3a33287a9f4019460778
SHA1 3d41696e585a6b2198b273a1119a2f1708ca45e5
SHA256 8954c3b999966beb57c488f99877db4b9dd15cca8f83def6173da25105db575e
SHA512 8f9b3d3a0ea9fcfc80d0a13509392e0b9a054b8ce022ee8188f91ac7e36185592dc3805a0de8d8a96aac13cf5ae9c07e2d6020ecf57d19833212910fe43d6b57

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df73d5686b9dc446384627d0099cc4fe
SHA1 925a5bc20f7b4b8c4ac14fff3a7260a5c1a56625
SHA256 7f79ad9890b31c96f7959d84ec93ce0ba70ebae73ac0a8ff501283890e069336
SHA512 f928327a06bce127fbc6c9424679f848a8f97f25867c8e6a89982a61f9f526d5b6b77030121a009d8dfc3671e831667ac47be95e33f1448821066e6f181d26ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 d7eef6c063559b02b924a1634b533307
SHA1 38ab854254a7df2a75989100cef29a4735f219ea
SHA256 0fe1b0f0b5255d73a8408058ec4a29c8e6e442ecf71579ecc9c6fdf0d8965c98
SHA512 97c70ff4b3f778a673294444ad33a19de39ffa195b349533e0e82fa9d104595f62351b5ea14341f118b6e1cda217dea447cd2b57cd2ba9c881c6b64a1b4ec618

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f01348cfae6fe665d3173a4434564112
SHA1 c47921e09a948e20aba23610a7ee3bf2d5278f80
SHA256 59af6bbef53b611f64cc3ca61e934005d9fd1f0b77bcede203552617a1f5edb0
SHA512 d35d503d93f9a63e48a567be71366a076b475a278491adade38d00ec56fcaa96d7b0e5ca72c6f90fd0b79d2244cf02e38eaaf83bf3b49f8b6fe686eb014055ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5f2137d14a4c9e431bf5f775375a6cff
SHA1 f43ca9055e3caec6bfd66dafb06b3270db3e785c
SHA256 f1be43b8f340b694b3dff2969cc931b2796991217defea9632ba27248ecbbaa7
SHA512 b9ac650997fdc55ae511eec783ed00a5e47952d397d3781051131f0b2bea23b85fdf4b4f4c8f5b87c9147abdf2abb9fe2f85272ee51b445ab9701a004b3c595e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\633SXO0D\2254111616-postmessagerelay[1].js

MD5 c264799bac4a96a4cd63eb09f0476a74
SHA1 d8a1077bf625dac9611a37bfb4e6c0cd07978f4c
SHA256 17dce4003e6a3d958bb8307bffa9c195694881f549943a7bdb2769b082f9326d
SHA512 6acd83dfd3db93f1f999d524b8828b64c8c0731567c3c0b8a77c6ddcf03d0e74ee20d23171e6ceac0c9f099dce03f8e5d68e78c374da2c055973f6ac2db4e4f9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QS2MOPHD\rpc_shindig_random[1].js

MD5 45cbe9a36a384fe9273d25ef64ef8691
SHA1 325026cc1cb9022ccd8c9c2089597251419201cf
SHA256 d9959cd6fb35fa6a7aef91a5bb9bb5358e7f91271d84130de6d06910076c5c5c
SHA512 0a70b1b12658418caf529a01ddc4d7fd6c59276c4658028ce2b5f7dcea64ef91f353fce7e67349c8534b68fc53c0ff23c36a7260337dcd307b836e55bec43dc6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ed505e22526e651558cfa503aa99b286
SHA1 d88e8aa9d351221f61b116f9c11dce2a01a18b8a
SHA256 feef374270ff00a63731a31bcadb4d3cae17b128675cd5b2a6e2f3fe693950ae
SHA512 a93295518e786c13fe6eb7679bcfba8a7b00a1f3790bc851c73ba62beffbac69d3a51b2d16df8bc16e49753627884036a371d7717d4de353c67e9d6b15c3f53a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8af2b0da6ddc66e151965bf779a567f7
SHA1 f3ec9fbc1d7b4dd94ff4c2bc5e7fef41b5a53d63
SHA256 33c4c6b94d712807828ccc366233388eb76adae0f04aa54b05d848d9a18aef28
SHA512 051325b98af7ce663bbac568d4781fcd51e264e5ea4edb12f2d8c7b2f693460ea1e4f5a8d5fe2889e6befb00a35859ccf87b3574f9bc6f556a55947fe66570e4

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-11 05:22

Reported

2024-12-11 05:25

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

149s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\e00d4e067a6da43ab464166c09303294_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5076 wrote to memory of 4912 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4912 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5076 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\e00d4e067a6da43ab464166c09303294_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90bc646f8,0x7ff90bc64708,0x7ff90bc64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,148154672554092039,9349057157120584546,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,148154672554092039,9349057157120584546,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,148154672554092039,9349057157120584546,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,148154672554092039,9349057157120584546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,148154672554092039,9349057157120584546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,148154672554092039,9349057157120584546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,148154672554092039,9349057157120584546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,148154672554092039,9349057157120584546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,148154672554092039,9349057157120584546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,148154672554092039,9349057157120584546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,148154672554092039,9349057157120584546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,148154672554092039,9349057157120584546,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1728 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,148154672554092039,9349057157120584546,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1728 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,148154672554092039,9349057157120584546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,148154672554092039,9349057157120584546,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,148154672554092039,9349057157120584546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,148154672554092039,9349057157120584546,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,148154672554092039,9349057157120584546,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2628 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.180.9:443 www.blogger.com tcp
FR 172.217.18.202:80 ajax.googleapis.com tcp
GB 142.250.178.14:443 apis.google.com tcp
FR 142.250.178.130:445 pagead2.googlesyndication.com tcp
GB 142.250.180.9:443 www.blogger.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 www.facebook.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 142.250.178.14:443 apis.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.213.14:80 www.youtube.com tcp
GB 216.58.213.14:80 www.youtube.com tcp
GB 216.58.213.14:80 www.youtube.com tcp
GB 157.240.221.35:80 www.facebook.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 resources.blogblog.com udp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 22.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 9.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 202.18.217.172.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
FR 216.58.214.169:443 resources.blogblog.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 www.blogblog.com udp
US 8.8.8.8:53 widgets.amung.us udp
US 104.22.74.171:80 widgets.amung.us tcp
GB 142.250.180.9:80 www.blogblog.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 142.250.180.22:443 i.ytimg.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 172.217.16.225:443 3.bp.blogspot.com tcp
GB 172.217.16.225:443 3.bp.blogspot.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
FR 216.58.214.169:443 resources.blogblog.com udp
NL 173.194.69.84:443 accounts.google.com tcp
US 8.8.8.8:53 developers.google.com udp
DE 157.240.27.35:445 www.facebook.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
US 8.8.8.8:53 t.dtscout.com udp
FR 142.250.178.142:80 developers.google.com tcp
FR 142.250.178.142:80 developers.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
US 141.101.120.10:443 t.dtscout.com tcp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 169.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 171.74.22.104.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 163.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 22.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.69.194.173.in-addr.arpa udp
GB 142.250.200.3:443 ssl.gstatic.com tcp
FR 142.250.178.142:443 developers.google.com tcp
GB 142.250.178.2:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
FR 142.250.179.98:443 googleads.g.doubleclick.net tcp
FR 142.250.179.98:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.230:443 static.doubleclick.net tcp
GB 142.250.180.10:443 jnn-pa.googleapis.com tcp
GB 142.250.180.10:443 jnn-pa.googleapis.com tcp
GB 142.250.180.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
FR 216.58.215.33:443 yt3.ggpht.com tcp
FR 216.58.215.33:443 yt3.ggpht.com tcp
GB 142.250.180.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 142.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.120.101.141.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 98.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 230.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 33.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 195.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 themes.googleusercontent.com udp
GB 142.250.200.33:445 themes.googleusercontent.com tcp
US 8.8.8.8:53 themes.googleusercontent.com udp
FR 142.250.179.97:139 themes.googleusercontent.com tcp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 whos.amung.us udp
US 172.67.8.141:445 whos.amung.us tcp
US 8.8.8.8:53 whos.amung.us udp
US 104.22.74.171:445 whos.amung.us tcp
US 104.22.75.171:445 whos.amung.us tcp
US 8.8.8.8:53 21.49.80.91.in-addr.arpa udp
NL 173.194.69.84:443 accounts.google.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 pejuangbangsa31.blogspot.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
GB 172.217.16.225:80 pejuangbangsa31.blogspot.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
FR 216.58.214.162:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 162.214.58.216.in-addr.arpa udp
NL 173.194.69.84:443 accounts.google.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 37f660dd4b6ddf23bc37f5c823d1c33a
SHA1 1c35538aa307a3e09d15519df6ace99674ae428b
SHA256 4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8
SHA512 807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

\??\pipe\LOCAL\crashpad_5076_HQHDYAPNVQZDNLUU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d7cb450b1315c63b1d5d89d98ba22da5
SHA1 694005cd9e1a4c54e0b83d0598a8a0c089df1556
SHA256 38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031
SHA512 df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 24f3bf3c6da8c9a99fa45c4f895364bf
SHA1 5f11e9925c36222cdf062a850d1d848406299052
SHA256 f7cf14b96d19539b772142d37d1df013a209759fb4505c1f9fb17e8a56183e92
SHA512 b198d9f52901876f4dcbab2cacb44fc03d699ee140386f94c2413ac321e74f577ae4f7e81d9506008224853dd031f537f025e36045177f18b8ee67ae43ba4828

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 4b3121a05808b99aa6e0cc12924f77db
SHA1 ee5805bb76c384d1e1667aea2976bd2f4f94c7cc
SHA256 e4fea32bac89d9ad34b13a25b0b4da1321920b2c6be2cabb75ff91bf6109152c
SHA512 9b83d55691b41d2a45a542d163c1b6a47208969720ec1fd15233f29ddcef2243e79895cfcb008767f91b3d1cf3a6288248e8b1ec50027eb96db04cde56cb2605

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 aa837b3a3b2eea1a15be0365032c4e91
SHA1 1539640bb2c0716fcb8d2d4ac128c9adf790b087
SHA256 e8212aecd491c9b687f5a2ca20731a346502f0815249c18af500fd7b06a77c13
SHA512 2c80d41d42a7530063eaf183784b0ab04be531bbe824fad0b7297f4b85e03d77c7bdecd6fd1c5090e742f4456b53f6649becc15bc4c93cbf3d2a415e0669d304

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\22b80437-b793-463e-9f9e-ff75edb6d8dd.tmp

MD5 af95b422b717acb23ca69f2f067e49f1
SHA1 55aa43c5eb00f71a5715a4c3885cb360b754ea20
SHA256 e8d2879b83567e778d7ef45c34fc60e9195c150467271c2591a2645a2cc670a8
SHA512 df511def7af9305e12edb68d9f9a85ca8155d1d822d5ef11029f1a144756d9880c7ac867313315ca65bab67fbacc061cf09e0d546272bb6178b748fd6a46d7a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c36aee8df098295ba832f0f2ed1609e2
SHA1 dc60bb33d81f7a1d04311798fd3f799a1b9df200
SHA256 ee99a50608372487ca64c16603c03233c2c77e917457f37a249e8bcae6cddc69
SHA512 1d54818b2d8dff77e0083b12ca89a17a6eb4f719bf601bef177f366b82823f64b94ee74476ea8eec5b1b27b984419fec3544aefa0ff50ff95f1c9f3db681b89a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0ecfecb0bf5b15e3c86843149a0df2a0
SHA1 4968dbbfb04de63499141ecc72857bf38401b529
SHA256 50c6bfd9f880bee29171b5e12aa437b8de925ca8c1da413db92d64487649cb0a
SHA512 f799fe552a9f91fc781ba324b155c3eda1c2a1eb46abdf99e2811e8146be6c83f99a0e082b98e1ba7f379cb7f0a9376ef2d9f23d86fd331648f35bcb20197fb7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a357bc92e540305ec6404159e26f00ba
SHA1 8f51d0f8b9ffed0c04b3e440f637bc0aa6608eb0
SHA256 c8c74b6976a38cecd4f6123167198e7761c538c3089317f08b5e1ee83d14db07
SHA512 0abc800dffbb5fb88c413cebf29832ed03a221864a40f4806d2c8e5c1e76991f7010ed9f2c1471c4439859a25f9a2df0f66ab1b4e4ea19e9ebf0859ff1aa426d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2cff427a42f65010300431f55d306907
SHA1 d06a15629aafa32678f2b47c0a7317c0deb02846
SHA256 dc2b52a15d36438062de752246a6b41a7b6698c2eb1ee91a0aa57d093204f76f
SHA512 ff4dcc961b63a633113ea481f57512c752ef0088cfe7043ac8c5b22af87fb52b9fef20a7282b7c552ad7dc6ce5a5f9c4590a7b0c213d1add381438d6509f719c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ba04d05328028a881933093058656262
SHA1 c082cdcd0b6e82fd3b164a0dc2b53f22b9002998
SHA256 724ecb671754768aee990c5c157559162c48cbdd614c3bda47f03b2f0877fda9
SHA512 a23cfb4fc0738705c41a80cb9d8af14a6120d3c9cd467af78696af9aea092bba5ed70b4b7901873b26d0e92b2544d131b0505d6318be4a547ae409b923005d8c