Malware Analysis Report

2024-12-06 03:25

Sample ID 241022-1yzg7aydpq
Target 6c1127f3508b22eb2d6769d36eebebef_JaffaCakes118
SHA256 89bcf15f7025cf8c58540b02a00b6046c46ca1a63fbbebfe3ece7272b3c07361
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

89bcf15f7025cf8c58540b02a00b6046c46ca1a63fbbebfe3ece7272b3c07361

Threat Level: Known bad

The file 6c1127f3508b22eb2d6769d36eebebef_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Browser Information Discovery

System Location Discovery: System Language Discovery

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-22 22:04

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-22 22:04

Reported

2024-10-22 22:06

Platform

win7-20240903-en

Max time kernel

133s

Max time network

145s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6c1127f3508b22eb2d6769d36eebebef_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10475" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c40000000002000000000010660000000100002000000048e89f6aa37198324c2e1ddc32974a99ea819891373164e3e51ef372d3286f07000000000e8000000002000020000000efac72af2bb48e086255587bcdb522ac5a82af7f08dc12932fd230ccced6d80e20000000e12dc68bc7170c6d8cd566d868f6fd22c27216f034ae389645c25f84a992d4ff4000000074eda9fecf85a712445d1cfed4c1cac4551f86bcdec14228de8916dca4505b56cef2c19d392331e1993ab5e22b0fdaab223754a7d056f04130188edd51c394c7 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{91F27A91-90C1-11EF-B656-D686196AC2C0} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435796528" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c400000000020000000000106600000001000020000000a41c3a2a538a1fdbc51eb2506fd0d1f9121b56a7b0c4065bcabfd965a8923582000000000e80000000020000200000004633567382738f0d25b0fef1f83e7e4658320b1e36eb36b8b32260260c104d8a90000000213c0281d71e8bc3828aebccc961883be1753369245783a213c50cf3a328104dd251477278eddbb8e55cb331d668dec18e828ccdde750b1e038f0af0a6f6c860c0274aa7c73de9e6cb03f7d439d5cb04500eef3fcaa70b1ac030edece84610e6c264836e2861cda2c801259c45186d15d924dcce4ce6280e1b02b74b51e3c9ffff288204ba10b87c82923f33dc9e8cc0400000000aae0c074e60ae60d57fc0745339890d03421d4899dfeb5a71ac5e47100f5b1f947b9e615d9631d98167b1a7b399b51719b7ac78cf1e5a067548b5625f58206e C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10475" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10475" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 4057036dce24db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6c1127f3508b22eb2d6769d36eebebef_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1864 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 cms.lichngaytot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 internetsupervision.com udp
US 8.8.8.8:53 www.baokim.vn udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 www.xemngay.com udp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 184.26.134.46:80 s7.addthis.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 172.217.169.73:443 img2.blogblog.com tcp
GB 172.217.169.73:443 img2.blogblog.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 172.217.169.73:443 img2.blogblog.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
VN 103.131.74.28:80 www.xemngay.com tcp
GB 184.26.134.46:80 s7.addthis.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
VN 103.131.74.28:80 www.xemngay.com tcp
VN 42.112.31.40:80 www.baokim.vn tcp
VN 42.112.31.40:80 www.baokim.vn tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 xemngay.com udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
VN 103.131.74.28:443 xemngay.com tcp
VN 103.131.74.28:443 xemngay.com tcp
GB 142.250.178.3:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
VN 42.112.31.40:443 www.baokim.vn tcp
GB 216.58.212.202:443 ajax.googleapis.com tcp
GB 216.58.212.202:443 ajax.googleapis.com tcp
GB 142.250.178.10:80 fonts.googleapis.com tcp
GB 142.250.178.10:80 fonts.googleapis.com tcp
GB 142.250.179.238:80 apis.google.com tcp
GB 142.250.179.238:80 apis.google.com tcp
GB 142.250.179.238:443 apis.google.com tcp
GB 172.217.169.73:443 img2.blogblog.com tcp
GB 172.217.169.73:443 img2.blogblog.com tcp
GB 172.217.169.73:80 img2.blogblog.com tcp
GB 172.217.169.73:80 img2.blogblog.com tcp
US 104.18.24.243:443 cms.lichngaytot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
US 104.18.24.243:443 cms.lichngaytot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
US 104.18.24.243:443 cms.lichngaytot.com tcp
US 104.18.24.243:443 cms.lichngaytot.com tcp
US 104.18.24.243:443 cms.lichngaytot.com tcp
US 104.18.24.243:443 cms.lichngaytot.com tcp
US 104.18.24.243:443 cms.lichngaytot.com tcp
US 104.18.24.243:443 cms.lichngaytot.com tcp
US 104.18.24.243:443 cms.lichngaytot.com tcp
US 104.18.24.243:443 cms.lichngaytot.com tcp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
GB 142.250.180.1:443 lh4.googleusercontent.com tcp
GB 142.250.180.1:443 lh4.googleusercontent.com tcp
GB 142.250.180.1:443 lh4.googleusercontent.com tcp
GB 142.250.180.1:443 lh4.googleusercontent.com tcp
GB 142.250.180.1:443 lh4.googleusercontent.com tcp
US 12.171.94.43:80 internetsupervision.com tcp
US 12.171.94.43:80 internetsupervision.com tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
US 8.8.8.8:53 static.mytour.vn udp
GB 142.250.178.3:80 o.pki.goog tcp
US 8.8.8.8:53 www.phongthuyviet.com.vn udp
US 12.171.94.43:80 internetsupervision.com tcp
US 12.171.94.43:80 internetsupervision.com tcp
VN 42.112.31.40:443 www.baokim.vn tcp
US 8.8.8.8:53 widgets.amung.us udp
US 104.22.75.171:80 widgets.amung.us tcp
US 104.22.75.171:80 widgets.amung.us tcp
US 8.8.8.8:53 platform.stumbleupon.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 embed.tawk.to udp
US 52.20.104.98:443 platform.stumbleupon.com tcp
US 52.20.104.98:443 platform.stumbleupon.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 172.67.15.14:443 embed.tawk.to tcp
US 172.67.15.14:443 embed.tawk.to tcp
GB 172.217.169.46:443 www.youtube.com tcp
GB 172.217.169.46:443 www.youtube.com tcp
US 8.8.8.8:53 accounts.google.com udp
BE 64.233.184.84:443 accounts.google.com tcp
BE 64.233.184.84:443 accounts.google.com tcp
GB 172.217.169.46:443 www.youtube.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.180.3:443 ssl.gstatic.com tcp
GB 142.250.180.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.200.38:443 static.doubleclick.net tcp
GB 142.250.200.38:443 static.doubleclick.net tcp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
GB 52.84.137.125:80 ocsp.r2m02.amazontrust.com tcp
GB 52.84.137.125:80 ocsp.r2m02.amazontrust.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.213.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 172.67.15.14:443 embed.tawk.to tcp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 172.67.15.14:443 embed.tawk.to tcp
US 172.67.15.14:443 embed.tawk.to tcp
US 172.67.15.14:443 embed.tawk.to tcp
GB 142.250.180.1:443 lh6.googleusercontent.com tcp
GB 142.250.180.1:443 lh6.googleusercontent.com tcp
GB 142.250.180.1:443 lh6.googleusercontent.com tcp
GB 142.250.180.1:443 lh6.googleusercontent.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.147:80 crl.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
BE 64.233.184.84:443 accounts.google.com tcp
BE 64.233.184.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
BE 64.233.184.84:443 accounts.google.com tcp
BE 64.233.184.84:443 accounts.google.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

MD5 2b6032b37e93d5328d03da1825d4cf18
SHA1 264ffa77a33a09126f8309e6f020f41e38381e78
SHA256 761e31485360be1afff4e8b52b2cea88498b541c1a57773733c367f1ed6d50f0
SHA512 30eb5e0db2fc0dd82e14d7d0b8c50b8e6208dac65c4a0329e767abb2b0ccea58a4fd0734fe97263440d01e7e31e73fe8228971f2cfbc883000c5c9e4d9472184

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

MD5 70a59122c870e00a89a83fbce0473ab2
SHA1 b650053ebe4da66ee0e82b68c5a01dd1e3b5200d
SHA256 fac380ceb6ea0c50d9a508d76fcf09815b352ca603b9b2a6a0d504064005bd77
SHA512 4615859709a412abcf086d29af9ecd8557c93df5521c9f5af9805ba70eb5a073f69bf297db16acc79a7a232b9aaf5571ee2e4b7a357f20a0a69a3eaabdb81ecf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

MD5 67e486b2f148a3fca863728242b6273e
SHA1 452a84c183d7ea5b7c015b597e94af8eef66d44a
SHA256 facaf1c3a4bf232abce19a2d534e495b0d3adc7dbe3797d336249aa6f70adcfb
SHA512 d3a37da3bb10a9736dc03e8b2b49baceef5d73c026e2077b8ebc1b786f2c9b2f807e0aa13a5866cf3b3cafd2bc506242ef139c423eaffb050bbb87773e53881e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

MD5 f9b2dd4983fdfa7296fc949022bde85f
SHA1 6e9935b29c4c63b54f9393a993c208706135186d
SHA256 247a05724b136b669e356a0187fd1538ac3d095f86fe7dbf94e51fb67de91aca
SHA512 f2f38b8eb29008f2b364469dc4c1fa24028bd4a0faa6ba375254d3bd5ec567c7d21ce89a93427a11cce017a1f97a293bfd6e721956033decbe92227e6a2bb687

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

MD5 3e750b726705be8bb087d03db1d8ce0f
SHA1 f39d4bfdffa4028f2ecfa800d3e692eed5f341af
SHA256 a780ba26d5b6be8323f759639352818519b722ab191dc787a980b51900ddce8b
SHA512 a4989a7d8e17d1a8fd130ffcb8f1a569055431a3c920dec554d158036b7bb50334a6746e34cc6abcb89267731ef6233ea7541dfa1db47c2f0b3a951a0cca34f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

MD5 971c514f84bba0785f80aa1c23edfd79
SHA1 732acea710a87530c6b08ecdf32a110d254a54c8
SHA256 f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895
SHA512 43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58

C:\Users\Admin\AppData\Local\Temp\CabC248.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarC25A.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c9f5eb8313ba06e42250c7ba3e03571c
SHA1 c5e65945a054ce8674c04482f2e00fb1289f38c8
SHA256 ea2247aa70baa79ee6a26f3af979f5a8ccc2c3720bad93f101f0cdd42112abe3
SHA512 23357bf3986088d8d2fd96da6ab8248ec34fb2a463955e4d91e6c4df648b880b9af1e1268c0ed1aee9933016be678615b0bd00c6d6229feee26591c1b74310c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 502861f3f870e579234474857bbe36c2
SHA1 ff586ff7039c407c6f1f472666515cf256355550
SHA256 362fe817c6520fee4b8ff11d170ef6a5613a01a75164f87f8fef2422b072665d
SHA512 342c831934c9f76334691f844d5c095be2dbd5227a983a96a04eb2dd10b11cccd118d22908ad8128d6f668d55e7e99a543bc67406c559e8ee820a16eda709c85

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 370ef0a3c2dbc0dae6a19250fa0b878b
SHA1 9ec93c922202c4902a6482480f160622701efd13
SHA256 2e20765e7d44cfe364646eb0b33f7fac325b02cb85ec542a03d83913387ca10b
SHA512 83c41939fca5c8c7a3b31a6b94edd97d69558efbb4ceda9ad165ab6031f91545b1429d682c5d41ae6edf4dce553452e5af185657e2c5ae5b79140328f78c722b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZKZ95V4R\plusone[1].js

MD5 1106da066ce809fb5afe9c6c1b4185b2
SHA1 3b64d3a7f52b4c07047fa8727db4207137733bf8
SHA256 d0f3af1e716ce7846e7c252ace160c12480d41eecd5a7e7917ee5b2ccde62b51
SHA512 3f0205b89d5293f14d863e344680a9d8518e5d4ee3b981dc5981106534bd597ed6b388eecab1385320f77c8d5a46a4ce5b64f03f4377b8ea13ecf9b569878fd9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c9e5885504d0cb14ce9a837721b48a26
SHA1 2477b85cf3b5fa3f328f6ec70892fd92621646e9
SHA256 366c634a6dffb101fe551f4ee2560d49fc7f9d192ee73e07d294b59832a246b1
SHA512 3412e4ffb358afe1477bd8813620b41e54b0b59320eeb82acc216d0396d752983784e51557b0198b95039405d75314f926f6ed4c278697c6e5ccc48c5b3d6aaf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 806ce402687552d52132f503c891cf75
SHA1 1512628a2d6206da2ec1911b5a72f5cbfad11e78
SHA256 22faac7a7e34478162d5dfb004e5b3a905ce5a77f1963f01a9d6d7d4df0da252
SHA512 35ac7d902c2485326488dd9cfc4237e1e7b2701dc81421bd9737c4e444dcb70cfd6be272db83a33ccb1b96098736b7a1c1204486aa0d277b82b52124fed1311b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3513D73A177A2707D910183759B389B_3247EAD763AFDAC8D547ACA55BB3C63C

MD5 1a5bd81ee9f9e8f457b04c67c63f2f3f
SHA1 a8fa8cc36e323d39fcd5ca02884aa80745bbebfc
SHA256 dc84ffa6ca469913a9ab14e706acbbeff3f49e81fb31862bc2f43c6e8498771a
SHA512 127dcf4d0397e73a6cb2d14f12b25deeb5aba34c0da884c3dd5302b5f20031dab1b467cf86168c88cd23df2fa2d1b022c60f2d267af400f9683fe98b3bfb4ff0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c644e72e531a8fe43f09d62c305fd8c
SHA1 6e63cc99c63e11898b02dff6f06e8591988e8dcd
SHA256 3ebdca6080ce16e5fa75aaef588d35075b8c7ae66927083b6def60bc03c9d8bc
SHA512 9a24af1ebbaa2fab8615f09f2c2da67f25db32d85af94ac9940cd9a836bdd025a65d006a994c2e7bfe6f0168ed288a7ceee43306717512146832fbadc37ed58f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a9daeb435fb1d92fbcb970b455ebd7ec
SHA1 c2b144931b9795804e585a8d6f8110247227eb0a
SHA256 ec0295aee6667e7c32d0a7cd4e399106a66effbaf9639b8555517995fe42c5f0
SHA512 5439dc8d2c0ef7b0dec0a38e701439f484bb1fc0635641544903e2c07f490a9a045e85f09600657dbf52d0bd8e93fca89046ee2634f355d3ee0bd2fe5cfa04fb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aeded351da8bef06ba29bc40a1acae22
SHA1 24b422fcfde3e3335694e2e04406e03b8dab01c8
SHA256 5bb5cac31eefb14fbef2fbbe73eba32c6cfb478a8688cfee841c8448533184ce
SHA512 aa2a1cc63d51b334391943da8873c86632dc6573e3f95d84545b543e8e7d3c33053f4b504124cc77dc7d5c6b5186079f2fc9e73a55dacaa8e0ad4011a0da7272

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XYHJU3A9\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S8GI6B9B\cb=gapi[2].js

MD5 1d4cb29476060a1b3681fdb681200b11
SHA1 d541f88bf8d4fd98b9e0e723e050c47d4d32c18a
SHA256 5930e64b0cbf1dc5922f65060422fcf822870ac69439450ee3cb134365a51a82
SHA512 85575c3656c8e0d70cbcdf76194e37dbe3f7bd4535221a8f51fb6b51266fd682809fa86bc556c27d127f713a6ff75290ae1fbdcd8e589211e1685f82b99d93cd

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XYHJU3A9\www.youtube[1].xml

MD5 a451d8bf9acf466dcc2d3712445fafde
SHA1 b54cb608d170377df7f5029a8cc1a19811a297c7
SHA256 dcaf1b3221f30b0456918ab8287fd1d24ba608d8630b477a9ce8ee863f98b832
SHA512 e1bbd0eee1b75ac2d3c0446a98bdb9377bc56b8422a292fceb82460cbe32a32624c4d78673dc6ca64aafcfe4780141edfab8b1607a05a8bda88ffe92e25e1ba1

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XYHJU3A9\www.youtube[1].xml

MD5 7831d0ba81b4570b5ddb80f2517ed7b8
SHA1 10d6c27f89124975cd24bb03914e25b7b397e0f8
SHA256 c910ecb6c9ce11f610252d9f5774da84df312195a9d0ed5f27ada83bd60f6a89
SHA512 ccc02e915d655092d94ce68b9eee2f4c2349d02089c5d5145b52d7a2e69333fe38a0385e10176dc9a93cea8343b80bcc6feb407cf147b8b08bdfca22a83253bf

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XYHJU3A9\www.youtube[1].xml

MD5 549def99524094699a5438f282cf0777
SHA1 ec9ae53e7002ce456de91c66a32dfd6d12a3488c
SHA256 74fff9914f4a9f797bb0163ff85f215da19b827de0e3395a8dfd6ed4446735c5
SHA512 057717c6d61224f0539771efd98f9a3a50cc4dfb7e1b049938e9a6074f2628f76fecb453db31a23502ef2725a9ad2b264bf1ccecdb17e2fd837b7cd4bf45fcd6

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XYHJU3A9\www.youtube[1].xml

MD5 e4ea86afe41d55baeaa81fa22890c5c7
SHA1 9cfbbc6afbf5730bf07df59fd3ddb935f61c648e
SHA256 7e96e7e76d603d1a77efd3fbe29e611437ccde59e661c800632e2e1c3d0d2e48
SHA512 1d31d53aac5a4eb99a6b99d8b58526e45931d45bd78174b2ab0d7a99144676f4ec12a65372f98bfd1df9a8376fa2eba83f150c155818ef35aa54c0716a5b3031

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XYHJU3A9\www.youtube[1].xml

MD5 445811322421e84bba15563b4d997002
SHA1 8ea0805417280192a423a2c1d74f2b2848c4c44c
SHA256 547ab26863087278be5117b81b1369222e94c5edbb8b2a9e954cfba265312cc8
SHA512 29f40098ba8d58141878741de1cdd082e8b2e3d6f5ec7b4e68235e8d9fb0337694c8a3e53dd282c025cfd939d3cf96c71fbdac4aba24586018344f2f8c06bae0

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XYHJU3A9\www.youtube[1].xml

MD5 b5e1c940e535a080cc8d6fb681f3765d
SHA1 f81b18d90519a26d96255f42e951db269058bbb4
SHA256 3db2575c865e28c622601402593cb03088175114e95ced230a81de8fa1722a02
SHA512 eb3ed8345e0df050d3f5f1641d2e913d0c34fcb7baa1085828a67e137580dd811eea5ad1f9a91f04902ee898dfcdc758c5f09d7a414bb8b645148eade75853bf

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\XYHJU3A9\www.youtube[1].xml

MD5 db6f946eef7876f019744432a7f3aa79
SHA1 16fcc79b47e6c68bc720e63c6d99e067ca7191fd
SHA256 3f34cbb995913c02107be7cf46eefbdc91abe2974b932651ca1d329ce382fd09
SHA512 e4df95ffdab8ad8dcb3a47d94d484ad957d0c9650cc3875628c3e3150e8d8c47776c6caa01375adfb98a2b2b4f3f62b667ddce54e63bad0c12254c0eb81b5d2f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 422ac7a88a8dc601c5e6c91e9ec281bd
SHA1 163ea94be72bae431544a6c3c05b7166b29485f9
SHA256 bc06e3d474f7b86822d441c901dd2e8f7de4daeba2b7b22adefa732e3036a6cf
SHA512 33f45b670ae1c7bdb0ff1aed145fe06d748700ab2ee0339a108d8f45c5d002375156b95d4ee8377ae1c107493c3e0e816c9fdca8fc989c24bb2e9d4212bc7333

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7063c7ba1ebd0352400c094759714fa4
SHA1 305dfd2d9abb6e6cf1abcc672c282bc039f2b32e
SHA256 dfbc2f1bebad66e20b09fe237ae42f69153b2e98a01b20ea39ea745c2c871088
SHA512 bbec76d6e2bac113a42c2074ec99adecd8c7e2ca9bbf6634156ee52f8d393708455ebf6a8116b3520736bec14aaef0d4b4f4bc455a062cf659ae9aec4b66166b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ab24d8ec10919664135f4e0e91aaddb3
SHA1 38d373e65ade1938b65cd9c3ec31d6bf75a12295
SHA256 cad5abe90618dee54e6c71ec800e2855fd585487b9f46ad84dbbcd61f107a9f8
SHA512 3ee519d91d08a1ba0f1d33e1ff61f426ab8e6d0d1111f3e2ce2a78a9dd6e30748af000371f4cd3287f04cd2072cdb034454925940a064477125b5f10d8d40c6e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8aed17a839f61cdf615e557ecfd47ca4
SHA1 7f1422ff593eacd880168a6789aed1e11a56ca7d
SHA256 bca0896c1b216e156483eef534bc7081678329d4f89778e8754211660b042083
SHA512 0e028e78874ab2624bd33fedeffe6ddb457834f46d6bf75afb23d967533d1545da64bc28c1a5369881f53623b095b37b8e846cc81abcb440fcc5bad95f122104

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7417d7b5f9ef3d667d217d51194f3528
SHA1 5ce20fe5d09ebc405d4ccd7de515b4e366f52154
SHA256 d8b8d780949c8135d9758fa402cfb301676f72255bd08cbebeb6f5bd20f989b3
SHA512 c59138432b4c90cbe1f09193f2bb6d5b05cf3e3cea299e0333c54d5d2ec7a526d5bdb499e32a9be17e27eb327f97c05b5cf5ccb4f4be4a450f8b429542efb3ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e7272ac3fa0d8d862e8d03fcdffa1222
SHA1 d2f7990ebe16e74b89619e3e0f8f538bd1cfbff1
SHA256 78c0355e7c1dda754b2d8a206f4a31751f379518e0e1776c7ae384d86d7aaff3
SHA512 e048594609e55df694d4e81c0a835c0084ca7ec33b25c2ba90c6e197c3f955bbc54e0b1adb00ea0dadbdd821eb2a472fb84dd5acf211818b9eca035e51a86ad5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de4413e686d8194bc21a4026dffff100
SHA1 a62f387a4898155ce5c445b210618a8a68334b2f
SHA256 5bbb831c0c5111fa19dd57f465954d9d3fad3fba4edba2766d6ace548d82b759
SHA512 9f7348464d378d95897a521747fdc4e8c007ebe4a6990cd9b3385831978980e9cae2ecba3142b9fe0bc5c698e3ab5e8f8015038c0acfd53043f0ef4ce49d06c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f1d96976120077349c981ff53e93179
SHA1 74d0f18ccf161dbe146dce7d4d6a538f0242f92c
SHA256 64777dd9484491adf69fa3cd93560aa225d96930d03226c0317f248ae2216b7c
SHA512 1a558a55e2a169e854e3c85022de6fae862cc28c588902ff94f3a3fe499c12dbbf3e54abedecf74f6fc7b78ea9086375fdcce31cfe4e07ba3a47aff6b76c8af8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6921aacb7aeacf6586acb43273e7f90b
SHA1 4bac0ef418b7a5e31c69b7e3110f343bb7c7154e
SHA256 92bb8f84cf0aeb5b4bf2f2cd2d34214f18404ca0f601db4c681a419c8efb324b
SHA512 5406b598103e8f828426c2ba0c7d3392324554031bad797a07cede7a426d0c7683f2a7e484e2c3f70c7d7586a7d20c34ad61a72b8d333c1d694ecffcc4a2180d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S8GI6B9B\rpc_shindig_random[1].js

MD5 70116351ebc507731f11cfb8653f69bf
SHA1 667d48cd3c244c41a84302056e5b14140045acd3
SHA256 e3fff060584ca9c8eb12a6925252c8c6333622f4e6aeae8417449bf0ae355020
SHA512 a69875a52b635e7a561cfe2c7f4639bc122be434989dd39b37ab8dda08b49aa4bfd681c572628e9dc056c69808d0a03e2c6b4fef88db20a59ca73f097870aee9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS91FDNI\2254111616-postmessagerelay[1].js

MD5 c264799bac4a96a4cd63eb09f0476a74
SHA1 d8a1077bf625dac9611a37bfb4e6c0cd07978f4c
SHA256 17dce4003e6a3d958bb8307bffa9c195694881f549943a7bdb2769b082f9326d
SHA512 6acd83dfd3db93f1f999d524b8828b64c8c0731567c3c0b8a77c6ddcf03d0e74ee20d23171e6ceac0c9f099dce03f8e5d68e78c374da2c055973f6ac2db4e4f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d1b791f3451a701b39391ba2ec71e6fa
SHA1 7d83a671282df58ccc3b3855909f49334d5d37fe
SHA256 0f5a63fe9d3b529abb734cf87683436e4d6b31a85f13b527fdd5f16837246092
SHA512 3d74e45d9b08d205b3af83fb19da1d0ca9654c777926077aaab394c4ac5091ef115545f4057a42828114ba7d71c071b0c560f9de2637716a1ab7b942ee68191b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b64fc2cad32aeee74452377841c57e3
SHA1 20ffb4bbd99a5a348d947d1ba57dc2a534f1410b
SHA256 7fb093733cbc6ac7868bcf1ad559ed88640931aee13864f86b4d5557d6f43dfd
SHA512 9248ef6b2e8d192c9637a9c2007816c26dd341348c77476d3e7812196ea6c9898a2260773f85cb50af5769823275ded94ec4add6c8837bcc9d259c21ad56dc65

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 555216d99254a42ee9e639a872ad8ba4
SHA1 622a15a32fe2329456b5c82e93cc51f50b700739
SHA256 1da3fb401c9e6a6189995dabec81761baee2b6d7d750e80594b1284e08aaed5a
SHA512 2628fc15b40db101c51c38c4a1bf42e8d7186980bc452f69a4d8c191d3983caffe24dd9968d11c33ac49873ce7290c40f3be1afe173732bc8c6e8db9f990905c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b8b789c0fc7e4c995cd0461a7da55f35
SHA1 e317938e9d758191df411df988c9ecb1ffa339da
SHA256 e6dba1585d9ddb8cdb657318d6da8c7e0f8e6f8ff8b3d0a7e8db203329fb3607
SHA512 a2a4f5032c8ecc7f4f036e636f763110bc05eb10e96c72ee4d039094505af18af2242e6330334538e16dd45e2aca381e2d8f2e02ba948fdd97066c1e078e6bb9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 783f1f98c813253e9acf2e4b884ce0d0
SHA1 3d897cbfc5d0b5ac94f8d18cff3b7c0a222c7fad
SHA256 1ab07da49052709872a302d9ae298733a0bbd5d8d1887cf4ff4fe3f1d098b035
SHA512 ae3cbf1280e991ea6d6c2b3265f32d7a64b7fc8ca87987db9298587b4ad36a4987f48ac5d9801792e19156ca600b94b71516cf73a64bb2679eb007abfd0d437b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f6160d656eb1fa4ed87adfcfc3c3d8f
SHA1 af2e67f57f89d340cc28a9c4cf5d20ea117a311d
SHA256 40fef4f6549f28a60cf99b25eaa5aba4b400ea2c08e1c57829aaae1583c3b0d8
SHA512 61bf077af461e7e2a0f2dcee8f09501dea775dd67186ebdfeff74690010f31653cfb1005e775780c28af42c1ec5386168ad956966ab5fec95070fb5122965153

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f7547bc6c3c220328a2104917c67a48b
SHA1 8ed5087e3b7f38648a09844aca846cea77805dd2
SHA256 cd1e99abafdf6baf8e64e13e06c23615580f0a3e5aa87e7931f0917e4e23d38d
SHA512 0eccf47848a252b0e860a61a7ee286e8fc82afc62026ed3d6f807784c37d75cc11a123ac2d7a04d216a809d1f18b6c1e972d352842b8724684907fc4792cd50a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9ec163bba713d0f0d252f0ff9ca0eb78
SHA1 1a0d0defdb3713acb395ffb78043d83b0fd3a38a
SHA256 a4130a788b61d9316578b6a5a3eb5ac7b53b8789025e3ed335a5641d93cb94b6
SHA512 34e6b8070b45db8bd20239aca094addc266dc648d44122834246f2f54a232df3aa59cc92f6ec1fcd2cb1c4dca65cd23b884daef49a504bd017a1c349d3525c96

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 17169f604c5a221e68d2f77161769349
SHA1 291e1cb83c3fd39e39b39bad0fd87ceb31cdf62a
SHA256 3951acede55cdc00bf6f4edae9b33381c2db201f1fc86424c56280d6fb323243
SHA512 231e523c805e39e763517a859f62de2e34ac7fcbd8deaa88a7a1442e6634993a341aa9476ea4b7577c53138ed5a74e33da4a9be78ddc9f28c273533f3052cc5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a207434b6714bf5f76adaad1da1d4337
SHA1 a530a06a6c4ef862dd2a6213543cb46d90761f33
SHA256 cb1cba5de5020564be20fc1d3b5e528f1f471a61eed83112ac783fc65a23040d
SHA512 d5b9650785ea8278247e2793bc4351a1206271c44dda6efdf1b6dfeabf1e08c8fc42b0305a7de2b514e311e30e225c14cba4180d70cd6a70a7c41c0a8b0b1eb4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 37767dd3a6591399f32d62b2e2d3d623
SHA1 189af8a90d5eba85080ff220eb60b36926b30667
SHA256 d8543471b9f0df23a0982cd6b49156b757ecddade2aee8389fe031297be4c12f
SHA512 67c9f5f9179a70b7d3073a29406b3eb87af4f60b2a3ea8d2ca4755ad0a9a98b1171b1d5a71f9c334385488b2f2166905751a890404d4cd6b47e336ef621303d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9bffca39bc78a22ee7d14ab90f4683fc
SHA1 ab9e7f1a34538afc153031fdea6c1870c5ab6339
SHA256 364086d2b5dd039249bbec501822ef4b9a509448d6af3f63228f278ac72d8612
SHA512 2400ad59b3253c0cba60852301f1d11ff2eeda5d1e4b3b204ab5326aa11533a951e53ad246d27b90e455ab576e32e587ab3e0cd105ad32a00e2f9fa46562dddb

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-22 22:04

Reported

2024-10-22 22:06

Platform

win10v2004-20241007-en

Max time kernel

146s

Max time network

148s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6c1127f3508b22eb2d6769d36eebebef_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3556 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3556 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6c1127f3508b22eb2d6769d36eebebef_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff87d4646f8,0x7ff87d464708,0x7ff87d464718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,3444528244969343398,7586819492210333856,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1992,3444528244969343398,7586819492210333856,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1992,3444528244969343398,7586819492210333856,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,3444528244969343398,7586819492210333856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,3444528244969343398,7586819492210333856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,3444528244969343398,7586819492210333856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,3444528244969343398,7586819492210333856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,3444528244969343398,7586819492210333856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2740 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,3444528244969343398,7586819492210333856,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5712 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,3444528244969343398,7586819492210333856,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6252 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,3444528244969343398,7586819492210333856,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6252 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,3444528244969343398,7586819492210333856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,3444528244969343398,7586819492210333856,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,3444528244969343398,7586819492210333856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,3444528244969343398,7586819492210333856,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.34:445 pagead2.googlesyndication.com tcp
GB 172.217.169.73:443 www.blogger.com tcp
GB 216.58.212.202:443 ajax.googleapis.com tcp
GB 216.58.212.202:443 ajax.googleapis.com tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 73.169.217.172.in-addr.arpa udp
GB 142.250.178.10:80 fonts.googleapis.com tcp
GB 142.250.178.10:80 fonts.googleapis.com tcp
GB 216.58.201.110:80 apis.google.com tcp
GB 216.58.201.110:443 apis.google.com tcp
GB 172.217.169.73:443 www.blogger.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 www.xemngay.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 cms.lichngaytot.com udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 static.mytour.vn udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 133.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
GB 142.250.178.10:80 fonts.googleapis.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 172.217.169.73:443 img2.blogblog.com tcp
GB 184.26.134.46:80 s7.addthis.com tcp
GB 142.250.187.226:139 pagead2.googlesyndication.com tcp
GB 172.217.169.73:80 img2.blogblog.com tcp
US 104.18.25.243:443 cms.lichngaytot.com tcp
US 104.18.25.243:443 cms.lichngaytot.com tcp
US 104.18.25.243:443 cms.lichngaytot.com tcp
US 104.18.25.243:443 cms.lichngaytot.com tcp
GB 142.250.180.1:443 lh4.googleusercontent.com tcp
GB 142.250.180.1:443 lh4.googleusercontent.com tcp
VN 103.131.74.28:80 www.xemngay.com tcp
GB 142.250.180.1:443 lh4.googleusercontent.com tcp
GB 142.250.180.1:443 lh4.googleusercontent.com tcp
GB 142.250.180.1:443 lh4.googleusercontent.com tcp
US 8.8.8.8:53 www.phongthuyviet.com.vn udp
US 104.18.25.243:443 cms.lichngaytot.com tcp
US 104.18.25.243:443 cms.lichngaytot.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
VN 103.131.74.28:80 www.xemngay.com tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
GB 142.250.178.1:80 4.bp.blogspot.com tcp
GB 142.250.178.1:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 216.58.201.110:443 apis.google.com udp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 xemngay.com udp
VN 103.131.74.28:443 xemngay.com tcp
US 8.8.8.8:53 internetsupervision.com udp
US 8.8.8.8:53 www.baokim.vn udp
VN 42.112.31.40:80 www.baokim.vn tcp
US 8.8.8.8:53 widgets.amung.us udp
VN 103.131.74.28:443 xemngay.com tcp
US 12.171.94.43:80 internetsupervision.com tcp
US 104.22.75.171:80 widgets.amung.us tcp
US 8.8.8.8:53 46.134.26.184.in-addr.arpa udp
US 8.8.8.8:53 243.25.18.104.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 1.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 28.74.131.103.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 12.171.94.43:80 internetsupervision.com tcp
VN 42.112.31.40:80 www.baokim.vn tcp
US 8.8.8.8:53 t.dtscout.com udp
US 141.101.120.11:443 t.dtscout.com tcp
VN 42.112.31.40:443 www.baokim.vn tcp
VN 42.112.31.40:443 www.baokim.vn tcp
US 8.8.8.8:53 171.75.22.104.in-addr.arpa udp
US 8.8.8.8:53 40.31.112.42.in-addr.arpa udp
US 8.8.8.8:53 11.120.101.141.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:445 lh3.googleusercontent.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 platform.stumbleupon.com udp
US 52.20.104.98:443 platform.stumbleupon.com tcp
US 8.8.8.8:53 developers.google.com udp
GB 142.250.200.46:80 developers.google.com tcp
GB 142.250.200.46:443 developers.google.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 142.250.180.1:139 lh3.googleusercontent.com tcp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 98.104.20.52.in-addr.arpa udp
US 8.8.8.8:53 71.10.230.54.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 137.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.36:445 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:445 connect.facebook.net tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:139 connect.facebook.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 platform.twitter.com udp
GB 151.101.188.157:445 platform.twitter.com tcp
US 8.8.8.8:53 platform.twitter.com udp
GB 151.101.188.157:139 platform.twitter.com tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 138.201.86.20.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 embed.tawk.to udp
GB 216.58.201.110:443 www.youtube.com udp
US 8.8.8.8:53 whos.amung.us udp
US 172.67.15.14:443 embed.tawk.to tcp
US 172.67.8.141:445 whos.amung.us tcp
GB 142.250.200.46:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 216.58.212.246:443 i.ytimg.com tcp
BE 64.233.184.84:443 accounts.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 216.58.201.99:443 ssl.gstatic.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.169.34:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 14.15.67.172.in-addr.arpa udp
US 8.8.8.8:53 246.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 84.184.233.64.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 172.217.169.34:443 googleads.g.doubleclick.net udp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
GB 142.250.200.38:443 static.doubleclick.net tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com udp
US 104.22.75.171:445 whos.amung.us tcp
US 104.22.74.171:445 whos.amung.us tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 34.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 38.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 whos.amung.us udp
GB 142.250.180.1:443 lh3.googleusercontent.com udp
GB 142.250.180.1:443 lh3.googleusercontent.com udp
GB 142.250.180.1:443 lh3.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 www.phongthuyviet.com.vn udp
GB 142.250.180.1:443 lh6.googleusercontent.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 443a627d539ca4eab732bad0cbe7332b
SHA1 86b18b906a1acd2a22f4b2c78ac3564c394a9569
SHA256 1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9
SHA512 923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

\??\pipe\LOCAL\crashpad_3556_ORKDSMFSFAYJLXMF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 99afa4934d1e3c56bbce114b356e8a99
SHA1 3f0e7a1a28d9d9c06b6663df5d83a65c84d52581
SHA256 08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8
SHA512 76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 23367c80659374fa881ac3ff4bf7ef26
SHA1 6969d21a7e66dd73c45538f5331550db3d7c4e1d
SHA256 2b675350f1719ca66bf6a935206d80212b89b58baf663631cb8e6982ac4e59e5
SHA512 103b06e4de8c139a2366e11933d0693d36db562d5ee1105baf613ddddf99d446fc583ae2d346d7c9e6690fd9331e3d01570641cefca60f5180732b05932cff75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 318ffbb8b70b421abc02996dcfe8afc3
SHA1 4240e64a8604fa36481bf24471545a2c7c10c89c
SHA256 fba866aea3cb0fce98cf10cb57975933d6cfaaed27f9f25250008814c9bf8e95
SHA512 1a0f6266836348c4ee0fbfdfdc9197b66add2a5b150ea8a1205b4e3876eb5c82d7404bd26791de29ff48004dfed187d9bab5a9678dfe1c71cf513dd49abacc56

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d6920f5639e3203c772b0d7c5aa1b78a
SHA1 fdcb0df3844ea99224b131f2521831a4cda9e725
SHA256 91a973a9ba3ecff0991eac3ae55d6873040d2933bfde0213bc43b009c72ee18d
SHA512 2584203b492cdf21e91199a4fa180e80e00b30d697fc3ccdbbc3779f120bc2202803d1db311148385b9f6fb0dc8c8140af444052e3e5775c8f948f7832b99538

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9ca9cee48f03204b4bdc65afccbb8484
SHA1 3bc7454b86a2965e2740087fcf93d3d4e23ef5b7
SHA256 ec905652982abd9f30833bffbde65417700b6faecbc0d5bbfa95b2323448fa23
SHA512 013006b7814400dadafbc519f3e18cca84c32b227b35cb63fca2de6025495f7d181224dedc0df77730646569025298ba6a39460bd1e9b04265f4a2e7ac106e8b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3cc92fc8fa915e2fecb27655a15da7e6
SHA1 2fd436655da732ee9d203d425b2855d26e7f8a6d
SHA256 c673b191b744755e82892be5f1eb337bc8df06ff2f785603b9505233c80e887e
SHA512 d7c3f704384b25bac2a33b1ce42646c44f22486d02edceebd3ed674ec6971f8d06ea0ad3ab9699ba04db885162d8a9b2b81ee794bc0a3d858c0b0b50c6e15055

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ff9d273ae0c8e5344df055f5e9683643
SHA1 78de4e6f0094c5983ade68ddcf718bbc327949d7
SHA256 0ee39e0bffa4dd14ac9815c1a1a4875cfb0a5ac71da7274948f36018de31e0c7
SHA512 c65e4952745a248f48ecfb21d4ea6603710af447619d83592c03318270cb1dceb3385f2b26faf3a8785bc7e3301d50c1d1f9af5197206cda7cb580205478a2fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58485e.TMP

MD5 1d0c0a1be9e6dd837935f6d73965685a
SHA1 aecd28808467646a8116ff9b1c676467d61b276b
SHA256 fd0657fef13c7c4504be1685f6d16377a25f0f9750a01416fdca3c8f56cea403
SHA512 e05b90d2e5aa7127847927fd233847818b19b560434391bdb0f72a551f5ea29dd0462c3309bdaf6cfb790c23817b5593defd17f6f6db5dad8529eb9d749c931f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7ea5f9ff1667d33a5603e8aa5bfbcace
SHA1 cfd580cd07bb10f13f7f04081fcb66c45f4a0e8b
SHA256 4fd55e57163106f981b96178dc413b1e1f2b1a2577030eaab568d8ea9cc79e02
SHA512 41d95f8453636725a7b3d958a0518b3fd21185b36200024472e4815770f74d0d836c5fa00c632010db321a3c35c98763715a867959bb07579a340a93c9cdbea2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

MD5 05197e9427acea2ac4dc812f97a8f078
SHA1 3d2a38b79da52e57783360f195ac3e7c85edefd8
SHA256 7bdfd36b4f017340dbc84a310014381bfd3028416ff21c54f7ce0a35cfd38191
SHA512 084d4febc28358d3ba6b0bef400f637b7f350381b8b592b1e412dd860d5aaf034c03ecfa87a064cb19dd8a42faade23c260e35a8660791011b7e51b726418ead

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4d6014c3aedab083d771eaa73f06ec91
SHA1 c47f6c1e9ef54bf5c8599a4e0f1d5cc44827cd05
SHA256 5a53e6170ffe64060adec2a7149444f744f921c4a888ef609a62f5122b9110e3
SHA512 9e94dba8af61fee2edf55d37e37da2b9779c9e84e0ede53f575dbbf59fa7b820cf3cd4d8e4343b475ab38aaf02cbd82913999d57415fee2a06d1c565b9551329

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dc11144b73e53eb52fec1b634a65ecb0
SHA1 a7b82dc0a871507ce18caae9aa89190a262fddce
SHA256 2c805244e6896cbc557b2e3163e44ee479c5c541d1a8c944eed74d7d3bd0228a
SHA512 feab814824dfe3ceb13bbc137c22f5d601d3d7f10d96817b94d2b28aab25ff16eda9e8e954e1d2f51d0dc9a573809255b4fd1bedec16a295eecb9a0b0055b37b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e798b8d35a633f44d3d4b2d68bf7b328
SHA1 a2caaa08092ad24e68cfea9898f9e34d70a19504
SHA256 f8c4f5b710402877cf79df6539845af316872e091326e6a995a82b1c29bf4648
SHA512 6b191a56a076d515b43aba6f602ab0e027c46f0eec9b662e96d8ccf5a9fa22f39e1c4ef9570b6bb93fc5c2657f9d71facab8c14f1fd4f75483ed4c516d3856c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145