Analysis Overview
SHA256
af2c479a09bf097616884875517b29c106feece510e97afc92fffe6d34c12604
Threat Level: Known bad
The file 6d9f121c2c7ecdc7d6af8a922f8ead46_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-23 07:03
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-23 07:03
Reported
2024-10-23 07:06
Platform
win7-20240903-en
Max time kernel
133s
Max time network
143s
Command Line
Signatures
SocGholish
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435828908" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "282" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10491" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30200fd51925db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FAAD1951-910C-11EF-88C4-7A9F8CACAEA3} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf60000000002000000000010660000000100002000000063ee165972e7ae56f4cb26832ef47911a75b24299beb9e083d47f36f2ca71473000000000e80000000020000200000007545172a548b415244b7b9f1fed31687384af7742fc81411cb3d856079e79c4c20000000ccb1bf24f14bc27c95e57ea2e563dba2b0ab972388b0f502c7367ec3e8c951984000000054a62e6ecbdda8af3c1a19e798e35112a7bcdb6f121bef702b7b995f780de5a6a3818d0d3bb9f7e352dc6e8dd962d3a509e7fdf84ae69a0be8cb67ddda3cd64a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10491" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10491" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf6000000000200000000001066000000010000200000004f2fab4e9aa10849690d338e3a58825f92354320a17beadbffbbf0067361c215000000000e8000000002000020000000e2d68d106eeee88e1e73800b8b5e2587debb010d5994cc6f479f455d61e6c827900000008e061c0babaf3960d9276a51b6a85aeccabf2084a6be4112e49a256a5d3ba4f0738c1090ae217a3598f2cef30a3dc41cd280cfbfddac2cd1451f6e6d758cc6d0c19d390e109ab56b5d31686f7208f289e5bb2812d26c88d653537f74f809d592d5ee226a29343bdbdc166ea83b74543a99ff4dee76b8f8882cace6d1967981f97e2145fbe99910d5723cc1222167ba99400000007ab5930d62e0090010dae21c311b2574b125d318e3a290e62ed16e789b455a07473bac1e375006e8a8d52f763ed03686d7b614d875bd6b0c60de7daff5382270 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1236 wrote to memory of 1368 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1236 wrote to memory of 1368 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1236 wrote to memory of 1368 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1236 wrote to memory of 1368 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6d9f121c2c7ecdc7d6af8a922f8ead46_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1236 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | feedjit.com | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | cms.lichngaytot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | internetsupervision.com | udp |
| US | 8.8.8.8:53 | www.baokim.vn | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 8.8.8.8:53 | www.xemngay.com | udp |
| GB | 172.217.169.73:443 | img2.blogblog.com | tcp |
| GB | 172.217.169.73:443 | img2.blogblog.com | tcp |
| GB | 172.217.169.73:443 | img2.blogblog.com | tcp |
| GB | 172.217.169.73:443 | img2.blogblog.com | tcp |
| US | 104.18.25.243:443 | cms.lichngaytot.com | tcp |
| US | 104.18.25.243:443 | cms.lichngaytot.com | tcp |
| US | 104.18.25.243:443 | cms.lichngaytot.com | tcp |
| US | 104.18.25.243:443 | cms.lichngaytot.com | tcp |
| US | 104.18.25.243:443 | cms.lichngaytot.com | tcp |
| US | 104.18.25.243:443 | cms.lichngaytot.com | tcp |
| GB | 142.250.200.42:443 | ajax.googleapis.com | tcp |
| GB | 172.217.169.73:443 | img2.blogblog.com | tcp |
| GB | 142.250.200.42:443 | ajax.googleapis.com | tcp |
| GB | 142.250.178.10:80 | fonts.googleapis.com | tcp |
| GB | 142.250.178.10:80 | fonts.googleapis.com | tcp |
| GB | 172.217.169.73:80 | img2.blogblog.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 172.217.169.73:80 | img2.blogblog.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 184.26.134.46:80 | s7.addthis.com | tcp |
| GB | 184.26.134.46:80 | s7.addthis.com | tcp |
| VN | 103.131.74.28:80 | www.xemngay.com | tcp |
| VN | 103.131.74.28:80 | www.xemngay.com | tcp |
| VN | 42.112.31.40:80 | www.baokim.vn | tcp |
| VN | 42.112.31.40:80 | www.baokim.vn | tcp |
| US | 104.18.25.243:443 | cms.lichngaytot.com | tcp |
| US | 104.18.25.243:443 | cms.lichngaytot.com | tcp |
| US | 8.8.8.8:53 | xemngay.com | udp |
| VN | 103.131.74.28:443 | xemngay.com | tcp |
| VN | 103.131.74.28:443 | xemngay.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| VN | 42.112.31.40:443 | www.baokim.vn | tcp |
| GB | 142.250.179.238:80 | apis.google.com | tcp |
| GB | 142.250.179.238:80 | apis.google.com | tcp |
| GB | 142.250.179.238:443 | apis.google.com | tcp |
| US | 12.171.94.43:80 | internetsupervision.com | tcp |
| US | 12.171.94.43:80 | internetsupervision.com | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 12.171.94.43:80 | internetsupervision.com | tcp |
| VN | 42.112.31.40:443 | www.baokim.vn | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| GB | 142.250.180.1:443 | lh4.googleusercontent.com | tcp |
| GB | 142.250.180.1:443 | lh4.googleusercontent.com | tcp |
| GB | 142.250.180.1:443 | lh4.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | static.mytour.vn | udp |
| US | 8.8.8.8:53 | www.phongthuyviet.com.vn | udp |
| GB | 142.250.180.1:443 | lh4.googleusercontent.com | tcp |
| GB | 142.250.180.1:443 | lh4.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 104.22.74.171:80 | widgets.amung.us | tcp |
| US | 104.22.74.171:80 | widgets.amung.us | tcp |
| US | 8.8.8.8:53 | platform.stumbleupon.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | embed.tawk.to | udp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| US | 52.20.104.98:443 | platform.stumbleupon.com | tcp |
| US | 52.20.104.98:443 | platform.stumbleupon.com | tcp |
| GB | 172.217.16.238:443 | www.youtube.com | tcp |
| GB | 172.217.16.238:443 | www.youtube.com | tcp |
| US | 104.22.45.142:443 | embed.tawk.to | tcp |
| US | 104.22.45.142:443 | embed.tawk.to | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| GB | 172.217.16.238:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 216.58.201.99:443 | ssl.gstatic.com | tcp |
| GB | 216.58.201.99:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.200.38:443 | static.doubleclick.net | tcp |
| GB | 142.250.200.38:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m02.amazontrust.com | udp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | tcp |
| NL | 18.239.62.218:80 | ocsp.r2m02.amazontrust.com | tcp |
| NL | 18.239.62.218:80 | ocsp.r2m02.amazontrust.com | tcp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 104.22.45.142:443 | embed.tawk.to | tcp |
| US | 104.22.45.142:443 | embed.tawk.to | tcp |
| US | 104.22.45.142:443 | embed.tawk.to | tcp |
| US | 104.22.45.142:443 | embed.tawk.to | tcp |
| GB | 142.250.180.1:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.180.1:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.180.1:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.180.1:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.18.190.72:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabE0BF.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarE324.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f64530c745d17cbfb175d257f39319cb |
| SHA1 | a2e95a297c8b2477435b0f138e6ec9351c3f463f |
| SHA256 | 69002789ec55ff1d8f8d59bf76cfa9bb55d6a66226404e1db71ab297ef0a6ceb |
| SHA512 | e01cccd82ac15943fad88b66bf3a81f098c3ed6b273528fde7ed02f65ede4b11d7bd0500a84bfbb7be84fa75cbd4f372e6edd15949be416b384198249cef1a7e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e32af9018efd1eb292b66b2e2a26d8a |
| SHA1 | ced936d7d1dca979c0a1670794bc68e102a58524 |
| SHA256 | 9c6f9778aecea1e9309430c78149c468f1e8a79f83f664e3df02ea2cbce06683 |
| SHA512 | dc6919a4fca4b543a27d6a0f44a1ae20c2c248ffbd21d0385c8c46ac7bc9178f8a0bffa8abef3213f954f789af238647a998b2d24ade9d5a8639450e5a9eda8b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_9462FEE0BB0AB448AAF2969AD544DC73
| MD5 | 7553c563dbb86beea5da1127c2011244 |
| SHA1 | 13aed8e4db4e16755f4cf469ba7b42fbff1211d5 |
| SHA256 | 3f9968a21c150b612f2fdeadf68f8e6c02fd8d99910a4ec38ff7b73701bba492 |
| SHA512 | d5b4c6ffe12eb106087eff69736003b5966e5626d62b59b557fb1ea1802b0358f185bb2f4a952052d0f330c2a4ef3008cbf5f6223e7fa99890cbc051a76781fb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LNUKNV0\plusone[2].js
| MD5 | 1106da066ce809fb5afe9c6c1b4185b2 |
| SHA1 | 3b64d3a7f52b4c07047fa8727db4207137733bf8 |
| SHA256 | d0f3af1e716ce7846e7c252ace160c12480d41eecd5a7e7917ee5b2ccde62b51 |
| SHA512 | 3f0205b89d5293f14d863e344680a9d8518e5d4ee3b981dc5981106534bd597ed6b388eecab1385320f77c8d5a46a4ce5b64f03f4377b8ea13ecf9b569878fd9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 37607fd620ae27f48c2ba54e0e7d7ec8 |
| SHA1 | 1c42cea2e29d153f3e388c38141110623e16db4a |
| SHA256 | afb5c5ff030beb7f2da8fea34ea52440bf082d36501a67121c0c59e13ca584e4 |
| SHA512 | 249fcd91c0ac53b978fe96a7eb66aebd3aa3c533d7d5ca829eab394a78742027d26a8ef1bc0d4b2601fc729b6c3bb96011d08d47cd77733e57005b2224175dcc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c175b42c2a64b1fc999671270132bc59 |
| SHA1 | 7149c67a7e656ee35ee23d130a43f592b7c1d43d |
| SHA256 | 9f2d053f5c46cc2114b0c895249fd92bd8d91315d785220da2bfe1aef72c4191 |
| SHA512 | fdb8fd33a8edee5c7e00d3460078ef753f5bab75676ea925cd2f2588ff5050c5b190759ac6e600670d6a854466dc9e3533668331ac826704fe07ab0d43babd77 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3513D73A177A2707D910183759B389B_3247EAD763AFDAC8D547ACA55BB3C63C
| MD5 | bd80a3fea1c4c1faa388863365f08c1b |
| SHA1 | c1dd5a15b04efe495205dad0cee80c056b94fd99 |
| SHA256 | b9d0769710be3981a27ec07f75aba5a76dc40b685be58a70e05224f88fe6c3c1 |
| SHA512 | c5b2f34d342501bc121dd4549afa190cb0ddea52924e95dab16c24476025859c84d93fda8f5f59284e304e6c8ce36cfbf73347bba7cf1ec017c7299846982b33 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91c35c9cfe192b0362f30c818a05c1cf |
| SHA1 | 64567089cbd91db6b14104a7055d2f073ed3262a |
| SHA256 | 90b2db14366a88014eb79a532bca1cafb3e8ae187b3d3945bbefc69fecf9f937 |
| SHA512 | dc240d8f6be01174db799e9842a1e73db895ba65864bfbe8396e082a31a84813a448426227c4c606d33cecd154466dbb4de3069f0358d9c5679f73116d3d48e5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 22204ffd99aeff0a55a63b1bd0cf2597 |
| SHA1 | be5ef02bfb57a8e3d94ba6183ef54605e7d1313a |
| SHA256 | 4bf234a60d4c732cfec74d4d7f917223977392a412a398e2ae460a3a7c260f62 |
| SHA512 | f2c1e5147d6ddf82d7ea96e0d4d720a3addd28f8312389579eec436c19b3875dcddb0ddc27aa48d7f8aa9e8b63d7d3ae6ebe034c17c9602c7574a5fa0a6786e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a74b4eb6a5fe4a600f686ecdf9d62dc |
| SHA1 | 82011c8ad65309551e38b03a657af3a3a658f1ad |
| SHA256 | 0922ad475f37ef4f2e8d5b934d2691de7b51e29c9757c0bdbef54e4228f99691 |
| SHA512 | 66c98cd67e48887219b69a78d85bc88a3984846ba852b5b9548674e449c11db817736ec1f0c5abb147d372f3f3a9a3f9a1cf90d67d429825708203a5db363b6f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0584cc11c28d963f8c14d501d1622da7 |
| SHA1 | 5d1dee211cc7e094b310b0229ec75cb1ff46aaed |
| SHA256 | 4c8697c5d43d14c2fa41f06bdfe0dcbd930f8589ba99e14c764cf828630cd20d |
| SHA512 | d5eadc8378f2b3b6a20719b8e54dd408077b0c992cf4664d9b4d7525df361da0abe8f2dffcb5c6263fe3f17ddd0913152dd6729bd840f51c97a54006c2e37834 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EMX3CUH8\www.youtube[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8452S9S3\cb=gapi[2].js
| MD5 | 1d4cb29476060a1b3681fdb681200b11 |
| SHA1 | d541f88bf8d4fd98b9e0e723e050c47d4d32c18a |
| SHA256 | 5930e64b0cbf1dc5922f65060422fcf822870ac69439450ee3cb134365a51a82 |
| SHA512 | 85575c3656c8e0d70cbcdf76194e37dbe3f7bd4535221a8f51fb6b51266fd682809fa86bc556c27d127f713a6ff75290ae1fbdcd8e589211e1685f82b99d93cd |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EMX3CUH8\www.youtube[1].xml
| MD5 | a3c1e4ba656c6f8abd029f5ba8738fb9 |
| SHA1 | ef523556623ab19517c5e032bb25a493444c8665 |
| SHA256 | e0d5851f3d6686ca5385050b646142237722fab8286b1fa43cf80cddbc173251 |
| SHA512 | 7cfa7bcfd92a836bfdcf8b5ebc6292aa386055c877de16ccc32afdd8bb0d64edf4f5ac040d3ac38e540776006abaeee13fd3d61f0c58c8cd994b9cca0b5b7212 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EMX3CUH8\www.youtube[1].xml
| MD5 | 08e6b11286b54676bb288b2844cb3316 |
| SHA1 | b88ea594855762421ddd38dbb3975a3b6b6bf496 |
| SHA256 | e81c27db50d62330c52e37102ac110bd8dc70d3e22c838081f2cac0e84b95ff0 |
| SHA512 | d86080ad2fa780a1eec4688d423b077323203a223d8eb7fd41e7f05bd342b8618e9859b1fd8334b883d0d4c13747846fd3eeb21023974d01aca6881249100a4c |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EMX3CUH8\www.youtube[1].xml
| MD5 | 071fbf57fc30841d6030e9ad50729d22 |
| SHA1 | df2d96e3238626ed9be0e6c7fc0b496c764d6a85 |
| SHA256 | efcd97dbe935dbd1b304df11e6e683587e8af9b0f14ab08be9eda2a183544fcc |
| SHA512 | 14aef1096ef888b9f8434215299c35af61f5b7074312d21c8f53e45499634f75f9336fcbbe3cbf986c59cc06243dfcb28ed30e45773259cff54a7c4f91a7ab35 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EMX3CUH8\www.youtube[1].xml
| MD5 | 4f7822b280c8959fc37271b0d5be3d11 |
| SHA1 | 8a0355f8db7f474265379ed1c851d71e0c15ce06 |
| SHA256 | 74890575251eda1fe26038f028b38ffeff4023ca46932044fbad012c32c06ebf |
| SHA512 | 37c11cac0558b2de2a76db8fe169547ab97a3b2edae923e5fd1bce1b3039204b759c6707b81e79e9f0bc524fb0fbe9fa878052a8c1fdd75449a34b64ebd7ac3d |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EMX3CUH8\www.youtube[1].xml
| MD5 | f98db684f1d50156bfdcd414fd3ad6c4 |
| SHA1 | e7b1bdcca7d00e2ea47b1784b67b1eab6e6b3f68 |
| SHA256 | 75ef668f853a6471b931369efa6ad0b09639be7486d832822b124cb75e49f14d |
| SHA512 | bab93115989a320413335ddc32889478f4bb528a9e1f61f452945885c0c22bc2f51b93262862538d6eb8ae3df52e0b58fee1be18ceeb572f27a181d9c23fe4dd |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EMX3CUH8\www.youtube[1].xml
| MD5 | 79b62752f62a2a8a35befb0075589113 |
| SHA1 | 0b339348095b5a90e3f2e164c88cc2ad7e37fd7c |
| SHA256 | cb210a93373d57fbe32458121a4fb743ba4b310d0a669ba702b5cc56d3944ef1 |
| SHA512 | 1f23b1c2eb2001e2c8d1b1ffdc77d5562c097955bbb4a6f59494479caf08d52252d9f13dc935c9d6d981fd9dcdd75a65be80b66459dcd07b2542c2120e666339 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EMX3CUH8\www.youtube[1].xml
| MD5 | b220faedaa65237c6f5a369705fde4b1 |
| SHA1 | 41b0b20ba505c6947b58abad658c8221d2ff70a2 |
| SHA256 | 50bf41be5376e528dc1b794a3620009fa4b9c56eb6fd58954df710c41dea74fb |
| SHA512 | 1709d421e407f16e4aaa9386e6014828e7221f83c22b03997ad2cb81bfe87cb375ae667608ea2d81ec752514df1be2bba8f86266f9c574e3c026629a71ede4d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4d588c17b6852c8afba303c25624107a |
| SHA1 | abf69be050bf4613ec9397319bc600bb548952f4 |
| SHA256 | 03508b0f8279c2b7d14ae794f61d06f0efef41f1b5d6e8cc75b0e59efd85963d |
| SHA512 | 641d27f8d345f28f6da6758b336dcc9057d41a7feffe94889a32c17bb2b9791fc6d93b97e2900d48d73ae88fafb1c7bbc4eb28afe9e5ea01377f57226933f2a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e7e1aa1ca786e8576cb757cf40315f58 |
| SHA1 | 42edfd565740a45b390f84915060860a9fad83f7 |
| SHA256 | b08f8fa6c7f6332472be204b8348d6d3cec4b656f3f71a1a888184594dd9a00b |
| SHA512 | 70aa83f749b0d33cb90e03390bed4d0572e3e4d030c20dd62ecc88214bcb901387d510dc1fea50dfd5015257390a00d7fc23e4e2d0cea1751e47fb00cf6884fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 450250af3f4fc9c0b1775664740725d1 |
| SHA1 | 85d9cda22919584044b6cfbeeaedd37efc8789e0 |
| SHA256 | 58fb86bbb9b000c32a67caaef9b5a8670dbef30f25855d3f04c3ca1610c2ec0a |
| SHA512 | 8c16b62f7d9ada0e98409248817180debff382ddcca3ce3c44bf9c98ef56a4e83266966af5e095c5bc4decfcfa72a88a632362c7006e61bf825abb5e3bece910 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a31e95c299b7f9efefd300756603ce8a |
| SHA1 | 09f585d8fa507983e566fc1fb1f78bf8fa34d442 |
| SHA256 | aff70523cf9e14f9d777d81fe788bf40bf0ddf5decdb3f793ae22b2138cede9c |
| SHA512 | 8afac9d6eb24383464c5bf10c71a1de95fe3d3b54a2b9c28e99d84db2d6e201f9e60cdfe587fecd93ca191f625b8d27e1303c82950b15f0664df1d15c7dbce80 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b997b31608d42c3c97e4bf6ff3d1011 |
| SHA1 | 6816bcff27a427076aa978b856681b69078a97f7 |
| SHA256 | fa4696288952c660aeec3a8327b85f34a66a96192f064ab361b878d493770a92 |
| SHA512 | da2abb7b4aa89607dfbbd011f4b3490dc57e35dbd4757c49e28100b81243cc0cfb30484d088912a2f56118026547efba321585a69026dadf12ab4d6212054093 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 551714906b43b3fe308130931979f70d |
| SHA1 | 9fbd1883c780737b5d4facebf45131941d1d616c |
| SHA256 | 0ad74e4287ee0fa451e6b7458daaace7fcdd563f08b2af9e12c72c6975b027f6 |
| SHA512 | 6c2754d5d8ba85eccf0ee809c244f647085165d2183cb924616d4429e6e34864b1a6d6ca153db9f97c65bfa00a9592abd693960183ae08f48bef7ed3567e10fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0cafa2f43287dd520ccbe90118aedcf6 |
| SHA1 | 82167eb42d09e2092a25193850b842bfc5f4f919 |
| SHA256 | f66a3bde279958ef0d2a664baeb1aa4a76f50bc5df0ed0c854e337be641f913b |
| SHA512 | 41aec070e3470b7ae7d7654eb92a2c7185904a926663edaf6baec9cf6da8837c48c9470225e2ebe0147de7f51dfa1a117f78ce0ce351780fff81f9898993b328 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ade58a81a1092f137334981e2abd47ae |
| SHA1 | 66036066edda6124e96ac0f7b786a41730cd633a |
| SHA256 | 2554835a61f05a2f5677bb7d85229103b45f4be9c5ba6cc7b73850aba048b07f |
| SHA512 | 6c78c25f20009fab3dd63b40af4c0c4843c3d1a42967978eb16efd8b020a396a53aba675015f1dc5e2ceb2f5a3102c5a1a849112809684e277b29072e8f13980 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f9b141e087a3b8a76bf9ebff7e4394a |
| SHA1 | d72a1c6d8b4f879806ce0d31864d77ca03617e63 |
| SHA256 | 493a66cb087746e210507f841e830a858f0d29afea25c78a9c5348c9e43ef1a6 |
| SHA512 | 9f538abbb08e2ef41a8c44dd3a75ddfd4acb8cc8349c98bc51ed67a0f1671a3432bc45e77492391573516f9ae77085cb56f42019cadc26ea5a0fba383732469c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f98ad8d16ed71ccc99e517b3a4a37be0 |
| SHA1 | 4538aa73253df80bdba74e6b4b4ea8961f2c21fc |
| SHA256 | a64ee819dc327f1ce4fd0a720a826942fc3a93843e569b920ba2d7d00b3b6462 |
| SHA512 | 04e1706111116181a96f0d7153e078284d6be23a2c6675937c3759f320e7a708e9d63ea90e0453cb5866006f82036bea093f55e7db8f4edffa13e19ace958f28 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EMX3CUH8\www.youtube[1].xml
| MD5 | f15e7c5d021181a28008f4f68ab63aeb |
| SHA1 | 5881bcbd9a767cbaeb21fde27508725185cc7fbe |
| SHA256 | b45792d25d23912c9e7a0ecc500423de67131259cb0e25cbe0fdd3e5474ecb34 |
| SHA512 | 6ee3e90a9657a8c6537eade4b43228ff56d34e8dcc3bf7a8d439802c2af5a10758b833c7ea74459224c90c34e187ea9a4285e1b2d766c07f1fad6e2f31706b38 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c51bb584a3d40c70d8b24c826e4270ea |
| SHA1 | a925a8b63e186a805484496961e37bf3f53b1e0a |
| SHA256 | 1ff93d538c35ab65dc20908c63527be5026c6ab7d40767f4d9df5b0e9f2a4899 |
| SHA512 | 89497a30336e28f4af8471c87076c44258015f7ed8632bd6a579f664a607624e8ec678e9ef570bbd06a1e2c273a90aad0057a55a34607578f4fabbe1faf2b096 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d7ee53257f996d1cd6ef5f4f6dd18318 |
| SHA1 | ea335ee435eb00395c3b786d6be2ee83e0ba0e93 |
| SHA256 | 11ab6b3648858ceac06f94a7218ed95acea7c7dca844ff0daf9bb80fdd4d3626 |
| SHA512 | e10a7bee11993c281d3879799347c5b855d255a5b4b68065415273c849a0fd6926cfe628f702a698168798bb8a7527bcfaebbbec77369691def47f45cf8bf333 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 5d457fcf79dd80cc529c1c8f346a83ae |
| SHA1 | 76defb74d7a427946b91613bb6579c41f810e3d2 |
| SHA256 | d657da83600034bb48ea5e64e9c479b39e8656f9d3970d10100fa0691e990c2a |
| SHA512 | e72585a56efa3145d735b6afa29d08a07e4cc20aba9b781a03558457720d45db7ffc7a163e9b9a1e9ecc9f6ff6689110218ee18bef6ba9644194970a6666cc7f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e1a34c1dd304d2b9cbd3c2fba8399ff |
| SHA1 | f4dcd08279d3a11b7858a3b25744cebfb39c55e5 |
| SHA256 | 9173f976cc05c2abe260e006af059f1268a386eeb3ca479b3faa78d1ff906906 |
| SHA512 | 4bd0a26ebeab185b370e6b807668e49b5d7495e661c85135eee0803b44e742a8d2c433a94d7d8a36fb13d80c7188c119f312236be77e06cfa23ce2a7e07ef123 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 755e58f432de203a67948623f02afa8b |
| SHA1 | 9444c5bbf9685c96128efb80e944fced8063453e |
| SHA256 | 19fedad18d8f7857ecf7000cf6f781495b31f871c66a95c09a62906ece0eb496 |
| SHA512 | d3549b065e6265bec632dec7464ba504d6eccade3b396e8a962384101f089970d60961e5d237fe8fe975cec34d552e7e93e95eddd1d28c647911fb5e0712d9dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 951ee146b9f58e2b22ec7aac74ba2dd5 |
| SHA1 | 100acc3ffaae8a301a698878b55c2e6e27979e37 |
| SHA256 | d8775f211ed2738895cdb05766258d4e4a5ad87f280fe385aefd4f79f8a4d75e |
| SHA512 | 066861135176e41157bcf0267ab125b729c0f3c5cc19e264b468c5ff91d437198d96d8d20f325f45666af68613612d41fa4e17fbf0d3e0e2976234be419bd629 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec05628c78021c3ac4a987d7441e5578 |
| SHA1 | 95df2309b839cbe8b4df4468578441de38b63667 |
| SHA256 | c69b9d7618d1a1ef5eee88b931ef4557456a30397db1bb4d5fd50355c87112ac |
| SHA512 | 02557f4d28d962dec09d3ad56cf95a1015846af585787b6cd548500065675de965b664a0b9505e1ec9d642dbaa48a7a257a97d09858f8999b3731a608ee679d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0c54d069b5db3a975f2d6b9de4df064 |
| SHA1 | 4f2b5ace3e8069903bc35c4681fef268859646a3 |
| SHA256 | 2b55ce077e46bfc87dd2537e72c30598169ebce86ed92fe73604a5d0fc32f14f |
| SHA512 | aa9415f02a21e56565109af4fd60a45bf727087c8985b679468465a4cbfa48a2a831c8e4a6a6e32b5d1e1f6efb737e09d538b5f6e4818cc720bbe9ccad5a3256 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 190c36da042d407a21b81caf1b05a010 |
| SHA1 | 1f794160243e9816c8d1218ed25d4753d885555d |
| SHA256 | 81dc1dcb163d8d082990bde034cf7c62ff9e7ce2192fbc30e7898468d361cab7 |
| SHA512 | b4fc6d8d24b62ddbaa6694319b8bfe049b1320c2ba8e9b0d588bf11651c0846d8feafc86db108f2d2125495b0acbd0e9b4f6f3f396c37e045cf95659c3efb6aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fbfc9f90416a925d629f6dc593a8dcec |
| SHA1 | 3ecffcf8f2bc3b8694b6ab51ba7a96a80bf80e9d |
| SHA256 | aa9d03e84a9c2639c4c9c5319501b26516171727da5ea6cc1a5bd8153a19c7a6 |
| SHA512 | f0c7568aec943e14734b7650047673c0319f9bde736eeb08c9356e5709c8cc73c53ed288edc4531b9af827eb32cdd3d4a0d7bd62b2b077283fd78ceb1ce4b250 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 636b338ebedd7c60e1812937c38148c2 |
| SHA1 | 2513ae66c31eb4562d73b7c07986205f781c2278 |
| SHA256 | 4ba59cd5983cd00e9572be4c017c6e8b34959364abc6eceb348a7af4e08e5e51 |
| SHA512 | 3c480b2e286e3f5e260f1deb43d534ceaf0c7d318aec9160bf05acf6e86c3ac7d5c987c9de0c6ae24c41e41f32f0e4624adb9d08d11b3b460dee9107b1726bb0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d3dbdf5a5ea22eb1e3a4824cbf628d7e |
| SHA1 | 552ea6599b418351bfb6da61446377a747ac0f4c |
| SHA256 | e778557eda078cd9c48b36a28577047961db318f91a60ab5fc4bef9580fa9c72 |
| SHA512 | 8c435437962379bc0a4f5df299aad4778ac42e047df316fee76437952d8aeab5e9af2cee2780212e25a0678edcc6a387391ee1a705ae574f493408db1d3ee8e4 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LNUKNV0\2254111616-postmessagerelay[1].js
| MD5 | c264799bac4a96a4cd63eb09f0476a74 |
| SHA1 | d8a1077bf625dac9611a37bfb4e6c0cd07978f4c |
| SHA256 | 17dce4003e6a3d958bb8307bffa9c195694881f549943a7bdb2769b082f9326d |
| SHA512 | 6acd83dfd3db93f1f999d524b8828b64c8c0731567c3c0b8a77c6ddcf03d0e74ee20d23171e6ceac0c9f099dce03f8e5d68e78c374da2c055973f6ac2db4e4f9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3VL8XEP\rpc_shindig_random[1].js
| MD5 | 70116351ebc507731f11cfb8653f69bf |
| SHA1 | 667d48cd3c244c41a84302056e5b14140045acd3 |
| SHA256 | e3fff060584ca9c8eb12a6925252c8c6333622f4e6aeae8417449bf0ae355020 |
| SHA512 | a69875a52b635e7a561cfe2c7f4639bc122be434989dd39b37ab8dda08b49aa4bfd681c572628e9dc056c69808d0a03e2c6b4fef88db20a59ca73f097870aee9 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-23 07:03
Reported
2024-10-23 07:06
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
144s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6d9f121c2c7ecdc7d6af8a922f8ead46_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff3ac246f8,0x7fff3ac24708,0x7fff3ac24718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,11587956391393615399,12310794265739952857,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,11587956391393615399,12310794265739952857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,11587956391393615399,12310794265739952857,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11587956391393615399,12310794265739952857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11587956391393615399,12310794265739952857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11587956391393615399,12310794265739952857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11587956391393615399,12310794265739952857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11587956391393615399,12310794265739952857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1700 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,11587956391393615399,12310794265739952857,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5724 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,11587956391393615399,12310794265739952857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6276 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,11587956391393615399,12310794265739952857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6276 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11587956391393615399,12310794265739952857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11587956391393615399,12310794265739952857,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11587956391393615399,12310794265739952857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11587956391393615399,12310794265739952857,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2724 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.187.194:445 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.178.10:443 | ajax.googleapis.com | tcp |
| GB | 172.217.169.73:443 | www.blogger.com | tcp |
| GB | 142.250.178.10:80 | ajax.googleapis.com | tcp |
| GB | 142.250.178.10:80 | ajax.googleapis.com | tcp |
| GB | 142.250.179.238:80 | apis.google.com | tcp |
| GB | 142.250.179.238:443 | apis.google.com | tcp |
| GB | 142.250.178.10:80 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | feedjit.com | udp |
| GB | 172.217.169.73:443 | www.blogger.com | udp |
| GB | 142.250.178.10:80 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | www.xemngay.com | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | cms.lichngaytot.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| US | 8.8.8.8:53 | static.mytour.vn | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 184.26.134.46:80 | s7.addthis.com | tcp |
| GB | 172.217.169.73:443 | img2.blogblog.com | tcp |
| GB | 172.217.169.73:80 | img2.blogblog.com | tcp |
| US | 104.18.25.243:443 | cms.lichngaytot.com | tcp |
| US | 104.18.25.243:443 | cms.lichngaytot.com | tcp |
| US | 104.18.25.243:443 | cms.lichngaytot.com | tcp |
| US | 104.18.25.243:443 | cms.lichngaytot.com | tcp |
| US | 104.18.25.243:443 | cms.lichngaytot.com | tcp |
| GB | 142.250.180.1:443 | lh4.googleusercontent.com | tcp |
| GB | 142.250.180.1:443 | lh4.googleusercontent.com | tcp |
| GB | 142.250.180.1:443 | lh4.googleusercontent.com | tcp |
| VN | 103.131.74.28:80 | www.xemngay.com | tcp |
| GB | 142.250.180.1:443 | lh4.googleusercontent.com | tcp |
| GB | 142.250.180.1:443 | lh4.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | www.phongthuyviet.com.vn | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 104.18.25.243:443 | cms.lichngaytot.com | tcp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| VN | 103.131.74.28:80 | www.xemngay.com | tcp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| GB | 142.250.178.1:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| GB | 142.250.178.1:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | xemngay.com | udp |
| VN | 103.131.74.28:443 | xemngay.com | tcp |
| GB | 142.250.179.238:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | internetsupervision.com | udp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.baokim.vn | udp |
| GB | 142.250.200.34:139 | pagead2.googlesyndication.com | tcp |
| US | 12.171.94.43:80 | internetsupervision.com | tcp |
| VN | 103.131.74.28:443 | xemngay.com | tcp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 104.22.75.171:80 | widgets.amung.us | tcp |
| US | 12.171.94.43:80 | internetsupervision.com | tcp |
| US | 8.8.8.8:53 | 46.134.26.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.25.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.74.131.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.75.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t.dtscout.com | udp |
| VN | 42.112.31.40:80 | www.baokim.vn | tcp |
| US | 141.101.120.10:443 | t.dtscout.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| VN | 42.112.31.40:80 | www.baokim.vn | tcp |
| VN | 42.112.31.40:443 | www.baokim.vn | tcp |
| VN | 42.112.31.40:443 | www.baokim.vn | tcp |
| US | 8.8.8.8:53 | 10.120.101.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.31.112.42.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.180.1:445 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | platform.stumbleupon.com | udp |
| US | 52.20.104.98:443 | platform.stumbleupon.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 142.250.200.46:80 | developers.google.com | tcp |
| GB | 142.250.200.46:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 142.250.180.1:139 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.104.20.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.36:445 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:445 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| GB | 151.101.188.157:445 | platform.twitter.com | tcp |
| GB | 146.75.72.157:139 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | embed.tawk.to | udp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| US | 104.22.44.142:443 | embed.tawk.to | tcp |
| GB | 142.250.200.46:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 216.58.213.22:443 | i.ytimg.com | tcp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| US | 104.22.74.171:445 | whos.amung.us | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 216.58.201.99:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 142.44.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.184.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| GB | 142.250.187.202:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.200.38:443 | static.doubleclick.net | tcp |
| GB | 142.250.187.202:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 104.22.75.171:445 | whos.amung.us | tcp |
| US | 172.67.8.141:445 | whos.amung.us | tcp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 38.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| GB | 142.250.180.1:443 | lh3.googleusercontent.com | udp |
| GB | 142.250.180.1:443 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| GB | 142.250.180.1:443 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | www.phongthuyviet.com.vn | udp |
| GB | 142.250.180.1:443 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | va.tawk.to | udp |
| US | 104.22.44.142:443 | va.tawk.to | tcp |
| US | 8.8.8.8:53 | vsa88.tawk.to | udp |
| US | 172.67.15.14:443 | vsa88.tawk.to | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | 14.15.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vsa62.tawk.to | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 104.22.45.142:443 | vsa62.tawk.to | tcp |
| US | 8.8.8.8:53 | 142.45.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vsa8.tawk.to | udp |
| US | 104.22.44.142:443 | vsa8.tawk.to | tcp |
| US | 104.22.44.142:443 | vsa8.tawk.to | tcp |
| US | 104.22.44.142:443 | vsa8.tawk.to | tcp |
| GB | 172.217.169.46:443 | play.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d22073dea53e79d9b824f27ac5e9813e |
| SHA1 | 6d8a7281241248431a1571e6ddc55798b01fa961 |
| SHA256 | 86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6 |
| SHA512 | 97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413 |
\??\pipe\LOCAL\crashpad_2172_NNPMHYHHZQNTNVZD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | bffcefacce25cd03f3d5c9446ddb903d |
| SHA1 | 8923f84aa86db316d2f5c122fe3874bbe26f3bab |
| SHA256 | 23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405 |
| SHA512 | 761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ffdb0db8a957c123065aef182983eebf |
| SHA1 | 07562d179262332527a03bdb256e44c07f0dece3 |
| SHA256 | 3f6f1539ee2266b0d3e9bbd7c914b59fd9eeaacc1b65c1184cd917ac08d97745 |
| SHA512 | 0ddb5d96d52268018e206ab1caeb34681bda2440d6718f74bf5df72a8d336350d6f9812fa4840a2c0ef1d31b914ffcb3c12fd9d191e002863ed95534b1d129ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | 318ffbb8b70b421abc02996dcfe8afc3 |
| SHA1 | 4240e64a8604fa36481bf24471545a2c7c10c89c |
| SHA256 | fba866aea3cb0fce98cf10cb57975933d6cfaaed27f9f25250008814c9bf8e95 |
| SHA512 | 1a0f6266836348c4ee0fbfdfdc9197b66add2a5b150ea8a1205b4e3876eb5c82d7404bd26791de29ff48004dfed187d9bab5a9678dfe1c71cf513dd49abacc56 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5f1e3fde88b6a05e949767ce888d7418 |
| SHA1 | 77d8c3653f41e283d4a478eee791356cb9617bb5 |
| SHA256 | 3792b67275b396b2b4654b15120045c52627ae8091e5b806def5c7e51034ed8e |
| SHA512 | f76c48007f55c6426ccc07622567564da002fe966bfbe565df536129ed3f269f700e2490c9a7e6d9b619dd45c67304a285335006e74df26327fc50a83abb22e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a1e091e0616014a4c92578a523c6da19 |
| SHA1 | aa8bb200a7fc35c0d1afc4e07ee22786b3295e81 |
| SHA256 | 8383bdacc9ec5d434877c45e192bcb20e148063da16dab2ea3e985e2e32f78c4 |
| SHA512 | 35f7daac56f437095a4f8bba175d96ce0238e977583db5cea3aff28268e97ef24da88b5d0fd11f91c00079a3d8988207166e48bb3accc2c179e8eb4e34c615cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0103fcb0b857cba006167b08ac8df79c |
| SHA1 | 996f4f52c8c1f9671161aba14fd3501cce320a62 |
| SHA256 | f0be76b5249ebe27d7ba75cb0c1d923198a7d8861bba444e52999fb9a4a0b4de |
| SHA512 | a5101ba9c2aaee5da1e392241dcad3a596892553c06d42e54713544055a99c5d1804659f757a821ea5b1e329bdd31db577eefc29ebe9ac58bbff3622439a498e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 574240f0b4344fb81d9f82b0d8a543eb |
| SHA1 | e1bcd64fa3e2dfc048aa331bed5b30687c50c845 |
| SHA256 | 3b6b188df3159a1e172d613a138c5f876a6acc9fdf1ee89b4bf506e27f35ba80 |
| SHA512 | f7887d159ad9a81fc32b791f3a0442314974ad32e4d2d0a9fdeccd7c0fd2369f377b222b8fa65215435be842e5611f5c6463ccf6e35e4b2ea6854c7baa58fc9b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583eaa.TMP
| MD5 | 82c0b9fc061c7ab20ada0c0291ac4102 |
| SHA1 | 7b0fc1613bd1c17207c25f7ba29503d3ca8c92d3 |
| SHA256 | 825cc3995df76317bb51de0719e4f4979f39d8ceb844453de86b8deb5aae56a4 |
| SHA512 | 8ff227739d17f97e39d8c44532f8da111634e56976860d080fa7eab9569732c211b7eaf0867412551899a057e53267732f973327076d4054784c68daeb91bf12 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 3930ba227e25892ada809fb8833f6b75 |
| SHA1 | 8d3bac7143c2c38e61e4d64f2fad74ba8b988e08 |
| SHA256 | 719fb2315008738c6fadfa0c8573b8022c20bfe968768abe872f4215bbc720fa |
| SHA512 | 490b7d1f2a43a200a3c93b38db50240cb9e1d41f55ccf67f6e38d8ff2351acd679aaf3ec6cbc1ef973fb2f9579460d53409e244c9d73431478be100d4df67c2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a
| MD5 | 05197e9427acea2ac4dc812f97a8f078 |
| SHA1 | 3d2a38b79da52e57783360f195ac3e7c85edefd8 |
| SHA256 | 7bdfd36b4f017340dbc84a310014381bfd3028416ff21c54f7ce0a35cfd38191 |
| SHA512 | 084d4febc28358d3ba6b0bef400f637b7f350381b8b592b1e412dd860d5aaf034c03ecfa87a064cb19dd8a42faade23c260e35a8660791011b7e51b726418ead |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c7e4bc55a22bd862ab2cf8f9179ed8e2 |
| SHA1 | a0d3e9afc8f819b4ffdd22d366c163cef5be1eb2 |
| SHA256 | bf86e44691495769909144e7ca625fde2efda78c46a2cad4461bf253a3fcf385 |
| SHA512 | a2785399420c9ccd51be8a8a91e8a1d6eb3db26258d15be9ce2094dbeb55244236ebdfdfda20e68660b3a25244bc82acbdaee9ded83c6b0a32dc54bfcf178720 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2a7265011ae1e2b3557944446d032444 |
| SHA1 | b903442b21fabf3a80ec73e1da204220a54456b8 |
| SHA256 | 8efcf8db8b5fd709a54679c322e78298a5b042098040aedd504849df7b01dabd |
| SHA512 | 66a3ba9b9497129862716ee7a8c5ca136952f919a649e7b29271c74c298f1976fd1b2654a53b06a7cd0fb06cb3aecf48470318ed20a9ac460eb2e23b4de899b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4fdbff666fe0c6b55e208a02dab66d57 |
| SHA1 | 620971e4db8673ea7e89e1e5b042a5ef4519ba7d |
| SHA256 | f942bfe4591c4ae9053366f8d4e5e472ebfd6ff5ece72cbdd4f5efe80ce6bb4b |
| SHA512 | 5ec63a7fa93d0a1a2fe63fcaa506a8b9c57f10f1516f2f574fd1b9da1203d562dd43016292ea9bc620e924c2d771379200036a14a2e19a793227c9245b355120 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f4f06fa5e478550a30024293c3e87cb0 |
| SHA1 | 068e008238417b2f743b1da10f7930053fbea122 |
| SHA256 | 80e7f843d61578dc098bd319f276f4f9b72b2b07cb309e151e297a41a14eb718 |
| SHA512 | bcfafb39d121e94b3e719ee5be3ebb3d052b17e94347cc4c4938cd4c2b4492529e7a52058b53d7152eaab8910a044f3d83f45e7b0797ca27f72653c51b29fd17 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a8b8846c1c5eba872b475ced21003891 |
| SHA1 | 488443cd6f5d337e60d5d9d678563d68c48f1685 |
| SHA256 | 9e701cb20c6f4439e668a9081d0b243e0db10b81262fc5957090c0858a94cc7c |
| SHA512 | 13fd7a0f711a4d2a9acdf63844adc602290a1c9d6fb7d01bc144643a24cb5e9f7f90b60f028aa553f656b8c3e17cd8d89fc8e72245353a24a0bbb1288dc91925 |