Malware Analysis Report

2024-12-06 03:23

Sample ID 241023-pzlryasenr
Target 6eff239330af743fec3e329eca3ef671_JaffaCakes118
SHA256 6d80dc518829d7135226187be78c102b5f742a1c2a97c57993af357bffaf7c8a
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6d80dc518829d7135226187be78c102b5f742a1c2a97c57993af357bffaf7c8a

Threat Level: Known bad

The file 6eff239330af743fec3e329eca3ef671_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

System Location Discovery: System Language Discovery

Browser Information Discovery

Modifies Internet Explorer settings

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-23 12:46

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-23 12:46

Reported

2024-10-23 12:48

Platform

win7-20240903-en

Max time kernel

131s

Max time network

147s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6eff239330af743fec3e329eca3ef671_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10216" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435849437" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10216" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a009ca9f4925db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea22000000000200000000001066000000010000200000006b172998da9c4c8b61283217e89411e851005aedf05f9384e6061b3b0c1f6010000000000e800000000200002000000054ee1a4eb6edf650fc8e725f7ca82627686987cad278930cc619e27c7807bd0f9000000095fc8051815d50b07737e111955b5d1cf6b018f1f25700ba26081f14fb3360d0b16f288bab143d02cd96b40366b18b0c110c47bb2f866688dd22b62575fc2e2e586ca6dd20c5b18675a9cfad6b6d700ee0e9034e14c19d4ea2d3cc88209de5d0060aa9af8c540177b80b2634e86ff56a9aef78954d7fb69cd12cac54e87fa9d560eb6759c265167a5725ef67532fddfc4000000090d603b10a9e53d942c3bed6f76b9a183efb365d62e7bbc8e7706a13c94cac39b5419c8eac1b138871d261bff4fa5344f1d2e4239a87f4f228998039c1046bd4 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10216" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea220000000002000000000010660000000100002000000008da7c661fecc70e8387092babbafd847d549841eb389c4f8b3ead00909a318a000000000e800000000200002000000016811bdf0b02fe88c0f04ee24b90b84d4a530b764c8657beb1ace54022f8b171200000000352331d091024eaf2554aecdeaa7aee34c5e09816b0345b6c9a631b4ac9f4b140000000c1dd9153994442164100ea38fa038a7c14f5fd2d64549c28f41574506a8f23c0c84c632f0bbcd67df23a31fadc597e91c30369831d95d310cae72e3ac028ef40 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C51FAF21-913C-11EF-BA5A-5EE01BAFE073} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6eff239330af743fec3e329eca3ef671_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2792 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 sohanews.sohacdn.com udp
US 8.8.8.8:53 sohanews.mediacdn.vn udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 internetsupervision.com udp
US 8.8.8.8:53 www.baokim.vn udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 www.xemngay.com udp
GB 172.217.169.73:443 img2.blogblog.com tcp
GB 216.58.212.234:80 fonts.googleapis.com tcp
GB 172.217.169.73:443 img2.blogblog.com tcp
GB 172.217.169.73:443 img2.blogblog.com tcp
GB 216.58.212.234:80 fonts.googleapis.com tcp
GB 142.250.179.238:80 apis.google.com tcp
GB 142.250.179.238:80 apis.google.com tcp
GB 142.250.179.238:443 apis.google.com tcp
GB 172.217.169.73:443 img2.blogblog.com tcp
GB 172.217.169.73:443 img2.blogblog.com tcp
GB 172.217.169.73:80 img2.blogblog.com tcp
GB 172.217.169.73:80 img2.blogblog.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 184.26.134.46:80 s7.addthis.com tcp
GB 184.26.134.46:80 s7.addthis.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
VN 103.131.74.28:80 www.xemngay.com tcp
VN 103.131.74.28:80 www.xemngay.com tcp
US 12.171.94.43:80 internetsupervision.com tcp
US 12.171.94.43:80 internetsupervision.com tcp
VN 123.30.242.13:80 sohanews.mediacdn.vn tcp
VN 123.30.242.13:80 sohanews.mediacdn.vn tcp
VN 123.30.242.13:80 sohanews.mediacdn.vn tcp
VN 123.30.242.13:80 sohanews.mediacdn.vn tcp
VN 123.30.242.13:80 sohanews.mediacdn.vn tcp
VN 123.30.242.13:80 sohanews.mediacdn.vn tcp
VN 123.30.242.13:80 sohanews.mediacdn.vn tcp
VN 123.30.242.13:80 sohanews.mediacdn.vn tcp
VN 42.112.31.40:80 www.baokim.vn tcp
VN 42.112.31.40:80 www.baokim.vn tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
VN 123.30.242.13:80 sohanews.mediacdn.vn tcp
VN 123.30.242.13:80 sohanews.mediacdn.vn tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
GB 142.250.180.1:443 lh5.googleusercontent.com tcp
GB 142.250.180.1:443 lh5.googleusercontent.com tcp
GB 142.250.180.1:443 lh5.googleusercontent.com tcp
GB 142.250.180.1:443 lh5.googleusercontent.com tcp
GB 142.250.180.1:443 lh5.googleusercontent.com tcp
US 8.8.8.8:53 static.mytour.vn udp
VN 42.112.31.40:443 www.baokim.vn tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
VN 123.30.242.13:80 sohanews.mediacdn.vn tcp
VN 123.30.242.13:80 sohanews.mediacdn.vn tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
US 12.171.94.43:80 internetsupervision.com tcp
US 8.8.8.8:53 www.phongthuyviet.com.vn udp
VN 103.131.74.28:443 xemngay.com tcp
VN 103.131.74.28:443 xemngay.com tcp
VN 42.112.31.40:443 www.baokim.vn tcp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 platform.stumbleupon.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 embed.tawk.to udp
GB 142.250.179.238:443 www.youtube.com tcp
US 52.20.104.98:443 platform.stumbleupon.com tcp
US 52.20.104.98:443 platform.stumbleupon.com tcp
US 104.22.45.142:443 embed.tawk.to tcp
US 104.22.45.142:443 embed.tawk.to tcp
US 8.8.8.8:53 accounts.google.com udp
BE 64.233.184.84:443 accounts.google.com tcp
BE 64.233.184.84:443 accounts.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.180.3:443 ssl.gstatic.com tcp
GB 142.250.180.3:443 ssl.gstatic.com tcp
US 104.22.74.171:80 widgets.amung.us tcp
US 104.22.74.171:80 widgets.amung.us tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
GB 52.84.137.125:80 ocsp.r2m02.amazontrust.com tcp
GB 52.84.137.125:80 ocsp.r2m02.amazontrust.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 142.250.200.38:443 static.doubleclick.net tcp
GB 142.250.200.38:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 104.22.45.142:443 embed.tawk.to tcp
US 104.22.45.142:443 embed.tawk.to tcp
US 104.22.45.142:443 embed.tawk.to tcp
US 104.22.45.142:443 embed.tawk.to tcp
GB 142.250.180.1:443 lh6.googleusercontent.com tcp
GB 142.250.180.1:443 lh6.googleusercontent.com tcp
GB 142.250.180.1:443 lh6.googleusercontent.com tcp
GB 142.250.180.1:443 lh6.googleusercontent.com tcp
GB 142.250.180.1:443 lh6.googleusercontent.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.73:80 crl.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
BE 64.233.184.84:443 accounts.google.com tcp
BE 64.233.184.84:443 accounts.google.com tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 e8a94f22e0819b2d909c84b27d9c511e
SHA1 983ce76e0c8a09f766ccb13e62d5925a6cd814ec
SHA256 3b0c72156e81a825cb4a5c3e9ce87b37d9e35532856932102c20014f60867604
SHA512 3622b2136dc33f03e25c1378ce5cdf4aca7c137c7967ab1c961d0132f50374119c9b0d011e54bdce8f87316317bab2b96f0e171b377f763ce5210acd199ea7cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4FA45AE1010E09657982D8D28B3BD38E_E8D134AC99B105DAB35246A07844C544

MD5 e1fb56fd1264772ed7418ad4a189114a
SHA1 389dc92afdc330990a85dbeb8aeab3af0290da16
SHA256 84552edd58a40a305d7988bdcc49b325649cd46589143b3066488fc29700219e
SHA512 bb3609f1027b4bbe019d90da158da15042ef87c4ea88f14a8a2896fdcb925c88ce1634cf33493c73dd0d770f693dd30126b342d56a98d56428ef5f4a64101924

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4FA45AE1010E09657982D8D28B3BD38E_E8D134AC99B105DAB35246A07844C544

MD5 f4995526b03d1a452675cc76dea4a1e3
SHA1 adc4ea35049a93637ce4a13f6861f0fa5b1ea792
SHA256 3c94051426e2d337cf2acba3fe6c547a504899c50ab98b26842529ecc08fe725
SHA512 c76d7f99eb7daebaef372a6a1db9af7c56350c4ce20fb2440228b6162719905a808835a23d748af40e78964734b191d8350ee902124b331c8bd5f2e450e312e3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 f5c9938a2fa3fc7c84debe9b5699bd85
SHA1 698dde95fa540adaedf8c6c475730896609a8fd0
SHA256 2d21778bc0d4f0798a5c652a62f2971db17dcf2462b0c13d89bd02de1d6df3f3
SHA512 4dfee6086310236069239716570f6d0c63946a01b62e644447d9f6c5c3231e50b9041cc6a4d1378d58a6f694520a825e7abf98fc501c519750602ccfebd3479b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 6337cade7df6701b500a82637ed36240
SHA1 d496d7027c0c713139a639dd95075ae55ca925c4
SHA256 78da01e1205bf5a001753ad934f3cc44466095c2c247029c9bc1061acde2599a
SHA512 d73d5d5d27a1aae91c9f06c7c5c3c7b1ef999c3d3327c32b9ceb2b35c1ebac906ae76812e8a088f4b0683b4b86748dd8d81589d923bdd168fac0c834b79c25c8

C:\Users\Admin\AppData\Local\Temp\Cab9D4B.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar9DEA.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F91VN88R\plusone[1].js

MD5 1106da066ce809fb5afe9c6c1b4185b2
SHA1 3b64d3a7f52b4c07047fa8727db4207137733bf8
SHA256 d0f3af1e716ce7846e7c252ace160c12480d41eecd5a7e7917ee5b2ccde62b51
SHA512 3f0205b89d5293f14d863e344680a9d8518e5d4ee3b981dc5981106534bd597ed6b388eecab1385320f77c8d5a46a4ce5b64f03f4377b8ea13ecf9b569878fd9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 64cffe5006511a21fa8a081b8694a6aa
SHA1 0cc942bd7d82e95f33c96703b17b47ca92232a83
SHA256 16f45a584ca99a0d0d67654ccc6371aebe3b00868e23300f97e548388702cc53
SHA512 e9587f0cf5d7c91c3a7e274f8391fe5998065040dec00401667887dfd0a0576a57ed54e7516d215b8fd15f571fed0040970d77365a6be70dec13062a84e7e9f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 87c8ebfd542e1718ed6693a11af1587b
SHA1 95ba6650f96182faeda13d5c4185413cf6090406
SHA256 1a00fcdff2edd414e43bed1248a2dcaae3c92cd00628e558b455f6e7dd6d22d3
SHA512 b0df1b93f33bb5265e377dc6e6c286308f1cd6e9bff2399cf6135f6c1f8df4f96bec1937d80774dc93dcaf76689eb5b81c0539b386539f4c981c00c0e97a2a94

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6cb03288bb4193492ffd0a39b176cfc8
SHA1 625acd967853f88366eb8defbeb653f6cd05c79b
SHA256 99727f9f2c8ca36ca347d5e1cf053b9dd74af9c2f44dd0fe20c4e65f97ad7a8e
SHA512 562bb64d25d48b39fc3e15eea193fdfcb40f850366bc593ccc950f0f4cdb6a1ab827d25f1b56b756ca465db62436f1b3d579af00e64d5c5b073fc627289e8568

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06bdf58c80c2c25b7a741036c63382c5
SHA1 d9d702ba8ccc3ea8cb1a9dad94f35c157c9f5491
SHA256 696457d07047a59fac6d2c50a5cf1ea94013344337e5b2201236922fdce869a3
SHA512 0e9e2c00538d4e23f87c9107c1e22e99ad5c3bf6079fb3432a490acfe7f8df68de91468793d0414a2e9a182df9b801bc3dfda69066bb6cf4839668fd8c8a245d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b1d51396881e16092a676fecff1a3dc
SHA1 48a618a07c00c70c86be82cc2ff16e577f3ad6c4
SHA256 3f5e7873693f0ab7aa91acac88d891fa88b78e18d5048406268a3fe507fb457e
SHA512 09859a975e8e071bde32cd9307c17c6363646f672c50cc5fee405ef626664ad1ddac7d8c9a084ea041ff41aca3fed9bb2f607fd9bae4ecd486806cd3ca49c7fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 ac3dd9e8cd71931aef53379e577dbd57
SHA1 a70d88680b6e4e81ddabbd295560c0f05b055ebc
SHA256 415a3d75eea5371dce99b00f21f16318e44964a4324295cb46ca9dc0b1ce345f
SHA512 df077f982a4a7d8ee5844eefa328ee3c663616af676245392d5775d95477520d8ccb0ad9eb9c102926642b5120136080c94de930bbe30703122120cff5d6b184

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ace4170cf896899558e4618fb9a290fd
SHA1 ab9b205b7ae1e1f0f88a19ef13b7029697a2ce14
SHA256 359828fae126aed33db74648879bc87fd1faf27e784f706f0ed491e307364677
SHA512 2725bf4ba57db5a74ee4952583975696105dce13ad8bef540aeb1a9db942cd45a4b1c7234a003c5217aee1840a90322cc29140033d8d537b3982799c8f01acf2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIYAG1MM\cb=gapi[1].js

MD5 1d4cb29476060a1b3681fdb681200b11
SHA1 d541f88bf8d4fd98b9e0e723e050c47d4d32c18a
SHA256 5930e64b0cbf1dc5922f65060422fcf822870ac69439450ee3cb134365a51a82
SHA512 85575c3656c8e0d70cbcdf76194e37dbe3f7bd4535221a8f51fb6b51266fd682809fa86bc556c27d127f713a6ff75290ae1fbdcd8e589211e1685f82b99d93cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36dbdecdeda69b5fd97cc547fe371e26
SHA1 c15e62d03c99c1274febf8e961763f8653d21660
SHA256 a18e93e4f31ca7e95001c83c02b0850ea1f872066ac541ce0418530e047e8936
SHA512 2a7b16e038982a59d1088cedf718b303804b81b60dc43a4cb755ce7026d33b2a570b5bd36a8a1b75d0d6c46e68aca88649d9c2d5e6894814b77fde246490a8c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f4fec9b0d97be46e424d07ebb742f3a4
SHA1 dbdc59d91bfe8f35607fa136f03c1044b8117662
SHA256 12bf56187cfa35dc5a221308558c71cc83b2fc6102ff7890c9d5a92182140017
SHA512 abead0126515878adaa2a0d013f5c9eb13274fcb3f343bad689340f5a053352419794379c28a9f273a8d6b46b72f8b7d409ff12047361faefb8114768febb492

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 18058f54b50fdd0f67ac59a0e02315bb
SHA1 ed1d8c3c19647af8215b0bc57895c21e32d0271e
SHA256 15fb2602171a42ea62838e48abb657c91ff1208c693b2130fbaf7a29d0593ae3
SHA512 311fccf812ceb2c62275a9d1cee8cd43131ce812316c71816b08971106fcc2c8c48f5aac54d3d27c17a582157c1aa4d93a9fae60f148738bbf75b0f0cc0a4565

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4ea2772cb1bb5a974d99881b6a34f509
SHA1 b059371facc0c69b84953a1b38682b6c3dc43032
SHA256 f5192c8edb4170ce6e08acabd234ae553871b10ad7e2843d5b725b712d7229ae
SHA512 24a67af007187adb89d1bf4cbb28509e924828c723712a01d19b2259660bf021d75c36107ea1e6073b96a69ad1b75b079c559082bb3b32b08bcdd85eec923dbe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b49f52fc10d46916d5933e176b746f9
SHA1 0beb1dbe50fc378901458102e5b11e9b4d1f12e6
SHA256 3304da26dab8a445ce19e260974848a2781cdd8fc88f41825561f81b0a4b760b
SHA512 5a5779acec873a87edd580bdbb7fb9a09d87a39c27b58cdd2283e6d4a79b119546269c81a7da68b7f5d439f2125f895d26b089e0ec2fcc58d31f16d95f533bf0

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1FJ4G142\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1FJ4G142\www.youtube[1].xml

MD5 e2c0973f9a60a8ef92d9e31967bff988
SHA1 d3423c374a9a5f5ee22cd23dd8af5b1c60ae4a0e
SHA256 58eba98591552d933ec6a7b96d6700460df73f5e3913b5ecf9d3203f61613609
SHA512 c9f85044b2e51f7e9b8bf295ed8eff31d9d3348b51b06977bab36a62dd85d33e86650da194b3aea7e0bc74adc0f04a5eb3cc4facbc3d13aed362c7c89e2b1286

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1FJ4G142\www.youtube[1].xml

MD5 dc863616e86973aac14ed51e18b8b3e7
SHA1 b91a5ccc9541949743f01739f32bd49de436bd01
SHA256 17f6757e73a7e431029ad6102ab745deae4e14bf37a4fbab744d6a6a8fb54688
SHA512 27d617f1dc5d07da5732d3e1b6fb9173507b6acbde1525fdd910cf036351c177bc7ed14240b6aaf7d1e82334ef4b5fdffc8347c5bcedef44f8425f6277540c52

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1FJ4G142\www.youtube[1].xml

MD5 5d9141e1baf6f02751316ae486948e33
SHA1 d1fc3e9dd4341ec4ae78a352cbbd2d5ce903305c
SHA256 3e6e7e0ea261dfb23971a5521f24f876a5f4da82b3fac781bcccdaebc7b12d1f
SHA512 a6813b1d2f878992f4ef6fbc7f7fe682f2f2d103a87de85509d74ff7c80ce9d0be5b24e9145d4a6a2d142e24f923bd4f4565f142e3cbd24975b6861393eef8e5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1FJ4G142\www.youtube[1].xml

MD5 259422611c63f9ddd113f642d744e4de
SHA1 ab00f0d4d83c8ca0f075d3b9fae3a3876cf4f918
SHA256 12613561aba70cf973bfc1ff9208e04897ae9529f33bbdc86ae6f6bbaba495fc
SHA512 72f7575e87f22364a09f194f9231b33e50358c13f2fbeaa49a2a7918f08413e7469bdccfe7a626a03de212e25cf6ba28ed0bb80f5358a20eac2f30e4338cf086

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1FJ4G142\www.youtube[1].xml

MD5 6178557e065464006543c223053fa83e
SHA1 71fa313909daf5b25c722bfe4f402dcf85dca1fb
SHA256 e9031ccf9d0d3957b5c547531e44b29411952c19d8dfbd20664a4c668d8ef52d
SHA512 7afb240564896312e7534767e9f96d2154d502a997ef41be2bbaefd2022a592e1b52b8a3648722bf6548577e6a379dd5810ce451716f972ad07372b52263796a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1FJ4G142\www.youtube[1].xml

MD5 447018dc1a66b3fd845abead1813f628
SHA1 0bc6fa50c33a20bde84ea9e051ced4bb146bd730
SHA256 b303a7f5e5088fb34f8623c9555c9206cf5446183142748dda5b5596107654d6
SHA512 c90318debcfe577084b84ec3466ae1838ed67332e4b14f78cbda64ee6308fee676654776bb7a0870b2033cad18f2b89d4880b4d0bd9162d7d83312ebeda46796

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1FJ4G142\www.youtube[1].xml

MD5 6b92c10c3bbe2cface5ce3492468bbb5
SHA1 018d56e154ce646e6bccee4011baa6b24f5cafb3
SHA256 8812c14911f9ad4183943c7221ee573474c6ca4f9366588a06fa669e187d84a0
SHA512 6cc37ed84396876f8550f7c432ce73ef20b8945bd7abea53da6e03d1dafbb9d776304457b5f553d1e4987e8a90b56e96aa3937b9b66b157d18f123fd15e23977

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2e2f2e8847528cf805b2ed0e765fe4ad
SHA1 7fbab0902a22d13f76c45edd6508bf8003277105
SHA256 348afc08dfa5a9dc39e0cabcba9c96eabf4e0d131b70aa3d677e6c9a7ff7d4d6
SHA512 7bb76934e6bdedd1804be54ed88d94a9027b7984bec5cfed397e5eb627c3a4ae8a08073d2133be0950cdb837d86c1986e6bade9e8b6919d0a0b93e1689571bf7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1d1fb62df29a2be3557902e564a32f45
SHA1 fa21430a5c29654ecd580f4be27a3e77bb16ed7f
SHA256 acf9b7c7bd8a9ff6f587c9b26df50b640c2440cb30693209f09a1d7007f9b2cd
SHA512 96b6726b3a1e5cb07e9ba30a7c87842776f6a42cbcc248fe8c913587867d8aed89c2da50a9a209ebe4051a9f92867ee31e85bf1e68b3617480b11650ac4a5297

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a7d0c21531ed7c7226dd12a325937b7f
SHA1 ba1be77c2a4232e9fa7c7390c25ee7faed12435e
SHA256 e64abd43abdcf48c934aadd31bb35a651dd0571d45accb66bfa9816139e9ac95
SHA512 21e97572d4ddd32d190bdb8d1d3807475b36312e041b0e9078159aab0dd7465b28a9f7a742783cc9c57a360094b1b01bc7ebd8e5e391a384104c70e91f5ec71b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c121ae094f3921549401199054ecd825
SHA1 024f7c5d4d950ece742c0b367fa99976e6ca3878
SHA256 b6e44106b2e0f8ccc13e3d9e1a958e489af416a40a02901b551bc89c751cd758
SHA512 3603cd3c411934fbd0d58e1314a599a3ec6f7642f494730067ce423b5920c55bc22ee9c91fb96e490a32591ef1b8435bf9dce3ea3bd9701126e1865468aae02f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de224707c6b0f7356725d9aa42596a91
SHA1 dd96c65347b3d0cc8c4dd5b076ecf6b179949db1
SHA256 73f47050e44660d7f188aa6f73b5d4beb802937b8c1f2380ba3b4dccb2dd8ab2
SHA512 1463b7e54c0bb4446da29b43af160cfc6db85f72b990384d5bb283077972e94dc115f0efc3f8e9b45a6d76b93e110f69aac3acb94fa6f8d0d75e627ff292679f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9f5745f531079a5e8c696dcbaaff8feb
SHA1 398ad4d4c970ad0ab9e98ece261cd7158554adee
SHA256 6772efc7dfe0f519347b7db7f6ac9a5b1149d8b729339ad40b025120e5dee851
SHA512 1f59054ae0b5238c06dd37be3056e57d25513c02077dbdffae2879e3763b9d8df9c5ead23931e887c2329dbaf8adf45df389736c852a1fd5ff303b5907b6ec4c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 619058a82cfec436e39d5953063223ab
SHA1 8b18ca73eaf85a5dad07fc2a416fafd85672adde
SHA256 3cfc34b5501b99616e22b184b2839534a18946f9c342a52b4c422b62fad695b5
SHA512 3a9398b346ef97c05164e40006cf2ac75ca82ea701a5103d1e08d0647a8b3b89c7b161ddbd68caab6a2d0a07c9e49f4cf7dd9a3be2826eb26ef8f657ade5b5e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09a474e1770e56171af2cad708e15777
SHA1 a7e49c939c2e6d24cf25d86f63022bff4770e5b2
SHA256 5eac316d9c0e01d681c9df42648de56392ddeef2e3a93c85197444ffa32b0567
SHA512 e5999be45b21dd2100f369ae52c9c980028ce71f5142ac8ae99df179229a4cc9ddd4d88cb3a57178843773282700e1e2500c7f3e619f7bc98cb57ff5eb75900d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1cc446e6ba4f99c7209c76cfb1958278
SHA1 fe75847d56a1dded2835a0f3f04f8817a19cdc5b
SHA256 083150ad0245295fe472e74c6b0915da5ee6334074abd028d54b86134382cfe4
SHA512 bbf173471917a17464dcedb50f15bf9f0a93c480489e861d9c4e7536d9c425433e5dc9903aea6b1c715add368b6a784359d16d75321f75638b99c2f9ab832f5b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1FJ4G142\www.youtube[1].xml

MD5 1f8ba80852ba624ede13e80150b59618
SHA1 1e62f26b4f51038818a56f2fe60f2ba3e5c84719
SHA256 9ef02add87dea526d739779b99959206beb2e1d8f81be0ff420d0c249657b55d
SHA512 36000ead6a114796e04d6c2228345395cbed00ddb8eb517647d740117fb0909e904552e1dd5a687c4bca4b27c4230448f7d7cd956b0359a4f1d99aeb2056b43a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e2a573d04daafaa2d5ff159ff8935686
SHA1 2be888b8e1e3eaed3164dae37b9c692e95a0bff6
SHA256 a3d042995d9f9ffc5afe07a7f761ef33810f3222620bd8402924015c5b1964df
SHA512 8bd662120d3012296d5b3effd39a696da01f63f3ec925c645e15c62612a71a3bb2d73fec60255f0d46afd3672e89e916ecc14ef825111a0f5127e6ef74abf3ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 5222ebaf24007e51f2cb343d0871ae73
SHA1 22b8c832608424f0dbe4f60c46528304580cf3be
SHA256 302f028747b821e1b30e2c5ecd42f18676895af28c53b3b3631177031386e8d8
SHA512 8c04f366a9c219d83ac226edbd27a5104c2853f728812b16bcc8a607834dcf241bb4e12d2d9d5f2490fd5f0e6d745d31c52ce2c47f63e4307bf7b164e1409717

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 23a6de72b93933c9706cce0b2b1ff79c
SHA1 c36cc77999c7b7011a62a7ad55437e8f5cf0c3d1
SHA256 b2dc0b02c63f6a6602d727030c1a699029c1146d14413344a9615a372d4cc3d1
SHA512 97aa2dc102a64c4c68637a2cb7542f08fe017aeda4c2c46a6532a363710601cbe7f070e6158f78f3758cdd164ba954b181a7278b7d27f06a3bd3e2700d0a2630

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 6c8da606fe6716f312113aea46932b8e
SHA1 f4aa31452e607b601149131b49fb48191d186368
SHA256 ebd3f7e2732dff952c9ca30307fe8e8968e28ffd15acdac441e268ef498a9464
SHA512 b8cd237ab4a9189665d942a2de3ac51f8cdb0893d56c4b50d81e254006a0246eb485d896b8474dae1966c338f0a3c4a2ecd10a1b5697fdae1387c0f921017cb9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIYAG1MM\rpc_shindig_random[1].js

MD5 70116351ebc507731f11cfb8653f69bf
SHA1 667d48cd3c244c41a84302056e5b14140045acd3
SHA256 e3fff060584ca9c8eb12a6925252c8c6333622f4e6aeae8417449bf0ae355020
SHA512 a69875a52b635e7a561cfe2c7f4639bc122be434989dd39b37ab8dda08b49aa4bfd681c572628e9dc056c69808d0a03e2c6b4fef88db20a59ca73f097870aee9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPUI9R2R\2254111616-postmessagerelay[1].js

MD5 c264799bac4a96a4cd63eb09f0476a74
SHA1 d8a1077bf625dac9611a37bfb4e6c0cd07978f4c
SHA256 17dce4003e6a3d958bb8307bffa9c195694881f549943a7bdb2769b082f9326d
SHA512 6acd83dfd3db93f1f999d524b8828b64c8c0731567c3c0b8a77c6ddcf03d0e74ee20d23171e6ceac0c9f099dce03f8e5d68e78c374da2c055973f6ac2db4e4f9

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-23 12:46

Reported

2024-10-23 12:48

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

149s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6eff239330af743fec3e329eca3ef671_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2300 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 2168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 2168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2300 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6eff239330af743fec3e329eca3ef671_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xe0,0xe4,0xd8,0xdc,0x108,0x7ff99b7b46f8,0x7ff99b7b4708,0x7ff99b7b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,6997792553564245699,5650047312513613117,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,6997792553564245699,5650047312513613117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,6997792553564245699,5650047312513613117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6997792553564245699,5650047312513613117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6997792553564245699,5650047312513613117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6997792553564245699,5650047312513613117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6997792553564245699,5650047312513613117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6997792553564245699,5650047312513613117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,6997792553564245699,5650047312513613117,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5948 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,6997792553564245699,5650047312513613117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6168 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,6997792553564245699,5650047312513613117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6168 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6997792553564245699,5650047312513613117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6997792553564245699,5650047312513613117,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6997792553564245699,5650047312513613117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6997792553564245699,5650047312513613117,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.187.194:445 pagead2.googlesyndication.com tcp
GB 216.58.212.234:80 fonts.googleapis.com tcp
GB 216.58.212.234:80 fonts.googleapis.com tcp
GB 172.217.169.73:443 www.blogger.com tcp
GB 142.250.179.238:80 apis.google.com tcp
GB 142.250.179.234:443 ajax.googleapis.com tcp
GB 142.250.179.238:443 apis.google.com tcp
GB 216.58.212.234:80 fonts.googleapis.com tcp
US 8.8.8.8:53 feedjit.com udp
GB 172.217.169.73:443 www.blogger.com udp
GB 142.250.179.238:443 apis.google.com udp
GB 216.58.212.234:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 www.xemngay.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 sohanews.sohacdn.com udp
US 8.8.8.8:53 sohanews.mediacdn.vn udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 static.mytour.vn udp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 142.250.187.225:443 lh4.googleusercontent.com tcp
GB 142.250.187.225:443 lh4.googleusercontent.com tcp
GB 142.250.187.225:443 lh4.googleusercontent.com tcp
VN 103.131.74.28:80 www.xemngay.com tcp
GB 172.217.169.73:443 img2.blogblog.com tcp
GB 142.250.180.1:443 lh5.googleusercontent.com tcp
GB 142.250.180.1:443 lh5.googleusercontent.com tcp
GB 172.217.169.73:80 img2.blogblog.com tcp
US 8.8.8.8:53 www.phongthuyviet.com.vn udp
GB 184.26.134.46:80 s7.addthis.com tcp
VN 123.30.242.13:80 sohanews.sohacdn.com tcp
VN 123.30.242.13:80 sohanews.sohacdn.com tcp
VN 123.30.242.13:80 sohanews.sohacdn.com tcp
VN 123.30.242.13:80 sohanews.sohacdn.com tcp
VN 123.30.242.13:80 sohanews.sohacdn.com tcp
VN 123.30.242.10:80 sohanews.mediacdn.vn tcp
VN 123.30.242.13:80 sohanews.sohacdn.com tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 73.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
VN 123.30.242.10:80 sohanews.mediacdn.vn tcp
VN 103.131.74.28:80 www.xemngay.com tcp
VN 123.30.242.10:80 sohanews.mediacdn.vn tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 xemngay.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
VN 103.131.74.28:443 xemngay.com tcp
GB 172.217.169.2:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
GB 142.250.178.1:80 4.bp.blogspot.com tcp
VN 103.131.74.28:443 xemngay.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 46.134.26.184.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 1.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 28.74.131.103.in-addr.arpa udp
US 8.8.8.8:53 13.242.30.123.in-addr.arpa udp
US 8.8.8.8:53 10.242.30.123.in-addr.arpa udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 internetsupervision.com udp
US 8.8.8.8:53 www.baokim.vn udp
VN 42.112.31.40:80 www.baokim.vn tcp
US 12.171.94.43:80 internetsupervision.com tcp
US 12.171.94.43:80 internetsupervision.com tcp
VN 42.112.31.40:80 www.baokim.vn tcp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 40.31.112.42.in-addr.arpa udp
US 8.8.8.8:53 widgets.amung.us udp
US 172.67.8.141:80 widgets.amung.us tcp
VN 42.112.31.40:443 www.baokim.vn tcp
US 8.8.8.8:53 t.dtscout.com udp
US 141.101.120.10:443 t.dtscout.com tcp
VN 42.112.31.40:443 www.baokim.vn tcp
US 8.8.8.8:53 141.8.67.172.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.120.101.141.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:445 lh3.googleusercontent.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 platform.stumbleupon.com udp
US 8.8.8.8:53 developers.google.com udp
US 18.208.90.128:443 platform.stumbleupon.com tcp
GB 142.250.200.46:80 developers.google.com tcp
GB 142.250.200.46:443 developers.google.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
GB 142.250.180.1:139 lh3.googleusercontent.com tcp
US 8.8.8.8:53 128.90.208.18.in-addr.arpa udp
US 8.8.8.8:53 71.10.230.54.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.4:445 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:445 connect.facebook.net tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:139 connect.facebook.net tcp
US 8.8.8.8:53 platform.twitter.com udp
GB 146.75.72.157:445 platform.twitter.com tcp
US 8.8.8.8:53 platform.twitter.com udp
GB 151.101.188.157:139 platform.twitter.com tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 embed.tawk.to udp
GB 142.250.179.238:443 www.youtube.com udp
US 104.22.44.142:443 embed.tawk.to tcp
US 8.8.8.8:53 whos.amung.us udp
GB 142.250.200.46:443 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
US 172.67.8.141:445 whos.amung.us tcp
US 8.8.8.8:53 142.44.22.104.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
BE 64.233.184.84:443 accounts.google.com tcp
GB 216.58.212.214:443 i.ytimg.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.180.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 84.184.233.64.in-addr.arpa udp
US 8.8.8.8:53 214.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
GB 216.58.204.66:443 googleads.g.doubleclick.net udp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
GB 142.250.200.38:443 static.doubleclick.net tcp
US 104.22.75.171:445 whos.amung.us tcp
US 104.22.74.171:445 whos.amung.us tcp
GB 172.217.169.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 38.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com tcp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 whos.amung.us udp
GB 142.250.180.1:443 lh3.googleusercontent.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
GB 142.250.180.1:443 lh4.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 www.phongthuyviet.com.vn udp
GB 142.250.180.1:443 lh6.googleusercontent.com udp
US 8.8.8.8:53 va.tawk.to udp
US 104.22.45.142:443 va.tawk.to tcp
US 104.22.44.142:443 va.tawk.to tcp
US 8.8.8.8:53 142.45.22.104.in-addr.arpa udp
US 8.8.8.8:53 vsa43.tawk.to udp
US 104.22.45.142:443 vsa43.tawk.to tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 229.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 vsa34.tawk.to udp
US 104.22.44.142:443 vsa34.tawk.to tcp
US 8.8.8.8:53 vsa26.tawk.to udp
US 172.67.15.14:443 vsa26.tawk.to tcp
US 8.8.8.8:53 vsa59.tawk.to udp
US 104.22.45.142:443 vsa59.tawk.to tcp
US 8.8.8.8:53 14.15.67.172.in-addr.arpa udp
US 104.22.45.142:443 vsa59.tawk.to tcp
GB 216.58.201.110:443 play.google.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 34d2c4f40f47672ecdf6f66fea242f4a
SHA1 4bcad62542aeb44cae38a907d8b5a8604115ada2
SHA256 b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33
SHA512 50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8749e21d9d0a17dac32d5aa2027f7a75
SHA1 a5d555f8b035c7938a4a864e89218c0402ab7cde
SHA256 915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304
SHA512 c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

\??\pipe\LOCAL\crashpad_2300_AREPQSKLEHORYZLJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\03f7052e-4999-44ac-a242-272150dae9f1.tmp

MD5 852bc91165b7c2edf716051b1c0baee1
SHA1 ceb349bc45b404b267909b13812c107ab0185545
SHA256 4705d2c38ec2722613957afa6a210798fb63950af2b3b9905ee8fec75d9da437
SHA512 1f0edb00400a55ef7b3978fa4ad719d6542027a3a1e8a02631ea327d3f2cd21c1f57a1f9802dc693ae14183fe280437c2e4a5d46afa5a58ad30225e6987a09da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 318ffbb8b70b421abc02996dcfe8afc3
SHA1 4240e64a8604fa36481bf24471545a2c7c10c89c
SHA256 fba866aea3cb0fce98cf10cb57975933d6cfaaed27f9f25250008814c9bf8e95
SHA512 1a0f6266836348c4ee0fbfdfdc9197b66add2a5b150ea8a1205b4e3876eb5c82d7404bd26791de29ff48004dfed187d9bab5a9678dfe1c71cf513dd49abacc56

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 71afbe33c71419b836b38771a92d3937
SHA1 82e9a524f3e5f89f7359df9c86df8bf07f3204c1
SHA256 887ca51aae7a0b9daf20b167edf9836e3053d308bdbe9121d3b708819ad56ea0
SHA512 10cdfdcd26234e8e1f4eaf66668f6e037c37a0455435792cf556a8354c7191d357689585656287f5214a1db2f2435eb65995f5df1a5106fb3bab1f301a506e92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 90d74dd7c75aebd271ba8649b2ecc709
SHA1 84f2f93fa6f0d289cdf88e0cc3c34d862bed3917
SHA256 5a869cd62cd40474a5fcecc170cf3af033197f740de42bfa5324ed446062529e
SHA512 0b912c53b8bf1909316153fd45780c0263079dbccb2b832692964da55c49184f9324463ee621e57eb29c759c7cfc3bf5752533281b5d8c5384f90bf51cfa62f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9416b2401a223bcfa0ce4f7461b5b69a
SHA1 5d0d5649025b7d7906596c08f762b5e251ff782e
SHA256 bcf839a0070044e4fc1dc09210df1537e1ae01ffbe9a34add02f3b8d3600d1a5
SHA512 aaf289e781ed0c2a74e454a75c3c1024580ee00109406e28ed22df2693db1b244a915e7d2ea71e55fa8850a81c7648cf3a18ad3f9abcee1795f7d787a4fb9ddb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 70f4a867c85df8f1b117d8988b47c11b
SHA1 b31cdfd2713e494a2f1f6bbbe1aa7c016c1e4d88
SHA256 4db37876183c4f1d140848695c0c74fe209f237d582b9852d04c5dae696335df
SHA512 5c908697365be532c9b4f39e9586dc646e690d826661dadd120a95721a31670ad8864cc14ce544c4d0fc578f8dcf3550d9210199386597f624645faaf03f87a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583786.TMP

MD5 1fc4cbb04b9533c03bcb4445e287bd4d
SHA1 7df6d942101eb347eeef247418b7aa3b7fe09af8
SHA256 4b776c724ee0d173dc3cfa0a239f397dee4d76e8bb1684ca8b010675937d8bd4
SHA512 a62a1ff3ae419c9c8f05e344f00a64973b8068589c466a988c1724046d74b0b96a4f6136a7af7318db7e12fddc3639ffb8c8d6e5678d8403936295b57c6726ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7cd0ea9f664a59dad8a99fb16bb47d49
SHA1 631f0991cfc8c42ea78f96d2edf064bb4d244c35
SHA256 e95fe82bd3a6af894b95d42cb49ac225e4f79786eda80a232164044f5bb6fa8f
SHA512 74b2f17e16f09e385702801c163d135e24fdeb8d691d4733459f25d53c9bd338fe857879d1d8fa410223763dcadd03cc3f0458d65f37856f7cee818e994148e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

MD5 05197e9427acea2ac4dc812f97a8f078
SHA1 3d2a38b79da52e57783360f195ac3e7c85edefd8
SHA256 7bdfd36b4f017340dbc84a310014381bfd3028416ff21c54f7ce0a35cfd38191
SHA512 084d4febc28358d3ba6b0bef400f637b7f350381b8b592b1e412dd860d5aaf034c03ecfa87a064cb19dd8a42faade23c260e35a8660791011b7e51b726418ead

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 740907b07e7f014429b9787959667598
SHA1 071e2091982a25d4a84b2c89132a8d3f4843aa80
SHA256 a3e7059b154853755341b6078309e8782f8f9badf32620372d77208f2bdb6dce
SHA512 be751be4f767d13fad6c74a52a56630c52e8d3734447fef6fc5c956fa9262a29c4b45c7b4a159c8c501851e664257be25561fa8394577d70f0140e9ffe2fed84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d929420e4715ed83abaf6601e044d64a
SHA1 e53cbbb7fa60230d5c4ca06d978c99360ee205c5
SHA256 ad4eb1561723b5ec9532b226007e9edb3b0b6fa78e68d6acdaa5f22955c33315
SHA512 67a12bf255e563a171be1a9d37273a5901dc169b87daaeaffacbc1f57cfa90cc5c75493f7cdb9de7e0adeb26f4f9b9b9b6659b1c5c0b8f5e930d9c4b8fd7d43e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 cfb5f41088373c01c3d0073aad9e736e
SHA1 b919dc5bff656f1cfb2984e51af1d635b6c65f21
SHA256 1ddd8e57569c6789adfa13a3586122d3b8b8bd6acd6729acd8b1b275007858a2
SHA512 0d290fc0d8ac97e669593cbb982be383db64e9840adff23326169b758a4a05010b5cbd41079dfefb7a39e6ce312d9516e9f5eec9f4ad39636c70586afadd4239

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9a53013a5eb9d50401ace795916c9ac1
SHA1 4055f256b86a66660d1e06056421feb7a6e742e9
SHA256 537d5195bf9719452ed7a4ddf2eb12c74df59ba77886a4e871bd0265e66725c4
SHA512 13b2f50d662ddc31b2ed339d3036fd1929300e7b36226d06ae9bd856b800b6952c03a2c8026eff27fb212bfbc2bc725655cfa4d788cb75e857693bf22faf4e4b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 aac2d9780b5ca0864c8945c7f7a9e87c
SHA1 8674f1bb0ff827de0f60760da0438a0b7bda506f
SHA256 0b78024e0f22eba58d80af32e21ccd634f6c474ff8e78fb31528f58739708ca3
SHA512 45a0b08e2680c345fdefffd502e127a29789c09f5e71c2afc57b19576ba2f306f704e086af5971850a2548e45e6d86ae2e8851faf877fdd8c0cbe00528f396fd