Analysis Overview
SHA256
6d80dc518829d7135226187be78c102b5f742a1c2a97c57993af357bffaf7c8a
Threat Level: Known bad
The file 6eff239330af743fec3e329eca3ef671_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
System Location Discovery: System Language Discovery
Browser Information Discovery
Modifies Internet Explorer settings
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-23 12:46
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-23 12:46
Reported
2024-10-23 12:48
Platform
win7-20240903-en
Max time kernel
131s
Max time network
147s
Command Line
Signatures
SocGholish
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10216" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435849437" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10216" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a009ca9f4925db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea22000000000200000000001066000000010000200000006b172998da9c4c8b61283217e89411e851005aedf05f9384e6061b3b0c1f6010000000000e800000000200002000000054ee1a4eb6edf650fc8e725f7ca82627686987cad278930cc619e27c7807bd0f9000000095fc8051815d50b07737e111955b5d1cf6b018f1f25700ba26081f14fb3360d0b16f288bab143d02cd96b40366b18b0c110c47bb2f866688dd22b62575fc2e2e586ca6dd20c5b18675a9cfad6b6d700ee0e9034e14c19d4ea2d3cc88209de5d0060aa9af8c540177b80b2634e86ff56a9aef78954d7fb69cd12cac54e87fa9d560eb6759c265167a5725ef67532fddfc4000000090d603b10a9e53d942c3bed6f76b9a183efb365d62e7bbc8e7706a13c94cac39b5419c8eac1b138871d261bff4fa5344f1d2e4239a87f4f228998039c1046bd4 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10216" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "282" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea220000000002000000000010660000000100002000000008da7c661fecc70e8387092babbafd847d549841eb389c4f8b3ead00909a318a000000000e800000000200002000000016811bdf0b02fe88c0f04ee24b90b84d4a530b764c8657beb1ace54022f8b171200000000352331d091024eaf2554aecdeaa7aee34c5e09816b0345b6c9a631b4ac9f4b140000000c1dd9153994442164100ea38fa038a7c14f5fd2d64549c28f41574506a8f23c0c84c632f0bbcd67df23a31fadc597e91c30369831d95d310cae72e3ac028ef40 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C51FAF21-913C-11EF-BA5A-5EE01BAFE073} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2792 wrote to memory of 2284 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2792 wrote to memory of 2284 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2792 wrote to memory of 2284 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2792 wrote to memory of 2284 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6eff239330af743fec3e329eca3ef671_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2792 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | feedjit.com | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | sohanews.sohacdn.com | udp |
| US | 8.8.8.8:53 | sohanews.mediacdn.vn | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | internetsupervision.com | udp |
| US | 8.8.8.8:53 | www.baokim.vn | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 8.8.8.8:53 | www.xemngay.com | udp |
| GB | 172.217.169.73:443 | img2.blogblog.com | tcp |
| GB | 216.58.212.234:80 | fonts.googleapis.com | tcp |
| GB | 172.217.169.73:443 | img2.blogblog.com | tcp |
| GB | 172.217.169.73:443 | img2.blogblog.com | tcp |
| GB | 216.58.212.234:80 | fonts.googleapis.com | tcp |
| GB | 142.250.179.238:80 | apis.google.com | tcp |
| GB | 142.250.179.238:80 | apis.google.com | tcp |
| GB | 142.250.179.238:443 | apis.google.com | tcp |
| GB | 172.217.169.73:443 | img2.blogblog.com | tcp |
| GB | 172.217.169.73:443 | img2.blogblog.com | tcp |
| GB | 172.217.169.73:80 | img2.blogblog.com | tcp |
| GB | 172.217.169.73:80 | img2.blogblog.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 184.26.134.46:80 | s7.addthis.com | tcp |
| GB | 184.26.134.46:80 | s7.addthis.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| VN | 103.131.74.28:80 | www.xemngay.com | tcp |
| VN | 103.131.74.28:80 | www.xemngay.com | tcp |
| US | 12.171.94.43:80 | internetsupervision.com | tcp |
| US | 12.171.94.43:80 | internetsupervision.com | tcp |
| VN | 123.30.242.13:80 | sohanews.mediacdn.vn | tcp |
| VN | 123.30.242.13:80 | sohanews.mediacdn.vn | tcp |
| VN | 123.30.242.13:80 | sohanews.mediacdn.vn | tcp |
| VN | 123.30.242.13:80 | sohanews.mediacdn.vn | tcp |
| VN | 123.30.242.13:80 | sohanews.mediacdn.vn | tcp |
| VN | 123.30.242.13:80 | sohanews.mediacdn.vn | tcp |
| VN | 123.30.242.13:80 | sohanews.mediacdn.vn | tcp |
| VN | 123.30.242.13:80 | sohanews.mediacdn.vn | tcp |
| VN | 42.112.31.40:80 | www.baokim.vn | tcp |
| VN | 42.112.31.40:80 | www.baokim.vn | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| VN | 123.30.242.13:80 | sohanews.mediacdn.vn | tcp |
| VN | 123.30.242.13:80 | sohanews.mediacdn.vn | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| GB | 142.250.180.1:443 | lh5.googleusercontent.com | tcp |
| GB | 142.250.180.1:443 | lh5.googleusercontent.com | tcp |
| GB | 142.250.180.1:443 | lh5.googleusercontent.com | tcp |
| GB | 142.250.180.1:443 | lh5.googleusercontent.com | tcp |
| GB | 142.250.180.1:443 | lh5.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | static.mytour.vn | udp |
| VN | 42.112.31.40:443 | www.baokim.vn | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| VN | 123.30.242.13:80 | sohanews.mediacdn.vn | tcp |
| VN | 123.30.242.13:80 | sohanews.mediacdn.vn | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 12.171.94.43:80 | internetsupervision.com | tcp |
| US | 8.8.8.8:53 | www.phongthuyviet.com.vn | udp |
| VN | 103.131.74.28:443 | xemngay.com | tcp |
| VN | 103.131.74.28:443 | xemngay.com | tcp |
| VN | 42.112.31.40:443 | www.baokim.vn | tcp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 8.8.8.8:53 | platform.stumbleupon.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | embed.tawk.to | udp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| US | 52.20.104.98:443 | platform.stumbleupon.com | tcp |
| US | 52.20.104.98:443 | platform.stumbleupon.com | tcp |
| US | 104.22.45.142:443 | embed.tawk.to | tcp |
| US | 104.22.45.142:443 | embed.tawk.to | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 142.250.180.3:443 | ssl.gstatic.com | tcp |
| GB | 142.250.180.3:443 | ssl.gstatic.com | tcp |
| US | 104.22.74.171:80 | widgets.amung.us | tcp |
| US | 104.22.74.171:80 | widgets.amung.us | tcp |
| GB | 216.58.212.238:443 | www.youtube.com | tcp |
| GB | 216.58.212.238:443 | www.youtube.com | tcp |
| GB | 216.58.212.238:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | ocsp.r2m02.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m02.amazontrust.com | udp |
| GB | 52.84.137.125:80 | ocsp.r2m02.amazontrust.com | tcp |
| GB | 52.84.137.125:80 | ocsp.r2m02.amazontrust.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.38:443 | static.doubleclick.net | tcp |
| GB | 142.250.200.38:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.200.10:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 104.22.45.142:443 | embed.tawk.to | tcp |
| US | 104.22.45.142:443 | embed.tawk.to | tcp |
| US | 104.22.45.142:443 | embed.tawk.to | tcp |
| US | 104.22.45.142:443 | embed.tawk.to | tcp |
| GB | 142.250.180.1:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.180.1:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.180.1:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.180.1:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.180.1:443 | lh6.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.18.190.73:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | e8a94f22e0819b2d909c84b27d9c511e |
| SHA1 | 983ce76e0c8a09f766ccb13e62d5925a6cd814ec |
| SHA256 | 3b0c72156e81a825cb4a5c3e9ce87b37d9e35532856932102c20014f60867604 |
| SHA512 | 3622b2136dc33f03e25c1378ce5cdf4aca7c137c7967ab1c961d0132f50374119c9b0d011e54bdce8f87316317bab2b96f0e171b377f763ce5210acd199ea7cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4FA45AE1010E09657982D8D28B3BD38E_E8D134AC99B105DAB35246A07844C544
| MD5 | e1fb56fd1264772ed7418ad4a189114a |
| SHA1 | 389dc92afdc330990a85dbeb8aeab3af0290da16 |
| SHA256 | 84552edd58a40a305d7988bdcc49b325649cd46589143b3066488fc29700219e |
| SHA512 | bb3609f1027b4bbe019d90da158da15042ef87c4ea88f14a8a2896fdcb925c88ce1634cf33493c73dd0d770f693dd30126b342d56a98d56428ef5f4a64101924 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4FA45AE1010E09657982D8D28B3BD38E_E8D134AC99B105DAB35246A07844C544
| MD5 | f4995526b03d1a452675cc76dea4a1e3 |
| SHA1 | adc4ea35049a93637ce4a13f6861f0fa5b1ea792 |
| SHA256 | 3c94051426e2d337cf2acba3fe6c547a504899c50ab98b26842529ecc08fe725 |
| SHA512 | c76d7f99eb7daebaef372a6a1db9af7c56350c4ce20fb2440228b6162719905a808835a23d748af40e78964734b191d8350ee902124b331c8bd5f2e450e312e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | f5c9938a2fa3fc7c84debe9b5699bd85 |
| SHA1 | 698dde95fa540adaedf8c6c475730896609a8fd0 |
| SHA256 | 2d21778bc0d4f0798a5c652a62f2971db17dcf2462b0c13d89bd02de1d6df3f3 |
| SHA512 | 4dfee6086310236069239716570f6d0c63946a01b62e644447d9f6c5c3231e50b9041cc6a4d1378d58a6f694520a825e7abf98fc501c519750602ccfebd3479b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 6337cade7df6701b500a82637ed36240 |
| SHA1 | d496d7027c0c713139a639dd95075ae55ca925c4 |
| SHA256 | 78da01e1205bf5a001753ad934f3cc44466095c2c247029c9bc1061acde2599a |
| SHA512 | d73d5d5d27a1aae91c9f06c7c5c3c7b1ef999c3d3327c32b9ceb2b35c1ebac906ae76812e8a088f4b0683b4b86748dd8d81589d923bdd168fac0c834b79c25c8 |
C:\Users\Admin\AppData\Local\Temp\Cab9D4B.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar9DEA.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F91VN88R\plusone[1].js
| MD5 | 1106da066ce809fb5afe9c6c1b4185b2 |
| SHA1 | 3b64d3a7f52b4c07047fa8727db4207137733bf8 |
| SHA256 | d0f3af1e716ce7846e7c252ace160c12480d41eecd5a7e7917ee5b2ccde62b51 |
| SHA512 | 3f0205b89d5293f14d863e344680a9d8518e5d4ee3b981dc5981106534bd597ed6b388eecab1385320f77c8d5a46a4ce5b64f03f4377b8ea13ecf9b569878fd9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64cffe5006511a21fa8a081b8694a6aa |
| SHA1 | 0cc942bd7d82e95f33c96703b17b47ca92232a83 |
| SHA256 | 16f45a584ca99a0d0d67654ccc6371aebe3b00868e23300f97e548388702cc53 |
| SHA512 | e9587f0cf5d7c91c3a7e274f8391fe5998065040dec00401667887dfd0a0576a57ed54e7516d215b8fd15f571fed0040970d77365a6be70dec13062a84e7e9f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 87c8ebfd542e1718ed6693a11af1587b |
| SHA1 | 95ba6650f96182faeda13d5c4185413cf6090406 |
| SHA256 | 1a00fcdff2edd414e43bed1248a2dcaae3c92cd00628e558b455f6e7dd6d22d3 |
| SHA512 | b0df1b93f33bb5265e377dc6e6c286308f1cd6e9bff2399cf6135f6c1f8df4f96bec1937d80774dc93dcaf76689eb5b81c0539b386539f4c981c00c0e97a2a94 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6cb03288bb4193492ffd0a39b176cfc8 |
| SHA1 | 625acd967853f88366eb8defbeb653f6cd05c79b |
| SHA256 | 99727f9f2c8ca36ca347d5e1cf053b9dd74af9c2f44dd0fe20c4e65f97ad7a8e |
| SHA512 | 562bb64d25d48b39fc3e15eea193fdfcb40f850366bc593ccc950f0f4cdb6a1ab827d25f1b56b756ca465db62436f1b3d579af00e64d5c5b073fc627289e8568 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06bdf58c80c2c25b7a741036c63382c5 |
| SHA1 | d9d702ba8ccc3ea8cb1a9dad94f35c157c9f5491 |
| SHA256 | 696457d07047a59fac6d2c50a5cf1ea94013344337e5b2201236922fdce869a3 |
| SHA512 | 0e9e2c00538d4e23f87c9107c1e22e99ad5c3bf6079fb3432a490acfe7f8df68de91468793d0414a2e9a182df9b801bc3dfda69066bb6cf4839668fd8c8a245d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b1d51396881e16092a676fecff1a3dc |
| SHA1 | 48a618a07c00c70c86be82cc2ff16e577f3ad6c4 |
| SHA256 | 3f5e7873693f0ab7aa91acac88d891fa88b78e18d5048406268a3fe507fb457e |
| SHA512 | 09859a975e8e071bde32cd9307c17c6363646f672c50cc5fee405ef626664ad1ddac7d8c9a084ea041ff41aca3fed9bb2f607fd9bae4ecd486806cd3ca49c7fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | ac3dd9e8cd71931aef53379e577dbd57 |
| SHA1 | a70d88680b6e4e81ddabbd295560c0f05b055ebc |
| SHA256 | 415a3d75eea5371dce99b00f21f16318e44964a4324295cb46ca9dc0b1ce345f |
| SHA512 | df077f982a4a7d8ee5844eefa328ee3c663616af676245392d5775d95477520d8ccb0ad9eb9c102926642b5120136080c94de930bbe30703122120cff5d6b184 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ace4170cf896899558e4618fb9a290fd |
| SHA1 | ab9b205b7ae1e1f0f88a19ef13b7029697a2ce14 |
| SHA256 | 359828fae126aed33db74648879bc87fd1faf27e784f706f0ed491e307364677 |
| SHA512 | 2725bf4ba57db5a74ee4952583975696105dce13ad8bef540aeb1a9db942cd45a4b1c7234a003c5217aee1840a90322cc29140033d8d537b3982799c8f01acf2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIYAG1MM\cb=gapi[1].js
| MD5 | 1d4cb29476060a1b3681fdb681200b11 |
| SHA1 | d541f88bf8d4fd98b9e0e723e050c47d4d32c18a |
| SHA256 | 5930e64b0cbf1dc5922f65060422fcf822870ac69439450ee3cb134365a51a82 |
| SHA512 | 85575c3656c8e0d70cbcdf76194e37dbe3f7bd4535221a8f51fb6b51266fd682809fa86bc556c27d127f713a6ff75290ae1fbdcd8e589211e1685f82b99d93cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 36dbdecdeda69b5fd97cc547fe371e26 |
| SHA1 | c15e62d03c99c1274febf8e961763f8653d21660 |
| SHA256 | a18e93e4f31ca7e95001c83c02b0850ea1f872066ac541ce0418530e047e8936 |
| SHA512 | 2a7b16e038982a59d1088cedf718b303804b81b60dc43a4cb755ce7026d33b2a570b5bd36a8a1b75d0d6c46e68aca88649d9c2d5e6894814b77fde246490a8c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4fec9b0d97be46e424d07ebb742f3a4 |
| SHA1 | dbdc59d91bfe8f35607fa136f03c1044b8117662 |
| SHA256 | 12bf56187cfa35dc5a221308558c71cc83b2fc6102ff7890c9d5a92182140017 |
| SHA512 | abead0126515878adaa2a0d013f5c9eb13274fcb3f343bad689340f5a053352419794379c28a9f273a8d6b46b72f8b7d409ff12047361faefb8114768febb492 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18058f54b50fdd0f67ac59a0e02315bb |
| SHA1 | ed1d8c3c19647af8215b0bc57895c21e32d0271e |
| SHA256 | 15fb2602171a42ea62838e48abb657c91ff1208c693b2130fbaf7a29d0593ae3 |
| SHA512 | 311fccf812ceb2c62275a9d1cee8cd43131ce812316c71816b08971106fcc2c8c48f5aac54d3d27c17a582157c1aa4d93a9fae60f148738bbf75b0f0cc0a4565 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ea2772cb1bb5a974d99881b6a34f509 |
| SHA1 | b059371facc0c69b84953a1b38682b6c3dc43032 |
| SHA256 | f5192c8edb4170ce6e08acabd234ae553871b10ad7e2843d5b725b712d7229ae |
| SHA512 | 24a67af007187adb89d1bf4cbb28509e924828c723712a01d19b2259660bf021d75c36107ea1e6073b96a69ad1b75b079c559082bb3b32b08bcdd85eec923dbe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b49f52fc10d46916d5933e176b746f9 |
| SHA1 | 0beb1dbe50fc378901458102e5b11e9b4d1f12e6 |
| SHA256 | 3304da26dab8a445ce19e260974848a2781cdd8fc88f41825561f81b0a4b760b |
| SHA512 | 5a5779acec873a87edd580bdbb7fb9a09d87a39c27b58cdd2283e6d4a79b119546269c81a7da68b7f5d439f2125f895d26b089e0ec2fcc58d31f16d95f533bf0 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1FJ4G142\www.youtube[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1FJ4G142\www.youtube[1].xml
| MD5 | e2c0973f9a60a8ef92d9e31967bff988 |
| SHA1 | d3423c374a9a5f5ee22cd23dd8af5b1c60ae4a0e |
| SHA256 | 58eba98591552d933ec6a7b96d6700460df73f5e3913b5ecf9d3203f61613609 |
| SHA512 | c9f85044b2e51f7e9b8bf295ed8eff31d9d3348b51b06977bab36a62dd85d33e86650da194b3aea7e0bc74adc0f04a5eb3cc4facbc3d13aed362c7c89e2b1286 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1FJ4G142\www.youtube[1].xml
| MD5 | dc863616e86973aac14ed51e18b8b3e7 |
| SHA1 | b91a5ccc9541949743f01739f32bd49de436bd01 |
| SHA256 | 17f6757e73a7e431029ad6102ab745deae4e14bf37a4fbab744d6a6a8fb54688 |
| SHA512 | 27d617f1dc5d07da5732d3e1b6fb9173507b6acbde1525fdd910cf036351c177bc7ed14240b6aaf7d1e82334ef4b5fdffc8347c5bcedef44f8425f6277540c52 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1FJ4G142\www.youtube[1].xml
| MD5 | 5d9141e1baf6f02751316ae486948e33 |
| SHA1 | d1fc3e9dd4341ec4ae78a352cbbd2d5ce903305c |
| SHA256 | 3e6e7e0ea261dfb23971a5521f24f876a5f4da82b3fac781bcccdaebc7b12d1f |
| SHA512 | a6813b1d2f878992f4ef6fbc7f7fe682f2f2d103a87de85509d74ff7c80ce9d0be5b24e9145d4a6a2d142e24f923bd4f4565f142e3cbd24975b6861393eef8e5 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1FJ4G142\www.youtube[1].xml
| MD5 | 259422611c63f9ddd113f642d744e4de |
| SHA1 | ab00f0d4d83c8ca0f075d3b9fae3a3876cf4f918 |
| SHA256 | 12613561aba70cf973bfc1ff9208e04897ae9529f33bbdc86ae6f6bbaba495fc |
| SHA512 | 72f7575e87f22364a09f194f9231b33e50358c13f2fbeaa49a2a7918f08413e7469bdccfe7a626a03de212e25cf6ba28ed0bb80f5358a20eac2f30e4338cf086 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1FJ4G142\www.youtube[1].xml
| MD5 | 6178557e065464006543c223053fa83e |
| SHA1 | 71fa313909daf5b25c722bfe4f402dcf85dca1fb |
| SHA256 | e9031ccf9d0d3957b5c547531e44b29411952c19d8dfbd20664a4c668d8ef52d |
| SHA512 | 7afb240564896312e7534767e9f96d2154d502a997ef41be2bbaefd2022a592e1b52b8a3648722bf6548577e6a379dd5810ce451716f972ad07372b52263796a |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1FJ4G142\www.youtube[1].xml
| MD5 | 447018dc1a66b3fd845abead1813f628 |
| SHA1 | 0bc6fa50c33a20bde84ea9e051ced4bb146bd730 |
| SHA256 | b303a7f5e5088fb34f8623c9555c9206cf5446183142748dda5b5596107654d6 |
| SHA512 | c90318debcfe577084b84ec3466ae1838ed67332e4b14f78cbda64ee6308fee676654776bb7a0870b2033cad18f2b89d4880b4d0bd9162d7d83312ebeda46796 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1FJ4G142\www.youtube[1].xml
| MD5 | 6b92c10c3bbe2cface5ce3492468bbb5 |
| SHA1 | 018d56e154ce646e6bccee4011baa6b24f5cafb3 |
| SHA256 | 8812c14911f9ad4183943c7221ee573474c6ca4f9366588a06fa669e187d84a0 |
| SHA512 | 6cc37ed84396876f8550f7c432ce73ef20b8945bd7abea53da6e03d1dafbb9d776304457b5f553d1e4987e8a90b56e96aa3937b9b66b157d18f123fd15e23977 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e2f2e8847528cf805b2ed0e765fe4ad |
| SHA1 | 7fbab0902a22d13f76c45edd6508bf8003277105 |
| SHA256 | 348afc08dfa5a9dc39e0cabcba9c96eabf4e0d131b70aa3d677e6c9a7ff7d4d6 |
| SHA512 | 7bb76934e6bdedd1804be54ed88d94a9027b7984bec5cfed397e5eb627c3a4ae8a08073d2133be0950cdb837d86c1986e6bade9e8b6919d0a0b93e1689571bf7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1d1fb62df29a2be3557902e564a32f45 |
| SHA1 | fa21430a5c29654ecd580f4be27a3e77bb16ed7f |
| SHA256 | acf9b7c7bd8a9ff6f587c9b26df50b640c2440cb30693209f09a1d7007f9b2cd |
| SHA512 | 96b6726b3a1e5cb07e9ba30a7c87842776f6a42cbcc248fe8c913587867d8aed89c2da50a9a209ebe4051a9f92867ee31e85bf1e68b3617480b11650ac4a5297 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a7d0c21531ed7c7226dd12a325937b7f |
| SHA1 | ba1be77c2a4232e9fa7c7390c25ee7faed12435e |
| SHA256 | e64abd43abdcf48c934aadd31bb35a651dd0571d45accb66bfa9816139e9ac95 |
| SHA512 | 21e97572d4ddd32d190bdb8d1d3807475b36312e041b0e9078159aab0dd7465b28a9f7a742783cc9c57a360094b1b01bc7ebd8e5e391a384104c70e91f5ec71b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c121ae094f3921549401199054ecd825 |
| SHA1 | 024f7c5d4d950ece742c0b367fa99976e6ca3878 |
| SHA256 | b6e44106b2e0f8ccc13e3d9e1a958e489af416a40a02901b551bc89c751cd758 |
| SHA512 | 3603cd3c411934fbd0d58e1314a599a3ec6f7642f494730067ce423b5920c55bc22ee9c91fb96e490a32591ef1b8435bf9dce3ea3bd9701126e1865468aae02f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de224707c6b0f7356725d9aa42596a91 |
| SHA1 | dd96c65347b3d0cc8c4dd5b076ecf6b179949db1 |
| SHA256 | 73f47050e44660d7f188aa6f73b5d4beb802937b8c1f2380ba3b4dccb2dd8ab2 |
| SHA512 | 1463b7e54c0bb4446da29b43af160cfc6db85f72b990384d5bb283077972e94dc115f0efc3f8e9b45a6d76b93e110f69aac3acb94fa6f8d0d75e627ff292679f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f5745f531079a5e8c696dcbaaff8feb |
| SHA1 | 398ad4d4c970ad0ab9e98ece261cd7158554adee |
| SHA256 | 6772efc7dfe0f519347b7db7f6ac9a5b1149d8b729339ad40b025120e5dee851 |
| SHA512 | 1f59054ae0b5238c06dd37be3056e57d25513c02077dbdffae2879e3763b9d8df9c5ead23931e887c2329dbaf8adf45df389736c852a1fd5ff303b5907b6ec4c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 619058a82cfec436e39d5953063223ab |
| SHA1 | 8b18ca73eaf85a5dad07fc2a416fafd85672adde |
| SHA256 | 3cfc34b5501b99616e22b184b2839534a18946f9c342a52b4c422b62fad695b5 |
| SHA512 | 3a9398b346ef97c05164e40006cf2ac75ca82ea701a5103d1e08d0647a8b3b89c7b161ddbd68caab6a2d0a07c9e49f4cf7dd9a3be2826eb26ef8f657ade5b5e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09a474e1770e56171af2cad708e15777 |
| SHA1 | a7e49c939c2e6d24cf25d86f63022bff4770e5b2 |
| SHA256 | 5eac316d9c0e01d681c9df42648de56392ddeef2e3a93c85197444ffa32b0567 |
| SHA512 | e5999be45b21dd2100f369ae52c9c980028ce71f5142ac8ae99df179229a4cc9ddd4d88cb3a57178843773282700e1e2500c7f3e619f7bc98cb57ff5eb75900d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1cc446e6ba4f99c7209c76cfb1958278 |
| SHA1 | fe75847d56a1dded2835a0f3f04f8817a19cdc5b |
| SHA256 | 083150ad0245295fe472e74c6b0915da5ee6334074abd028d54b86134382cfe4 |
| SHA512 | bbf173471917a17464dcedb50f15bf9f0a93c480489e861d9c4e7536d9c425433e5dc9903aea6b1c715add368b6a784359d16d75321f75638b99c2f9ab832f5b |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1FJ4G142\www.youtube[1].xml
| MD5 | 1f8ba80852ba624ede13e80150b59618 |
| SHA1 | 1e62f26b4f51038818a56f2fe60f2ba3e5c84719 |
| SHA256 | 9ef02add87dea526d739779b99959206beb2e1d8f81be0ff420d0c249657b55d |
| SHA512 | 36000ead6a114796e04d6c2228345395cbed00ddb8eb517647d740117fb0909e904552e1dd5a687c4bca4b27c4230448f7d7cd956b0359a4f1d99aeb2056b43a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e2a573d04daafaa2d5ff159ff8935686 |
| SHA1 | 2be888b8e1e3eaed3164dae37b9c692e95a0bff6 |
| SHA256 | a3d042995d9f9ffc5afe07a7f761ef33810f3222620bd8402924015c5b1964df |
| SHA512 | 8bd662120d3012296d5b3effd39a696da01f63f3ec925c645e15c62612a71a3bb2d73fec60255f0d46afd3672e89e916ecc14ef825111a0f5127e6ef74abf3ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 5222ebaf24007e51f2cb343d0871ae73 |
| SHA1 | 22b8c832608424f0dbe4f60c46528304580cf3be |
| SHA256 | 302f028747b821e1b30e2c5ecd42f18676895af28c53b3b3631177031386e8d8 |
| SHA512 | 8c04f366a9c219d83ac226edbd27a5104c2853f728812b16bcc8a607834dcf241bb4e12d2d9d5f2490fd5f0e6d745d31c52ce2c47f63e4307bf7b164e1409717 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 23a6de72b93933c9706cce0b2b1ff79c |
| SHA1 | c36cc77999c7b7011a62a7ad55437e8f5cf0c3d1 |
| SHA256 | b2dc0b02c63f6a6602d727030c1a699029c1146d14413344a9615a372d4cc3d1 |
| SHA512 | 97aa2dc102a64c4c68637a2cb7542f08fe017aeda4c2c46a6532a363710601cbe7f070e6158f78f3758cdd164ba954b181a7278b7d27f06a3bd3e2700d0a2630 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 6c8da606fe6716f312113aea46932b8e |
| SHA1 | f4aa31452e607b601149131b49fb48191d186368 |
| SHA256 | ebd3f7e2732dff952c9ca30307fe8e8968e28ffd15acdac441e268ef498a9464 |
| SHA512 | b8cd237ab4a9189665d942a2de3ac51f8cdb0893d56c4b50d81e254006a0246eb485d896b8474dae1966c338f0a3c4a2ecd10a1b5697fdae1387c0f921017cb9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIYAG1MM\rpc_shindig_random[1].js
| MD5 | 70116351ebc507731f11cfb8653f69bf |
| SHA1 | 667d48cd3c244c41a84302056e5b14140045acd3 |
| SHA256 | e3fff060584ca9c8eb12a6925252c8c6333622f4e6aeae8417449bf0ae355020 |
| SHA512 | a69875a52b635e7a561cfe2c7f4639bc122be434989dd39b37ab8dda08b49aa4bfd681c572628e9dc056c69808d0a03e2c6b4fef88db20a59ca73f097870aee9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPUI9R2R\2254111616-postmessagerelay[1].js
| MD5 | c264799bac4a96a4cd63eb09f0476a74 |
| SHA1 | d8a1077bf625dac9611a37bfb4e6c0cd07978f4c |
| SHA256 | 17dce4003e6a3d958bb8307bffa9c195694881f549943a7bdb2769b082f9326d |
| SHA512 | 6acd83dfd3db93f1f999d524b8828b64c8c0731567c3c0b8a77c6ddcf03d0e74ee20d23171e6ceac0c9f099dce03f8e5d68e78c374da2c055973f6ac2db4e4f9 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-23 12:46
Reported
2024-10-23 12:48
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
149s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6eff239330af743fec3e329eca3ef671_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xe0,0xe4,0xd8,0xdc,0x108,0x7ff99b7b46f8,0x7ff99b7b4708,0x7ff99b7b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,6997792553564245699,5650047312513613117,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,6997792553564245699,5650047312513613117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,6997792553564245699,5650047312513613117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6997792553564245699,5650047312513613117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6997792553564245699,5650047312513613117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6997792553564245699,5650047312513613117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6997792553564245699,5650047312513613117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6997792553564245699,5650047312513613117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,6997792553564245699,5650047312513613117,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5948 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,6997792553564245699,5650047312513613117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6168 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,6997792553564245699,5650047312513613117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6168 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6997792553564245699,5650047312513613117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6997792553564245699,5650047312513613117,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6997792553564245699,5650047312513613117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6997792553564245699,5650047312513613117,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.187.194:445 | pagead2.googlesyndication.com | tcp |
| GB | 216.58.212.234:80 | fonts.googleapis.com | tcp |
| GB | 216.58.212.234:80 | fonts.googleapis.com | tcp |
| GB | 172.217.169.73:443 | www.blogger.com | tcp |
| GB | 142.250.179.238:80 | apis.google.com | tcp |
| GB | 142.250.179.234:443 | ajax.googleapis.com | tcp |
| GB | 142.250.179.238:443 | apis.google.com | tcp |
| GB | 216.58.212.234:80 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | feedjit.com | udp |
| GB | 172.217.169.73:443 | www.blogger.com | udp |
| GB | 142.250.179.238:443 | apis.google.com | udp |
| GB | 216.58.212.234:80 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 8.8.8.8:53 | www.xemngay.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | sohanews.sohacdn.com | udp |
| US | 8.8.8.8:53 | sohanews.mediacdn.vn | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| US | 8.8.8.8:53 | static.mytour.vn | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.187.225:443 | lh4.googleusercontent.com | tcp |
| GB | 142.250.187.225:443 | lh4.googleusercontent.com | tcp |
| GB | 142.250.187.225:443 | lh4.googleusercontent.com | tcp |
| VN | 103.131.74.28:80 | www.xemngay.com | tcp |
| GB | 172.217.169.73:443 | img2.blogblog.com | tcp |
| GB | 142.250.180.1:443 | lh5.googleusercontent.com | tcp |
| GB | 142.250.180.1:443 | lh5.googleusercontent.com | tcp |
| GB | 172.217.169.73:80 | img2.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.phongthuyviet.com.vn | udp |
| GB | 184.26.134.46:80 | s7.addthis.com | tcp |
| VN | 123.30.242.13:80 | sohanews.sohacdn.com | tcp |
| VN | 123.30.242.13:80 | sohanews.sohacdn.com | tcp |
| VN | 123.30.242.13:80 | sohanews.sohacdn.com | tcp |
| VN | 123.30.242.13:80 | sohanews.sohacdn.com | tcp |
| VN | 123.30.242.13:80 | sohanews.sohacdn.com | tcp |
| VN | 123.30.242.10:80 | sohanews.mediacdn.vn | tcp |
| VN | 123.30.242.13:80 | sohanews.sohacdn.com | tcp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| VN | 123.30.242.10:80 | sohanews.mediacdn.vn | tcp |
| VN | 103.131.74.28:80 | www.xemngay.com | tcp |
| VN | 123.30.242.10:80 | sohanews.mediacdn.vn | tcp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | xemngay.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| GB | 142.250.178.1:80 | 2.bp.blogspot.com | tcp |
| VN | 103.131.74.28:443 | xemngay.com | tcp |
| GB | 172.217.169.2:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| GB | 142.250.178.1:80 | 4.bp.blogspot.com | tcp |
| VN | 103.131.74.28:443 | xemngay.com | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 46.134.26.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.74.131.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.242.30.123.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.242.30.123.in-addr.arpa | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | internetsupervision.com | udp |
| US | 8.8.8.8:53 | www.baokim.vn | udp |
| VN | 42.112.31.40:80 | www.baokim.vn | tcp |
| US | 12.171.94.43:80 | internetsupervision.com | tcp |
| US | 12.171.94.43:80 | internetsupervision.com | tcp |
| VN | 42.112.31.40:80 | www.baokim.vn | tcp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.31.112.42.in-addr.arpa | udp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 172.67.8.141:80 | widgets.amung.us | tcp |
| VN | 42.112.31.40:443 | www.baokim.vn | tcp |
| US | 8.8.8.8:53 | t.dtscout.com | udp |
| US | 141.101.120.10:443 | t.dtscout.com | tcp |
| VN | 42.112.31.40:443 | www.baokim.vn | tcp |
| US | 8.8.8.8:53 | 141.8.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.120.101.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:445 | lh3.googleusercontent.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | platform.stumbleupon.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 18.208.90.128:443 | platform.stumbleupon.com | tcp |
| GB | 142.250.200.46:80 | developers.google.com | tcp |
| GB | 142.250.200.46:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| GB | 142.250.180.1:139 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 128.90.208.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.4:445 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:445 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| GB | 146.75.72.157:445 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| GB | 151.101.188.157:139 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | embed.tawk.to | udp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| US | 104.22.44.142:443 | embed.tawk.to | tcp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| GB | 142.250.200.46:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 172.67.8.141:445 | whos.amung.us | tcp |
| US | 8.8.8.8:53 | 142.44.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| GB | 216.58.212.214:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 142.250.180.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | 84.184.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | udp |
| GB | 172.217.169.74:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.200.38:443 | static.doubleclick.net | tcp |
| US | 104.22.75.171:445 | whos.amung.us | tcp |
| US | 104.22.74.171:445 | whos.amung.us | tcp |
| GB | 172.217.169.74:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.201.110:443 | play.google.com | tcp |
| GB | 216.58.201.110:443 | play.google.com | tcp |
| GB | 216.58.201.110:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| GB | 142.250.180.1:443 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| GB | 142.250.180.1:443 | lh4.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | www.phongthuyviet.com.vn | udp |
| GB | 142.250.180.1:443 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | va.tawk.to | udp |
| US | 104.22.45.142:443 | va.tawk.to | tcp |
| US | 104.22.44.142:443 | va.tawk.to | tcp |
| US | 8.8.8.8:53 | 142.45.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vsa43.tawk.to | udp |
| US | 104.22.45.142:443 | vsa43.tawk.to | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | 229.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vsa34.tawk.to | udp |
| US | 104.22.44.142:443 | vsa34.tawk.to | tcp |
| US | 8.8.8.8:53 | vsa26.tawk.to | udp |
| US | 172.67.15.14:443 | vsa26.tawk.to | tcp |
| US | 8.8.8.8:53 | vsa59.tawk.to | udp |
| US | 104.22.45.142:443 | vsa59.tawk.to | tcp |
| US | 8.8.8.8:53 | 14.15.67.172.in-addr.arpa | udp |
| US | 104.22.45.142:443 | vsa59.tawk.to | tcp |
| GB | 216.58.201.110:443 | play.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 34d2c4f40f47672ecdf6f66fea242f4a |
| SHA1 | 4bcad62542aeb44cae38a907d8b5a8604115ada2 |
| SHA256 | b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33 |
| SHA512 | 50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8749e21d9d0a17dac32d5aa2027f7a75 |
| SHA1 | a5d555f8b035c7938a4a864e89218c0402ab7cde |
| SHA256 | 915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304 |
| SHA512 | c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a |
\??\pipe\LOCAL\crashpad_2300_AREPQSKLEHORYZLJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\03f7052e-4999-44ac-a242-272150dae9f1.tmp
| MD5 | 852bc91165b7c2edf716051b1c0baee1 |
| SHA1 | ceb349bc45b404b267909b13812c107ab0185545 |
| SHA256 | 4705d2c38ec2722613957afa6a210798fb63950af2b3b9905ee8fec75d9da437 |
| SHA512 | 1f0edb00400a55ef7b3978fa4ad719d6542027a3a1e8a02631ea327d3f2cd21c1f57a1f9802dc693ae14183fe280437c2e4a5d46afa5a58ad30225e6987a09da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 318ffbb8b70b421abc02996dcfe8afc3 |
| SHA1 | 4240e64a8604fa36481bf24471545a2c7c10c89c |
| SHA256 | fba866aea3cb0fce98cf10cb57975933d6cfaaed27f9f25250008814c9bf8e95 |
| SHA512 | 1a0f6266836348c4ee0fbfdfdc9197b66add2a5b150ea8a1205b4e3876eb5c82d7404bd26791de29ff48004dfed187d9bab5a9678dfe1c71cf513dd49abacc56 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 71afbe33c71419b836b38771a92d3937 |
| SHA1 | 82e9a524f3e5f89f7359df9c86df8bf07f3204c1 |
| SHA256 | 887ca51aae7a0b9daf20b167edf9836e3053d308bdbe9121d3b708819ad56ea0 |
| SHA512 | 10cdfdcd26234e8e1f4eaf66668f6e037c37a0455435792cf556a8354c7191d357689585656287f5214a1db2f2435eb65995f5df1a5106fb3bab1f301a506e92 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 90d74dd7c75aebd271ba8649b2ecc709 |
| SHA1 | 84f2f93fa6f0d289cdf88e0cc3c34d862bed3917 |
| SHA256 | 5a869cd62cd40474a5fcecc170cf3af033197f740de42bfa5324ed446062529e |
| SHA512 | 0b912c53b8bf1909316153fd45780c0263079dbccb2b832692964da55c49184f9324463ee621e57eb29c759c7cfc3bf5752533281b5d8c5384f90bf51cfa62f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9416b2401a223bcfa0ce4f7461b5b69a |
| SHA1 | 5d0d5649025b7d7906596c08f762b5e251ff782e |
| SHA256 | bcf839a0070044e4fc1dc09210df1537e1ae01ffbe9a34add02f3b8d3600d1a5 |
| SHA512 | aaf289e781ed0c2a74e454a75c3c1024580ee00109406e28ed22df2693db1b244a915e7d2ea71e55fa8850a81c7648cf3a18ad3f9abcee1795f7d787a4fb9ddb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 70f4a867c85df8f1b117d8988b47c11b |
| SHA1 | b31cdfd2713e494a2f1f6bbbe1aa7c016c1e4d88 |
| SHA256 | 4db37876183c4f1d140848695c0c74fe209f237d582b9852d04c5dae696335df |
| SHA512 | 5c908697365be532c9b4f39e9586dc646e690d826661dadd120a95721a31670ad8864cc14ce544c4d0fc578f8dcf3550d9210199386597f624645faaf03f87a0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583786.TMP
| MD5 | 1fc4cbb04b9533c03bcb4445e287bd4d |
| SHA1 | 7df6d942101eb347eeef247418b7aa3b7fe09af8 |
| SHA256 | 4b776c724ee0d173dc3cfa0a239f397dee4d76e8bb1684ca8b010675937d8bd4 |
| SHA512 | a62a1ff3ae419c9c8f05e344f00a64973b8068589c466a988c1724046d74b0b96a4f6136a7af7318db7e12fddc3639ffb8c8d6e5678d8403936295b57c6726ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7cd0ea9f664a59dad8a99fb16bb47d49 |
| SHA1 | 631f0991cfc8c42ea78f96d2edf064bb4d244c35 |
| SHA256 | e95fe82bd3a6af894b95d42cb49ac225e4f79786eda80a232164044f5bb6fa8f |
| SHA512 | 74b2f17e16f09e385702801c163d135e24fdeb8d691d4733459f25d53c9bd338fe857879d1d8fa410223763dcadd03cc3f0458d65f37856f7cee818e994148e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023
| MD5 | 05197e9427acea2ac4dc812f97a8f078 |
| SHA1 | 3d2a38b79da52e57783360f195ac3e7c85edefd8 |
| SHA256 | 7bdfd36b4f017340dbc84a310014381bfd3028416ff21c54f7ce0a35cfd38191 |
| SHA512 | 084d4febc28358d3ba6b0bef400f637b7f350381b8b592b1e412dd860d5aaf034c03ecfa87a064cb19dd8a42faade23c260e35a8660791011b7e51b726418ead |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 740907b07e7f014429b9787959667598 |
| SHA1 | 071e2091982a25d4a84b2c89132a8d3f4843aa80 |
| SHA256 | a3e7059b154853755341b6078309e8782f8f9badf32620372d77208f2bdb6dce |
| SHA512 | be751be4f767d13fad6c74a52a56630c52e8d3734447fef6fc5c956fa9262a29c4b45c7b4a159c8c501851e664257be25561fa8394577d70f0140e9ffe2fed84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d929420e4715ed83abaf6601e044d64a |
| SHA1 | e53cbbb7fa60230d5c4ca06d978c99360ee205c5 |
| SHA256 | ad4eb1561723b5ec9532b226007e9edb3b0b6fa78e68d6acdaa5f22955c33315 |
| SHA512 | 67a12bf255e563a171be1a9d37273a5901dc169b87daaeaffacbc1f57cfa90cc5c75493f7cdb9de7e0adeb26f4f9b9b9b6659b1c5c0b8f5e930d9c4b8fd7d43e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cfb5f41088373c01c3d0073aad9e736e |
| SHA1 | b919dc5bff656f1cfb2984e51af1d635b6c65f21 |
| SHA256 | 1ddd8e57569c6789adfa13a3586122d3b8b8bd6acd6729acd8b1b275007858a2 |
| SHA512 | 0d290fc0d8ac97e669593cbb982be383db64e9840adff23326169b758a4a05010b5cbd41079dfefb7a39e6ce312d9516e9f5eec9f4ad39636c70586afadd4239 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9a53013a5eb9d50401ace795916c9ac1 |
| SHA1 | 4055f256b86a66660d1e06056421feb7a6e742e9 |
| SHA256 | 537d5195bf9719452ed7a4ddf2eb12c74df59ba77886a4e871bd0265e66725c4 |
| SHA512 | 13b2f50d662ddc31b2ed339d3036fd1929300e7b36226d06ae9bd856b800b6952c03a2c8026eff27fb212bfbc2bc725655cfa4d788cb75e857693bf22faf4e4b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | aac2d9780b5ca0864c8945c7f7a9e87c |
| SHA1 | 8674f1bb0ff827de0f60760da0438a0b7bda506f |
| SHA256 | 0b78024e0f22eba58d80af32e21ccd634f6c474ff8e78fb31528f58739708ca3 |
| SHA512 | 45a0b08e2680c345fdefffd502e127a29789c09f5e71c2afc57b19576ba2f306f704e086af5971850a2548e45e6d86ae2e8851faf877fdd8c0cbe00528f396fd |