Malware Analysis Report

2025-04-03 14:22

Sample ID 241210-2w5f4atlds
Target deda139f91498e36ccd8297dc46b3697_JaffaCakes118
SHA256 85daafd7d7ac9261894a50b0a9961950640fa48a71158b9be4bd314828c9119e
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

85daafd7d7ac9261894a50b0a9961950640fa48a71158b9be4bd314828c9119e

Threat Level: Known bad

The file deda139f91498e36ccd8297dc46b3697_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Socgholish family

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-10 22:56

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-10 22:56

Reported

2024-12-10 22:59

Platform

win7-20240903-en

Max time kernel

129s

Max time network

145s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\deda139f91498e36ccd8297dc46b3697_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Socgholish family

socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10703" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60838fe5564bdb01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000039eac62c27fa574381ab9adabcbddd8800000000020000000000106600000001000020000000774fe82742bafb69e8481a3fa5f817cb6fcb3db9f98c4744850c602958ab4de5000000000e80000000020000200000007d83544260a2da06fe87063e8b8d2e7deac17d95f276c5554659d83d170e33709000000062a2b27fbea7631eedcc3f1e00f772d2cc292aa4d147cbcfffe1374ffad0af2afc31c231d35043d06d60c9f9a8c7e00ff9407ac92429c1375e8eceab51cf1722b56097e87e759a1f76cbb3ff20d7dfbb2fe7adc1940b5540c813973693e9c773ed04f9b407f7520ee659eb7eaf148042838196604f67dfe8a00699b5b108ef7d16fa7439f73373baf829919beb1108bb40000000590f6d3ff1f67dca47706a70b35677e6bc1c0aef631c8f8aee71b2d58409bd4357d072e67f212cb6a0a0407734d1a666bee58f1c86d0d9a19d2ffd1c63910a62 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000039eac62c27fa574381ab9adabcbddd88000000000200000000001066000000010000200000004415e1aaf9b745405ed059de452825a6e7c14b37e4b3798e2314c15d6848f87b000000000e8000000002000020000000e37bc3952af35594668ac4b751690f49cb5a069385e3d7b1ad48691c56e6296120000000ad3eb948c291c442bcb2cf566878d01c20d367908c82bf671f3fec4ffb6382b440000000926a9592d14d7e37f0cc432f5a7eae9bc44178b98aa4d7a016d2a7d667d48d8e6376fcd46e58fa3d74b47d77d20f364c3718ab66a2449bf58906e09a8c6749da C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10703" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10703" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440033282" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0CD792A1-B74A-11EF-8F1B-EAF933E40231} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\deda139f91498e36ccd8297dc46b3697_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1600 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 www.xemngay.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 internetsupervision.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.baokim.vn udp
US 8.8.8.8:53 s7.addthis.com udp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
VN 103.131.74.28:80 www.xemngay.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
VN 103.131.74.28:80 www.xemngay.com tcp
GB 142.250.178.14:80 apis.google.com tcp
GB 142.250.178.14:80 apis.google.com tcp
GB 142.250.178.14:443 apis.google.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
US 12.171.94.43:80 internetsupervision.com tcp
US 12.171.94.43:80 internetsupervision.com tcp
VN 42.112.31.40:80 www.baokim.vn tcp
VN 42.112.31.40:80 www.baokim.vn tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 xemngay.com udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
VN 103.131.74.28:443 xemngay.com tcp
VN 103.131.74.28:443 xemngay.com tcp
GB 142.250.178.3:80 o.pki.goog tcp
VN 42.112.31.40:443 www.baokim.vn tcp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
US 8.8.8.8:53 static.mytour.vn udp
US 8.8.8.8:53 www.phongthuyviet.com.vn udp
US 12.171.94.43:80 internetsupervision.com tcp
US 12.171.94.43:80 internetsupervision.com tcp
VN 42.112.31.40:443 www.baokim.vn tcp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 platform.stumbleupon.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 embed.tawk.to udp
GB 142.250.178.14:443 www.youtube.com tcp
US 172.67.8.141:80 widgets.amung.us tcp
US 172.67.8.141:80 widgets.amung.us tcp
US 34.233.27.222:443 platform.stumbleupon.com tcp
US 34.233.27.222:443 platform.stumbleupon.com tcp
US 104.22.45.142:443 embed.tawk.to tcp
US 104.22.45.142:443 embed.tawk.to tcp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 173.194.69.84:443 accounts.google.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.200.3:443 ssl.gstatic.com tcp
GB 142.250.200.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 172.217.169.2:443 googleads.g.doubleclick.net tcp
GB 172.217.169.2:443 googleads.g.doubleclick.net tcp
GB 142.250.187.230:443 static.doubleclick.net tcp
GB 142.250.187.230:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
DE 18.154.68.212:80 ocsp.r2m02.amazontrust.com tcp
DE 18.154.68.212:80 ocsp.r2m02.amazontrust.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 104.22.45.142:443 embed.tawk.to tcp
US 104.22.45.142:443 embed.tawk.to tcp
US 104.22.45.142:443 embed.tawk.to tcp
US 104.22.45.142:443 embed.tawk.to tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 88.221.134.83:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 95.100.245.144:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
GB 172.217.169.2:443 googleads.g.doubleclick.net tcp
GB 172.217.169.2:443 googleads.g.doubleclick.net tcp
NL 173.194.69.84:443 accounts.google.com tcp
NL 173.194.69.84:443 accounts.google.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 58a16cf511e309ce5dd1eb21e31fe798
SHA1 b221e46f9179ad5d7c8896299affc104d79b1fbd
SHA256 b5388f304f72f49a83fae081d0dc701dfff9db743cce0d2af1471d70b5476e1d
SHA512 df0f8c4b1e8a87566ca94714c375c0ff6a6e1d6adf6844fe54f01d257ca88bafa66a9241a22f57ef2376e3be085663f3a76ae7b5352bda9e5ac34769e20c005e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 77c695728fbeda1f86423ae71b24f5d7
SHA1 17959c3b9fead166eea8fe9c218d36c0765b9ae1
SHA256 9029b85d52b6514575383210b238513ad875a83c07ae32555970656c6e798fec
SHA512 2bf92f7cf823094590e3526e5c7220c7df3efffe9c97223478986e43b8fc7286fe456be1cab28c8257545bbc69cac0f5d2ebd7828fbe3ae5c91e21d63e932a6c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8

MD5 3f5df17b69e5bf02cd2a7650c22314d3
SHA1 a374194658b72469d16e95a09fe809cd173827e6
SHA256 b0b366b6edc4b7df386192e30fff001f06bea413c64252722784de5220c49960
SHA512 4e6ea0b5592b7cb27ebfbd7530143a9aeb63439bd46ada1e6eafdce86f274f8603e62069af7494e3f75a795b61b9b07919305ced04f4bd779507881cd8d7f4b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8

MD5 75de656defd632840ee6280b13d5ed66
SHA1 7d5df0a1f158fbdf43a19e767707acc86466b367
SHA256 05984f0b5fc82e4ae6ec1f40cc3085d7258959abd51f707b1ff340086dd7d6ce
SHA512 bc2aba609ac0a4a774bdb071fa3814a0ebfa364399fbabb352c26e09b40c05782c769f01c46ab354a6db11960d7137bbb5e69d100401b0e6668ee237e6812f1b

C:\Users\Admin\AppData\Local\Temp\CabF2F6.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_1866E19A9EA470E8F26D259D51C89BDC

MD5 5642e1e56bd131a86fc4ad3eaf7e8345
SHA1 6b915c8ddfc1c5c9ae1b8cc6cca223d062927c28
SHA256 b50c68b8157bc1f0f19e81a99cafb2222f02423794f8cffb022ef594b28b1f39
SHA512 57b63900a935eca0cffd294c41954776cf252aaf3f0036d6ee38ff928fda45c2926010af9dfe7674540414caa1d2e809da80a08e5bd9bb1238e69f2e67e952f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2207b7066a1cb3cdf09a5e9b05979732
SHA1 a1f2eb6b1a82a3b17495734ec5095afce8d7b2b7
SHA256 496418cb6bffc4728283a9b7400fa91dca52f08e6ca44e9d30274ac18c5c99b0
SHA512 4e4f3493b7bc0e3d15b0fda5bb4376534ed89bf888c33551e80f72c87ab4cf2d5a537bfd158a74ef0cf8ae72061e4d247ad59e4c6510533581b1bd1761afa5c4

C:\Users\Admin\AppData\Local\Temp\TarF607.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7CNUR30T\plusone[1].js

MD5 2693cd35d818b48f4cd562c6abe0db29
SHA1 131c844eb658219966c722b60cc12c8a542ebe06
SHA256 911fa262008c6ef2bcf8448ad83a5aa8129c39355b98d957f5c7dde2babf9b7c
SHA512 4f692bd49811addfe89d14b156fed6513f04ec4be2629086a8b66ddcd6e7b8b7df149fa017173824c30f7492c2320a3d7b9c0344d5e1f7074742558125654f1f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f49819378b321dbf73d0ebc80197dd27
SHA1 db0ddfd44c9976c148e3badde48d7ef59f0a1cb4
SHA256 3510f20635df5a0c21ceceaf7f3847ce306aeac7480c9c766c58429814e4d537
SHA512 29b76a3c5797c52c808cccc480ea4a67f8c4aeebcd4cd7a29709efb5e83190c6d0f39d8fe4e8668e3b46ff339045618a2165221ffda643aefddebc9667eecd03

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 49a8571acff5f381537f67fe90967de6
SHA1 fbc40b69721fbea459e9cf2a5f9efa996bfff1b4
SHA256 dfc633ac85d6fd583971650635c01b1ce8714ce864851069f5c7bf92cff25226
SHA512 307577f7f0174aa57b2472a7acc2b0838e32f92740a46a0ce0c1d4d84ad676aeb6757f972f5bc9cfde3e3b3e3a9e7af6e6a9c289211470d0705fc786e0621090

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df3a0865cb0d8b5edec36fa7ff19fd9f
SHA1 4a01553e18680a830d83955e800c9a0236f141dd
SHA256 3f66b60db3c4707a660e909baac31ef00393b3b21a04db74fc42bbf6209fb663
SHA512 0e6320f16832932462a0205d7c6a05143feadaca602f1bc454881f1e554b672ac88390c6f1a907926e4d94a0ec43669126db344365ca81a78c9607fc370ac070

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 407d8e145fc2c6a28f4532c5f6a189f0
SHA1 c9eba993239e6df15ed235c0754946ab4b126e46
SHA256 56bf46d6e439cd69daf643da90cd3e0f80fc38ac934a3885c18a8a3026099f49
SHA512 c9a59e39d9a28dcb67c0b0cacd4d523c41e2d51d8ad8230501f21400b902cae321c118dcdfe41c027daceeb29f8f907b21ede2b7553203473732caab8492513a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d25f0f9612822247a964d9e263ae55da
SHA1 de76286feca41f4ca278d56377378dd0bd68dd0e
SHA256 a7b90ca06c8e6882bba78689758251630308870ec8d1aa7d677d32282266dc92
SHA512 5b7107ca279d781e77078681b60856b1dc473794a1777cfc997e0fc86b0bdfe931163f630d4221c846ec59173c7a168536c5a477e1be70c8f3f7dcbd970defbf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 f45976a35363badb0d744a0c4063028f
SHA1 36662ce19d6823b3ef48b3787ec66173e26147ff
SHA256 97aa0dba40e6c56f9daddd2b099b2a04ea9d04373f3729772925a6ad239f954e
SHA512 f45bf212bfe582b397339590c42bfd50e1662578b51c08558d98d3a9078f55cec546ac234f521c3687a2112bc45c62c8a5e7b7656032386d5d42891ac597d01a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 91f5711fe5cba273a76e0ebe5fdb35d1
SHA1 2903ecd6733f1f54559bc33510cd4904a85ecc51
SHA256 6b99e9ac8770ac803fab75315bac18205b9ba7badb5a6f6d538bbc845dc98ece
SHA512 20d9a5217e8899d3b923d5e8cb592aba59eb179a4b2fa7173ec757232162ed55ce3b2eec847c0f11fab91f9529ad969c890993bfe54148843bf034edde0b7fbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_8DDCD35A24056C64C2C0E96C78DE15C1

MD5 de89f1d5009bb251883460bd98417efe
SHA1 7ee7e3099af92e0a01918b252f7e4b1b57d2976a
SHA256 9f94a0b00906be19810d02221d7c9d7bcbabc1834db055ed58c0a09455b3df70
SHA512 a560d4e1f2a3ff95db700ca8c0c096825e5fe6c087bccd9c66c479d228cdf77d1f0501e1ba6628646bd446b09242714f5879457562fad1b4322983c21bade1f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09a46eac8187a03cfa1ce976b1d93dfe
SHA1 9332cf1b673ddf66b75fd31f6bbebbe36336a354
SHA256 ddab57e394112aeceb081dd42214276fe714383d8b76126c4b4abdaa36b5751f
SHA512 b09d8f59b4075dccc182184e3b84098c3ecacfd559ddf39169235e524119e3e5f7db0afd8e5eb5a93828278a9f7f43da628f0430a8268b0d8d9484cf80a22645

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MKR7FPFC\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f859d08eaa52aa613bac2218c4d2134b
SHA1 4e77872f72afdcd9e06f166c6b1cf1f6aa652dd4
SHA256 7d90187982d39c8efd63d422b1980b266ea85e39e428da16e09e495ce0c1cfd3
SHA512 3a6e3799b76c11edffa32afd8ad76f4282216a78c934254b469675a2b5b394c7edbdea9cdcd7b8432e69aa2cd28735b63aa939be27e6ba7915ca16139765722a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MKR7FPFC\www.youtube[1].xml

MD5 817f3f7f69901e78d30e2c19a0e761f8
SHA1 833cc5959470eecc3b7e7a6692a59ed4487fbf21
SHA256 1226248d8dc75746124133e6eb8e5cfdc880925ab764d7fe73d7debc686eaccb
SHA512 bfa0f1f7f18a8fce0f44be04db190300ff89c7a8b6b6dd05e8004c74e7f28c88988624620a83a32827d24f499b168f33ed37cae72bd91a7880b7682e7945d21e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7CNUR30T\cb=gapi[1].js

MD5 84e3d54be3ffd25a24bf3a514490b86c
SHA1 490f4a059114c7704703a7c67d193083f551ea1a
SHA256 dbae2441d55a51b1d10c5591a2ab27141b3aebff8e75816a3a4b107fcde4b6f5
SHA512 718ddb866adab289ea6ed942b18ee9d74c185d5739c642340b6ee827265e3fce63b768021aa182a8fd540b4a1f82f555dc9e668c4cd187566fe19336bc3464e5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MKR7FPFC\www.youtube[1].xml

MD5 8605201c47a2724763331cdf7fe5cc9f
SHA1 d54219dd64a860bb0f60a8eaeabda9e0fb76a499
SHA256 03232f50003da37159f6762cef0962dd68c8010c0c0dd4639add211e5d52ac4b
SHA512 5a89398c6cac1f10e1d0ed3f4d508687bbb09e352fda7bc5de5d3d6287d868939a6c3f7f69614c28fe82993a237e9a1239d8d517883d20bd398dc086c51c40d0

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MKR7FPFC\www.youtube[1].xml

MD5 9e96260b2b086e09046d5140eeb56fb8
SHA1 9e232abc66d3ba99f9e5447227279e7c586a7557
SHA256 ea4510eaf8351178930a05779fbd69d134c396e6b153d0cf5a515260bc95aa84
SHA512 9a2bd5793ddecdf25478e666c7fabb473b9d2be1e9d272c4b9f1a14dfa857e68d5cd6a92f36b80c3d04f21dc969a54e5019656c25ed7fd5daff4a0a8c53fee7e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MKR7FPFC\www.youtube[1].xml

MD5 1416a0d309a8d3296af516ffc1dba0e9
SHA1 5fa806ea5a7f6960201e5f844568935435fcc7d9
SHA256 6b27fe3e0215b3e95137c9a4ebe5607fea0fcd0c885a156059dd4899dae0b55c
SHA512 d0f0f2f7ed1e9eab87c6184434b5e6ed5924cbd135460596062024e8cf91e4cdb5fc9827a10ccf14dc2319413ac27f6ee59cbf47752d54b0f59b077aed29236b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MKR7FPFC\www.youtube[1].xml

MD5 77b832944c9a63c10e19549ab6d6dc2f
SHA1 c54c717ee4be4f2313223042123f651cee726f44
SHA256 e5a678a2e284fb234ec85a9cb7756e09cc667e16c74b0a083590403cd0786423
SHA512 7f24ded09a2dd1010ed489ddc682ec90bdf39dbfc51672e0f84c0b7b82c61c7aabffc1a1f7656839b7fbe3040575da8b5a3bd28cc66f9b492cdb1e31b35c61aa

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MKR7FPFC\www.youtube[1].xml

MD5 13b627a44aa808cb70c540fea3c86971
SHA1 7c07501f380e5c52e89f1d134920554b24e3a980
SHA256 d0a86df2912a8ec79652ec90483a0527c4b8491ec719d5a689a833038b534297
SHA512 2a601cb66f2704aebb2a59874ce467ae84434238d1f950214af930d0a308e9a4ec940881c57abe4883789b078c2ef6b7d68f0d74364111d65e76b07421e0c7af

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MKR7FPFC\www.youtube[1].xml

MD5 a60c90925b6d58848143e2ee28d4f7b0
SHA1 b8977b92e2f8c7fa6352f6e47b9a5f12de141418
SHA256 d2f22700755ae168ac42e972e81dbc5256c97833e8af62b8f4029c0fdd61ca80
SHA512 5b6081d373f84a6b234c7eecf10a6144ffa34843a5295004044abc79a48f8bf7ee769943f9d502e1905c8eaebc1972cadc31863fa695810ce6d7fdb9b2dfea85

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MKR7FPFC\www.youtube[1].xml

MD5 f49328a7dc1607f878e6eabc86d22edc
SHA1 a82025c58dd66abb30ad414d39bdf9b815dc437a
SHA256 224564e86c8bf2229814b8c7ea03e3f2d109ceb49079690f8168023945c56092
SHA512 2fa1bbf12a915ef1899b7b0efceec92d3dad853e00e9a526602d409e25f980f5fe2a1a166bbfa359ed0020b855835e1b852626ce717476bd858039b54b5460fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f38252b53724b4a21afb468679da5e26
SHA1 c807d36b0a6fe0365f533bc4775cbcab35b6ad10
SHA256 a16d7c7a7325b752065cf8fa5cae82c227a44982d445cf6a8c5419fb83e662d4
SHA512 3b66211509c752f3bd606edbcd37b26288e24c847b70a9c57ae7603005d45dfc4e6546b6f9dc58fe228ab3ef7479d333af175bb14f7fafa734fe09ebaedd7527

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a9f77042d151db2edd7933f532f90b34
SHA1 03e8f3f377a986f5d97c1dc91705d96015991275
SHA256 bd5559281a1f98ba65f823a9b40698466e19f3355cc0f0e923d1157ba3becc20
SHA512 a8c582ab8cdbe33267f607348c501e2082f55a80cb11b6dfd906c928158305c90eea2fc3480c567e042bd5c847a8ea4e87a35e65c4224df1af26ffebe4a855f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1a6109c838237a9a74d1bd9a3f2684df
SHA1 c49a919a1eb6f842d5b8e24ef168ee8d05b76074
SHA256 56075138c2788014dfce331799cfac9cf5b3f14a86ca02158a214ba1d1294679
SHA512 0ac37c5ebb388c6f6c7d852eba97e9f1c5d95930ebe9d315d85a08e098ecd30a6581f44d9ecde608df1a17f9796080986da8ebd7a83c75e3b0f2c744db9bd9d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b3576a91285fc72198ed1371c59d188b
SHA1 29c9dd30c08ab60ff3411b4283eede1e4b2db8a7
SHA256 e4e4702a2decf73238663a5275a9dac88ae398e86c25b0d21834c838e5e5f42d
SHA512 606a9e8c5c578f385fad63763b4a06cf0790cdd74176f44cdf58394d303d2f3402b5ff5448cc7c54efa682ca78e742badd58d6e017b675ac310d39822eca6105

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ed0a0a26b46a70f4faf5d4d501ab2d29
SHA1 80f2033e20d1034dec443aef0d28b463ab902012
SHA256 e5c634f28a7cb2ff471211cdb0ca989895a3e235fc70e35a33f2c89828037777
SHA512 598bca7051b401fc1defd47f0e57dfc5155e61c92744be7a6ac3d97b8cb3ecd7c8f4b6c3c475bbd19d44a32de96527988a9fd7e914be1fbd54b6356d5bbe9731

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b2b464b37362f15aa9919e46d957ea9
SHA1 f3d3034059423b0cacf11923919c880e1bffc7d4
SHA256 bff593398991217e3120a0b476c2f6ccac476ec59ecc4e7ef0e8662354207e22
SHA512 0f28ae547a183983a0d53fcf088e480eca6006ecde7bb1b231fb29afb2a1bb2ce541da091e04fe0a69772d89c919abb62de1d177684ea7e569fe14a55cafa1ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 20f6501eb3e0c9a5267955670319fe75
SHA1 a48d5f9dc82a26bd7f429725f1757db7a77c59b1
SHA256 b9a62b8f89b0a63da89885f53bb8796043ad7e7099b46fda3c0783bc072ee1b2
SHA512 b234e69bb41c34e53cedd48031252c3983c117e487ad9c8a1f2040106bedef644dce7cc41c8e5fb7a017f4ae44ca214023510a05b5432b1013b749ad35cd2aaf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 30529acc917620dcfec61ee7b09f0ff0
SHA1 bd61c7e486bf868927824799248aabd8bbdece0c
SHA256 e654f8565622e54a7c7bdaf3e5f2ed95b85d613c74c4e1151cc19e47d6966eaa
SHA512 e79d59038897f1ffb9c7f9b8c0d3815b83cda056eae44abbf8426819c1e9ee80b7783f0424e43c1d1f80c5e523b3e56edbd673c0d2c5c7d10adf49dde49c9fa8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa317286989b5a9caa59fcde8baa6ece
SHA1 56791ca682c7c650b756853ee557129a68e7dd8d
SHA256 9d94e882f101232adbf70264ce9c592089e930ab8b569560a4fb021431c1c03e
SHA512 0ca2e75596b1fa8f7ceaa96ffbd63d284fe5b5db4bdcab9064ed6705ae2ce6983ca92cc9596503b2d42b729f35df34f233e0d9a7ba136c370734cf7f46e67a17

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b45196b5247c2d039818e50e17900eb
SHA1 2956c028686725c539abf32ac8e62780c72b9f4f
SHA256 f7f86b1ef7676e43682813ef599765e157c64177cbdcd372e68312503cce92e0
SHA512 4ef679d80a6afbc60df3d6338d8b240724fbf56b5cd0eec322e57ad1409252c1ec0560f18f7cd47538282ad64fe4e5b6217c21ec168adbb5fca49fd228250061

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 987867851add861e21e27a3066ad616b
SHA1 719db913be26918dda23862bc40a9947a2824e05
SHA256 54b2df3a662deab364e6fadc7189c2c2ba3249559b08eea071cc4d88b29d9f90
SHA512 bdf595b3cdb617589ec166f5e57da7a4680f4f2f280d2638035be0333c7d03320054213ddecf3d5a34687a79f68e063d0d7320e588059b7628d4cc7a1d567a3b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MKR7FPFC\www.youtube[1].xml

MD5 97aef8095320cafe0139bdaf748f5ca1
SHA1 c0b68d5212f343d09428a60c6d52e4d92b62eafb
SHA256 b5d44dbdd3dc04028139489586161c8200373da41060b11b66b2566c9ab9defb
SHA512 c030dd9d0248d3e7352ccafbd4f2b67a1f1c33140304c2b1e9697f755fd37f4032d728e21e45a3c3f67e74b3b807783bc3b394ffce93b6cc32ef3c5f2ef59721

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9898928dffe1947c37b37cbfc84748f0
SHA1 d506d6c46a03eb8c537f9d3a78b6a5a0c9ed2c71
SHA256 8d46026306f682597b8ba53aa29354909b4fe02531acf11b64e7705a12cffd35
SHA512 742506935686f21c36cb5801520f0440375cba27397b14d41f90ecc8df199ad67453e2caf5bcf55893f7b9615d12780325aded2f824423703c3024fa1e61fb06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 4db9f3a36269f2202dcd1b6b2191a14c
SHA1 5d3e1d0fef9bf80d655e155fdc927edac8fafdf1
SHA256 d1f812aba0f6250a859428060164f8650ea89b5d95ade1956671c53f84067b4d
SHA512 96d2ab09f4350f1ea03aa0a9a098f3b3ae001b3be955374d8830f94182fa8358295133a25661c78e681af1e3b93a27750bc448ea2181fe6e9cb92e048cc902f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b4359b95e8f9b452066cd4fcc5026ed8
SHA1 d1b2ed191c94154e6830c627bda6c8389aaffafa
SHA256 1fd889a5a068fde2cd31f78c072da559a856cae3e82d9b8c90170b5a04b3cee9
SHA512 8aa5ddde7c88d991a935065888d743c7faa1aaa9d707643fba116e85083c5493d7e8d299d55dce9925ce863b8ca2732d35f31135190e984a52a23ce6226df53d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 31c51d3058439c789da30c332626045c
SHA1 5f156737c12410fbdeeb4f95d13386bbc2b1bf65
SHA256 bb703ff39874bf358ab770626b9fc2312928361c77199338cb4206956a2e6688
SHA512 8da728bf111b4443111df2982bd52db02356154ea68f03358c20c7e0453967762c9bc7d09dd10ff3c4107455a47dba79224f6ecea40ae4681de78bea8fed6ddd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c437a3ed1b45f0b401016c1c225da4c0
SHA1 4d0e5acac73ec0dd9cfff8a8f0a758940099626b
SHA256 f692ac9c32eaf06c23a0ffc8240e53c2177e11f593041a46f9e80b92180cd6d1
SHA512 83d3fe22c38ce0e02133b19e6a733b57b9c2ab7c304a8d138c314bb9844f93b27a5a82354af17665124da33f717889bb8e6e148d9b0fe1cba60dda2a5c9f6e79

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 73b2d0478ada0fffcde09c0fa8367472
SHA1 32ac6cab7fef2fa1741c8edea304905377856465
SHA256 eb95e2c5694a6a3a7caf1846d090af4c0a9bf8a8aefaa5ae1fa5d91973ba4463
SHA512 45ccc9a889b86364843a1669355b74b79dceea3a335e438da03bd8c40258ac2b318d2f8cd0be5483ec5d076d0393ce3a8712286c8669146e5dee775acacd24d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd59dfe2bb5dce25265a6b72ae36f97d
SHA1 6bea3a7d6b1387f65b35d7fa0d4b669870d8fabc
SHA256 caa0d164a5d6ec7f6ab3e27e30ccb036e540caeead218bba2d607215c89808a7
SHA512 f6a1a0073e81d3e7e104d9d4b066c617168db173146341b3503770d313c018fa32857984217f94df5e6d39c90437142950acb8b4ea6954f74f5470039976b8a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36a46816931f6c8bcb52524471edc28f
SHA1 d3614c147566be7f719bb50e1b0953249f3d776e
SHA256 94bd02b1b55c17127f302093a67f4b4687269729db2a413267f76dd5bce89037
SHA512 c0563d06ae7ecab94ad46cdfce71ecff3e5704bcadeb203a1e20d24d2c7dc1ab2b8c66aad2abe558294298d42c3a6ec5da1a9bbc3b53bdd1685f89d08df906d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 77ae51870cf8f88ded7f3a656efde142
SHA1 e2e3a8af18c70f465213835d0d04fdc4c74b6c34
SHA256 fdfdd64ac396788f83b7dcd972a565d1ef0cdff0c4d1ecb477a62c334c71f22b
SHA512 2071dc3537794b49c7892591582efb1c2e4e5de898661f685062768181fd1ee1c18944dd25e116d316e88e60002bddaa6c020b6ccc522b76dd0da7ff85a7b7f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3140e336688033762751efe040d65bf7
SHA1 c92399856e6675b8e8a098cce8e7e61c17777e2a
SHA256 88f16bbef05beaa78f1e6986e7db1a3f8cc8e994ccdb3c8db71cdd6299bb2742
SHA512 8f6f29e78d9727f500d829c04b26d12218420040747366511d2be0c3851aa7cb32e1809aea1a462742e79907e1594970dddf656d4d190b50edbd1410d50411d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4fa55d19810b01402f77ce451a5b417b
SHA1 6bf1c8d081d61448b8f9964720fda6b641dd459d
SHA256 e93b7f65cc1420e1ae7014e11a3079ddb517ad6e5853d5b92c7926834c227356
SHA512 ca63e457a241edfa0317fa0e624bb8c78a801e3dc39d24758ffecc54c02ed429675be810a5332a37e9f45fea2d91db71425fc4ac5a137c83141e79cf684c7912

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aaf6deb7abe9093c3b783a8093b488d0
SHA1 d2e4444e36fa1c89b7695616e9064d1107719fb0
SHA256 fd06bd46a347685d3d869e150e51566bf6d7cf9461e82fd753ab0ba2bcf0218a
SHA512 b1ed58ded9a5d09466bc6356c639239cbcacbfd1cabf669b831e88a1b12906921704f7632384adac168224035bb4f56f38af4361edec0cfc757327e5a8ab626f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOYL2MRI\2254111616-postmessagerelay[1].js

MD5 c264799bac4a96a4cd63eb09f0476a74
SHA1 d8a1077bf625dac9611a37bfb4e6c0cd07978f4c
SHA256 17dce4003e6a3d958bb8307bffa9c195694881f549943a7bdb2769b082f9326d
SHA512 6acd83dfd3db93f1f999d524b8828b64c8c0731567c3c0b8a77c6ddcf03d0e74ee20d23171e6ceac0c9f099dce03f8e5d68e78c374da2c055973f6ac2db4e4f9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M4TQDAHL\rpc_shindig_random[1].js

MD5 45cbe9a36a384fe9273d25ef64ef8691
SHA1 325026cc1cb9022ccd8c9c2089597251419201cf
SHA256 d9959cd6fb35fa6a7aef91a5bb9bb5358e7f91271d84130de6d06910076c5c5c
SHA512 0a70b1b12658418caf529a01ddc4d7fd6c59276c4658028ce2b5f7dcea64ef91f353fce7e67349c8534b68fc53c0ff23c36a7260337dcd307b836e55bec43dc6

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-10 22:56

Reported

2024-12-10 22:59

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\deda139f91498e36ccd8297dc46b3697_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2376 wrote to memory of 5048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 5048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2376 wrote to memory of 852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\deda139f91498e36ccd8297dc46b3697_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa333046f8,0x7ffa33304708,0x7ffa33304718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,13328240336304664735,1079510075766759116,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,13328240336304664735,1079510075766759116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,13328240336304664735,1079510075766759116,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13328240336304664735,1079510075766759116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13328240336304664735,1079510075766759116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13328240336304664735,1079510075766759116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13328240336304664735,1079510075766759116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13328240336304664735,1079510075766759116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,13328240336304664735,1079510075766759116,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6000 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13328240336304664735,1079510075766759116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13328240336304664735,1079510075766759116,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,13328240336304664735,1079510075766759116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,13328240336304664735,1079510075766759116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13328240336304664735,1079510075766759116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13328240336304664735,1079510075766759116,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 142.250.179.233:443 www.blogger.com tcp
GB 142.250.178.14:80 apis.google.com tcp
GB 142.250.179.234:443 ajax.googleapis.com tcp
GB 142.250.187.194:445 pagead2.googlesyndication.com tcp
GB 142.250.178.14:443 apis.google.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
US 8.8.8.8:53 feedjit.com udp
GB 142.250.179.233:443 www.blogger.com udp
GB 216.58.204.74:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 www.xemngay.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 static.mytour.vn udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 142.250.179.233:443 resources.blogblog.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
VN 103.131.74.28:80 www.xemngay.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 internetsupervision.com udp
US 8.8.8.8:53 www.baokim.vn udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 www.phongthuyviet.com.vn udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 233.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
SG 118.139.179.30:80 www.linkwithin.com tcp
VN 103.131.74.28:80 www.xemngay.com tcp
VN 42.112.31.40:80 www.baokim.vn tcp
GB 142.250.178.14:443 apis.google.com udp
US 8.8.8.8:53 widgets.amung.us udp
US 104.22.75.171:80 widgets.amung.us tcp
US 12.171.94.43:80 internetsupervision.com tcp
US 12.171.94.43:80 internetsupervision.com tcp
VN 42.112.31.40:80 www.baokim.vn tcp
US 8.8.8.8:53 t.dtscout.com udp
US 141.101.120.10:443 t.dtscout.com tcp
US 8.8.8.8:53 xemngay.com udp
VN 103.131.74.28:443 xemngay.com tcp
VN 42.112.31.40:443 www.baokim.vn tcp
GB 142.250.187.194:139 pagead2.googlesyndication.com tcp
VN 103.131.74.28:443 xemngay.com tcp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 28.74.131.103.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 40.31.112.42.in-addr.arpa udp
US 8.8.8.8:53 171.75.22.104.in-addr.arpa udp
US 8.8.8.8:53 10.120.101.141.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 platform.stumbleupon.com udp
US 34.233.27.222:443 platform.stumbleupon.com tcp
US 8.8.8.8:53 developers.google.com udp
GB 142.250.200.33:445 lh3.googleusercontent.com tcp
GB 142.250.200.14:80 developers.google.com tcp
US 8.8.8.8:53 222.27.233.34.in-addr.arpa udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 142.250.200.33:139 lh3.googleusercontent.com tcp
US 8.8.8.8:53 7.4.157.108.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:445 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
DE 157.240.27.27:445 connect.facebook.net tcp
US 8.8.8.8:53 connect.facebook.net udp
DE 157.240.27.27:139 connect.facebook.net tcp
US 8.8.8.8:53 platform.twitter.com udp
GB 199.232.56.157:445 platform.twitter.com tcp
US 8.8.8.8:53 platform.twitter.com udp
GB 199.232.56.157:139 platform.twitter.com tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 embed.tawk.to udp
GB 142.250.178.14:443 www.youtube.com udp
US 172.67.15.14:443 embed.tawk.to tcp
US 8.8.8.8:53 whos.amung.us udp
US 172.67.8.141:445 whos.amung.us tcp
US 8.8.8.8:53 accounts.google.com udp
NL 173.194.69.84:443 accounts.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
US 8.8.8.8:53 14.15.67.172.in-addr.arpa udp
US 8.8.8.8:53 84.69.194.173.in-addr.arpa udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.200.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
GB 142.250.187.230:443 static.doubleclick.net tcp
GB 142.250.178.10:443 jnn-pa.googleapis.com tcp
GB 142.250.178.10:443 jnn-pa.googleapis.com udp
US 104.22.74.171:445 whos.amung.us tcp
US 104.22.75.171:445 whos.amung.us tcp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 246.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 230.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 whos.amung.us udp
GB 142.250.200.33:443 lh3.googleusercontent.com udp
GB 142.250.200.33:443 lh3.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 www.phongthuyviet.com.vn udp
GB 142.250.200.33:443 lh6.googleusercontent.com udp
GB 142.250.200.33:443 lh6.googleusercontent.com udp
US 8.8.8.8:53 va.tawk.to udp
US 104.22.44.142:443 va.tawk.to tcp
US 8.8.8.8:53 vsa63.tawk.to udp
US 172.67.15.14:443 vsa63.tawk.to tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 142.44.22.104.in-addr.arpa udp
US 8.8.8.8:53 vsa91.tawk.to udp
US 104.22.44.142:443 vsa91.tawk.to tcp
US 8.8.8.8:53 229.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 vsa110.tawk.to udp
US 104.22.44.142:443 vsa110.tawk.to tcp
US 104.22.44.142:443 vsa110.tawk.to tcp
US 104.22.44.142:443 vsa110.tawk.to tcp
GB 142.250.179.238:443 play.google.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d22073dea53e79d9b824f27ac5e9813e
SHA1 6d8a7281241248431a1571e6ddc55798b01fa961
SHA256 86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6
SHA512 97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

\??\pipe\LOCAL\crashpad_2376_FBPEQKWJQHQGYCGU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 bffcefacce25cd03f3d5c9446ddb903d
SHA1 8923f84aa86db316d2f5c122fe3874bbe26f3bab
SHA256 23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405
SHA512 761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 996c161793b9f9e9591a1d4ae669e977
SHA1 bbe645a2c0050235e2ad696120021876f6e66ab8
SHA256 687131e224ffd5343a98cec649f425f42766efc26c030cb81697a4a31e3a731d
SHA512 1ab76695096febcdf2a41f83822221f36ab0b84a98876c3850d4a259c5babec376d55cf285d6088435003bb64fb074947a2c19c957bd1f7fa347d31ada2a0bb8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 abc48fd7cd6c006eb9f9c5719748c9ec
SHA1 1bfee875209e5a39e65213bd25322becf223d1c3
SHA256 862e5db88bc456d003eeb9ecef6021b12a7313427596ba87eb4771020c658f93
SHA512 62d9cd90cef344841d5f5acde94583c36d8541bfb6a61e72b6152d2054770ca3e056d702dc01fe7889a136972a12ce92057d84b9e9082903504cce730ef64594

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\1ff3af06-d2e1-4fa2-863c-642d69fb4c56.tmp

MD5 02e55cd296f19ca811ca4351d65a38f9
SHA1 00e1deb9ddff5cc0453d330c923fd4f616753cdc
SHA256 cd632fdfc7b8e4a8ab8c3ccb8ad46d8c54d2659b6e99d9dd266731fccacb3a0d
SHA512 d4ef2c77ae6539091ee4301e0b9f16aa4fc2a5ab956db00321f305bdb39d01bc6e06ef352927d9cb58f1d47860c463af7af32be0d45fd2a0980261dd9e3f14c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 da5ed9d9ea45e6eff4f9d6c8ef250534
SHA1 80ace0f6cc87bf59556ca1732e5bd846313f827d
SHA256 cc4cc17c02f93606c4d5aaeba47cdac1329a1a81f5b181678ad4422f3af08795
SHA512 535d5ea132f1ee8be039ac2aafd356c43dce783d656db283f7d265f633ad52dd6e02bc645f48cfbdd2505627aa884418bfe55748c4eb378db383dedc3ead7e00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8aa633841f2f1c2c4dc0d6efb33edd0e
SHA1 73be06b29430b4aeb3d19c3093b2bc14068d5643
SHA256 8fad4e356b23e37da23e4e264ac1d944496cf232ee2c52bfcc42f04216ecfacd
SHA512 462652d12d4ac5ce1e8bdef3950863f22512e143d93b58638c7d34a706627e06af92bab27a2c7710e31a8daa35733ce44399a5e15915f8f6f54f8b08e9dc3889

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 801094e146fdc62de7aa831ce03bbc5b
SHA1 7a2f7b8119064184e4fbd31b4c251c0ec7c3c1f6
SHA256 34dd7bd1b38404bac47f800451a723da6ab18863e8faeecf5345f6294232a5f3
SHA512 d25d8ac6a0ebd840778959a94329551829c14f6553e95828826ccae72355ea3faf83c6bc780fae7a80ce93690fe806648fef09d449c5a8c2b9f781c15b356245

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58316b.TMP

MD5 545299a413ca98739bde59543ed1490b
SHA1 144f4a120604bf7121d9b66801ce5930d16def09
SHA256 8de75cf438702d6af88d59fd3208a8c445498a6f18059be3b0d34ebbf1ed998b
SHA512 c6c3731ed9700690c7c8f2826a4ff17e4bb07e56e8e3ef223c976243f35663618b6a7f67c1e683f5aec656f13549effafa8258b7ac38bc82b1d7152ed4b6296f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7c31b6c2005b577f6667678b26a5c7be
SHA1 74ecc216280c3eb83c7dc4946268dc62a7cbb52f
SHA256 e5002a9eed7c78e198ff8407559169c007fe211e1490125cfd3f080d6904d543
SHA512 3a850444c97dd4fccb028f449d2cb7c191ce6ba85ad6df93c913daf0b53c5467afd3eeaa7118c1b1aabb67f8caefe094e4eb17afbd0fec893e840c8897d41fe0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 4b3121a05808b99aa6e0cc12924f77db
SHA1 ee5805bb76c384d1e1667aea2976bd2f4f94c7cc
SHA256 e4fea32bac89d9ad34b13a25b0b4da1321920b2c6be2cabb75ff91bf6109152c
SHA512 9b83d55691b41d2a45a542d163c1b6a47208969720ec1fd15233f29ddcef2243e79895cfcb008767f91b3d1cf3a6288248e8b1ec50027eb96db04cde56cb2605

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b04d9b5084dbe166bbbbd477cb047c62
SHA1 334fd2cbdfed60320383402b480e025c3fdf41b1
SHA256 0112ba4d91df464a7789f46c80437e65ab831e6c24a45f2a580cf4597d791b76
SHA512 9680293385a8e1539b8d3870bbb20bc55c1f6329d1cbc55ee79ed85c448df8b2fa7ed6649a1efb3c1069f557cf6871fa86c9748e3504d621fb4bcb22a610b383

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 afb941b226f85971c686c4a9362405db
SHA1 fd7c00f902434b835d3c911153e0a9cd70f07d0a
SHA256 6cbbfd4bda59ffbe0fb0ffe923a5455791ac478021834150cba098d31a3ae67b
SHA512 79e8ca4c579295b9687a7bd3bdf4f17caf8837bc0dff9af0ac287a933dfdc72f70a24a93e8aaf761c30824de2bf4174bf9e2ce652cbbbb87cfed14361ca04d10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ae6552012044ffdab59d4a33e781a612
SHA1 4eb2c3927437719a879bdac394643a512c177dce
SHA256 61381f6e6a34621e3c89a6f608202233baff2af351d923495aef5814106a37d3
SHA512 6568c34bc73a492f8ed9d8b82073dfa5a51ac871ed8b887ff27fdbd7b010ed68277930571d1df44e15b302999c7b86d10b00f9569169d97491cd848f371b6576

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6b18987bf58700ffcc609073479abc19
SHA1 10eb4210fcd50779986a1476553081a35e9abc60
SHA256 e17a81fe48b4402e42c2d3c911dc0eea9a71c3704c02c35e6c049d248423dc57
SHA512 68f177bf46f401e5dae9fb6196440e2abb3d06f61c2bd3a27eca6f5725a0a717dad46e721edb4e026fd02ba693506b8f26543875790a60fb53f39f11fa984758