Malware Analysis Report

2025-04-03 14:25

Sample ID 241213-cd9knavlhw
Target e9563e098006b97d531a50d6e0006330_JaffaCakes118
SHA256 f4e634bac654446d7cd1be30896134ffeb8d539e52c539b3f0e8c4946ce55e14
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f4e634bac654446d7cd1be30896134ffeb8d539e52c539b3f0e8c4946ce55e14

Threat Level: Known bad

The file e9563e098006b97d531a50d6e0006330_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Socgholish family

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-13 01:58

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-13 01:58

Reported

2024-12-13 02:01

Platform

win7-20241010-en

Max time kernel

136s

Max time network

149s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e9563e098006b97d531a50d6e0006330_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Socgholish family

socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440217001" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10701" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CD51EF61-B8F5-11EF-82FE-DEA5300B7D45} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b1319000000000200000000001066000000010000200000006a1637f4bec34da033daa4545e6bc334e148e82ee979dc7e1af832ca5495f45d000000000e8000000002000020000000ca9b191313cb392acf5375f5e5e94cc5b7822b7801c67ca03a981f171ddcf289900000007dcc3551d67745dcdc4c4ff4b654d3d733cd61473e573d29a2168caf76805cf754f3bc305741723e22334c2aec9f021728c90225b830bda2fdbacf9cfaf47e2f2a6874b23ba096597dafd5eb6cf6d175189820a2a2d6f15516cc9f13418bd1179fd29594abfcccb21f1c8ef73df34825ef8ac12a6f58933146df9ed57c7701883b28cb64a99720c3a7deeac80ad8dfdf40000000794337c3a57a7592e0c889e898486b5c4c5a11432be4a47b4222391ffd81c543c5dc70589556ce7becc7ffd49c95df24e7301295ef5850814edead643732b9c3 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0453da9024ddb01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b13190000000002000000000010660000000100002000000005e400d28a47af22ab1154e43348cc7fbaae812ce4f1ea0c97f8de9607e39cc5000000000e8000000002000020000000951d996ddca9cdfa77e77189295c5c094df8cd80dc58afec1664ebadafe742cb2000000073f6597c0ad019b4e5cfaca721c8a0df92bbf1eb7188b239cf955ace549c9b434000000013713c2740e7511c9b2b7b4948830de6bdea2066bcb5e4882579f0f6ff159cc8c7b6c2cff08a8531b65e3c35c5e03813d272d078a01d56e6d158bde5b5a54bd9 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10701" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10701" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e9563e098006b97d531a50d6e0006330_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2736 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 internetsupervision.com udp
US 8.8.8.8:53 www.baokim.vn udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 www.xemngay.com udp
FR 142.250.75.234:443 ajax.googleapis.com tcp
FR 216.58.214.169:80 img2.blogblog.com tcp
FR 216.58.214.169:443 img2.blogblog.com tcp
FR 216.58.214.169:443 img2.blogblog.com tcp
FR 216.58.214.169:443 img2.blogblog.com tcp
FR 142.250.179.78:80 apis.google.com tcp
FR 142.250.179.78:80 apis.google.com tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 142.250.75.234:443 ajax.googleapis.com tcp
FR 216.58.214.169:80 img2.blogblog.com tcp
FR 216.58.214.169:443 img2.blogblog.com tcp
FR 216.58.214.169:443 img2.blogblog.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.214.169:443 img2.blogblog.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 142.250.201.170:80 fonts.googleapis.com tcp
FR 142.250.201.170:80 fonts.googleapis.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
VN 103.131.74.28:80 www.xemngay.com tcp
VN 103.131.74.28:80 www.xemngay.com tcp
US 12.171.94.43:80 internetsupervision.com tcp
US 12.171.94.43:80 internetsupervision.com tcp
VN 42.112.31.40:80 www.baokim.vn tcp
VN 42.112.31.40:80 www.baokim.vn tcp
US 8.8.8.8:53 xemngay.com udp
VN 103.131.74.28:443 xemngay.com tcp
VN 103.131.74.28:443 xemngay.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
VN 42.112.31.40:443 www.baokim.vn tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
FR 142.250.179.97:443 lh4.googleusercontent.com tcp
FR 142.250.179.97:443 lh4.googleusercontent.com tcp
FR 142.250.179.97:443 lh4.googleusercontent.com tcp
FR 142.250.179.97:443 lh4.googleusercontent.com tcp
FR 142.250.179.97:443 lh4.googleusercontent.com tcp
US 8.8.8.8:53 static.mytour.vn udp
US 12.171.94.43:80 internetsupervision.com tcp
US 8.8.8.8:53 www.phongthuyviet.com.vn udp
VN 42.112.31.40:443 www.baokim.vn tcp
US 8.8.8.8:53 widgets.amung.us udp
US 104.22.75.171:80 widgets.amung.us tcp
US 104.22.75.171:80 widgets.amung.us tcp
US 8.8.8.8:53 platform.stumbleupon.com udp
US 8.8.8.8:53 embed.tawk.to udp
US 34.233.27.222:443 platform.stumbleupon.com tcp
US 34.233.27.222:443 platform.stumbleupon.com tcp
FR 142.250.179.78:443 apis.google.com tcp
US 104.22.44.142:443 embed.tawk.to tcp
US 104.22.44.142:443 embed.tawk.to tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
FR 172.217.20.174:443 www.youtube.com tcp
FR 172.217.20.174:443 www.youtube.com tcp
GB 74.125.71.84:443 accounts.google.com tcp
GB 74.125.71.84:443 accounts.google.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
FR 142.250.179.99:443 ssl.gstatic.com tcp
FR 142.250.179.99:443 ssl.gstatic.com tcp
FR 172.217.20.174:443 www.youtube.com tcp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
FR 142.250.178.130:443 googleads.g.doubleclick.net tcp
FR 142.250.178.130:443 googleads.g.doubleclick.net tcp
FR 172.217.20.198:443 static.doubleclick.net tcp
FR 172.217.20.198:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
FR 142.250.75.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
NL 18.238.246.206:80 ocsp.r2m02.amazontrust.com tcp
NL 18.238.246.206:80 ocsp.r2m02.amazontrust.com tcp
US 104.22.44.142:443 embed.tawk.to tcp
US 104.22.44.142:443 embed.tawk.to tcp
US 104.22.44.142:443 embed.tawk.to tcp
US 104.22.44.142:443 embed.tawk.to tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
FR 142.250.179.97:443 lh6.googleusercontent.com tcp
FR 142.250.179.97:443 lh6.googleusercontent.com tcp
FR 142.250.179.97:443 lh6.googleusercontent.com tcp
FR 142.250.179.97:443 lh6.googleusercontent.com tcp
FR 142.250.179.97:443 lh6.googleusercontent.com tcp
US 8.8.8.8:53 www.microsoft.com udp
NL 23.200.189.225:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 74.125.71.84:443 accounts.google.com tcp
GB 74.125.71.84:443 accounts.google.com tcp
FR 142.250.178.130:443 googleads.g.doubleclick.net tcp
FR 142.250.178.130:443 googleads.g.doubleclick.net tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 2a4138dd60458fb6c2d7a17fc402cbc2
SHA1 3a2c68692b65302765cd593b7852c17ee1819b96
SHA256 9b141a980e2b427920a7f4dafacc0050d4cdaae902695b0b1d82ea1e92287f6c
SHA512 1c09584fd223c143293247f50e817271a769e248842cc555dc1ee5f5828cb1d3091a958abd04bcbe58d28d0cf6a2299ed334c65ebcdbfbf812636004219c5a2c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 e5956b333cb4b7de3aa29a4a4e76ddb5
SHA1 bcdf049220bc0d77ee4bcb98844513000695af5d
SHA256 7a7274c3da15a21a850f30b63ded2bd79f5d1b99ddbf1de4b7ac58c705f8764b
SHA512 2f120d340caa476bf73053c85d8776da8944fad3ff0f59dd283038ebdffd0a32a919314ce88d362b739033583b13076a696c833dd802a87a41b091eb6a8250ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 f70837ce6e17fdeff1ee990080ee0757
SHA1 5e52b740a26fb8b970ef6f8c728151fe9e9a2e2e
SHA256 a915d1bcf0e24fee4d7965c473d95625eb991a11022f3aabeee83177446ef1f1
SHA512 aedaf9cb34e733cae8ecb7145d60b5b4d9f6530d7cc6c481f63acc00c33fa0d8bc2d5c5a5810017a80ab72f1fb9a06d561ca95d82593827020b8475a741f1f99

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8

MD5 7f87c091e187bdbd0f20a353e4bc5270
SHA1 54a5e4f4e7eeb0567c9902630e21f22805d3c622
SHA256 a57b93e52e35bbbc36ab7ab4ab2241ff244b8ce5ddedd57b9f0667a7b002b086
SHA512 2178a9bca375c8c273f6fd74ae44e80c11392137e2f69943f1edf5b38bdd15f8f84b999c71b63b1aaf60358e0e9387f66a0da1580bdabc51f09086a6cbb9bf49

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8

MD5 a16e149a93948efbdded015c1327ab8d
SHA1 a9a3d6e9bc7d9e7a3c59a7265d935e0c3faf8fe1
SHA256 b896ccda2b412c79e881512b6de535e42e3d1b0b2d1ef6a14184822e81e8fedf
SHA512 432d64e75cb59ff55bb32ef56a1f3c7a7c5633183b106d33baf3fe810dc1b959b2b3b178bfd61aeb71aafeadf227e67c36ac072878e74d98b0152efeafc94a0c

C:\Users\Admin\AppData\Local\Temp\CabBA1B.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarBA20.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 acffc9eb9f2cec0b90ca1e7b2c30f555
SHA1 9389e69570e5a38e9b513455198ba8dd133e18c3
SHA256 7c051a65242e3c44db07cf3fc761860b4cc4d280763b7e31f7aff0a042fe764e
SHA512 54387b3ffd67c06dae6c786e857e9f02fe5ec7e440ffef00a00c57d0ee9a52eef19de4fe82ef42b42d4349e2c8385218da01582791dfc652421954cc33017721

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_1866E19A9EA470E8F26D259D51C89BDC

MD5 d2ab8dd9a5f8817719175cfac04122af
SHA1 e8eb5171c4c91ce2d8945af5b978bccf807a226c
SHA256 fba97cb9642cac32b2f3aaa6050309cdb23df482c601eb1d8252ca1e3130329d
SHA512 c90285108b2c8009123579900c41541b610279ed296948e2096bdc455b273bb92c766860c133f03b1d0ad864d9716f3271c269e7d231ef539c2f340192d06473

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 99d2eead43b21f14801ee3c2bcc35751
SHA1 c7df3e5f0b22ac617ded6cb1ad2ec14c4df31abc
SHA256 4f27f39b5a06d9621970da0f0dcf582fc72f271724e320aaa3828a55f588b956
SHA512 2173438b673daca85f0649bd08ab1192184680fa1111995415820fd234b6fd11067f346d995998f1da95c9d4a4826789cc67a989cf58e9c8476c68eb1aab746c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3fc68e41c7bf316d0c9c203cba3ba572
SHA1 fa6c9c2f61f19d7689d1fdf441f2ad8a070c22d8
SHA256 bea6e5680b78cfdc870011dd3527b5b71f912054875033ba063c30bed9e68f32
SHA512 658f90c87fbe211e94ed2170daa89e01cb9bd80d73f7e90cd590ac60dbeedb7b09d855fc70660e47d4564eae74b92d4b3d42c58fd8fad04a782699f821c16607

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT668XG4\plusone[1].js

MD5 2693cd35d818b48f4cd562c6abe0db29
SHA1 131c844eb658219966c722b60cc12c8a542ebe06
SHA256 911fa262008c6ef2bcf8448ad83a5aa8129c39355b98d957f5c7dde2babf9b7c
SHA512 4f692bd49811addfe89d14b156fed6513f04ec4be2629086a8b66ddcd6e7b8b7df149fa017173824c30f7492c2320a3d7b9c0344d5e1f7074742558125654f1f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 50a7dbc16449746638f4ac09cb8273e7
SHA1 4a5e23f5e6c9217757b34ef5de89f4781de9c5fe
SHA256 040eef1673c0bd5d1df964ecbb7d56ce0d76ea1192d2ec519d026f60673a57e6
SHA512 43fd3cb3e3cbbfc06ae515ca4b64d6a191bf41426cc87ac422f81cd8a76238448d4ccf40025039d58afe6de577ef8ea677e1182559a6e2a627392dd1f71333af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 312c3f795cc51657583a1d53ec1b7f02
SHA1 595020f04542e9adb7cb82efbe6f12fa951c3f46
SHA256 3db15a9e5f9f812b5e55edc4896dca5f730d88bedab781532d53f688ec0065f7
SHA512 62ca9dbe3793eb151e36f4745c836e2e1927b79992bc2a32286e6c5fa7b53d921d21970c2250e2d10b8d5a73f5afb566b67fb4d79433dad59adfdd026779b597

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f7fe7331d66b669fefed1b8e551352b
SHA1 12d148bed2c49b6a29b0e0d9b32f4f710cd9fc3e
SHA256 7d7fc450f0507e10502098c743fa4d87dd90bcc14395aae5692b0353ce371f03
SHA512 2236303ef4bcba217f01461beefd95274921a8fd7a06a47a562480d3d3bbbaeec1f83d1c19181c343f03c9df22b277f60bc035a55b9bdd9441f4695c33d3ce01

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 6bae1bb4f900a3697937414d7617969f
SHA1 4c0e650edbc1ec90ecf0d22707423210ea1af8fe
SHA256 6efc7c90f9d63d58e7614721404ddfbcafc57fb63783c7fe8d017e8d47f1ce20
SHA512 cc28e6f7336b52c59e4e6b617e9645f24acdea8c32e6ae58f1452cb84d5927b83d125077b90d857cfad7d8f1cb0149a4166ebfc55c29cd58e4c227c336833c3d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LT1ZC4JF\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f2339b0ad59bf781ab4c8e2ee2373120
SHA1 3ac113a24eecfb1bceae55741f3c13bb7b430393
SHA256 b8d2626f27fc1b6b070e66c4b101dbe7f3bd5f7d3c31f2fadf22799acb689fc6
SHA512 af4a6e4b71836d3fc58dc4a1727353d8bef766e199661d51a2ca20d65468797b066196efb1b1e40d3097e16653a8fb325485cf9d4874169622ab3271a9852b54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5ceea2dacbbec3949f7868691785be84
SHA1 3214b3bf337f259b749d6a2af91775034dccefe3
SHA256 4bc066bba395a248faef2dfe682b5b5e0da59dc555c10a9fe0c160d85663a19b
SHA512 9d4a127f44aab5e43f714e8f55d8ec13ff581415f161c26ccde293b38340684b4db3ea2e3cb5b19b144dbe428124911d2899a6105d1210737d3362bf024acbc8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a57ddcd6e30ace71aa5ade4e80ef1cd6
SHA1 b7f3365c4616846bab61bb34cbf0cc644e8eca25
SHA256 d9d24fbf5cdfd8a25c2428c92c2a137363cde33afff4fe9db9322b2d0d25a300
SHA512 bceeb34d4c20dc85ef658a5ecec787b4b1af708117a60a05b88c0d24336756bafcb8ed5ada9f463ab62ac60bacc2f9dcc32250bb677bccdb62841dce8ceb2a10

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LT1ZC4JF\www.youtube[1].xml

MD5 ea93813f68936b446516095386bab47b
SHA1 940a2ea56f42df60a6535b40eaadf3f8bde6e831
SHA256 f8ab7d391ca6a9dd9cecbbd422d69b431eba6c83b16a1fa9f592b9371acc0993
SHA512 4c4eb1c8c5036700d164c62b39091e877399d089e489822e07905b653cc248799e359374558f4d79973ed6c3f057c2159aa786384f8a481669e177fd80d3f86b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8P9TO0C6\cb=gapi[1].js

MD5 84e3d54be3ffd25a24bf3a514490b86c
SHA1 490f4a059114c7704703a7c67d193083f551ea1a
SHA256 dbae2441d55a51b1d10c5591a2ab27141b3aebff8e75816a3a4b107fcde4b6f5
SHA512 718ddb866adab289ea6ed942b18ee9d74c185d5739c642340b6ee827265e3fce63b768021aa182a8fd540b4a1f82f555dc9e668c4cd187566fe19336bc3464e5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LT1ZC4JF\www.youtube[1].xml

MD5 671850f2c939dea3c42bb491166a0839
SHA1 4ddf973d7009da95a0d18dffb7fa67846b7de993
SHA256 fbf07c407c9a3f780704f3b432ac329a46fa29ded32cbae34edf8f09485c69fc
SHA512 547713b489ec5fcf2577065607c134e8e66d058f79bbf80e9a704a1d971d2483da8673a004583e62b234e44e3dcfe317993aa3fdf4943177bfdaef72d29e0f7b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LT1ZC4JF\www.youtube[1].xml

MD5 6c79d2d26d75d3d3fcfeae7871fe67f1
SHA1 c6e0ae1c8a92a7e68c5d7d50133951ed50bea89a
SHA256 f495a2042fa2aea4438074317f4c3e56b2d096f2b28cbcdc8d2beb2741675aa2
SHA512 a6b7704552373e9440c04afec12088d5528df873bafc81e4e44c21c2a8079957c885a74d72105557c990f0681dc78714b72611af26ff9c428f18a6adb465a028

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LT1ZC4JF\www.youtube[1].xml

MD5 e8f51f5ce9e2ca2cf71d171428535d82
SHA1 4a031359099c302227214ba57193baf5f78f4d7d
SHA256 0cd335d77da012e654e7b538ef4054e1c763523ddb5a6b0255150b6ceedf120f
SHA512 428dc45b83d1d1816b7e2710c77607150f833d1724d98ffbe2a783067db789b7556fda6a9e99cab51497d8e69e7c943b1568f8d417f0abac46fc2bb8b8bc10cb

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LT1ZC4JF\www.youtube[1].xml

MD5 812cf8e6be205ad308517e095c3c173c
SHA1 979af5ba76cc6aed575b30048f12d7ea19ca8f2d
SHA256 3e7690bfe321c6dde798147b4adf1ceed501c825457a8fa243b4ab3a4d732ce5
SHA512 018bb01e24716c63ba8b9cb51aee7368f2715ab2ea17abcf400e885f1ef2b58b46d927a7dcb90402586d55d7cee18ee8fd0af25594285c2328e830e77b0a724a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LT1ZC4JF\www.youtube[1].xml

MD5 2295713968cc2c1a4baf5c3ec701b0af
SHA1 6fba5f8a639212ddf081396843bf7eaced94e62a
SHA256 72a9328be67ea53a2d32877a73b9a4b1e9a0a556fafbf33350d3b69427fcc446
SHA512 6a5ba15d0fe78cbd349670c08e68c9c4ac7665ec737bd892a2388abee18d10bae71caa4f5db7385c10bea66cddf7a213386253ee3a80c6073f1a14be5456b61f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LT1ZC4JF\www.youtube[1].xml

MD5 ae90eed4d801cc96226fee1c34c397d4
SHA1 3d0d70c17e1475ad9afbc2b4b4bb249a8d2350bb
SHA256 85f702deae08bb86cb0c6e91a554d3314512514dc36052f491aefd9b3aecab2b
SHA512 cb21db9125057c00bb4af1e72799e7b3afb4cfa02d50ceb195d726c76a163f790f32594f0d78c61a907f89540420d1b00fb7e2af685cd7ccbc807c911e005d4d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f85170c5abbd8f309def38709dda34c
SHA1 bd092542e980213461d8a840f946d11a1143b58f
SHA256 cd8ce2d55d2bb5674ac006bf6688e18226e9625dc1fa990f5e4988a26fb09a99
SHA512 0826f8f90135768b5dcd62852ae501e4acd2bd20c43063ca8ed94a638c76bd2a37113f6045671d014bd448922e6fcc9f3425fcb6dbd736bb637425de09f52f4c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d0d2ae83363ae12ee7225c71e0215b2a
SHA1 473eb76ca1c0da9dbcc280d6d4a061a20ee2a5c3
SHA256 305728093d663843a37e00f7d981f6273d54b33f65de3dc0db7e9a756d8758cf
SHA512 f5212ace03bf2c705ba1c2ae63330a46d9fb34ad8372c6dca07dce4ac1017e69e2084cdf593b383e117f1232368681f614bf1289abc4c494cabc289e209c26f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e587fa81d0fc1b9ce0b6f0dfa4e795b
SHA1 2a329a5390eaf2ae5e5ae50713268d86be9651f0
SHA256 64db68d062a3baed6597518fdc1398cbf7390905ea424a18d966cc88e5f5ced7
SHA512 c203a8f8a34c54a9bf970e05f44d54375e6a8961310306de4122398e732699d0739f14f0297782b53723add0b49a0d5c751880c8deb5cabe838e8fe0702dc2db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d4ac6984d47f1cc4e154085d861bf94c
SHA1 bf44f58742ffe19f6f2e201b5eae3f26a010a5e4
SHA256 0749c29caddd352b4a95fc523fcedf2f09a1e7108bbee6e1529afebf43c0f4d5
SHA512 8390be79c991b1a365e0b348378f7d9ea36dc37bdbe055e85eb74c90ce4f17701cfab76bd9b973ff3b5ec70c936cd862564bf681da265140c0b4136bcaa96ffe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f28d32a188afb31eaa9422b16ce935fc
SHA1 6db21527bfbccd14c02e416c7c7bd76b43ae5b2f
SHA256 6eb78c0d6f502b003547b54b988bdd75429fd47e817fc4d097f0a7900c94d445
SHA512 c5d18c188eaa920c29c5068b92eb815f00a8376792a760d612c07ca57d6c45a7598208985b05364d8643618d21d23981feaf2ddc427c3641a5fb1a0d01655605

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e80d28c2914c4e39c427c9227613c35f
SHA1 8327021b2d99a105fde0e591f08db99c8f4b295a
SHA256 d6eb701ef0bdffccd2bf3be64f50c7644412b2b61aab515d063b1331bff34340
SHA512 3195db242926c3e12619389fe10e4016d004e90ef7b687d2623aeb643bd95434e95a5a9a623a700c644619e23c704d2e390a5a4624107a0ffcdc417afcc7c79c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5afe1b2a217b4213a86fc914099c0a12
SHA1 cd39983f8907ed418fe435d7246b6731425f2b2f
SHA256 ce4fc23f18acb5fb48b8e4a1a4a82578edd69367838feb3bc1f46e2e4d245537
SHA512 1730b8468bd9bcb77d7d3257029d21ad54300c4e6dce522f54c439faa49be4c4531dd5851221fc31f310da5753340f4acace4316747a35b6e43aadb31d56f1ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 80ee3da6b751301c55f95631a5066bd2
SHA1 f2a003e1b66b8765c59f5d29f2ea5b21e2ec4af3
SHA256 2abb67711012bec60a71a889be150f0df4de00995eb6a958e796670da10e5ce9
SHA512 7f5db0cb45b477125d0e67becd0620b4bc57feaa1738c8d1dae909f29bfdded53339c86382f892737c0717e40ba0a0577d596376b5f088540d44296b1903588b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dfc8af2ee15fd70c54e290290f7ec3b7
SHA1 4557d746bfd4a5d8038b0776a32e1c18aa46e529
SHA256 41a8b95d6e0d0cd1f4598861c70b8a237d787458cc8a1ae4bc502497ecc3b40f
SHA512 4e543fb88789c44be86ad784b5d73657212d8f15e34be806c107733ec24f41e60267c8d7106dbfb8983a7385a7ed72d8fb81c6c4744fd47119a27a26cba5b9a2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb3bd600cccba10c83c50253d48d02a9
SHA1 9ac532c8d9f2404c41c0a1e0cc5bb568c5c33876
SHA256 993f5cf20632b9f26b5c205e2419ecbb0281580d3b171c9c5a835069c34441c5
SHA512 ce07aa6ae2dd2eca666d5cfc46aaf0c3148e4170307605abe8cccf56adcf7f9c6bcb3be4967101310dfa9e5e2c92629c86f80723e1b49e43cd678f1a6b5e3eca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b9d02e085e644e221b13cb93934821a1
SHA1 552ce9e1caeb7221914c5ff67d0560d033ebdf52
SHA256 e928a01a85ae581e0dc9e96972a6a61b024c36142a8f07ebcf613cdc3f0e346f
SHA512 8193b7460f60be71bc26559d941d5568cf630cf49e38902543eec22414adf096120312c2995fe69df8beffa414a9e5066956b4d57b4dac9d139982af838751e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d9f0c247fd8b968ba92000f5464eed9b
SHA1 36e614b9b3121a0be67f5a21b7d4732bb4009480
SHA256 63469be35ceadfddd69e8fe43d5ef3282707753256d5dae1df26da955c803793
SHA512 234e3590c6afab95c7305010939c740dd9a6ddf07cb5882c0a62d8bbc54c1fa418864f284aaee070a947491ad46e99bcd791ef9cb091b775a756c0121dbe8293

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 edc4ef5a76f3d261eb966c2f6ef79253
SHA1 955137a0a2f419218175278e74661e54f2a1c4c9
SHA256 2c2592f96f104a1a490a2bac037cc631848029056813f790109579635d427ab8
SHA512 5e28b64a6138e5255fa601d2b354a3128dc1d2ade5ac721d0d8d1679f4aa21ee50402bea60a63ea083c75819a4fd5640fb6374b65287ef8b99117594e3b24aae

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT668XG4\rpc_shindig_random[1].js

MD5 45cbe9a36a384fe9273d25ef64ef8691
SHA1 325026cc1cb9022ccd8c9c2089597251419201cf
SHA256 d9959cd6fb35fa6a7aef91a5bb9bb5358e7f91271d84130de6d06910076c5c5c
SHA512 0a70b1b12658418caf529a01ddc4d7fd6c59276c4658028ce2b5f7dcea64ef91f353fce7e67349c8534b68fc53c0ff23c36a7260337dcd307b836e55bec43dc6

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\2254111616-postmessagerelay[1].js

MD5 c264799bac4a96a4cd63eb09f0476a74
SHA1 d8a1077bf625dac9611a37bfb4e6c0cd07978f4c
SHA256 17dce4003e6a3d958bb8307bffa9c195694881f549943a7bdb2769b082f9326d
SHA512 6acd83dfd3db93f1f999d524b8828b64c8c0731567c3c0b8a77c6ddcf03d0e74ee20d23171e6ceac0c9f099dce03f8e5d68e78c374da2c055973f6ac2db4e4f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4ffb77fc2a827f5ec9aac861c9530927
SHA1 a4b1bc5330e88aac8a0bc027681646145ed322f6
SHA256 7b7934cd3cb075943316449e19d3aa41df56493f19ca7129607403ff3661a121
SHA512 b838d4d370ed1882bff787526b54e8c0c1be8ceab716a204e30d54a724cd7dd526f6dcb3b9366bdae6b661ac324920a638585d5256545e1903902915f45b0ca1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8031b7a97a7062ebcd97b85e8f7d1533
SHA1 04229b8bafaca4a84118af1d75dc33b74fe248a1
SHA256 0862a3fa5c142df925aa7847fa248338e977ab81fd2cfe057a2785d1df64a089
SHA512 1af8ff9439b6917f3da0af2968c6e637240f49e0a0a0d1802894e6f1af063f29f3340c1550f716d2e05bd74634dd9fc35bc5d6b5cbce83db173f2c2c45f825f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6ee865ed4b6e78a4e5e952f0991d11cd
SHA1 cd4d11bb1cfc9ab8a4639fde0066592b8080ac95
SHA256 0f472b04cd875d21957ef1291a96dc252c5da2151bc083568da3ec680ee54f2b
SHA512 4973a746fd76370eb0112a8d72fa318691dfbf62aad2a35876cc57fb394d7674105a143661d9bf63ee5fe3f6e2b2f15bb6fdd4ada79d82e8919c2a76db92524d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a9f2af341e140067d96e70717fe135c8
SHA1 c50d81fdd416bab9109eae946b234526a563c627
SHA256 4a7ebd0a83c52e2c0c4013d009ea027db9c8449b33199c58c4433a57acdc0e93
SHA512 9326dc69edd5b6eee4cc76c2c33afef66ba5f3a1bd48b893359471c1cce99e1169ad34e868d589615edfa40d6c7073ab4d53dbd9d5df477fc50ae51acc2163fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7e04596aba80c561c56f1da418b0e969
SHA1 1ed987aac75d2a63eb390fb085d805bf56f401de
SHA256 ed4b49fef51319e65e23697b008133fdb8ff1dc77cbfcdb600e893836f532a24
SHA512 9465af62c366eaf8d00b1a0e61e3f496b1a6f535ff587da7927c4df8c1a25f477a1081ba60697c240258ca0f132c58ba4500138b42b581a5e2d71ad112fd7556

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 1f84d48f0578376bc6c15a31a738145a
SHA1 3fb4cd5c91989b17a1ba15223d07680fd2bccab8
SHA256 50227b3608bcbf2fd75978fd63e249b3bfe3c42b3fcdb07288f5240c87b6d093
SHA512 64208f6d71c98bcf11dfdd35b29afd31c4c38869778cb21f0de0ba3ec40ca9e0efff36f4abd9948946967ff3c6d68b366cfb3e57d69099739849571135a1ca4f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4352c5bef5e971743375e53a1c708609
SHA1 bbf6e5e95633e75ab179f2782c2c1202aed36d84
SHA256 b6d88096df07cd473d8b217be7485d24e96a8327b7a2171462bcc0c73a1b1d53
SHA512 828111d30a60dd5b0ebd1c923676b321a2366545ef15fe23baba680cd5bf54eaec93d56b4a68b4d991b1e7f0d37fadb8c8bfaae62be7eff65dc02d3092cb3435

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 69f9f076561d51dc78927f54bfc93f20
SHA1 013b4e3773b13aea360175818567f51b06c164fc
SHA256 4635d69c9ad04ee9372fa835caa9d4536bad1fe4f7d53945e15368f1969347b0
SHA512 0698f3509ce126efa46e55cb8aea4620ff17bcc28e2d4853feec23edd23a46de2cae0f0a48d2b9d7188592df6a4c87e9bc28a8791a40fcaa6c7dd11c0e1b8de7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 85301d6d5a0d4cba418e37b70a6be734
SHA1 2ab1562029b5e62e747c9ea3e44b3c5fed63905a
SHA256 c6e794212800baf84c752ef1f155557c7d9616963b9be32e30e91a42e675102d
SHA512 4f531ba595719b2fd81b42825e0d90821d2bb1d4f710d3e58f5ac2f934dc11e15f44c5bc12d056cce9a13cc001da9496a7a1acde8983998445312185a128c994

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-13 01:58

Reported

2024-12-13 02:01

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

149s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\e9563e098006b97d531a50d6e0006330_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 708 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 5072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 5072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 5072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 5072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 5072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 5072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 5072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 5072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 5072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 5072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 5072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 5072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 5072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 5072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 5072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 5072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 5072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 5072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 5072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 708 wrote to memory of 5072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\e9563e098006b97d531a50d6e0006330_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff94ef946f8,0x7ff94ef94708,0x7ff94ef94718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,9689204213426422487,13128107408644056054,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,9689204213426422487,13128107408644056054,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,9689204213426422487,13128107408644056054,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9689204213426422487,13128107408644056054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9689204213426422487,13128107408644056054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9689204213426422487,13128107408644056054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9689204213426422487,13128107408644056054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9689204213426422487,13128107408644056054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2460 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,9689204213426422487,13128107408644056054,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6008 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,9689204213426422487,13128107408644056054,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6284 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,9689204213426422487,13128107408644056054,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6284 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9689204213426422487,13128107408644056054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9689204213426422487,13128107408644056054,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9689204213426422487,13128107408644056054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9689204213426422487,13128107408644056054,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
FR 172.217.18.194:445 pagead2.googlesyndication.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 142.250.179.78:80 apis.google.com tcp
FR 142.250.201.170:80 fonts.googleapis.com tcp
FR 142.250.201.170:80 fonts.googleapis.com tcp
FR 216.58.214.170:443 ajax.googleapis.com tcp
FR 142.250.201.170:80 fonts.googleapis.com tcp
FR 142.250.179.78:443 apis.google.com tcp
US 8.8.8.8:53 feedjit.com udp
FR 216.58.214.169:443 www.blogger.com udp
FR 142.250.179.78:443 apis.google.com tcp
FR 142.250.201.170:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 www.xemngay.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 static.mytour.vn udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 169.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 170.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 170.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 181.129.81.91.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
VN 103.131.74.28:80 www.xemngay.com tcp
FR 216.58.214.169:80 img2.blogblog.com tcp
FR 216.58.214.169:443 img2.blogblog.com tcp
FR 142.250.179.97:443 lh5.googleusercontent.com tcp
FR 142.250.179.97:443 lh5.googleusercontent.com tcp
FR 142.250.179.97:443 lh5.googleusercontent.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 142.250.179.97:443 lh5.googleusercontent.com tcp
FR 142.250.179.97:443 lh5.googleusercontent.com tcp
US 8.8.8.8:53 www.phongthuyviet.com.vn udp
US 8.8.8.8:53 2.bp.blogspot.com udp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
VN 103.131.74.28:80 www.xemngay.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 internetsupervision.com udp
US 8.8.8.8:53 www.baokim.vn udp
US 12.171.94.43:80 internetsupervision.com tcp
FR 142.250.179.78:443 apis.google.com udp
US 8.8.8.8:53 widgets.amung.us udp
US 12.171.94.43:80 internetsupervision.com tcp
US 172.67.8.141:80 widgets.amung.us tcp
US 8.8.8.8:53 xemngay.com udp
VN 103.131.74.28:443 xemngay.com tcp
FR 172.217.18.194:139 pagead2.googlesyndication.com tcp
VN 42.112.31.40:80 www.baokim.vn tcp
US 8.8.8.8:53 t.dtscout.com udp
US 141.101.120.10:443 t.dtscout.com tcp
VN 42.112.31.40:80 www.baokim.vn tcp
VN 103.131.74.28:443 xemngay.com tcp
US 8.8.8.8:53 33.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 28.74.131.103.in-addr.arpa udp
US 8.8.8.8:53 110.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 40.31.112.42.in-addr.arpa udp
US 8.8.8.8:53 10.120.101.141.in-addr.arpa udp
US 8.8.8.8:53 141.8.67.172.in-addr.arpa udp
VN 42.112.31.40:443 www.baokim.vn tcp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 www.phongthuyviet.com.vn udp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 142.250.179.97:445 lh3.googleusercontent.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 74.125.71.84:443 accounts.google.com tcp
US 8.8.8.8:53 platform.stumbleupon.com udp
US 35.153.24.123:443 platform.stumbleupon.com tcp
US 8.8.8.8:53 developers.google.com udp
FR 142.250.178.142:80 developers.google.com tcp
US 8.8.8.8:53 84.71.125.74.in-addr.arpa udp
FR 142.250.178.142:443 developers.google.com tcp
US 8.8.8.8:53 www.google.com udp
FR 216.58.214.169:443 img2.blogblog.com udp
FR 172.217.20.164:443 www.google.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
FR 142.250.179.97:139 lh3.googleusercontent.com tcp
US 8.8.8.8:53 123.24.153.35.in-addr.arpa udp
US 8.8.8.8:53 8.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 142.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 164.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 83.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.164:445 www.google.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
GB 157.240.214.11:445 connect.facebook.net tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 157.240.214.11:139 connect.facebook.net tcp
US 8.8.8.8:53 platform.twitter.com udp
GB 146.75.72.157:445 platform.twitter.com tcp
US 8.8.8.8:53 platform.twitter.com udp
GB 146.75.72.157:139 platform.twitter.com tcp
US 8.8.8.8:53 www.youtube.com udp
FR 142.250.179.78:443 www.youtube.com udp
US 104.22.44.142:443 embed.tawk.to tcp
FR 142.250.178.142:443 www.youtube.com udp
US 8.8.8.8:53 whos.amung.us udp
US 8.8.8.8:53 i.ytimg.com udp
US 172.67.8.141:445 whos.amung.us tcp
GB 74.125.71.84:443 accounts.google.com udp
FR 142.250.201.182:443 i.ytimg.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
FR 142.250.179.99:443 ssl.gstatic.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
FR 172.217.20.162:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 142.44.22.104.in-addr.arpa udp
US 8.8.8.8:53 163.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 182.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
FR 172.217.20.162:443 googleads.g.doubleclick.net udp
FR 172.217.20.198:443 static.doubleclick.net tcp
FR 142.250.178.138:443 jnn-pa.googleapis.com tcp
FR 142.250.178.138:443 jnn-pa.googleapis.com udp
US 104.22.74.171:445 whos.amung.us tcp
US 104.22.75.171:445 whos.amung.us tcp
US 8.8.8.8:53 play.google.com udp
FR 216.58.214.174:443 play.google.com tcp
FR 216.58.214.174:443 play.google.com tcp
FR 216.58.214.174:443 play.google.com udp
US 8.8.8.8:53 162.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 198.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 174.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 138.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 whos.amung.us udp
FR 142.250.179.97:443 lh3.googleusercontent.com udp
FR 142.250.179.97:443 lh3.googleusercontent.com udp
US 8.8.8.8:53 www.phongthuyviet.com.vn udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
FR 142.250.179.97:443 lh6.googleusercontent.com udp
FR 142.250.179.97:443 lh6.googleusercontent.com udp
US 8.8.8.8:53 va.tawk.to udp
US 104.22.45.142:443 va.tawk.to tcp
US 8.8.8.8:53 vsa111.tawk.to udp
US 104.22.44.142:443 vsa111.tawk.to tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 142.45.22.104.in-addr.arpa udp
US 8.8.8.8:53 229.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 vsa86.tawk.to udp
US 104.22.44.142:443 vsa86.tawk.to tcp
US 104.22.44.142:443 vsa86.tawk.to tcp
US 104.22.44.142:443 vsa86.tawk.to tcp
US 8.8.8.8:53 vsa40.tawk.to udp
US 104.22.44.142:443 vsa40.tawk.to tcp
FR 216.58.214.174:443 play.google.com udp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 443a627d539ca4eab732bad0cbe7332b
SHA1 86b18b906a1acd2a22f4b2c78ac3564c394a9569
SHA256 1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9
SHA512 923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

\??\pipe\LOCAL\crashpad_708_YJHJBBCEHRVOSRIX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 99afa4934d1e3c56bbce114b356e8a99
SHA1 3f0e7a1a28d9d9c06b6663df5d83a65c84d52581
SHA256 08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8
SHA512 76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9b94f954c3889fc2d01719df23580ba5
SHA1 f0166bdb7f6b9c9dabc80531001596ef6abc27dd
SHA256 5b2298c035645b29031b7ea8c66d0a7a11101d91e6ad1a439fa174ec0613e1e2
SHA512 aff967672cfc579270e26d3480ef6fc7e084ff29dd57cffec395a771572f3367966b1c008356fc10d534745b7406f895ebb566a5475b789b57a2503f5e9770e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 abc48fd7cd6c006eb9f9c5719748c9ec
SHA1 1bfee875209e5a39e65213bd25322becf223d1c3
SHA256 862e5db88bc456d003eeb9ecef6021b12a7313427596ba87eb4771020c658f93
SHA512 62d9cd90cef344841d5f5acde94583c36d8541bfb6a61e72b6152d2054770ca3e056d702dc01fe7889a136972a12ce92057d84b9e9082903504cce730ef64594

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d9c20da0d3a794ea0de87f3496d64e72
SHA1 aa84d895b25bdbf3d1f84c905f3293e256c453ce
SHA256 5c11ebef66bc33685794150513b68064ed9547f8915f614daf2fd4b42c5d2604
SHA512 619ed96e9be41c461e5b2e83801673b10bd8adba8e36709473580af09469b66a731866809fca08b8f3edfbc6269877109edcb8b87779f012a4512b20d768137e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 49b5550b389d7251169837ac962670c3
SHA1 f946e1a8eb8b2b6eb59b057ddc39048f30e6303f
SHA256 0bff79c76f36a1e52535b6e104a9391074d9b19038bdc2e9c444ff63d08059c3
SHA512 c545d1fd2fc8351a62d4589240635405dd501a4b7e0f13a6710642398f119890c5d2f580b635e0edd2262b53a67f9745954476dc8bde9f371abdc21e3f3beb69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 83149bcbd99990e624b600c4733a15e8
SHA1 b20b5c28f7c8012eed22c47e6f4c084729eb4160
SHA256 5ef3a6b0de111360a3037b5295da671deadaa7bbdefbf12429193fa2a8c9581e
SHA512 d951889a1bdff0438084bf1c0e337a9aacae91af3833cadfd4b1bc29da190b2d53a523799568b2b12fc641e6298c227af8c3b05239ef1feb0ec090c378f4245f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4dab875d7b3a5e37504f5edf6b9ea027
SHA1 63ab928094b7a4f824f4f5ba48c657134ac93372
SHA256 f5a7a422a47524aba45ddb64baa99a7561d70bd556fd9d5b1fffef7d73eefb2b
SHA512 5778a31a903f440f971c694117607e70a9609bd65348f58079090de9f9790ce84533a89cb1c20c04510dd5579894a32b398886714d559f024291bbe4f7cf4d26

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5833fc.TMP

MD5 afb3fd8d283a054ffadffaba455cc9b5
SHA1 146c16e1704b8f637f74ce2ea6f97728a79f5a34
SHA256 a3d85084edad562c0c8111152834fa65be63ffc2d6357c8edacce19d4ecd2001
SHA512 5276e373a871cda899a185a2acc498d0acdee2d4a4d6c9c8efbbe542d6078c0d7907681d32d87c624a3435897a87fe636c168c40701829430c03ebecde0842ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 cd91caa80c8c00d2b6d50ea307645861
SHA1 4879e440102052c00b76b33cd3bb11bdbf25cdeb
SHA256 7a0768465b0e5db8ba29ccdad8db7289073cbf5a34b776ff69ef8e26b9a75488
SHA512 17209e259ab433d8d6cbd917899f490f541080abd9d021e6dbeed1264e6aad4927c709e45536dc6f53f6eada6b407aa01b1467100c56dfafc8e1a6b265f32a6d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 9e791fa5f4e92c0cf4ba9ba43dae8b70
SHA1 5a795618a79dd5e8c0d2ee579f431399971395d4
SHA256 303d7c272eff4ff4a5d07aaf239bad88f734cee9cf33c1b4e0f7f68bf147e46c
SHA512 1398684419bed3410b49965861ea266e491188604357600221005929c431d0529dc602930c105718633b5374f29def69da067c61d02805a47abc9074a2b0d1c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 68ffd912bb852a43ff6a48df2db6f672
SHA1 f3a42fba7b72bbce1faf834ab247d543064de8d2
SHA256 2ecf78b05fd34eb15bed758164110ebeaac95ccf148897dd99bff840bf3ed0d7
SHA512 8ea5b917664ce9109608719c8a25032ca3412787fbe0d17ba85b02fafd0dee4f8d57e24a7f36bfc49e6668ad45a8118ea7d4da16e8d98f6f96c68c9744f8da51

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7effab6f3a223c13df8b4bb0d045c614
SHA1 e349fc48010ee0214069c81890339cb3742fd2cd
SHA256 29321ded62cbd1a5513a33cee4eebd8b613c0d9bb22731a3668c791d966f42f4
SHA512 3369d10e6e0ce03df3540ee4db958db0ead4ee06025a068b4611832d4264ea87a61892e733b037ab9faf0c0fee4ac1d63f67e27030c34ce37d2541da622639ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9c494ec294c4b924c9c6100994e4ab73
SHA1 e020f4f90c74d9a01342e9fb43f43f0f66244a35
SHA256 f2cea43534cbdaa4d7f58848bbed378877e70448482c14373cdfd39f84f7f45e
SHA512 2671c32e0b7b41fe1a5ccb3f5369d6a9283ee74ca2ee15f30a05a93c52208af07b4a79de7417c054d929be940f1410e4ff188867300aa2bf5223815e2f3db81d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 36845166b62ec101bedb4621c010c0ad
SHA1 aff80d0358a9ed5ff7f02035bdee9f17b38fb0c7
SHA256 fe815cf2896db2c4262a8a2937f54f560f2d071965a08a7217c44f5adcf4e9aa
SHA512 baa73b604ea657f24550ee3ace987a020b02e2c210c2937639a71627726d8c2903079b0018bcd00a916f36e6fc17538c8b39aef3ac3e76baa11656c6f8894713