Malware Analysis Report

2025-04-03 14:24

Sample ID 241214-2rb9rawqgy
Target f11465fd4a1d0d74c9efe372fee7cd23_JaffaCakes118
SHA256 19c6be01dcfc9d13784abfd32474cad03dd1ba425116ec49be3a6c4d65ed02a7
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

19c6be01dcfc9d13784abfd32474cad03dd1ba425116ec49be3a6c4d65ed02a7

Threat Level: Known bad

The file f11465fd4a1d0d74c9efe372fee7cd23_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Socgholish family

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-14 22:48

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-14 22:48

Reported

2024-12-14 22:51

Platform

win7-20240903-en

Max time kernel

133s

Max time network

144s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f11465fd4a1d0d74c9efe372fee7cd23_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Socgholish family

socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10665" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8AB4D091-BA6D-11EF-A8EF-7A9F8CACAEA3} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002c07716e9b61de428aeddcd99e538aee000000000200000000001066000000010000200000006a4ffb236264115e080e43483fe6544540aac5b46d0149b43afeeb7ebe711c87000000000e8000000002000020000000509d9577b32891c516b11d3000699d2a1ef48d758ff848b3f6a58a538a5508ce20000000ff827a6d5d4f4014308fe86de1d5d0dc4c2c9a16dd354bb4abdebf01d13ec2d740000000f28f1d1bae40617f34274179302ede9dba57524bf0b25b39e5d7bce07f225c161c8024a7c18838cb4dfa7dcdaaff5595b1f14d25bc34a2dc526c8f29922ba585 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10665" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 608791637a4edb01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002c07716e9b61de428aeddcd99e538aee00000000020000000000106600000001000020000000dee46b532175b188f565c1d8bd00e643482841a74e0e333c0dbe3bc23e0741fb000000000e80000000020000200000004ba066e4e13e61e5d3a86bd8f40fb888155a9a06537ece45ca496041fbaf7a90900000000dfe00a7db17629b3feb399b6a17be1785a360bf10f3b6332688c356ce80c20fa4b79e05c6e370aa75bccd9f754157bf2638b007de94b3e19bcab9ff1e02df6d738bd75862ae7c842ea73aa2ab57ddf70706fa5252df6c89517194a817ad28bfbe15f8c276fadad4f82b1d0ceaf67f06b28ea6c79305aabcbb84be6253e0efdcab30f1d5eb2fcc89c5471edc9878387d40000000b7dc18191fb01fc62f24537597485a384b10f8863364f1aad84697e250f6fb77e9f6c5d83caa9e6499642e376fcbeff018c59196939b7ff118c989f32d0c2919 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440378378" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10665" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f11465fd4a1d0d74c9efe372fee7cd23_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2796 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 www.baokim.vn udp
US 8.8.8.8:53 internetsupervision.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 www.xemngay.com udp
FR 216.58.214.169:443 resources.blogblog.com tcp
FR 142.250.179.78:80 apis.google.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 216.58.213.74:443 ajax.googleapis.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
FR 142.250.179.78:80 apis.google.com tcp
FR 142.250.201.170:80 fonts.googleapis.com tcp
FR 142.250.201.170:80 fonts.googleapis.com tcp
FR 216.58.213.74:443 ajax.googleapis.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
VN 103.131.74.28:80 www.xemngay.com tcp
VN 103.131.74.28:80 www.xemngay.com tcp
US 12.171.94.43:80 internetsupervision.com tcp
US 12.171.94.43:80 internetsupervision.com tcp
VN 42.112.31.40:80 www.baokim.vn tcp
VN 42.112.31.40:80 www.baokim.vn tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
US 8.8.8.8:53 xemngay.com udp
VN 103.131.74.28:443 xemngay.com tcp
VN 103.131.74.28:443 xemngay.com tcp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
VN 42.112.31.40:443 www.baokim.vn tcp
FR 142.250.179.65:443 lh4.googleusercontent.com tcp
FR 142.250.179.65:443 lh4.googleusercontent.com tcp
FR 142.250.179.65:443 lh4.googleusercontent.com tcp
FR 142.250.179.65:443 lh4.googleusercontent.com tcp
FR 142.250.179.65:443 lh4.googleusercontent.com tcp
US 8.8.8.8:53 static.mytour.vn udp
US 8.8.8.8:53 www.phongthuyviet.com.vn udp
US 12.171.94.43:80 internetsupervision.com tcp
VN 42.112.31.40:443 www.baokim.vn tcp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 platform.stumbleupon.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 embed.tawk.to udp
US 104.22.75.171:80 widgets.amung.us tcp
US 104.22.75.171:80 widgets.amung.us tcp
FR 142.250.179.78:443 www.youtube.com tcp
US 35.153.24.123:443 platform.stumbleupon.com tcp
US 35.153.24.123:443 platform.stumbleupon.com tcp
US 172.67.15.14:443 embed.tawk.to tcp
US 172.67.15.14:443 embed.tawk.to tcp
FR 142.250.178.142:443 www.youtube.com tcp
FR 142.250.178.142:443 www.youtube.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
FR 142.250.179.99:443 ssl.gstatic.com tcp
FR 142.250.179.99:443 ssl.gstatic.com tcp
FR 142.250.178.142:443 www.youtube.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
FR 142.250.179.98:443 googleads.g.doubleclick.net tcp
FR 142.250.179.98:443 googleads.g.doubleclick.net tcp
FR 172.217.20.198:443 static.doubleclick.net tcp
FR 172.217.20.198:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
FR 172.217.18.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
DE 18.173.208.27:80 ocsp.r2m02.amazontrust.com tcp
DE 18.245.65.219:80 ocsp.r2m02.amazontrust.com tcp
US 172.67.15.14:443 embed.tawk.to tcp
US 172.67.15.14:443 embed.tawk.to tcp
US 172.67.15.14:443 embed.tawk.to tcp
US 172.67.15.14:443 embed.tawk.to tcp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
FR 142.250.179.65:443 lh3.googleusercontent.com tcp
FR 142.250.179.65:443 lh3.googleusercontent.com tcp
FR 142.250.179.65:443 lh3.googleusercontent.com tcp
FR 142.250.179.65:443 lh3.googleusercontent.com tcp
FR 142.250.179.65:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 88.221.134.83:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
FR 104.80.22.51:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
FR 142.250.179.98:443 googleads.g.doubleclick.net tcp
FR 142.250.179.98:443 googleads.g.doubleclick.net tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 300b91ec0d6679e24e5e0a1be6eb5e58
SHA1 78bdd8f9213d19ddcea547b3967a9f586899453e
SHA256 ccd4bc37eca998b476f9b34488181b751ade7e726b4988c639a97a14841bb612
SHA512 2923bae091eb68de5e6a95dcfe510f5c029262ae0717a99ae50db498b73a87d61fd7b833b985c1ce62cd1a84d0a1483878675c37ec6c8f76b40ea4886c3c0768

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 1280181ba6222829121362574c143fa6
SHA1 f121bf603f8f0d3c1a3bc1f6a3760b648384d1d8
SHA256 b00cb26e0a594605248b0afbb56428dba48029b3a605ce3a790c7380d6360f29
SHA512 6911e8d2589cd18abcc86e1d3ef992a2322022fd7ebaebe980e637ff6e8cf4acc37bf0f0d436c5c1207e2dda7d87fc02ffa364d8be7fb0f1e3191ea7bd324a3f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 ed928b5e41c4ee491737c6ae883226a3
SHA1 0ffe7bf8d4a5b8dfd7f23002d0bff729935b0057
SHA256 e658b7b3558d9c8fa0c4070c71ff5a00472001d566299f368ad53efd4831e16a
SHA512 3fa08d7da5c0cd84d36b979f328f9fac4fc7e033802be7ddf0a2e1c8dfe98918ceecc7227e41ec53477c7d923dd74745cc473f59e0d3b35607432d6369ae6857

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 0bafa18c255bbfeb49dbcde418005dad
SHA1 8c70be67912f2d095ecc797d8e4df52986d99caa
SHA256 7ce7367b6fe9a2b72d1576c2743e6b1485367e48f028db20b835248d6afeafbb
SHA512 834ea5c1e5bfdde89225a654ff2773e633e8635b11065ee6becec562af975bfbc5cc3c2a6ed1558431d717653ac115f913eb1c6cb2f6af00e5e5d8e29b824a90

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8

MD5 e75bc1330f0137fe4d230718a58a2c66
SHA1 0ecbd920fc2f2eb5dddffc276ecbc0f2d783510e
SHA256 b0fb8c7f6d3cae7187ef7405181fc42587a335336f5f43295948c7ab6333e221
SHA512 4f292e8449e37bab8c5b7918d2b6333563f57f5a82cfe539cb2bc47ec6e6d9668db265d6a0b74c440271026c9535411741271d001e4f39eab0cbe05ae3ccb761

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8

MD5 55cd3c4eea5ba01c7012e345c743f6b6
SHA1 23c1dc9e1691e8755bc2f8a25622d94fe8a0dfb0
SHA256 b80ba8627414b71449f9aa43ee5e355e30ee6ec443481dbc503d941886e7b5ae
SHA512 9f1743d0789775c9d106f83cd3a51daa9469184dfaf6591f4f46657dfeda3c3c7d9d2450f422645b8023935dbd4616bbcb93b10fd09df72407c8bf27081d76f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_1866E19A9EA470E8F26D259D51C89BDC

MD5 eee631c5d08d5e000e5618314d49218f
SHA1 4a1bbe4f5bb3c6044999af6ff0cce78159017374
SHA256 e6b74327de738e85eaf915d4bcb623b5adadbde4dbe42704da50ba2cafc53842
SHA512 a76b22741ec03c6d79ceddb7100d21c096164300db84ee9b6fd6c95f6a4dba6aff9b2e61b10b4c79845f4aa0085b2649936233cf3d5f4d05eb485f66a611447d

C:\Users\Admin\AppData\Local\Temp\CabEF02.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarEF73.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db84602ec85c1f781e38aed770009f03
SHA1 386ca22fe2fcbc58e7ad841443f4fa2fbb552b87
SHA256 8cf499517ac6dee2a0d535d692f4731ce82978b9870c4641ff671602667533cb
SHA512 cfab7e34d001806c56f03788487978b841c820c3097ea7cc3cdc272ed51c2bef0bd1047d04e7215fc8af4c847909960691cd470fdb771624ac249321bbedae70

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0I0VVMWQ\plusone[1].js

MD5 2693cd35d818b48f4cd562c6abe0db29
SHA1 131c844eb658219966c722b60cc12c8a542ebe06
SHA256 911fa262008c6ef2bcf8448ad83a5aa8129c39355b98d957f5c7dde2babf9b7c
SHA512 4f692bd49811addfe89d14b156fed6513f04ec4be2629086a8b66ddcd6e7b8b7df149fa017173824c30f7492c2320a3d7b9c0344d5e1f7074742558125654f1f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 04977bf0ab5bde1920fa7b22f6918900
SHA1 6e6fd59fcccb9e3e26ed35fcbfcc567f381e1c17
SHA256 29a9161748c18636f012b506a060b51b6ac9666ca55fef428b8e8559bf6d1251
SHA512 99795b2a8dbdca73abc3164068f24bfaafd75ecbd04a21806e1b12d841c8cdb884e02a616dfac3c86de1acc82c2e73613542447b053e3056b049fbd057302f19

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 090740b2e2f5977fa71ab2816090ae8e
SHA1 2bbc168d2787c2985a5f0b1e6c19ea6f82fb3fe0
SHA256 1d7645bb7bf49d1aa5cb96e2943e6ba5fc0009934d67ce192157e1db0920422a
SHA512 43c9d265aa815c501cdf2076e7fc14fbb72cf3a16d819720a985db1ad2c293f07a0a843bf08284787df1cb285554cc76d24f3725ab01ec08d80519cb2494c00b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6aba92b25bc346e399ba2d48130425ef
SHA1 cd34d6efe4b07c62af83e45e65495293e728c3ad
SHA256 1abf70b8b7fb222c1d1c3c23ae2dee9ecfd55bdb762b5dd788434867741dc293
SHA512 b6eb20151bc4e349386eacf88172c53e25a54333ca8a1c32ecec0277ec0866b0200d2ec40fd42ce97ed7d501cee8247e468b0fbaa10c39b0de7f89b16d16a11b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2d7256a1aecd8935e7e49d70ef17fdb9
SHA1 0695666c76a71af9c9ecc13abdccbde158510a19
SHA256 521ed5a8ef5d55a224608720b0cd99fdd9e7aa6290feafa1704f6532711635ee
SHA512 99f4cc2357f47599f8bd19093029e52321478d2ce794ca8439314846bc73ae2bd1610691368e01ffe6a7c1230dd715510009146abaf338b5fad0784826a8f827

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 28e8cb130a66783b5f8913c9038d19bd
SHA1 f3696002581d22cd4e0d099d5ca6fe9024212cb8
SHA256 6d826c73b339a4efd120cc86d72d652cc301b1411318eb7c7f34b1cf94799e8e
SHA512 d30f178ff949443b59d7ffe06cd472aa972ac0c3af8327b34d5c84545e14f795e4cfe5375ed77d92c10258d42f97155e5de67326e300ebbbd0c709a5f35df90e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6548c0aeb02c0688b12f9446ddc083d7
SHA1 7ce919a888d90a2c8fe0703761fd2b61cfe9dbb2
SHA256 ac02451995857f75561636b4b4bbba1b30f6f22ee766455d21940932767e2ec7
SHA512 047e69ff7c9c51146c21bfa91c11656a36f546725066de28c5edbfe0402fda23e5fb5e305f0ced58ca9461e9eab313865cd4f381cfb03cc6b7a9e27c10bc4b6c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4e19f7808b065b8deceafc9a55c10d0c
SHA1 cc938e12eb35c7bed5d9dd1052349d812a1d81d7
SHA256 3508dc29ffab76bacb90ef81a326bdabe576ef5ecda1370560e9a942b1aa6b8c
SHA512 0df4f9e057fbe51e2a9fd1ae8eb0ae91c7207c81dcb371926473beb11f7f4c6686c7356765829c4470df04511b8ffc9f40ab23f9357a8726edab75fb2fd7b4b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q0WBLVJY\cb=gapi[1].js

MD5 84e3d54be3ffd25a24bf3a514490b86c
SHA1 490f4a059114c7704703a7c67d193083f551ea1a
SHA256 dbae2441d55a51b1d10c5591a2ab27141b3aebff8e75816a3a4b107fcde4b6f5
SHA512 718ddb866adab289ea6ed942b18ee9d74c185d5739c642340b6ee827265e3fce63b768021aa182a8fd540b4a1f82f555dc9e668c4cd187566fe19336bc3464e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 cb5e50bd9eb4e29e7624942f98fd8ee7
SHA1 38a492b6a0c5a9a7a0820935464be6137d7483c0
SHA256 61d7a843c592aef65bafb2a58c2bd0609db5688b9330768fde741b22ce779f41
SHA512 b838940a05fb86013ad038429c5145020851c691cb1a6c05e256b7878964f552749a6002b3cb9a4eaeac301d027c321d930943ca8967de8e13107336f158d7bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 56e9030a85b0606cf6657292bd3a87f5
SHA1 3d7982f8a288d2d3a8b3ee76e75172413791d1ec
SHA256 a140b89052caa25d93d16aa03c32e4acecd547cec79ff4e4dadd44fffae3c8e8
SHA512 6983e9fabf6b2ef55177e1e20c621ba2abb98377da195cd7260e1cb4aed35bc3d402fbde8907176cde1a6a39965c2df8e2849333d8f44bff12b4eeac81d34034

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MLBQD0LM\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b30f39a95e95b3b0defec90648e991b7
SHA1 d61cc73b503cc7318add9c31165d4b233a74d8eb
SHA256 3a571e47cc594a4dbabfb2bf526c805edbb14b29a8cf00b7b3927be054558a05
SHA512 c023e421099a02da52c496b83884b118c4492a04a5fcbe5819cc353d4b1ea63a22abe0b6da776416d2e1e3b879b34e2d4f37442f6c28bbc15702141e4ddfd3b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5ba5610019cf7f1f820d94b93df6bdbd
SHA1 ed66f5c525aa4f2819a6d6f74e8ea5ac16b06ba3
SHA256 8f0fe7644e3909c564c17a9a1b73e38007b62b2623e85086ab1923bc243ee7d4
SHA512 31bc40021dc9b1559a1a51b7ca656f3fe0a6bd6899412714caa468c0b80875c18826e77f6f50617487852ac02af4cd65840d7c45c75a3befa64181c09fed5dd4

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MLBQD0LM\www.youtube[1].xml

MD5 e49b7c295291b1297671020adabc8260
SHA1 cb2232b4b709c93e6b05cf0625001a8ac63cf0f0
SHA256 5b59ef058c6f44e988a03f4bd3c3abdc9859e7a01e69eef45a2e16e5e0ace34f
SHA512 064a557d267357e25dc9bb803f0457f9a92fb27da7272bcc82e6ff14bbf785386fc49f289ab68d92257a5686d3690ab74e846dd06e471bc6cff06f42937c5def

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9ae0914e5fd4f98313194d03363c88de
SHA1 2c0f6cf81c515d44d2c726f636fc50bfb4c87d45
SHA256 1791c33578a6a0c5e45f5e4dc9362cea8f6e47dbfcb0bc5c49dc6389ed75c124
SHA512 09b117e89e7cc4fd673eeac933f3f83ee08a59e1b38f417c6a9c36b0511d24c645646f17a2bc8355cdae47445cf0fd5c482b0507c9b67ddeda53000281b18755

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MLBQD0LM\www.youtube[1].xml

MD5 c988d359eaeab0c3c918faac2de3cff2
SHA1 183f9410b6c80b7d97a0e0c2e9b0def53eeaed3d
SHA256 024e3f9dcf558c9dbcb188504793c7a7815826640ca65346ebb8672b555dc4d9
SHA512 0ed48333c2170f92cad6e60cf53bda1a5120976c14c2c24a3035eb999fcfccd472ce701ba8150c687753e69e376ff7608e88a8129ca4c027641d73afde9c6e0d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MLBQD0LM\www.youtube[1].xml

MD5 031cc03fcddbd7c0d6552171880eeb77
SHA1 fbd57ea97819a9a9a778a41f5f6d4905ad0037a4
SHA256 e219f20191b522ce7d832e1ca6ad2be28dc9b315ca2982263963b2f84dec330f
SHA512 8167ab773546c689ba2aab7cdd416f36c2841801fa3a0d76de9be762503ab32039da482610bfb4483cd0134491ae0ece808e61bba478636464af2c471b10f185

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MLBQD0LM\www.youtube[1].xml

MD5 58116e0ca99de71f15c3381285ff2868
SHA1 a66fcbb8182065eb4858869b66c8443fc32c443f
SHA256 46de5304b05f95fe0112b170e046324542ac9f5255c28db439f297ad91cfde23
SHA512 eb16f394d149af0a5de288eb94949f1ba0f4f8eccbdeb59c5bbd6fed60a01f388c6fba3fe936ea3c70ea9a22aad0161a359abcbd715d26f997053a2c4cc15456

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MLBQD0LM\www.youtube[1].xml

MD5 431f020b62c88a0e33b94c833c3dae3f
SHA1 755130c29f4766a544e72e404c44899b95ead5aa
SHA256 69e441e4a48d517de03e53fbc1e28d83cdac8a5794c1b1b5b88e1d489071b13c
SHA512 cd2ab471555cd94d55d6be6ce7516882047c03c9c48632f575c7dea82ff761d21c78bf35fe26e7c4998b5684e9fc97d4b96b3436af29396e7dfb51d32648a788

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a6af33d1a0e4fe5f7a6ef680add8845
SHA1 c8db675822860d49d6666ee6bbbfe79051707410
SHA256 28344ab7f65a89e09fa4be1e5427677cf2b788f76d6ef17cefa113dd57e2a6ab
SHA512 7d2ff30fdb77903d6ed5f68e7c3ab42ce381ce7ca91a9015066ae4c0abdd568e6bf512ac5e34c8ab3d10fb3c3f7c6930ae0ba50eca7e2b9fe72b965aa7aaea7f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7374dbba7df551797f1cd2ea8cf913f2
SHA1 4f505b279eb5d35fc816d428aaff36f9247aaff7
SHA256 5bfd421fc519c5d90ce8b5f0919fba55cedb73705cb757ea2c35ba41a517af0b
SHA512 5860f127650faeef6d7594539e428a20bc855ee3948fb0546e2bb66f7483027a167379cb16ed1be2c637eafbfdcc5ee95a3664ef54184330410ed4cfdf18d2a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 302f4eebd59ef4a241337deb18e9054b
SHA1 0fafeb33eb463295c9160e85655fd11d4eb6971e
SHA256 4b4272fbf19bd4a34eda495f9b11d68065e067378c867787aee3c1dbb758ff5a
SHA512 a85537fa45c1365d3f77cd07d2df208add278262fc582018d7d0079029a35d6381904132d93c26702256e976de5c963f1a168ce4105800d101e881ad31cf779d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 65b955473858deb30aabc9c635f16fd1
SHA1 a3e953154341aed7f57370766877f5c0d6f730d7
SHA256 44881b8a1fb618f3b7cc969637e1c54a6537956fd369b4d328822adf4db8f1e5
SHA512 15edf891a4604d59d3e6ede948029853e627a11bbbf33a0019bebfe5845e08de02f9f540d7e08a0487e404c32172e050fb5c1a93f2d46623f1e78789ef142a5e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e8eba150e95afa3d00178cbe4622e2c
SHA1 45111694e6c489c812db88b85eddf753901d604b
SHA256 658a5c6c1212554e01d07477df220efa9795d1e9df322f319366129cabaf81c9
SHA512 cf621fc8e6f1fffb06fd8d3407655d5a148041e688702c0978415bb308731a75cea1bb07a74f0b7f55cee145687d045b7c1cd52d2225cea17917d1e31c1f3154

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b59e783fd62fa8b1f8db7ea90e01cf5
SHA1 e51084f5e1977acaaef4057fcfdcbc956432cebc
SHA256 ce0a3c6096cf47735f40b27196f37f646d89be2c8e1838697bd9879d2b805d76
SHA512 2f449bc9e300f99db189ef75a10567f42e170d75e410158a89a1389d22ed7d1858e54e28d1016cddda6276596fe7ae899c970beefed16eb844587ebb65cadb65

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d683f9d3bfd2a708919b28920692028
SHA1 fbf06653086571a054941e08ea207c6ff96e9e52
SHA256 1db92ffe5b051d8ed19e273de84009b40d61bcf305ded03f125cc92f1b6b52be
SHA512 ad03e23894c69462b524a9cc0a6c47d6b276cb0edfb5cff952c4c42f47b727eb731b09949083e41e1b8bbeee9a7ea3897a48be16a72f88b8d2e321cf296485d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d0d6fd4a7bb58f409de089dd5ced2fe
SHA1 b65af0c92f4a3f2788815353a0eed99f9fe61b8e
SHA256 84ae4da611c185fa192ed24e14bd8c3a83f1bced2e8eaca43617d3366ce9c51f
SHA512 1e0c4bff6c021997fd009b02ce74c08be73e2c728b38f73b6a6b5f522a73061c28a86bf31a07088bfde46a87582424c70e11a919d2292a037f606e30e7791fb1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 af6ae0a1868c390c375d650068f89ab1
SHA1 5ba421710b9a2616a62f326cd3e1e2845fa6a90a
SHA256 8e13ceea01e7fd575ada12c2750d16e7ded11ecd818d1d93829d2a4a3796d321
SHA512 0d9cfd5a8f76f3574590f27fa99e0efc7fdeb488ac8e64c4c938e8de6f960db62e647a09e3fa72638d21201625e192013836994537962065157c882bff3dd663

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b54f2e61b7509e53a2922944385b7e75
SHA1 c7c8faf4da373c75fb75af1bbf4f8f9c20145dd4
SHA256 67ced1a67b63b30416319dbd54e905700b26aeadc98db83004d973b5e59a500e
SHA512 273ed40303a601cb20bd3362d305c6cd469ca826e69875418c81ea84be5e9e1cd7bfbd34d33b10f768c790feb3eee095856e36bf54efcb71ae1f22f83fb08e82

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MLBQD0LM\www.youtube[1].xml

MD5 de0964f74d48937c2ba8a80e29287fce
SHA1 f7e61bb290774b5c6d739658123322d9b1c43964
SHA256 52aead9d1e20be47427f0f4964b827c3c66b1d882aa9a5167c1159c78a2a939d
SHA512 4c1442c806a57d90ac734f68a1fc252c35a818ff2ef064c9acee77bfdb4272613061c93a7c159ebf5df787cf0f2a6395a1fc3c7c27bd5aee9ab8e22aa06f0978

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9077f79fc08167775a0e970b79c798f7
SHA1 c85e7a3726262636fedf4390678ae19fa6820ca3
SHA256 7b6717daf8bee273e7f0c5b606dbf25c97f76566f8a2bf58f2c80f8b80205760
SHA512 86e93c6be0f0d9d42309e2b6b42851996f74d3a10ffa6200981c2ce4846fa49f9d8b1b0431b5d4a20b96775c36af79abe6ff81fea137550f6cc83600bb8ab0ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 15bd2e1b72ad80a94c4db2ac41646830
SHA1 29b472b7cea537d20aec6202b4209e4be81ce7fc
SHA256 bdcb0490ab5b8f4ae6a4fa24652e116790341d32aae3c050d48e1be77c41bcc4
SHA512 be97e712d03e0ad0274f4167409d78bc3ecfa5915e1e0f0f7b92d62b231d217597f43726eaaa499765eb509eb55a537810d849ef52d3a921e2ed860c3e45547c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 f1d370b34ee62a698c8d4ee2fdf192e1
SHA1 cd12c987582ee7a3dc076c77dc196901c6b6ab14
SHA256 7538b15057520b338db1a3591b9a17b0b6d29e2ef0efc43afa1cacae85a14f10
SHA512 0e0cae4d2f8ee52f4bec2fcb4d1c4e1ad3d371ac6c4510f6043fb92e81e76c66385b970f860312e21f651b756f7fec71156b4d335085d6b24778d8149a68cee5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aa2d8dbf88f1400b476dd23b1599c7bc
SHA1 782fb1f3a58614296e0dc0de5992789b93489e07
SHA256 6101163db20be64bfa38fffb76521503f76b98192e8c5b1194070f10d3ec4bfc
SHA512 4f05a9928ac1edb6d70664982e87b86ddc34c63a66167f37e4d28f988298d969655db8226ca5dcc524329d20e933eaed83cf68bb7765dd4a696e98d05e8ec19b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5777d1d638a7fd84bd6cf4a90a8b2f8c
SHA1 08e8b1616496834107c20126c324e1c27a585d5a
SHA256 46961b43505ba23b0f26bb7297fd996167f2d808d94a51de7c1c5ef6e10a0a85
SHA512 4d853ec6dc8c45f042df199e7d9defa513f0d7804e9d4c5b8e816fb8156e13912807c5750ea28b3a01a3fcbcb0374a2266ca73771da4317eb6d4f9171aaebd3e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d5499bb1705a1d44d82cb1073ff3512e
SHA1 7b841163049aaef814f94bbe15bcadc1c02a1019
SHA256 ae8160c5015f260db1db7dc8b420c88267fe9a7da8aa512728832f44ca8e3778
SHA512 54433f65328f78b779e77cd1ecf05f555b1f2f3c7da30e07ea9768abadf7d0df8cb0d18297f131769aa19d751603cff301eee758c4377e9013697acd717a01d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 daf1733e75da5bf558dd2628f53da12c
SHA1 559292ac6c55e41ae9ae28f82f51d5c309bb6478
SHA256 24897797d1f670513c4cb872a98c9fd76308fc0b9b823b5ffee479a83f675117
SHA512 46e09fa553187698c241af1bd76b9fcd7eae24c85336a81663bff1e8c5fbc135699a9924a4aac200f7482e6d554ccdeec7c621948a0556c3b62c3f218cd17f7c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7932dfea40e1ce63d59defbe598cae91
SHA1 63aeea3125614801cf0cb5c4d574b2bfee154587
SHA256 ff9f2dd9193345b59835593d87ec4a1546f06dee253d8767325858bf20585c6b
SHA512 a9c39478965aca9a7124cf81b05e7e437f650bf60198376559fc77e7503f3ffdf25d5fac9d678949a12cb482fb28946b4b7822b21d1dd7e2327e8075059369d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 019e09cdafcf52a2b5d4adf3e716b9b9
SHA1 f7db2d9c77b3388c06a31265ecbf688b90199f1c
SHA256 8ef15fc06cfaf562cabcccedc7596af10ec2963bf1f6e3cf545df95709eed7db
SHA512 85739417671f52b5b4e6822bbf706a098cb62abdee0b940da9cf3cd70a6244a7a762ac34d129f29b53def12d789e235e6b3bc33f95df09cfc38263425910b225

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6591e09967a168fe0e0590d0f14a20b
SHA1 cca57d1e875915a717a1626fc753f0d52d11d2ba
SHA256 94f4434ec450728fbc53231258224ff8051950a79d7fdb4111590909e6aa7602
SHA512 0ce7391b5defe9efc07bcdaa600e05f4a70d1031af1550af115239f96565b794c52bc516e099c5b99e931e7924e9f4e88ac9747c61ed152936f793b452cd21bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 418359bc3a9afb6be599dd77c4c430f4
SHA1 a9185be06f7dd14e974d087207f88ce19dc8a4cf
SHA256 ee26f1ac85c4a8ef16d61e22bbfb9f38c35478bd9bd78e8ed99ae4a9c309447d
SHA512 9bc448e98b3087e3fb6e5fce0c0409c81e54a50e16e422aa80b23caadf04089220a2a300463badbdea069f80c65724be10fbdf1d9f0818ba5bf0c825e36596c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0fb8b6d1a0edcda099d2dc0be87aeb19
SHA1 88a8cf9d31e6a0419e765243539dba193337a5ea
SHA256 8777c2988866cf942975121f19213fa861273e13347b649bf272808c3c3da73e
SHA512 df138855b4e4e71cca746255aba2db36833c3519ba06ce2b01a8b91496ca8e1ac3a9428561178b1ff2aa4e9af70b64a7ef924d6044c60ef013cc2c528fc98054

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01LB6K3J\2254111616-postmessagerelay[1].js

MD5 c264799bac4a96a4cd63eb09f0476a74
SHA1 d8a1077bf625dac9611a37bfb4e6c0cd07978f4c
SHA256 17dce4003e6a3d958bb8307bffa9c195694881f549943a7bdb2769b082f9326d
SHA512 6acd83dfd3db93f1f999d524b8828b64c8c0731567c3c0b8a77c6ddcf03d0e74ee20d23171e6ceac0c9f099dce03f8e5d68e78c374da2c055973f6ac2db4e4f9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0I0VVMWQ\rpc_shindig_random[1].js

MD5 25879c1792060210aabb2cc664498542
SHA1 349848a5e88088b22fb4762ca2a619d1a7f40d97
SHA256 1c0dff80b0111b04f387f0c39fe8d199e909c285f5471da80d6da78c79f9fc79
SHA512 845cb435d102d39b001e7f00d7528dbc3f8505809f5fbca039587ed82d9790b16c9179de8877fd48f2fdab11e7308ad003303821217213a2b99e60d9915a9c88

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-14 22:48

Reported

2024-12-14 22:51

Platform

win10v2004-20241007-en

Max time kernel

146s

Max time network

146s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\f11465fd4a1d0d74c9efe372fee7cd23_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 764 wrote to memory of 4540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 4540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 1616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 1616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 1616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 1616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 1616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 1616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 1616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 1616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 1616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 1616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 1616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 1616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 1616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 1616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 1616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 1616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 1616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 1616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 1616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 764 wrote to memory of 1616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\f11465fd4a1d0d74c9efe372fee7cd23_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff7fd646f8,0x7fff7fd64708,0x7fff7fd64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4069681964053572885,7676251722549976604,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,4069681964053572885,7676251722549976604,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,4069681964053572885,7676251722549976604,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4069681964053572885,7676251722549976604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4069681964053572885,7676251722549976604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4069681964053572885,7676251722549976604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4069681964053572885,7676251722549976604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4069681964053572885,7676251722549976604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4069681964053572885,7676251722549976604,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5332 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,4069681964053572885,7676251722549976604,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6300 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,4069681964053572885,7676251722549976604,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6300 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4069681964053572885,7676251722549976604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4069681964053572885,7676251722549976604,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4069681964053572885,7676251722549976604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4069681964053572885,7676251722549976604,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
FR 172.217.20.162:445 pagead2.googlesyndication.com tcp
FR 142.250.179.78:80 apis.google.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 142.250.201.170:80 fonts.googleapis.com tcp
FR 142.250.201.170:80 fonts.googleapis.com tcp
FR 142.250.178.138:443 ajax.googleapis.com tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 142.250.201.170:80 fonts.googleapis.com tcp
US 8.8.8.8:53 feedjit.com udp
FR 216.58.214.169:443 www.blogger.com udp
FR 142.250.179.78:443 apis.google.com udp
FR 142.250.201.170:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 www.xemngay.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 static.mytour.vn udp
US 8.8.8.8:53 3.bp.blogspot.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
VN 103.131.74.28:80 www.xemngay.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
FR 142.250.179.65:443 lh5.googleusercontent.com tcp
FR 142.250.179.65:443 lh5.googleusercontent.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 142.250.179.65:443 lh5.googleusercontent.com tcp
FR 142.250.179.65:443 lh5.googleusercontent.com tcp
FR 142.250.179.65:443 lh5.googleusercontent.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 www.phongthuyviet.com.vn udp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 internetsupervision.com udp
US 8.8.8.8:53 www.baokim.vn udp
SG 118.139.179.30:80 www.linkwithin.com tcp
VN 103.131.74.28:80 www.xemngay.com tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 169.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 170.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 138.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 33.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 65.179.250.142.in-addr.arpa udp
US 12.171.94.43:80 internetsupervision.com tcp
US 12.171.94.43:80 internetsupervision.com tcp
US 8.8.8.8:53 xemngay.com udp
VN 103.131.74.28:443 xemngay.com tcp
VN 42.112.31.40:80 www.baokim.vn tcp
VN 103.131.74.28:443 xemngay.com tcp
FR 142.250.179.66:139 pagead2.googlesyndication.com tcp
VN 42.112.31.40:80 www.baokim.vn tcp
US 8.8.8.8:53 widgets.amung.us udp
US 172.67.8.141:80 widgets.amung.us tcp
VN 42.112.31.40:443 www.baokim.vn tcp
US 8.8.8.8:53 110.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 28.74.131.103.in-addr.arpa udp
US 8.8.8.8:53 40.31.112.42.in-addr.arpa udp
US 8.8.8.8:53 t.dtscout.com udp
US 141.101.120.11:443 t.dtscout.com tcp
US 8.8.8.8:53 141.8.67.172.in-addr.arpa udp
US 8.8.8.8:53 11.120.101.141.in-addr.arpa udp
US 8.8.8.8:53 133.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
FR 142.250.179.65:445 lh3.googleusercontent.com tcp
US 8.8.8.8:53 platform.stumbleupon.com udp
US 35.153.24.123:443 platform.stumbleupon.com tcp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 123.24.153.35.in-addr.arpa udp
US 8.8.8.8:53 117.66.9.65.in-addr.arpa udp
FR 142.250.179.65:139 lh3.googleusercontent.com tcp
FR 142.250.178.142:80 developers.google.com tcp
FR 142.250.178.142:80 developers.google.com tcp
FR 142.250.178.142:443 developers.google.com tcp
US 8.8.8.8:53 142.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.164:445 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 218.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
IT 157.240.203.2:445 connect.facebook.net tcp
US 8.8.8.8:53 connect.facebook.net udp
IT 157.240.203.2:139 connect.facebook.net tcp
US 8.8.8.8:53 platform.twitter.com udp
GB 146.75.72.157:445 platform.twitter.com tcp
US 8.8.8.8:53 platform.twitter.com udp
GB 151.101.188.157:139 platform.twitter.com tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 embed.tawk.to udp
FR 142.250.179.78:443 www.youtube.com udp
US 104.22.45.142:443 embed.tawk.to tcp
US 8.8.8.8:53 whos.amung.us udp
US 172.67.8.141:445 whos.amung.us tcp
FR 142.250.178.142:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 accounts.google.com udp
FR 216.58.213.86:443 i.ytimg.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
FR 142.250.179.99:443 ssl.gstatic.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
FR 142.250.179.98:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
FR 142.250.179.98:443 googleads.g.doubleclick.net udp
FR 142.250.178.138:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 142.45.22.104.in-addr.arpa udp
US 8.8.8.8:53 86.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 163.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 98.179.250.142.in-addr.arpa udp
FR 172.217.20.198:443 static.doubleclick.net tcp
FR 142.250.178.138:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
FR 216.58.214.174:443 play.google.com tcp
FR 216.58.214.174:443 play.google.com tcp
US 104.22.75.171:445 whos.amung.us tcp
US 104.22.74.171:445 whos.amung.us tcp
FR 216.58.214.174:443 play.google.com udp
US 8.8.8.8:53 198.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 174.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 whos.amung.us udp
FR 142.250.179.65:443 lh6.googleusercontent.com udp
FR 142.250.179.65:443 lh6.googleusercontent.com udp
FR 142.250.179.65:443 lh6.googleusercontent.com udp
US 8.8.8.8:53 www.phongthuyviet.com.vn udp
FR 142.250.179.65:443 lh6.googleusercontent.com udp
US 8.8.8.8:53 va.tawk.to udp
US 172.67.15.14:443 va.tawk.to tcp
US 104.22.45.142:443 va.tawk.to tcp
US 8.8.8.8:53 vsa98.tawk.to udp
US 104.22.44.142:443 vsa98.tawk.to tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.193.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 14.15.67.172.in-addr.arpa udp
US 8.8.8.8:53 229.193.101.151.in-addr.arpa udp
US 8.8.8.8:53 142.44.22.104.in-addr.arpa udp
US 8.8.8.8:53 vsa109.tawk.to udp
US 104.22.44.142:443 vsa109.tawk.to tcp
US 104.22.44.142:443 vsa109.tawk.to tcp
US 8.8.8.8:53 vsa118.tawk.to udp
US 104.22.45.142:443 vsa118.tawk.to tcp
US 8.8.8.8:53 vsa13.tawk.to udp
US 104.22.45.142:443 vsa13.tawk.to tcp
FR 216.58.214.174:443 play.google.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ba6ef346187b40694d493da98d5da979
SHA1 643c15bec043f8673943885199bb06cd1652ee37
SHA256 d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73
SHA512 2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

\??\pipe\LOCAL\crashpad_764_EUPKWPVGHRWZNDSY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b8880802fc2bb880a7a869faa01315b0
SHA1 51d1a3fa2c272f094515675d82150bfce08ee8d3
SHA256 467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812
SHA512 e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 eb9190893be77144c704316793591a65
SHA1 cd0b17a05522da925032087cae43b88390f8ae4a
SHA256 59ee305d16f5d15d822c5e668648cebf54c07b1385022b5f1f00304df87d4645
SHA512 a28ca8c7b880d47269925db60d0663ae706ffbfb8fef1b3a2bb903547940dcdd2411d990d6863da41cb932fed55b0225b7ac3493cd760ab64b7305d2b1a39cfb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a8b3ff5bdd40d635c632c98008186f96
SHA1 eab12726c5cc723fa14bb03381ec5b80938ccaf4
SHA256 0c602ff8a61e5ad1cbe9cb73cd7db330f144fbeddd3a4ada036091a4f14e184e
SHA512 eb945674f5db1041ce4152d3a27aff297e0b9217332f2c6b31b45d29426ea57b5db3e89b797abeccfadb6569f93618f8f700be919ba0d64a3cfa557a261d5aed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 47adeb48a5e5289f64cd375b31e087e0
SHA1 355ba52753bf681d71ae9faf0b22750bdb879863
SHA256 eed6a159d59d38a2fc5b22d743e28656db55e3ba55f1b079f14e37a7f65817da
SHA512 57cc718fcf5053547ad3ea59c5e6282aeb63d76de733a3bc1b11abeb015631a32cd7d6f4b5cc3a3a774151ca299b70c3bc6a22d9563001a16ea0877b60915e1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6689e4f91ecfbc40916630b045b51ccd
SHA1 1b48dd12ec646d4e34359d1ab6f513875b1b2aed
SHA256 b17d90fce069657d75b1ec6406c3cd11e740167e16b62df78071269eac9eee7f
SHA512 6f2d30042a2558842b3113ffa067cd4db51c40ebaf827440536847ae5bac18927b1fdb12f7335f6a96a28172937fb0a5d259d4b186d0c252fd42dca2a3100c3a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5e1afd2d75c5e35adacfe2a4fc0e5de7
SHA1 04f0c811bd30faad1d9853687015712c00a7e5e9
SHA256 d6d3048071164c88af7543ad4dc9b39d05c3b6c722e25430e035e6f59dc80ceb
SHA512 bc6064f557bd8a278a4378a1f24e5ff78c63742ba92f954c18367fe0d515aaee009c083754590de4e1fb8cc0b3e6128b601e7736ae91333fdf3a9221bf8facb7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580b84.TMP

MD5 1a5878624cbe36ecf0a52886c5471468
SHA1 79f59c1a9238bf80f1c93d68aa7588569149a2de
SHA256 5b336b78ea63e411d551d5b481a97b208f5c07935024372c88a3a6ec8f54317f
SHA512 8b1a883a78512d5066c09e0d38fc7f73640152251ffa0322b41eda7d4db782448eef35e8e50113424cba063388dad6e4294183a6efed02482d3ef6201153029f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2669be6752b9b249f44d1c8a60596d4f
SHA1 764de6ac2072db7736194dec95ccf27388a1d4fa
SHA256 ac8ba9de1662163c97c8e2d6a10116aa9e13438972b3dc0bbf8b48173c1e3e4d
SHA512 e4b763ac05e9e3a02c35843e0be7c0c647e5615bf57f9035c020b0480f6369a24df38ab4b6e9a9bc4f88151aee4b4f4916e0889f8bafa0fb0bc92474dd71831c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 2ebfdbd309ee762211b4a2ac39708c4d
SHA1 b002922c672dbe1dd4caa02af24d0b1e7da616af
SHA256 54ae97d445b166859fe3ba6241b97abbac0aa0d158c72352b774d60ba3e81797
SHA512 d1687b7a6da07a72963c96a1e85661046d3d3c96f88445302afa09721fbe211a5fb8881ff14b346b0ebe8a20f5ced21979e9f58e256427e57b85d565bef17720

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bd5c4de1ed31bb191df3423024b667c0
SHA1 e4385f6a112e89c25b4bbcf9ec41081a7f258ddf
SHA256 98b66567cad0eb401aa596f957edac528bdfebbf5df1b5183e4e96ac896ce3f2
SHA512 549fd23b69c6f4f64c9fc3432606e51d5499787d94c7705b0feac5af7ce2eb40061c6058bafd0c6430d4d6ad10f129486a6fe0ba005af0d2010a38d78b29f034

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 96562bf1da2d363aee11197decb7e0d2
SHA1 63b89f0ca12c817edf7688be33a55e8644b13176
SHA256 b364a96fa4d74d50304a6bbbeb1b8412fbe27bb554c5a7fe0c07870cdf591bfc
SHA512 557fb2fbd7ea14861d3dc2a232d44dbbc32a71ae457dd36d83977a601a458850dbdd3abedbf11bc13d1a957204ca517f9bec0c5cad39bbc78bc358e551edaabd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8528b860fe39ed8a7acc4294fe7763cd
SHA1 dade8872b1366c5b8f2ec200de8cb2c75b119805
SHA256 17d72c2c2c98aba5da4d3fc131b1af52033b4519f25e4613841d77392e62b4c0
SHA512 3d473949eee2d4f7d47cabb0f6ea934c540079bb4b466aada608ff4cc0a947c2a69c92123bf7eac7273d5ef4919fe205ffb75e4492bfa4a60bdd829dbed3fea2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bdc5eee7354a83120ad6707f6f3dd2aa
SHA1 ac9d8130c22682beeaf8dece372fe2abd2919448
SHA256 ea93919745d1f2c22465e9c3b22f9709163e58523c88352d59d350d59e1b27af
SHA512 ff32d1bf0c49fc888d7c1c52f8707d1f26b117b58d0d7d949785e4b0f966a41a3dd89de3b788eee0e971e5b69e9f9a64240c67777ee871fad5328f6cb7080f43