Malware Analysis Report

2025-04-03 14:26

Sample ID 241214-lryjzszmbm
Target ee2b1e6424d2f917fb8e9054af7f3c04_JaffaCakes118
SHA256 cfa3ecdd3c6155adc3734ffaed69fbba1bb31451b9b9c825451b3ccba39c4016
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

cfa3ecdd3c6155adc3734ffaed69fbba1bb31451b9b9c825451b3ccba39c4016

Threat Level: Known bad

The file ee2b1e6424d2f917fb8e9054af7f3c04_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

Socgholish family

SocGholish

Browser Information Discovery

System Location Discovery: System Language Discovery

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-14 09:46

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-14 09:46

Reported

2024-12-14 09:49

Platform

win7-20240903-en

Max time kernel

150s

Max time network

144s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ee2b1e6424d2f917fb8e9054af7f3c04_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Socgholish family

socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440331466" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{50F53BF1-BA00-11EF-98BD-527E38F5B48B} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001eb88046f2b7f648a251ceb2bfe11dc0000000000200000000001066000000010000200000006e22d82cbae7335be7819e5eae8bdef8b6a5abe5b8dc3824a02de0a6728d3779000000000e8000000002000020000000c9ea77aa8ec8d568973c5593fe4a14d32657ad695c33425eefd148447eef7bd5900000007d87d1f08469f2f27678b1dc4da4f2f5daf54d74c81c10f7da6c3666c1fa2cbd6bb6779cdf9f5929da629306840d061bcf75db8b181b89b9df573acc3f15815bf2de5e6300efe3e0e0aa86c7a533adbd8d8ef3c712e640424219eb221b737835e7892312d7cfab3cbfb2c4ea6c03fd7ce984df5846d1d4cd9b86afeb8b3fc4a0c356f80ed75e257d264055d24cebc5ae4000000065f4347ea9e0f80bd97cc7601b371d0d3d4a781294b56be86df8b8489d659a2bdc5b67fecb5d4a2a2c08464567d9b4e0c956eb1f6b50a8d040a554771820e3c9 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10734" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10734" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0e9d9290d4edb01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001eb88046f2b7f648a251ceb2bfe11dc0000000000200000000001066000000010000200000001d47be1126b79dc708d26b2ee7d2cff8bb9e8e8fbc1f87393d05143dd7fb8375000000000e8000000002000020000000f9c431a8cf45d41ae8f33d65e739b261a71a428dcf1c101a967fde88a2f3344420000000809dc5fb6363d9b6ce890d160ba1f64b1862e5ec330ce70da5ea1a67e7ca99af40000000efd4ad7d172ddc6ac25cf2a7b1f2c2cdc4bad4eacd25d69d977d248a3374b535ea8a0f496ede5888de4430cb4825e71015fa0f4a41bdb0b9510a5aec257c918d C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10734" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ee2b1e6424d2f917fb8e9054af7f3c04_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2092 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 internetsupervision.com udp
US 8.8.8.8:53 www.baokim.vn udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 www.xemngay.com udp
FR 142.250.178.138:443 ajax.googleapis.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 142.250.178.138:443 ajax.googleapis.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
FR 142.250.201.170:80 fonts.googleapis.com tcp
FR 142.250.179.78:80 apis.google.com tcp
FR 142.250.179.78:80 apis.google.com tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 142.250.201.170:80 fonts.googleapis.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
VN 103.131.74.28:80 www.xemngay.com tcp
VN 103.131.74.28:80 www.xemngay.com tcp
US 12.171.94.43:80 internetsupervision.com tcp
US 12.171.94.43:80 internetsupervision.com tcp
US 8.8.8.8:53 c.pki.goog udp
VN 42.112.31.40:80 www.baokim.vn tcp
VN 42.112.31.40:80 www.baokim.vn tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
US 8.8.8.8:53 xemngay.com udp
VN 103.131.74.28:443 xemngay.com tcp
VN 103.131.74.28:443 xemngay.com tcp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
FR 142.250.179.65:443 lh5.googleusercontent.com tcp
FR 142.250.179.65:443 lh5.googleusercontent.com tcp
FR 142.250.179.65:443 lh5.googleusercontent.com tcp
FR 142.250.179.65:443 lh5.googleusercontent.com tcp
FR 142.250.179.65:443 lh5.googleusercontent.com tcp
US 8.8.8.8:53 static.mytour.vn udp
VN 42.112.31.40:443 www.baokim.vn tcp
US 8.8.8.8:53 www.phongthuyviet.com.vn udp
US 12.171.94.43:80 internetsupervision.com tcp
US 12.171.94.43:80 internetsupervision.com tcp
VN 42.112.31.40:443 www.baokim.vn tcp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 platform.stumbleupon.com udp
US 104.22.74.171:80 widgets.amung.us tcp
US 104.22.74.171:80 widgets.amung.us tcp
US 8.8.8.8:53 www.youtube.com udp
US 35.170.46.244:443 platform.stumbleupon.com tcp
US 35.170.46.244:443 platform.stumbleupon.com tcp
US 8.8.8.8:53 embed.tawk.to udp
US 172.67.15.14:443 embed.tawk.to tcp
US 172.67.15.14:443 embed.tawk.to tcp
FR 172.217.20.206:443 www.youtube.com tcp
FR 172.217.20.206:443 www.youtube.com tcp
FR 172.217.20.206:443 www.youtube.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
FR 172.217.18.194:443 googleads.g.doubleclick.net tcp
FR 172.217.18.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
FR 172.217.20.198:443 static.doubleclick.net tcp
FR 172.217.20.198:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
FR 216.58.214.170:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
FR 13.249.8.192:80 ocsp.r2m02.amazontrust.com tcp
FR 13.249.8.192:80 ocsp.r2m02.amazontrust.com tcp
US 172.67.15.14:443 embed.tawk.to tcp
US 172.67.15.14:443 embed.tawk.to tcp
US 172.67.15.14:443 embed.tawk.to tcp
US 172.67.15.14:443 embed.tawk.to tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
FR 142.250.179.65:443 lh6.googleusercontent.com tcp
FR 142.250.179.65:443 lh6.googleusercontent.com tcp
FR 142.250.179.65:443 lh6.googleusercontent.com tcp
FR 142.250.179.65:443 lh6.googleusercontent.com tcp
FR 142.250.179.65:443 lh6.googleusercontent.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.19.117.22:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 23.192.22.93:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
FR 172.217.18.194:443 googleads.g.doubleclick.net tcp
FR 172.217.18.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc328f181321c3feb48a23ac7a2adf7a
SHA1 fdea6307a9f81c00cc88aabd69ba8d169b64c6a6
SHA256 3ac2e112d5a182cec6749d0310e2879a05358d3e8ee1e80959f42ddc5f3a1e7f
SHA512 2e4c41d4ce9a77168baf1219d50e9be486d80b1fc768eaca26827c320811682b17e21f139c512b9ae90bf572bde3526632755cc19b9e0b715c7163305255d8f1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06977d3654714f9f0da2499377c9629d
SHA1 b96955305e1b3394c6c21172aae0340712a5ee2d
SHA256 bcd20347d147b7db17af6dd5d3be5cfb09a1e35f406f37d835475a70b9b59d90
SHA512 560c62084353001f6bac1dd331d5f5eedf289b81d0e25dc2e2dbd9f4cd2d94383c0b918e13a20c2942bbbfcae0585cf59bb278b7ad498c44738121d1d0cbac07

C:\Users\Admin\AppData\Local\Temp\Tar1A3A.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb37f30566c4fe3aec4d84802d7f4f76
SHA1 d6e4c0f38b695a9a2fae35d72e23a807b4e551ba
SHA256 0713af5e232826a80b610cefbe4ddefd08b78e56f3fb04a987702eb4208fe406
SHA512 14ec7a1e04c16b07e186e5dac217b2e14176bb393a62143f5ae1b1e0ac05ce99f2da0c0a63ce213abf6e1f691fba8478dc3bb2e7ba7cc106cc54798187b8a682

C:\Users\Admin\AppData\Local\Temp\Cab1A08.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_1866E19A9EA470E8F26D259D51C89BDC

MD5 309825480198111ff53be041837e2b1e
SHA1 6ab37f6840a7fab0dc4b126e6c1a5d5f2ca0b028
SHA256 65df77ab4de13e3c62a153e9d105878fcb5faef619194a4bea127a55000d8c52
SHA512 22051aff8da4af08c2f746c925a4457119835a538a8a6b5bfeb52dd61143bdbdeb47a671a3ae68a53f28ce4b4a1abd69f7b9eb32a9f6f2c20f50f619e142c40e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8

MD5 9e8b40381ec852178cb50de55d344ab2
SHA1 595a2844594746cd98bc894158242434731fee4f
SHA256 56249d3daa7058f5deb832266726551c8173097161b7233cee27579088d7412d
SHA512 afcc1af245bea35522258d2e17b4eae05ba3de5685438fa12a051d459947ac9645fd969e18b8d5a9d7d69a0138e2e03d8fcede62f7735aa41c263a402caeaa00

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 31bf544d8de3b0530840b7d5a1f26ba4
SHA1 ad59649abb62db1e7312347c70b56cfd6db4eda3
SHA256 37fe2810add52e4c2436e130cabc16efd12bf2233dfbe59616c7a976327da75d
SHA512 c4189531ee562d560c2cca0b887b6fb4e7fb1bdf5c9b2a3896262a4e5872f58aa3ad9d834b9c710652749b4e6a7d654f3472900a5ab266ace81b32ab4d005a51

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 a6ac8f05ae2ebc4efd0aaab8a9263ca9
SHA1 45287836505717c08ca18809439d9b2e1fce9794
SHA256 4052340ea053ca134560860b9c5a2da65620a9e23888031c91e8369db7a65d62
SHA512 04a573f508aa6816b38249defa3e349ef70103bca151a7c7fce1805627c6bb17ceeaa3427723b8e77d72b010643762d9b048c376ba4fc3cb92dbaec22b0e1aae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 e79951840748a66867b5e4ca116b5cda
SHA1 698c4011e00200417175b9845f37d1e845d1a06f
SHA256 a05d8f8cd7d740f6f1387aff27f335d1995d1442045d298ea44f2f889e497368
SHA512 e9f3187ed4d71f4a785aeb8494b6788ef05e0f31a6eaf4e71c5f7a5130715f0b409df613bcdb230dfe485d59126be424d63cf69a0e530ed6a54a717598b98b3f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 14087a7b46d364e8b37c5af5efd5a765
SHA1 788b7727dd2d75bd4eb9a6fa12a097da6d15236d
SHA256 298176dc5d15e195151faebd1b167188efafcd47b168fbd37019dd1e8ea87a66
SHA512 1c62e58396d9443d7c0aca02e3baabc337ca79e12dc691d1619755c90034c1968605403120bc8c949356970231a8c98ab34577f6e7999a59f64ccd20d7e47d33

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 3810dd33518fc2fbc6ff9269933e2ea2
SHA1 bf8ab88204f2ff70861b224a7789c9caf12a2ceb
SHA256 e8f358ce73574ce5c466434cfd4896ef9711a70d914480b4d877aea1ce333d5a
SHA512 be3135750c1eda9192f2faa8c096a8a354cdcdd3c1d818002896850f031e0b64385e1790103b24352367f3cc6b4d50599abbea4628ef6dc29182d96411a9a18e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 46a380a1793c431399503eb933ce45ab
SHA1 ec0e62fe1e76c6c8c621be63a48013f1e2693ac8
SHA256 59240c869eb6b6354afc7ebc0048898c95f72872f11da20943e0e0bf39318e4c
SHA512 076428aa41e47f2e055f537717857107d9e59bbe60ab435458ebc58a7f20df504e3810936ca902fbd9a24eda2a0af70ea1b7e730391e00ad4e03598fe82ab0c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f70d0f56c1f188c73fdde6c9577cc9c
SHA1 e3f997809acf02eeadc9f3ad110b57d69723399e
SHA256 2ead80f3553e932a17c2cb1b84e8050db07faddfcde533141be6d7cb3576b070
SHA512 2d8dd7af1b5d488e0c9b1b653b0975353884e572cb99498de2791eca29b7868ba24654d5e4d25842c43f0a487ece781d4e6dc91d2ba40668966d83f90881ea65

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 77d8a4fda24e5b6bbc52d97310569e86
SHA1 363223c1e324ed6e396595636af452383ba8822d
SHA256 f850b113966d8230302f73492dc8c219f44efa438aff5d3d7319d23efc5ceda3
SHA512 11120d9106e9b2daf25e9cac179a0e96de817380d4d733c8d962c4de1eeff98bd31a756f535a858dcbd06ab19ddad9bfc85c3bfa8dc640b4e03e6f06abdc01bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 446e393533861c980e883bf6a06285a4
SHA1 515c95a0ac179d70f877c67f9cb92c34f3186f5f
SHA256 2e58fb8331a1402ece2a7aa5ad0fb3c789fc0c6fb790024fd6bb1d949c996bb0
SHA512 653db928f11492d088262711b54048c6f6ef2b8a6b17bef442aae77e51b8e6b5f8c36987144317cd70fa82c9dea86b46d5244444a32d0d601632cb2984efdbdb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff34c47c0423ac4eaccf391be94c1da2
SHA1 31ef439672b8194858507f9e92afad103b91f868
SHA256 ff739323f6f69dbc0b08f15ff7d2758eea70465464c187ac17efaa88bdd2c57b
SHA512 b0bebd1d16325b9967ff58303e4f38d8c1a7c5a7cdf041908e81be97fb3370d930d755f28b3693c33ad9076760ce603fd12ac88d307cb5eb101da563815b6bc8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 320251dc6f79900390983234571da806
SHA1 960e15788db9cd3f27ddd7848dc4631e2fac16be
SHA256 4317596ed450269a38fdeecea4ed079b6e23b6e938ca9233db64b4f55dd8bdc6
SHA512 5e3008df7635395e922c1287a0f4cc706821c7fdf243c03cd1e351fa5f231e5c984eacf5bce6036d848d7f37fe7db51799d42668404e27bfee31d6561a223965

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\60GE4NZ4\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a81c8000672dd0180d6a7af8014f827
SHA1 218dfde2ebff2ae67461b4223a2e14f25e0d79ed
SHA256 2fc550d2b1beae8d4739473a6fc095d8b868053648dca932cdf06c092ad06c47
SHA512 649aafdc18f98b0aa8781897df8784283de7e81c486d809449ecded985673775d9294fddb0fa79460832259389afbd75a3c675bfd4dc95dd84e0c71f8fe32f6d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\60GE4NZ4\www.youtube[1].xml

MD5 00e80e75f14d8d873a41479f798f6018
SHA1 446f25dd075252b50f2bcbd4ed9fac0544592cd6
SHA256 89d8ec1906005affbb599a40bcf3e865aa12fefea64fbad097995d26276d59ed
SHA512 91bfe9c41d3c2441a469db48963fbae98d130e84b18e8f0e645115bb44afd222f127f13f2c2a9e4d6cda51e4c187d1b6c2db7690ebe972fa1a3e5d3db67f0188

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\60GE4NZ4\www.youtube[1].xml

MD5 0a8c283b1ec1b73151b63fe4e4d9b6c2
SHA1 1948ebf17678e09849cd4deb45e4e4507aeff1f0
SHA256 5c9053fa389e0cbd4a9c7d5b5da5181202dc9e7a81a242b94a995a7f56696d4f
SHA512 7f48aa065d153b2ae3137fd8015ccacd2405062b1c31466c4b184a17ed17835ae4d48af0907af15dafaaa8f839dadfe4acfcad9beafcc47b55460dfb5b74f7a5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\60GE4NZ4\www.youtube[1].xml

MD5 34e7fefd28a0155e632b78397db71f3e
SHA1 e6b8b7eaa7810329e6772e87107c591ee7386033
SHA256 3fbffcbc366f864c5e2c6d731a7f0b6f6ba5b1989beb347a4ef64f25a73b585e
SHA512 035ebd8af5814c43ffd9ba99d636fd55e347530e70ee66d506362d294a4548d88a5fc6de3aeace97ec8528e2d89ae33415573b2a97ac4ec585c05d6b519a62d7

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\60GE4NZ4\www.youtube[1].xml

MD5 a46a3a7c315ef6a486a2ca836745d7d9
SHA1 2b0a636ed0e11ef9fde201bd531e847fdde47115
SHA256 a566d8e075f6e7beaa0252ec80d356a298bd9fedad0319b96a48b51cd1e1748a
SHA512 dea7c2fa6d3e4128eaf43b33d24571cb98b057634a32a8da8e521ce9b45e11ff8e9181cba747f43bac463fe9a817ca5192c958bc7e58482d4ca237535ec49fe1

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\60GE4NZ4\www.youtube[1].xml

MD5 2bf0a98e1dba0b18fbfbafc1fae160c8
SHA1 a2f7db5f3278b4cec14895f69b78d980ce8a7ba2
SHA256 720eb1817981102ca4900fcfbcb4398d8a755dffbefa980a098eb672cb6b865c
SHA512 56d42980d9d23cb7e76c3d3d001b5905616ea5d2c43208de40d630497f7a59fc700b3b307fb3bcfa77b8d50827a457aea2a7554187e0b9a8af462d6673461712

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\60GE4NZ4\www.youtube[1].xml

MD5 71acc96fd27fd7cc6abf0e56dd114bed
SHA1 20380364e5c1ab3c7143d365e79cc0ca29ec7aa6
SHA256 37125582ffd731a0a23265efd496f220cf8708f0886c55fedac1a9180d886971
SHA512 1767c84c1e7445db810c230e522297ab9740a8b85e0eb8e37f3b9e3118b96b00cf6bb6c852f06b1d2be289e7158a4ca861da4c6ffbe12c1b52e23ecf57c2e28d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6895c3143465b7c216f68066ce371f7b
SHA1 3c4c9bbbfd33041e30eb649109e8c6fe67417953
SHA256 15387da683bd804d90340a34ad49f281a7cdb4ec1d40ca8f15ab5120a49a71c6
SHA512 2daa4065433540e7e82e8d5ffaaf54399d8aa80ac2865e92c33dfab3e1f946796c2e181e6c12a767c8536abc92495ff0c141f7f19083a34626e9727229ea4f1c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c1d9c239b65f08f755e4ee7ff5ea666a
SHA1 88392dcb2a2279b4f2923dad50b8c48f82fa5b0a
SHA256 8b086e60a7236d30a7a73d830b9bd9cb76a7098a8091e960c37cfee144843d88
SHA512 d2cc4becc41d8fa28d0cb1e1aae9fe38e8279877cef78ec788b2c258e258a5069bf753eb3a47d247575d6ca10bcb0491cbabdfab746300e994dd67e7a8ca9539

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a14424b2a0c401da722cf3239407a30
SHA1 831362fcc57c87044e8a9d20c787958b354947dc
SHA256 142c966f355b0bc4f35a914dc260594a0c46c93798ef9d4cf2cbf8603ed0355d
SHA512 1141f77a4061e8057f500b2800a2b6c6e9911d73018e729c979bc130dbdf6518af06daf4684ed1afa74e3265a37bbe685be31296ae48cadd6842d22cb5a1faff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e45592bb97a2a8404857ef6d526cb696
SHA1 30f8291c89281b76e58bf54ea590a2590ea7de01
SHA256 0d8644fcd4e7fd42b8581fb4eef3633886e8ece82b05eb8651326699ae76bd75
SHA512 b83c2f0e3206659f0369a365e28707a4574c45a2a91771e3e169d39b626895cd13ab2763ce5a4be0548a2e5e6e2f1f1504f3ba6c4f8674a3739f0dc520d707a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 65decb93dd1792e85566718d6797b4f5
SHA1 6a36e9098af2a04d1db2a8137048457f5ea26cc3
SHA256 1f63886934cb04cab0a9a33a74e9f5cdf9b1e8a7575ca9463c183ac52301a14a
SHA512 03a6833345bbb385ea7a2e55f54d3f5f9986e641f87044cbaedd4db62a0ec97aca21fd745dd11407e1a7f560fecf1053329be4437826b5a9f8b78bbbd33d79a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 32df25214685294274ec71675e088129
SHA1 1093f16ef8b88fd68bcdb972c293527189ab9208
SHA256 1ba9f406759dbfed20e1f82420577473402ec211966496325ef098dc7615b8b5
SHA512 3649b008686bf094307d64b6ad4e8b0d5b73819a05b62ccf19692e09ed58ca05cf58a57884999ea55c09d6b27a22c3805c72416463989f0149f2976195ae34df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 016dc1fbe0a24237179a8d63f2e68bc5
SHA1 9ce1e954b18dca7e98c73a6303b4f3fd942835ec
SHA256 a2c389ce6892ddf480b2307270449c6f86d095b22f9ae48c9c4b11d3e2c8f2d9
SHA512 9fae2af0126584a1ec8fc3da5c3c192f0048cd07b3fe6510a79c388957077afde45a0647be1a08ddce296f750921e5068ee0c969386394ce9384c94ef375682f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5ad5c27e86fb8cf3cee60f55d3c9e884
SHA1 2ba66974d874cce239f7deb271aed05c3da1a75b
SHA256 5c890353062d23813440c78883c50cf01c059a56318fcf404c1393243f41e4a3
SHA512 0bd73e871fe0781297b8a25278cd4659d0126bfe5c1a7b1fac84ae9a513b16207465a5132e6ef93d0ab33ca3daf8251feb3f889bf5402b93eba79389f0979127

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a93b60cbbc2e1218924840896b194a7
SHA1 8a4ad681292931bff52612a6d88894f476e8c865
SHA256 cb48ae49f3402acbe32b44692a2a589f569a4fd5b44fc6081214c32108e66837
SHA512 5390eaaed24d4c358b658bd8b473b774e39fedf94189d608d017eab944d32d55d3327e5c02d5376a5d063e80bbf1df474b625e04fcf712db79d1e10bff0b4c75

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a68beaa6ab139ded10ead1c1317df27
SHA1 72a697f24a042371566786a6aa9c9c2687696d0b
SHA256 e5a700a24e69e002c3b7de6bb899806bd8a77c079517819439ada30447df678a
SHA512 a4b25f75374d8351793478a448ca5205b851e4eaa0b43087864c04bea49ab5e43c944072a4fd86eb43b0f9cf0dca379722a80f8c27bce85a72d1937511fce2b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c3a3c330f3cb5d4950333230028e3823
SHA1 747ab13123ac0382a556d68dee6672776de56291
SHA256 483716c26b9a27070a1b415a3206049c2713fc5051bbc144642984671d52d320
SHA512 d55af70fcd6434b27f7cb7811cd810dc865b740fce498299f5f048afbb4ecd70850a9f98f4975ec5f80d52afe19c129933d8d7ff860c0631c148ad48669d2738

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 5b579bdc9cadfadef034e082a5a85a61
SHA1 481a377de6022c6f130afaaf70e8f68bec229727
SHA256 b00e3e63c379baf01e5012537ff3fe6e18f67d669b2daad02c60b3a32f5b53de
SHA512 28462d9af3d48695c7fff8f910cdf075432186b222d7bf467e32a4d291309a26506d07c2eaddeb4bcfce47e0ae47deed29cf9083c09333b76971642900848070

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f7d2e058ceb3b32a191e2828a077cb06
SHA1 88251b8dc98ea2d75a4a0cad8055ac2feb310db7
SHA256 794702cf2696e0646be23a9038681e777279b97b185ad06a7114296769600b5f
SHA512 c65461987f7e21a40e2cf60375e3c7d0bb6ef981cb95fc1b8e0a2a37b794ea066ff5631a4fbf5ffb0f32929e3c2054e0f564e8a201c220338220a9d0b8661b49

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1760c4246aabb2f8833b63638d4aa03d
SHA1 146755c49b774214c3edb8bf5a0937a926196cfe
SHA256 55efd8841a996116a14d1a435ca5b07786fc4bc20e4bd3e664a53346963867e1
SHA512 453d4568c2d38c8f85553e54715cdfadcca50c817966b1d025a60b37da3f74de8fa938c2296b778e85f9666de9bc6f6689184a9402ac119425969f0d4c627d74

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 16930570dd2146cbfc091a56265610eb
SHA1 c8adcde45eaf9fa96e3a91d2109c144680ecdead
SHA256 8e78e91308bde6b1eaa73ccd24ad6f980ed740c7d0c8d8a1cc565329a04d2de2
SHA512 e0565db97ea2e8e8bbcd01f19ba5bedb3fef7fab8482dcf522c8565d421f445b5ea6c835e9533a54e3bdb8a74a1ddedd6cf360de45d0dbc271ae4db672c8a623

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4282aaf2bb4f177879e5bc374912c638
SHA1 3642045ea8a9c69fcec78d325682249adc53bc30
SHA256 1ed6569c03c5156196560f2abd63422901d3e752fd810b8712b1907f99dec320
SHA512 01bb469e2f23792f9e9c0b09a34a70930302764e15807b0884d23b83603890038355252b5cc22b3a5ceff39d2094e2327ba7b9491bda40b1f23862d99ea9d1d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 bdbb5781d616b57ad622daa283506770
SHA1 67cee7cb4c5a1d3bfe457ba45a2a56bbe7e8e441
SHA256 8acd45ac8947aa95f8adc82a6934d402f56b7c005b2739772eecbc883c2a73dc
SHA512 9460881939306069cd5ab653905a1ffc81a0d5d65bf73650799ec75a36a64ad20b46f21b6b1d3100e5852da3a14631564a92b141f0bafdd22af0acaeb189657d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f476b898d1c16aeb5e386e772135c589
SHA1 f5293a2e1709db32d1c7818741feac8b783840ca
SHA256 d55f71383eb531fb9094e66e9babd0f079b11498f22b9d551a9b09734ba294b7
SHA512 8326ec8ec87d07e3e61734c82c23692183b30146167e006f217454a85145a8a4dc1cc9107ae4c4a342f2937a638b680d7d2cbffb06d32881cb8fa9b3a87ad3ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 84c08e59e43e80625696bdab717eecef
SHA1 19f9b00e8c1e7180c2ca6e1e1eedd1a5cb06cee3
SHA256 c0e7ce4f5e7f446b70e4616d991d9b4eefa32950826162662b94cbcaf74e4696
SHA512 b9b81f21b436d6c799b25c2b453943c66955daf38b17d161b02c7b15444a30c2c44c4b19d66bc71c8746f6ba788b0225e12bf0d27aae39d95a36eac42af0fd79

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0e83eecf5ae4b9f4ffefc6485ba3498e
SHA1 81e71cae2c225169ecf74af42822549f75c70afd
SHA256 1517e2fbfbc6622b9c321426b67f6640d2c7c74c5afb839af1166ed2288daf0c
SHA512 643826e63b4df86f32ed38c0125d6d200f75b2228300c7bd05dea47d6e56292f9a9e93fc167f5628e14fed27159771ba803d7658705e477688778b3716b03d79

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 77ea79487cf48b106dd331d743b99d0a
SHA1 6e342d642c3e8c34ac20de98fcc34679622ae5ea
SHA256 eaa53ebbddedff0cb8b968a17dbfc27045d292f31101cdb775eb0b351fd99d14
SHA512 51616c0e5cc4c0f7047b39be05a2a753f12e638e2f5d5da26401d022f05a14c7068cdc8478efbcf0325d337c269849edb26577040d195776013d7047f8842461

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-14 09:46

Reported

2024-12-14 09:49

Platform

win10v2004-20241007-en

Max time kernel

144s

Max time network

144s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\ee2b1e6424d2f917fb8e9054af7f3c04_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4972 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4972 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\ee2b1e6424d2f917fb8e9054af7f3c04_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdcff346f8,0x7ffdcff34708,0x7ffdcff34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,10566568160273010315,4660229382140210840,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,10566568160273010315,4660229382140210840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,10566568160273010315,4660229382140210840,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10566568160273010315,4660229382140210840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10566568160273010315,4660229382140210840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10566568160273010315,4660229382140210840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10566568160273010315,4660229382140210840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10566568160273010315,4660229382140210840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,10566568160273010315,4660229382140210840,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5968 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10566568160273010315,4660229382140210840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10566568160273010315,4660229382140210840,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,10566568160273010315,4660229382140210840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6700 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,10566568160273010315,4660229382140210840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6700 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10566568160273010315,4660229382140210840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10566568160273010315,4660229382140210840,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
FR 142.250.201.170:80 fonts.googleapis.com tcp
FR 142.250.201.170:80 fonts.googleapis.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 216.58.214.170:443 ajax.googleapis.com tcp
FR 142.250.179.78:80 apis.google.com tcp
FR 142.250.178.130:445 pagead2.googlesyndication.com tcp
FR 142.250.201.170:80 fonts.googleapis.com tcp
FR 142.250.179.78:443 apis.google.com tcp
US 8.8.8.8:53 feedjit.com udp
FR 216.58.214.169:443 www.blogger.com udp
FR 142.250.179.78:443 apis.google.com tcp
FR 142.250.201.170:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 www.xemngay.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 static.mytour.vn udp
SG 118.139.179.30:80 www.linkwithin.com tcp
VN 103.131.74.28:80 www.xemngay.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
FR 142.250.179.65:443 lh4.googleusercontent.com tcp
FR 142.250.179.65:443 lh4.googleusercontent.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 142.250.179.65:443 lh4.googleusercontent.com tcp
FR 142.250.179.65:443 lh4.googleusercontent.com tcp
FR 142.250.179.65:443 lh4.googleusercontent.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 www.phongthuyviet.com.vn udp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 internetsupervision.com udp
US 8.8.8.8:53 www.baokim.vn udp
SG 118.139.179.30:80 www.linkwithin.com tcp
VN 103.131.74.28:80 www.xemngay.com tcp
VN 42.112.31.40:80 www.baokim.vn tcp
US 12.171.94.43:80 internetsupervision.com tcp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 169.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 170.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 170.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 33.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 65.179.250.142.in-addr.arpa udp
US 12.171.94.43:80 internetsupervision.com tcp
VN 42.112.31.40:80 www.baokim.vn tcp
FR 142.250.179.78:443 apis.google.com udp
US 8.8.8.8:53 widgets.amung.us udp
US 104.22.75.171:80 widgets.amung.us tcp
US 8.8.8.8:53 xemngay.com udp
VN 103.131.74.28:443 xemngay.com tcp
VN 42.112.31.40:443 www.baokim.vn tcp
US 8.8.8.8:53 t.dtscout.com udp
FR 172.217.20.194:139 pagead2.googlesyndication.com tcp
US 141.101.120.10:443 t.dtscout.com tcp
VN 103.131.74.28:443 xemngay.com tcp
US 8.8.8.8:53 110.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 28.74.131.103.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 171.75.22.104.in-addr.arpa udp
US 8.8.8.8:53 40.31.112.42.in-addr.arpa udp
US 8.8.8.8:53 10.120.101.141.in-addr.arpa udp
US 8.8.8.8:53 133.130.101.151.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 platform.stumbleupon.com udp
US 35.153.24.123:443 platform.stumbleupon.com tcp
US 8.8.8.8:53 developers.google.com udp
FR 142.250.178.142:80 developers.google.com tcp
FR 142.250.179.65:445 lh3.googleusercontent.com tcp
FR 142.250.178.142:443 developers.google.com tcp
US 8.8.8.8:53 123.24.153.35.in-addr.arpa udp
US 8.8.8.8:53 142.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 51.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
FR 142.250.179.65:139 lh3.googleusercontent.com tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.164:445 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 connect.facebook.net udp
NL 157.240.201.15:445 connect.facebook.net tcp
US 8.8.8.8:53 connect.facebook.net udp
NL 157.240.201.15:139 connect.facebook.net tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 platform.twitter.com udp
GB 151.101.188.157:445 platform.twitter.com tcp
US 8.8.8.8:53 platform.twitter.com udp
GB 146.75.72.157:139 platform.twitter.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 embed.tawk.to udp
FR 142.250.179.78:443 www.youtube.com udp
US 8.8.8.8:53 whos.amung.us udp
US 104.22.45.142:443 embed.tawk.to tcp
US 172.67.8.141:445 whos.amung.us tcp
FR 142.250.178.142:443 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
FR 142.250.201.182:443 i.ytimg.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
FR 142.250.179.99:443 ssl.gstatic.com tcp
US 8.8.8.8:53 142.45.22.104.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 163.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 182.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
FR 142.250.201.162:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
FR 142.250.201.162:443 googleads.g.doubleclick.net udp
FR 172.217.20.198:443 static.doubleclick.net tcp
FR 172.217.20.170:443 jnn-pa.googleapis.com tcp
FR 172.217.20.170:443 jnn-pa.googleapis.com udp
US 104.22.74.171:445 whos.amung.us tcp
US 104.22.75.171:445 whos.amung.us tcp
US 8.8.8.8:53 play.google.com udp
FR 216.58.214.174:443 play.google.com tcp
FR 216.58.214.174:443 play.google.com tcp
US 8.8.8.8:53 162.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 198.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 170.20.217.172.in-addr.arpa udp
FR 216.58.214.174:443 play.google.com udp
US 8.8.8.8:53 174.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 whos.amung.us udp
FR 142.250.179.65:443 lh3.googleusercontent.com udp
FR 142.250.179.65:443 lh3.googleusercontent.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 www.phongthuyviet.com.vn udp
FR 142.250.179.65:443 lh6.googleusercontent.com udp
FR 142.250.179.65:443 lh6.googleusercontent.com udp
US 8.8.8.8:53 va.tawk.to udp
US 104.22.45.142:443 va.tawk.to tcp
US 8.8.8.8:53 208.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 vsa101.tawk.to udp
US 104.22.44.142:443 vsa101.tawk.to tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 142.44.22.104.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 vsa76.tawk.to udp
US 172.67.15.14:443 vsa76.tawk.to tcp
US 8.8.8.8:53 14.15.67.172.in-addr.arpa udp
US 8.8.8.8:53 vsa77.tawk.to udp
US 172.67.15.14:443 vsa77.tawk.to tcp
US 8.8.8.8:53 vsa16.tawk.to udp
US 172.67.15.14:443 vsa16.tawk.to tcp
US 8.8.8.8:53 vsa32.tawk.to udp
US 104.22.45.142:443 vsa32.tawk.to tcp
FR 216.58.214.174:443 play.google.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d22073dea53e79d9b824f27ac5e9813e
SHA1 6d8a7281241248431a1571e6ddc55798b01fa961
SHA256 86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6
SHA512 97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

\??\pipe\LOCAL\crashpad_4972_GSFKAJDGBCBPXQEY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 bffcefacce25cd03f3d5c9446ddb903d
SHA1 8923f84aa86db316d2f5c122fe3874bbe26f3bab
SHA256 23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405
SHA512 761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e8c5cacd4001ae7f6d6c15dd5739ef32
SHA1 7bdb623dbb192d9ec19caf1a7c58c9971a1889ae
SHA256 6d1570173f0b44180fce70ffa230864a19d0d4a3a0b858462bdea08ab4be26f2
SHA512 4a0cf61b34962d0b19f193889a65649ff9488e0eeee2ed9d4b624fbf553fe820575c633238019120ec691554a42eea66bbe6f3f8e510e6c2335b9a7a1c514e3a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 995f04765383d85b0838bff9e4fee886
SHA1 45be219369884a99526ad5a161b006d0b9a5e6f9
SHA256 550a6a6937b479928166ee27a38dfe4a9823f44dd2d18d2e13b2e41fe6bd63ec
SHA512 4d67a02e700b49dde61e2f20516f34d1ec2bf198a754b6c97170425b9dfba9a82f454ee82192c5f68b93508428efcb96956ba9174b31e7a93aaa66e40059f82c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6754c753bc9012edab66e60033d8e3a6
SHA1 ef94f74df441c9a1a548040df6481be4afad43f2
SHA256 895d0e43f952d78cae429afe69cf47baee9c97e278460422d0ac1c3db531d0dd
SHA512 ab3def0fa48ca0b30b335b56cd05c871cf42432fa4e4a9248834316ea7ff3019f994ea8adaad0326d1e1d4a4f8d4a586d39b6ee99914e31f2c622ee23b56a959

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bad594bddcb5c7295277c40396345fda
SHA1 df122aad4c636d998469ea7d3d33d1ff9b5e053a
SHA256 9e594b532060d33f04b80afc53ce936daa436c05b563f1858606fdb02f90e103
SHA512 2631948b74c8a480a47d84ce4418c24a1e10e2f11613a65f77b020154472eb469fdb33e36f1ba9ad7391c1d239cb95b1007f3d694dfc41ecdd9d23b7911e5fd3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 21f7c100eba817bf556a5f14b95149da
SHA1 24c4742aa1ccd93e4e54d625b0ddc7811c939e11
SHA256 6ca40624f60e29e6fcdfde546ce9e1f830076e3b248a6acbf705bca15ca986b4
SHA512 88d9da52a50325198a33b90282dfa9c8a4e131f6bdfadcf5edac16109d91018b43c76b46bfb62c5b4d783c2afd03978be8271f765e9586c6fb80aa67bcabda82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584adf.TMP

MD5 e23e9e24032a8671f49a3038137892b0
SHA1 4007bd4164b6441821fbfd952edb802e3dbe78d0
SHA256 5c374468ee4fdbae7e1ff264217c48a819104af099dd90c4361bf2e39c12ee37
SHA512 475ac3029eaa204d17fa35d84c27d06deebaa422c3fce68fe3277e6ca10f39b86666040a2a48ba23d731236a132dd73d62fae334cf092ba19af34f7f877131cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 9e882caf47e4f34623ac28a98b7aeacd
SHA1 1bb6f975f4d51bb6748edff4df1284022e93e3e1
SHA256 a56488b5ab19b1616230a165a7f69789e93e6ba6abf332f850786f35f4cf8ce0
SHA512 52613041ad8c03c7d0110d4fc482c2c8b6c00b36a51312f2f57084acb565ba6bd5a4d893132ddcef715bd10868b436e58377ebf817ab562e8492acbdf588945d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 546271226e72f67faf5916426839cb4d
SHA1 de9582d5a2c62a54b6bf13d46b0ad61a0bd0c1b0
SHA256 9f9ed0b3d7742505e807c5743980d3a707320fc43f53b773957e22d8145712a3
SHA512 5474e45cc9bb3477201e6fbce251885ca9debfdd4d82eebde65a576ed57d20f67f60009bd0491ca94a42eeaae72413ff1f5c3a03ee3f94b1de4d1d16600ae3ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0e0bc585644be24378b852e89b288b7d
SHA1 963b51986bb15498b291ccb794d917a933d07655
SHA256 f60cf8fdcbdd0e12a5e8b89d3afa138e715bb1b094b5887b805858f74a80d433
SHA512 e4c8cc13cf6830131951ea4aa3802ce08dcb8833e22fcb734cec9324dd813bb40ca777593f7bf56ed86e9c003bd36fe3d9f96eef523f34882455aceae9cf0240

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c7b4034ce338cc93294d4bea84652fef
SHA1 97557e00107103f0981324e7b38937bba334d9ec
SHA256 ab05d847463826aa229b9d6af5b561f16f174abf72689577e5746b7c9e210a18
SHA512 7388f22af853afc5430a4785d3a6ea2b95341c41f29012fb957e2185b376bd1d567892f00fc089e88091597a3e732aaaff5f62281229dc28e18f9c64d86684eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d374fd6d7605ef27739670b209a99708
SHA1 8c7640bc24ba4ef2bbdb027e12e828407227ae7e
SHA256 35a7f3cd5cba74741e7d99809d350eedba0d8432554cdbfdc0a63d20ebc8ac3a
SHA512 a808c08fc1d55305eb1b7d857d04a15fb1a655528af54abdd1708f71dc829372dbcfb028ed9eebe7cbf05f92d57b058e28e5617f464c07c6678cf7809c5dabec