Analysis Overview
SHA256
f87db58400241d5dd3b4ad4fe230de47a9df3e3671dc9e8d0cf0e6511d55f84a
Threat Level: Known bad
The file efe5a4a84733025905ce792818777853_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Socgholish family
SocGholish
System Location Discovery: System Language Discovery
Browser Information Discovery
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-14 17:29
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-14 17:29
Reported
2024-12-14 17:32
Platform
win7-20240903-en
Max time kernel
131s
Max time network
144s
Command Line
Signatures
SocGholish
Socgholish family
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F9C46E01-BA40-11EF-B38B-EAF82BEC9AF0} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10655" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10655" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440359238" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 203df6d34d4edb01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10655" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "282" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000093fa58f5b5099941a73ef200923fcf2b000000000200000000001066000000010000200000000c3208e1f8c4744d3da9bec50f736df75c0ae44c8ff4eda202d21625e1817524000000000e8000000002000020000000dfcd86d62c6e2414503ee60b94f9a0180264d3e03a0cfb78bfbfdac6cf6ead7890000000062fff97d71c4d23e54efeedb0d263b814a0c8837ff8f70a71d4a7518368a2cee48c3e7e33ef7422a30ee5141ddfd10bda087c47b710258647e73c97db35d42e523a567af862162c156c6581323d857711f95b49cf00f49f7c844ffc1fd8f74d24acfdd9657e46aed2de664a24f6931c724e0653d9cb52bc7a88a3e825b20c3fd4a67cc2607c02ccfe8fe5ae5752a80040000000cddce0ddc0d0a6eb03ce9a262cf9dd5cdf24221559506cf4f75a40aa932048faf2f99a2a7c83efd01bff2a36194f40971a145156e069799d7f2d7a0fe5a65191 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000093fa58f5b5099941a73ef200923fcf2b00000000020000000000106600000001000020000000918de0a48811f0c42568929c2c07b60391bfee9122d7aef87d39b7f1e8d13935000000000e8000000002000020000000731bc6aae9b02b75036891f2e5fc240659a0396b8add3a48b8503f308ffeba6f20000000c266ed21e3e1a8d6ad3a816ef2bf9cd739b84a13b85cae4c5ae955b1ebbc3cff40000000ff0d9b57b4210410ac5b1501f54fbdde9fbac610e37e6ed15bc2c7c9155a874a1903fb355401fcf7b08c3d2d785f4ed082954cdb4a6f556f2aa145bbf8fd994d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3016 wrote to memory of 2380 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3016 wrote to memory of 2380 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3016 wrote to memory of 2380 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3016 wrote to memory of 2380 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\efe5a4a84733025905ce792818777853_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3016 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | feedjit.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | internetsupervision.com | udp |
| US | 8.8.8.8:53 | www.baokim.vn | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 8.8.8.8:53 | www.xemngay.com | udp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| FR | 172.217.20.170:443 | ajax.googleapis.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| FR | 142.250.201.170:80 | fonts.googleapis.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| FR | 172.217.20.170:443 | ajax.googleapis.com | tcp |
| FR | 142.250.201.170:80 | fonts.googleapis.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.78:80 | apis.google.com | tcp |
| FR | 142.250.179.78:80 | apis.google.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| VN | 103.131.74.28:80 | www.xemngay.com | tcp |
| VN | 103.131.74.28:80 | www.xemngay.com | tcp |
| US | 12.171.94.43:80 | internetsupervision.com | tcp |
| US | 12.171.94.43:80 | internetsupervision.com | tcp |
| VN | 42.112.31.40:80 | www.baokim.vn | tcp |
| VN | 42.112.31.40:80 | www.baokim.vn | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | xemngay.com | udp |
| VN | 103.131.74.28:443 | xemngay.com | tcp |
| VN | 103.131.74.28:443 | xemngay.com | tcp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| FR | 142.250.179.65:443 | lh4.googleusercontent.com | tcp |
| FR | 142.250.179.65:443 | lh4.googleusercontent.com | tcp |
| FR | 142.250.179.65:443 | lh4.googleusercontent.com | tcp |
| FR | 142.250.179.65:443 | lh4.googleusercontent.com | tcp |
| FR | 142.250.179.65:443 | lh4.googleusercontent.com | tcp |
| VN | 42.112.31.40:443 | www.baokim.vn | tcp |
| US | 8.8.8.8:53 | static.mytour.vn | udp |
| US | 8.8.8.8:53 | www.phongthuyviet.com.vn | udp |
| US | 12.171.94.43:80 | internetsupervision.com | tcp |
| VN | 42.112.31.40:443 | www.baokim.vn | tcp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 8.8.8.8:53 | platform.stumbleupon.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | embed.tawk.to | udp |
| US | 104.22.74.171:80 | widgets.amung.us | tcp |
| US | 104.22.74.171:80 | widgets.amung.us | tcp |
| FR | 142.250.179.78:443 | www.youtube.com | tcp |
| US | 35.153.24.123:443 | platform.stumbleupon.com | tcp |
| US | 35.153.24.123:443 | platform.stumbleupon.com | tcp |
| US | 104.22.45.142:443 | embed.tawk.to | tcp |
| US | 104.22.45.142:443 | embed.tawk.to | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| FR | 142.250.179.99:443 | ssl.gstatic.com | tcp |
| FR | 142.250.179.99:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| FR | 142.250.179.98:443 | googleads.g.doubleclick.net | tcp |
| FR | 142.250.179.98:443 | googleads.g.doubleclick.net | tcp |
| FR | 172.217.20.198:443 | static.doubleclick.net | tcp |
| FR | 172.217.20.198:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| FR | 172.217.20.170:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | ocsp.r2m02.amazontrust.com | udp |
| DE | 18.245.65.219:80 | ocsp.r2m02.amazontrust.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 104.22.45.142:443 | embed.tawk.to | tcp |
| US | 104.22.45.142:443 | embed.tawk.to | tcp |
| US | 104.22.45.142:443 | embed.tawk.to | tcp |
| US | 104.22.45.142:443 | embed.tawk.to | tcp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| FR | 142.250.179.65:443 | lh6.googleusercontent.com | tcp |
| FR | 142.250.179.65:443 | lh6.googleusercontent.com | tcp |
| FR | 142.250.179.65:443 | lh6.googleusercontent.com | tcp |
| FR | 142.250.179.65:443 | lh6.googleusercontent.com | tcp |
| FR | 142.250.179.65:443 | lh6.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.19.117.18:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 184.25.193.234:80 | www.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| FR | 142.250.179.98:443 | googleads.g.doubleclick.net | tcp |
| FR | 142.250.179.98:443 | googleads.g.doubleclick.net | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | abdb730a06104969b7a660d11721e01f |
| SHA1 | 2332d561c62d52593e593a909e5dd30ea41686a2 |
| SHA256 | b7ab30778840a1088f6805c42b3950cd980f0b50a6f87a5f9cc9ca0946c8697e |
| SHA512 | f2ee053cbb05f25e9a3cb2252d9e2ba891111bc39a132fbb891dd945bd25c27e5b1f255dc8a11f65273ba65c80e07e27c87ffcc5e1e30289406b8f279542fb03 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | a6940a6453fcf006afef057d894cecf7 |
| SHA1 | f9ca3341c23364d4414d9305a47bb3e05f3183b8 |
| SHA256 | 1a51faeb5b9f0e88c10f96da1e5edaa12cfe016e57c6a8f14f31d559675843ec |
| SHA512 | 005f01a5513e129787180838fb4737d056b5f4fac095083aa275fa85811d0e02b8082843ce507da0332e36800571ad84d4100937947615d1aea37383444fdaea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 667afb3f42cd5c02ae7c90a3536b10ee |
| SHA1 | c32fc8fb88ba6117c849d34a195e45d20cf6e503 |
| SHA256 | b2b5575b8c5178fd6476f2ae6706facb5ea9a3dbeec62665ab58fbc595e2b39e |
| SHA512 | d1f19812f7ab25b1dd2915b1948d98bfd3bf9be04c7770fa68e466c8b3ff222ae8ddf4dc677d712debdb905091e06e51d58de43ca3661f26a89cbaef01e27d82 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8
| MD5 | b9f35ef3c2eb1cc1759c61f15fdad89b |
| SHA1 | 29e7661c4cbc7847787aa50fed4912348a6043c4 |
| SHA256 | 3cbaf06098adb20a9f49d45cfa76f218f082d613ce3e68a0872c091123d4500a |
| SHA512 | db897cacaf6105a80291f34a100caeba9f329910ec440cdbe691dea7c9fd4cafcb8facc9eee14e37dc0d6c7f9bed3751d682547e7cb280e04e2bfbe00d337820 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8
| MD5 | 9e8b40381ec852178cb50de55d344ab2 |
| SHA1 | 595a2844594746cd98bc894158242434731fee4f |
| SHA256 | 56249d3daa7058f5deb832266726551c8173097161b7233cee27579088d7412d |
| SHA512 | afcc1af245bea35522258d2e17b4eae05ba3de5685438fa12a051d459947ac9645fd969e18b8d5a9d7d69a0138e2e03d8fcede62f7735aa41c263a402caeaa00 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_1866E19A9EA470E8F26D259D51C89BDC
| MD5 | 436faab95bf6d1735c00105fce7612a8 |
| SHA1 | f11e1cf3f72656bb15ffdc9308141e245b2ebd78 |
| SHA256 | 6bf70b8e668f0e6db40781d5d612a1c65fab59cd3e2a22b836560fc485eac3e1 |
| SHA512 | 964179ddffddfa2960d59e0979da2b509f1ea29e454514afd9208343c1302eec6b68c8db9f5cc4f30b621396d2e658f560d285ba7372e98fba81e76eeae71e73 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_1866E19A9EA470E8F26D259D51C89BDC
| MD5 | 309825480198111ff53be041837e2b1e |
| SHA1 | 6ab37f6840a7fab0dc4b126e6c1a5d5f2ca0b028 |
| SHA256 | 65df77ab4de13e3c62a153e9d105878fcb5faef619194a4bea127a55000d8c52 |
| SHA512 | 22051aff8da4af08c2f746c925a4457119835a538a8a6b5bfeb52dd61143bdbdeb47a671a3ae68a53f28ce4b4a1abd69f7b9eb32a9f6f2c20f50f619e142c40e |
C:\Users\Admin\AppData\Local\Temp\CabC4D7.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarC528.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QS2MOPHD\plusone[1].js
| MD5 | 2693cd35d818b48f4cd562c6abe0db29 |
| SHA1 | 131c844eb658219966c722b60cc12c8a542ebe06 |
| SHA256 | 911fa262008c6ef2bcf8448ad83a5aa8129c39355b98d957f5c7dde2babf9b7c |
| SHA512 | 4f692bd49811addfe89d14b156fed6513f04ec4be2629086a8b66ddcd6e7b8b7df149fa017173824c30f7492c2320a3d7b9c0344d5e1f7074742558125654f1f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce6bfbfb38d8a9ad98b9f63fdff4cb42 |
| SHA1 | 3d682ac3bc9b17317ebdfb6902324d2cfedcd77e |
| SHA256 | 53ba5f4a1a888febbe2d08f8d5c01bb0aaa2144b8a858c4184f234c4b4145ac8 |
| SHA512 | 45d723535c6fe2e949f11aab3f654d6634c49f1a96a85ca9084c569b24f0507137e69f61649fbe4894fc0dd9c5981958276f5dae08bf90f2cb9998b4ca072f22 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c05ee7d0283d1c00aa01fbbf40ec946 |
| SHA1 | e5282facbf3dbf8fac7db2c6ed4342c000c8c1a8 |
| SHA256 | d53a1de11fae8a7d9f5fd5d765def5d0820f4333495cf95adbb722d068f30609 |
| SHA512 | 7ac296d499f6961474a7f2cfc2935a439d18f1c3e61d75a3da5c5392bcb15e116b7376a4c3bd440ad53e04d47832ef0e9c07e2855ecc634dc825e604f71a4616 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e3a6e1f25678b265276d91a6d7749ea0 |
| SHA1 | 6548f3aa88feb0c19748d70e49118781fa9c12a2 |
| SHA256 | 37285e07fc768cab9533bc73f49dc5f208cdb571849e5f59b254aeb554ffa3bc |
| SHA512 | 34909bbe4d8bcec55f133c7bc5c11c75e6babf66f6ad04724a946a03284aed4a373f0c95dcfb94b72e98e61dc8ecd9e654e4e5c373217962153872a719f012c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f90ee306ef0881bb4e9f1176c968d79 |
| SHA1 | bfacc75518590dfa62857436bdebd2a5a9dcdc9a |
| SHA256 | d8bebf865cdc7fe2760b06d725c5a09ec68e710bba26121796bc3f1462ee5994 |
| SHA512 | f8c1989dd4e112eb50bfa5558323209fa64a82b26e6ee1c01937f73fd7547663bb255e2da274ed8dde783158dfe7cd54d2f23b5cbc817d2f055dfbb78faa1601 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d023022e442c5ffef0d0f954469a79d |
| SHA1 | 03b314e0c8e35c7e25569d18442a726dad9266c4 |
| SHA256 | b8d15bbfb89bb8ce5b4b6befe9b2a854127fa35ee65d76a7380d1a2f97d316fe |
| SHA512 | 20b8fa4c09e3f2f0356ba29f353c84f04df85e0819b8cb4cfce7e1651700fba411fcce3247171e811da09bcf2930f482261b7ca292f18a40a8016a1252579ee2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_8DDCD35A24056C64C2C0E96C78DE15C1
| MD5 | 6ef7b37fa08291a79e3b9f2e4d6b5f62 |
| SHA1 | 055d86e37bf25d666e52259d0d084bf37e4a6f78 |
| SHA256 | c4c19d64a5bea580044c13d3d24349f8f08f9ba2f742cf1b5ed7ca2bce0711d4 |
| SHA512 | a69bd1d5878c5591443082307820352e426318c931b683d56551d8a7ba3125ecdeabb7375cdaf951ac782eefb1f2ecaafbd9ca1f20f77ca6bfd882a6032f84ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 93f34907ee49973370eeb5523affeaeb |
| SHA1 | ce8429384fe70c76235a75b8b6015bd698eb2104 |
| SHA256 | bc0d0a9ca82d889f18d16c19f3507b3ba98d6111f80686e312c021a6fa083ad7 |
| SHA512 | 72458e3f3427e6fb950396813feef2ae4edc31f4b8d4ba967329f2aa972d8c0ee43cde4f114fba779e2b53eb66a9336c580be319678c71320d69ef4452c5a1a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ae522e5bc2fa5edb16550fb295d8233 |
| SHA1 | 6efda24e1b653a69927fe557a3f633346a285585 |
| SHA256 | afafcb85df710c6d54066bbfc26149d9af7caa84bf1eed5c75825e9bb325caaa |
| SHA512 | 41fd2d02f87a3983082843e78a9a21046d29a3fab6852d1e5f9a991a3261568d6a9153338661b95a3ecebb9030b57ac578ed9266a345037f3c7aa6db0aac388c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7f247cc584cdf40a0e16c6024ab2483f |
| SHA1 | bd2beb6fcc64f699706feb78c1224840f410de2f |
| SHA256 | 2f737d46a060b22b7e6f98d870a69842aa3e53af94fa29ff09d1fa95f6af33dc |
| SHA512 | a5eebab6bca6fd352df031e1314afdbbfba9e51e732490796be610644463bd8f23f9de2f59bcc9cb883ed763182444b7d2e760dbd92b73fac82e59eb6f82fd1a |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\YCP5KA2Y\www.youtube[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLSLTMYI\cb=gapi[1].js
| MD5 | 84e3d54be3ffd25a24bf3a514490b86c |
| SHA1 | 490f4a059114c7704703a7c67d193083f551ea1a |
| SHA256 | dbae2441d55a51b1d10c5591a2ab27141b3aebff8e75816a3a4b107fcde4b6f5 |
| SHA512 | 718ddb866adab289ea6ed942b18ee9d74c185d5739c642340b6ee827265e3fce63b768021aa182a8fd540b4a1f82f555dc9e668c4cd187566fe19336bc3464e5 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\YCP5KA2Y\www.youtube[1].xml
| MD5 | 0affb703847c0a46153577fa07b352e8 |
| SHA1 | 77c3f9e483d6f3c1e547dda3e3bb1a242bae68d3 |
| SHA256 | 9837708dc705af24678285aef304dd143bc1e107ea9c14babc83213d6855d327 |
| SHA512 | 6764c9bf2d197e6b18ba76bce07f049b0df6619b30f279e7370fc8826bba65689e8c5e3e07728ee9fe0018ed12b0a0aaa940f35610d75a841b7bd58e0834e46b |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\YCP5KA2Y\www.youtube[1].xml
| MD5 | 18b7ca4474be4f6c7fedd61dc19a4179 |
| SHA1 | 6a4057caf156f8e336282f965c964e608304b625 |
| SHA256 | 56c2b167085ab81dc5b322a53b52e640afc571b7be058508af51737911f10614 |
| SHA512 | b449d9fdbb978ac02980134ee953c25c701ff4e68e5645b5baa9ed5540858650fa6d513b654edb133a902e5268f3ca6b56571cc64dac15c41571c9602095c72a |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\YCP5KA2Y\www.youtube[1].xml
| MD5 | c50d23fa6de72b8980abf1aba8b09371 |
| SHA1 | 0a319f7d3cfbcc63e1cc9b60bd9391f24f087e04 |
| SHA256 | 891b58fba57094716b8df3899077ef32fcb2c9da388b6563ebcc0d9f134f1a4a |
| SHA512 | 4c2b7165d4f8f12b43c253c05efbdf3fe819abbbff95a88808367a64d5542697c4df671cd96a226bf5b1053f959101993566075842c5c4d2f3a09005aee8730e |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\YCP5KA2Y\www.youtube[1].xml
| MD5 | fbbe839056096c6f4c182ce3626d9171 |
| SHA1 | b3f001f366e6b537e81a5510ba89e0fd0b7f1674 |
| SHA256 | 0905580c0b3c8ac522ab41f93823804a2abddbc2894ec9be8013e22d3b3d150f |
| SHA512 | dea4bed6fd1d9f80895137d5ab4d0501dc9ccd865541653624f27c0fc5e2b616f0010fa5e26d3ed62882129195061d1c486b5677722929c852421dc02d6ec619 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\YCP5KA2Y\www.youtube[1].xml
| MD5 | 4c2aa2beef907b530f1796647c569bc5 |
| SHA1 | 08243633622650328c24cfafa61c5be39714ae8c |
| SHA256 | f8245e3dc555e12aac85956735f3bbe0f4f395a254ecad95c96ca513da49ffc4 |
| SHA512 | d4b0bb7b112e81fe865e535f5270fff9d78590c4fd2c70aa715a28c103fbd4708f8b7cb4d65dda75373ebde21c3c4a424d77bc02384ea77d3a40d99ece8ead56 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2c60e7430de328dcc3d9410eda6a5e33 |
| SHA1 | 3d2921ad881a7d8807e8858f1895285fd7f0ec1f |
| SHA256 | f5ce4dab81f11f450b74a75d440193f1a7accb8c8945bf2025ac1bc4c4e1f069 |
| SHA512 | 4d2c4d595dfb1275505f05af5ecdfe08199d18cd974802f50d6aa683958ed70c590dbf815a877bf93281e85459f170afd9534cfe63879dc84a2886f8d0373fc7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b91a936a59eec1462333cb59be33fd0 |
| SHA1 | a4c26ecf78c9762d12f64cec54030b88a708d59e |
| SHA256 | 05a42291aac3a80b66172b0a50a8ac67e4d2e26f53db50b5213ccfe1503bfd43 |
| SHA512 | 0f835ef25ae8446491138c9f91fec8c1cd73dee13edf64781c9d9948ca1e3b58858f65d7b5a37db7c89fba340bceac4ff35ab6ca1597371f25380b9015d26c6c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 96626652fda2ac80b23ef3513fe9401b |
| SHA1 | 7054e116a992fb590c17f4c15fc21cb8a16b5518 |
| SHA256 | 5787f3f7cb0824dd243380daf301c16cb5650eea06395cf0609fc8ca39f8a9e2 |
| SHA512 | 460cf15ad8f0d315e847e0de97c757e88b9c36a6ff8575d910e4f24596872de0ae9c6c2e7945519d135c5568b32b94d54e85be69e12e4df2ec99bb1160dfba87 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e33f86ea06f35bd10bff6a926c915975 |
| SHA1 | 736eea67f9ef29f62af86339412e0530b8d6367c |
| SHA256 | 03cad95eec7e1cc53bccb7f5d7f5eba5be253b7f9855fe870b98e73e8842eea6 |
| SHA512 | 6d252cb633626228b977c3dd69f8c19beea1a9dd5f11008966edfc192e60a27f510b15f689c6c5e92d8500f881365a758cb595d9d6109dea4aca5f118ccecc28 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bfb1c33c287d089626fbfffd4592d0ca |
| SHA1 | b0597ff7e227dc5ba9aca5939487a75022f93b20 |
| SHA256 | 428c5f177eb94ec1e6d93393f63813f0612b76f08fd0f6b9ac8ef3218b825312 |
| SHA512 | 124e986ea9f2067aac47dcf6f3492651fccdf617fe9901e4eeb1bc2f1328a7397354a91a6843b8039a61b49c583626874dd40c5651dae9a35daffb7b5aaadb58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 962f876272ea758663323ae58baa590f |
| SHA1 | aaac54e11a18f7f3c78b671b78fe0c8b7edb42c9 |
| SHA256 | c0e072ace9ee2dd5e6388c494118ba5a21be69bc17fcc313c51c5122095cb003 |
| SHA512 | 236372efac72bf53ca90386a5d90b387ba0b7d48805cdff0c24a47c0ab27287fc917cbb84bff3d5b4712e66d28fc005ccc84365fa7fd232ce75dba66cbb9b166 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a2ed1018b4b38be572bafb3858af9460 |
| SHA1 | 8c18d7656b23f609f2286cbd97a20f3a04954bb8 |
| SHA256 | 035afcd7fa837c716c9883d517b5bfa07d03e6d2bd480aded72ea9b9a8139170 |
| SHA512 | 3e553f722e97940731c95a90d1416fb7c2b29d7d1e0119c2c08d350a58cb0ca0292157e03bcab0cfb6dbbfae30708bf3870bff458e914907c7655f6e8f31f2db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 498b044c4919a8015eceb49874f047be |
| SHA1 | 56d59eb08fd8fd04a9e8269712bc3ba8a6871685 |
| SHA256 | 19ed3cb926e9c88023a3943e16ef2150022f94ffb998f86365f8211f990e816e |
| SHA512 | 5ee66387ba691abd3c9e295c19e5cb184d9814ce410021ceaad2960c41097961decd6b2e786f05e8ede16a7182dcd41d0e2f4ea321e41aec794f1ac16cdb90b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc6a64d608db0ffce10ce957fefdab67 |
| SHA1 | ca5c237a190e3d9ea0abbfaa82f04325c95f5e0e |
| SHA256 | d4ae25d90fdf79faee50bc1bdf7181640577dd8d687f93ddb7a4d2bee8ee888e |
| SHA512 | df88c9de3493effbd4161b16fbf35fd6657508e8a38e052d12c3b44635a9f93418f0e8bc8f64c530abba4e4ac76f7a96e65d7468def3fcfd2fd302df28a31c2d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7707f0e19658f2b985ba9bf92cb20a5d |
| SHA1 | 5b93bcf68bb26c877f3de1982a928e586de23355 |
| SHA256 | 50a379c72a9b776f4ce493085006a74222a19893a4043ccad5a44750ebfe9c3e |
| SHA512 | 19e31394c54f1a36b41d685fd4de6c85a6d4f3e48d298e4e995f17ef02834e757aadb1aaf22e5e2d356e7347e173801365703966f2d8a57f3ec5ccb157161fc0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb69698738db713f80a8423831d73d4b |
| SHA1 | fc3fb2f91501dc6eb668539f6b241d22111ef4bb |
| SHA256 | 1862ad7476cc49247b260593adca9b5511390262016e413772c7922ce152e97f |
| SHA512 | 05c53222f5cfbcbf99e203159f5a0fe5ccd7048bf6e4be464cb1cc2edd7f647cec5a59aaf829bcfd87f8b4e7cab663b007ca5449eb30ed30b7a4d2ecbdc90a96 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 648d2436fd1c0d4c5a443ef1aee84ce7 |
| SHA1 | 7035998f086b1c4f3700df15d75714d9f8882b22 |
| SHA256 | f9d099b2262e4d248800b7922257a2358b1604c1e9c61213616359c2d5e525d5 |
| SHA512 | 7268fc50334a335963dfae3bc12b2754191cf44cc2ea8cea8f1fa892932d46b38de0497460dba606a9bd4425b7217c8ed51dfa87f74fd49de8f74c0edbc670bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 893f3f31e1fb5c91458ecab7dd036063 |
| SHA1 | 66e7c5d99f847012eef846f90b15a0db1e2412fb |
| SHA256 | b2af0efa0947ef56d6252c64f6e61da761237f2de95e4bca22e4bb56ffaee06e |
| SHA512 | b2eb158edc277590a4cfffd0251317ca3c6612345ade1c8894ae59471a48af2fde3d83c238f9a934b4af99e5a96f2c3ff7b43faa457ccb1f4167850ed9fda7d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ac6e6f0394cc4f312f964a03322ffec |
| SHA1 | 749c64b29831596190f27f86046ba5bc7e124711 |
| SHA256 | e513018206cbf858e7cab141c2a3724781a9d3b11038877b3f7eade70f25a1d2 |
| SHA512 | 7afcdd508fec4353153dbed12c1caef31a5a3281dbc7adc7c321167846ad88c275c612bdffa5ce3fe6422e092b17e511000f9af9adbc437a01a16eaa21035021 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3910e0fc00f47e3193158cecf6b3f2cc |
| SHA1 | 82d1e3f08b3d533bd191153f2b468ff834ffa607 |
| SHA256 | 9a692168b9c11ef4c6d23a48856a881df1e63ce29ef7014f82f20b31dddd9b28 |
| SHA512 | 9e9a9f54ead21d67a966323985b3f6e9a195a7fdb5b508ebbeb71a49ab8e68216176c4f0ae4ff040e84ea8b625bdfd488fe62fd9c0f5633866c3012454132700 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97486d2fe72fbfb80621227f31729266 |
| SHA1 | 26391a9155bfdce58a23d98a100f5a5bba2e6350 |
| SHA256 | 033e73f386bf4f59d7a986f2cca250e96ef5a3b970edbc132381d66597187dd3 |
| SHA512 | 1c1510c67dc2111044f51d5b81cd6726d3e05abd05e497666d89928e607f611d3c8faa674bbdf452b75b0d0f98beefe1104eaf666ad3b13d6cfa43b40226a4e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e07b39fa8b8720f9fc51af7e424cf5bd |
| SHA1 | 54f51763d1c2fa097c6bdb29ef8fd7ddfac84654 |
| SHA256 | 78e68e535ec37492e4f33a40b2656c8dc2ab2fe011c9f93014a9630e957770e7 |
| SHA512 | c049c507dc67d8d3d58c5207854d972d1df5f3d0bc4a337575047f0de0fa34b40718e17f10d52540ed522423f10110fc293767bf7ec36a77086eb3887d44c528 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c235a1414dae4ce08084374095f98e2e |
| SHA1 | b8602f88528dd8393b7658b08182c2a6f2ee4859 |
| SHA256 | a832583fdd2bdc2c1f48edbb908b9b0de120b39b85c8e3bf51ada5429e511d95 |
| SHA512 | b64736eea78837b3626e2d6a855eb55aab396be9e60fceab68c76e9fb58ed71419403ebcc416c8332eee61b19c40872832807bdf75d4309394aad46b7dbd2b8c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 79a12ffd97b8f129a8d31aec55a96f6e |
| SHA1 | cc76ce320cc82043509940aaa76133a304df1361 |
| SHA256 | 580f1038c659abb74ab488b1c07f576ba895eecac5e6ee442c225f96e8252ef7 |
| SHA512 | 13d2db5428bcf3f7dd542518ef97ea6109ef74394b765dcd065f0c0b347ba4467533617dd237e9f8aedf2b1b1ca31f324ed21394d92faebc9f6d4ef84d502d02 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 774f536eda9209b724ef5821f4535a39 |
| SHA1 | 5d93cd8a52787e48057293aae5a762894bf4c7e0 |
| SHA256 | 03ac6c428a71e08d0ca33a77180baa41b138e3ce22f376f53e1267b22be8e1d7 |
| SHA512 | 274642e4767103d34d86e0db3b5fa9aede5460172381527ff8f0cbe64c990980641384d047c2ebe7fb1777d758e597f16a3cd6a4aa8a7030af88bc332c115874 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf09270b00f5e2fc438a098f5d2cd36d |
| SHA1 | 5bbba07094a9a3c8b1fa59516c52fa604eb6d39b |
| SHA256 | 09cbae3323c3becf0a8c49eaed69879d0ae4812c57b889e38f34c6ee7c03475e |
| SHA512 | 10abf23af44e1c87b7083d9d84522bd61943375cf8d7587371051106356c854335943ddb22f6bb53f449019ee8b8c0b85d0136ba010502871557892f92bc4c78 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 89cf89eea2c349c5da3965ce54133abe |
| SHA1 | 6b42b5f4fe2b0aded4aec4360f104298a59a21e8 |
| SHA256 | a10073c82c85870f15e6a33ee4c0cf8d9dda89744cf2cf9736aab1d8db8159f0 |
| SHA512 | a892da41962932e496a5a26b3987c40db1306904be96b8db446a0d819920bbe7fa7deef73e06a62f020bafc1e276e258aa1bed6f382b1aee5fe8997f5d63291e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QS2MOPHD\2254111616-postmessagerelay[1].js
| MD5 | c264799bac4a96a4cd63eb09f0476a74 |
| SHA1 | d8a1077bf625dac9611a37bfb4e6c0cd07978f4c |
| SHA256 | 17dce4003e6a3d958bb8307bffa9c195694881f549943a7bdb2769b082f9326d |
| SHA512 | 6acd83dfd3db93f1f999d524b8828b64c8c0731567c3c0b8a77c6ddcf03d0e74ee20d23171e6ceac0c9f099dce03f8e5d68e78c374da2c055973f6ac2db4e4f9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLSLTMYI\rpc_shindig_random[1].js
| MD5 | 45cbe9a36a384fe9273d25ef64ef8691 |
| SHA1 | 325026cc1cb9022ccd8c9c2089597251419201cf |
| SHA256 | d9959cd6fb35fa6a7aef91a5bb9bb5358e7f91271d84130de6d06910076c5c5c |
| SHA512 | 0a70b1b12658418caf529a01ddc4d7fd6c59276c4658028ce2b5f7dcea64ef91f353fce7e67349c8534b68fc53c0ff23c36a7260337dcd307b836e55bec43dc6 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-14 17:29
Reported
2024-12-14 17:32
Platform
win10v2004-20241007-en
Max time kernel
144s
Max time network
148s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\efe5a4a84733025905ce792818777853_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe109046f8,0x7ffe10904708,0x7ffe10904718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,6326189568031133071,12216214564279676438,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,6326189568031133071,12216214564279676438,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2488 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,6326189568031133071,12216214564279676438,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6326189568031133071,12216214564279676438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6326189568031133071,12216214564279676438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6326189568031133071,12216214564279676438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6326189568031133071,12216214564279676438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6326189568031133071,12216214564279676438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,6326189568031133071,12216214564279676438,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3252 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,6326189568031133071,12216214564279676438,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6196 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,6326189568031133071,12216214564279676438,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6196 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6326189568031133071,12216214564279676438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6326189568031133071,12216214564279676438,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6326189568031133071,12216214564279676438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6326189568031133071,12216214564279676438,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| FR | 216.58.214.169:443 | www.blogger.com | tcp |
| FR | 142.250.179.78:80 | apis.google.com | tcp |
| FR | 142.250.201.170:80 | fonts.googleapis.com | tcp |
| FR | 142.250.201.170:80 | fonts.googleapis.com | tcp |
| FR | 216.58.214.162:445 | pagead2.googlesyndication.com | tcp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| FR | 142.250.201.170:80 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | feedjit.com | udp |
| FR | 216.58.214.169:443 | www.blogger.com | udp |
| FR | 142.250.179.78:443 | apis.google.com | udp |
| FR | 142.250.201.170:80 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 8.8.8.8:53 | www.xemngay.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| US | 8.8.8.8:53 | static.mytour.vn | udp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| VN | 103.131.74.28:80 | www.xemngay.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.179.65:443 | lh4.googleusercontent.com | tcp |
| FR | 142.250.179.65:443 | lh4.googleusercontent.com | tcp |
| FR | 142.250.179.65:443 | lh4.googleusercontent.com | tcp |
| FR | 142.250.179.65:443 | lh4.googleusercontent.com | tcp |
| FR | 142.250.179.65:443 | lh4.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.129.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | internetsupervision.com | udp |
| US | 8.8.8.8:53 | www.baokim.vn | udp |
| US | 8.8.8.8:53 | www.phongthuyviet.com.vn | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| VN | 103.131.74.28:80 | www.xemngay.com | tcp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 104.22.75.171:80 | widgets.amung.us | tcp |
| US | 8.8.8.8:53 | xemngay.com | udp |
| VN | 103.131.74.28:443 | xemngay.com | tcp |
| US | 8.8.8.8:53 | t.dtscout.com | udp |
| US | 141.101.120.10:443 | t.dtscout.com | tcp |
| FR | 142.250.75.226:139 | pagead2.googlesyndication.com | tcp |
| VN | 103.131.74.28:443 | xemngay.com | tcp |
| US | 8.8.8.8:53 | 33.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.74.131.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.75.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.120.101.141.in-addr.arpa | udp |
| US | 12.171.94.43:80 | internetsupervision.com | tcp |
| US | 12.171.94.43:80 | internetsupervision.com | tcp |
| VN | 42.112.31.40:80 | www.baokim.vn | tcp |
| VN | 42.112.31.40:80 | www.baokim.vn | tcp |
| VN | 42.112.31.40:443 | www.baokim.vn | tcp |
| US | 8.8.8.8:53 | 110.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.31.112.42.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| FR | 142.250.179.65:445 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | platform.stumbleupon.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 35.153.24.123:443 | platform.stumbleupon.com | tcp |
| FR | 142.250.178.142:80 | developers.google.com | tcp |
| FR | 142.250.178.142:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 123.24.153.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.66.9.65.in-addr.arpa | udp |
| FR | 142.250.179.65:139 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.164:445 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 182.129.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| NL | 157.240.201.15:445 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| NL | 157.240.201.15:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| GB | 151.101.188.157:445 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| GB | 151.101.188.157:139 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | embed.tawk.to | udp |
| FR | 142.250.179.78:443 | www.youtube.com | udp |
| US | 172.67.15.14:443 | embed.tawk.to | tcp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 172.67.8.141:445 | whos.amung.us | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| FR | 142.250.178.142:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| FR | 216.58.214.182:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| FR | 142.250.179.99:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| FR | 142.250.201.162:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 14.15.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| FR | 142.250.201.162:443 | googleads.g.doubleclick.net | udp |
| FR | 172.217.20.198:443 | static.doubleclick.net | tcp |
| FR | 142.250.178.138:443 | jnn-pa.googleapis.com | tcp |
| FR | 142.250.178.138:443 | jnn-pa.googleapis.com | udp |
| US | 104.22.74.171:445 | whos.amung.us | tcp |
| US | 104.22.75.171:445 | whos.amung.us | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 216.58.214.174:443 | play.google.com | tcp |
| FR | 216.58.214.174:443 | play.google.com | tcp |
| FR | 216.58.214.174:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 138.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| FR | 142.250.179.65:443 | lh3.googleusercontent.com | udp |
| FR | 142.250.179.65:443 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | www.phongthuyviet.com.vn | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| FR | 142.250.179.65:443 | lh6.googleusercontent.com | udp |
| FR | 142.250.179.65:443 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | va.tawk.to | udp |
| US | 104.22.45.142:443 | va.tawk.to | tcp |
| US | 8.8.8.8:53 | vsa21.tawk.to | udp |
| US | 104.22.44.142:443 | vsa21.tawk.to | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | 142.45.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.44.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.65.101.151.in-addr.arpa | udp |
| US | 104.22.44.142:443 | vsa21.tawk.to | tcp |
| US | 104.22.44.142:443 | vsa21.tawk.to | tcp |
| US | 104.22.44.142:443 | vsa21.tawk.to | tcp |
| US | 104.22.44.142:443 | vsa21.tawk.to | tcp |
| FR | 216.58.214.174:443 | play.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7de1bbdc1f9cf1a58ae1de4951ce8cb9 |
| SHA1 | 010da169e15457c25bd80ef02d76a940c1210301 |
| SHA256 | 6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e |
| SHA512 | e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c |
\??\pipe\LOCAL\crashpad_1196_TESSKNAZVZIOTAWQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 85ba073d7015b6ce7da19235a275f6da |
| SHA1 | a23c8c2125e45a0788bac14423ae1f3eab92cf00 |
| SHA256 | 5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617 |
| SHA512 | eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8ccc2a5eb4712dea6589471249b716ea |
| SHA1 | c0aec2ce157b51277d7a44ddd23a750ed5c71f0d |
| SHA256 | a7cb02158de0b36cb9e6f138f63da046fbabd12a50167913a11461aebf61be65 |
| SHA512 | 79509705d27971a0de84ab5d44a13bec9bd010e5c855c94ffb0eb1490cc29752ed77823b1ca567d301212d85a0c430293d7eb29c1f10021388fc7995da2ad158 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d0236bc075c02a4aaab136486786edbd |
| SHA1 | fb448572f5aa31ab954f74b522ef6093325207af |
| SHA256 | 73341a10c0445847aab9d719a6aa564595f2681fe71f4087c403244af63fb797 |
| SHA512 | da475cae78ea42c10f8a9e7ec6349ba981b7d776bde0071eee3cc708bdb1857dc301e44d349445901900076f7eff04d6c4d48c873cf90cfc71d60501bce8820c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dd13a1924d87ed7f0dd00211e7da9d4d |
| SHA1 | 8a1427c9b71fded1340899fb393af4957e6a1e9f |
| SHA256 | 40445b8e7571ce8750a5ebd0b2e94c1e98704ad0b313d919ebb7c7b13560f9fa |
| SHA512 | 71c812ccb988e303074798e143aca5e3058fb94d9ae8d95f48fb0d17d607c4fdb607c619636ed42d04f1c6466e36257d31c5dd3669b123785dbdc86d7e4ce874 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3773e0eb0f2a1b584bdc661a08195067 |
| SHA1 | d7533f2e820d1b9834f55c95dc9ac8c552199fb4 |
| SHA256 | cf1b5f5aab0d1908e6ad756ca5f8ade91b6c73696471aaad9691f7c789d51294 |
| SHA512 | 996a2a77e6d2c697dc862dc20f7e3b0f87f05543905a5e6a8c99f659609d36a6ddc51697bf26e20e6dc3641b767e584ef51eee3ff0b32e6e4a9a7e7327ea0d2c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5806b2.TMP
| MD5 | 3159b885a68d05f86c6b2839b384e670 |
| SHA1 | 14d7f9ef7d2df60f475f7cc98c44535f4e3448a3 |
| SHA256 | 6bbf931d81f3d1769d8836eb8040232077c673c5b70438091ed42dd140fcbbad |
| SHA512 | 2bdcc3b89a8daa346aa483e20b14adf9fc34c2efe454fcd2d2e75711772ae756f76c08d72946be300353f0270ccb297eb4f1f465d79c7438a821c067e19e179f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 33db6db4f0d77d1bdbcc996d588e500c |
| SHA1 | 107c09b5fdd7bc5b3d5a92a521f5f1843969987d |
| SHA256 | b96445fb5784aec299df3f9727e440bfe12c0f5cd9b054bee654044f2fc097c9 |
| SHA512 | 3d07ddf55ce98a29a6d0133a7987024c7db71f9fd5988e2fac5683409fc7831a2061dd705ea714897cdc4e27be334333b34e8850fd41f0e2037d4c778948996b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | cbc5214748af2a1e363b0df26697f5f7 |
| SHA1 | 70fdfaca061c46fd9734d7981c8ace43aeb2da77 |
| SHA256 | d591a5414d217de7f83611f7abed5fade0f9c802be9a2313b9b0d7e60aa88d0c |
| SHA512 | d8476197e61d4eb334c463eeff08c79c3294d75fce45356481930a6bcbe459039ccc3f39a43e904eda657f3cc9504c45bcbeca27ab10b7db674a0e44dbd962ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 81493cfa8aee432c19943c805ceaca42 |
| SHA1 | 00ba4b62932b9b236316340c7b688f69e67ce1b5 |
| SHA256 | 026718c8991c6859521b45050a2c8867d60a92469535fe785b642dc5e20d5cc3 |
| SHA512 | 59bb2488c395fa52efb0941e063512cf1ed4075583fb45428c5d4561df1de58a8652608d045cbac733ec46561101657b1cae6ce587f87dbcf7e7527e20f9870e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 09e60e5c3494dafb6d3c7c421670ec60 |
| SHA1 | 47cebee5f33777a375d4f85e43ef8b3f3eef2e90 |
| SHA256 | d59e73ac1e8f317ee243eeab9c10106a77eb2d7aafac0e88b9609a3f774b7506 |
| SHA512 | 80c6f88b8d009cd83f2e1b6f18d9af519b46902b2a1de3507aacf7a2703cc6f6255f885566698d2f0268bfc1a05bae89aaf48c4a06b75d85657944182b8d45f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | abd4425d2658692a095b5f4640ad255c |
| SHA1 | 5dad4d0b7f3df2265702aeb247ac5d6edaa28524 |
| SHA256 | b01c73c22240afb003b8d75f386285a702652397e0e47e04e45de90fa39e8cb7 |
| SHA512 | 2ff226bfdae1f9669cec91df800714e45c76970fe9213a81214b26c085e0c4e717630fee99b00969d909fba524f6d2a4df9e06c843309c7ce2259b0073be2917 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d0323ae668ca083864a2c595055c86df |
| SHA1 | d10636a61e1a6a39d076304514a2233855fe08ae |
| SHA256 | 01e0f6b8f0b67285eb9f6339435a0b8fbacaf227c9294372c2fb3a234c3c7965 |
| SHA512 | 2434d5847bedef36f78e30fdde9e46aa7fed6724a71d0bea1f0723436b4354c22edbae987ae83772f21b8c910415a169fcf8dbeaea3352e6c793c0d2abdddbb6 |