Malware Analysis Report

2025-01-18 02:35

Sample ID 240613-bqnnaayfld
Target a357434db77dac116428de0b77dbf389_JaffaCakes118
SHA256 9566c1e6a9083f56c0720a34bd8224478871371dfa222c7a0ced5c7b8f7517a5
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

9566c1e6a9083f56c0720a34bd8224478871371dfa222c7a0ced5c7b8f7517a5

Threat Level: No (potentially) malicious behavior was detected

The file a357434db77dac116428de0b77dbf389_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 01:21

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 01:21

Reported

2024-06-13 01:23

Platform

win7-20240611-en

Max time kernel

135s

Max time network

144s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a357434db77dac116428de0b77dbf389_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8630" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "400" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "400" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "9609" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 907adc1230bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "288" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000089b22c8152e642193bfdc8dee601897ca8b9eb3c98e18028e60da84bac5ca29b000000000e800000000200002000000034e58f4f90868db6e17ee80185d54ba70070e9cde8cb2913a01ded7d0102bf7520000000db48edd34aa9e9b9450318b333513deb5c053732386bd20c3bb53792f2b1711f40000000ff58319d3eaee74d1c7184b78b9e8264c4a6a194bdfc16ad58c2ad10b4637e0ff3b4d32338d1b6b08f4c0a239209815b9cf2f4a7db4946c13cc360cfde90ceab C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{36BD23B1-2923-11EF-AAE0-7E2A7D203091} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8630" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "9609" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424403538" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "288" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "400" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8630" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000051f4578e10692b408524a9cab2440116934d30780336e26b32c432a068c0f3e3000000000e8000000002000020000000082156543c1d11317079423c664fcc22a6e497b7e73e103af0e0a93c10380e9d90000000ec97cc863236b75485bfe5b1d38aba4834df6595c8962392a2244c2980b96fa51e7c1d155fcd0c9ccfaf0a595db07dae31e4c8f0d0df44b3ec345b58279c3fa83f0cc789e33f8722be3199c613380dfa943d674d14ea6f05e107032ec0af0df70fec17b7cc0dbc2007c33de63d0fa9256b0991b847215efd88978318d6059a2340e84997627c73ef294706f6d5e526bd40000000dafdc9517e02e5eadae1300beead47fba94a0d3af3b761105287787655e86e01092e05b1f60238db9f166097798f7bcf73995ebeaed8ce104311b1367302e056 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a357434db77dac116428de0b77dbf389_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1704 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 opi.yahoo.com udp
US 8.8.8.8:53 www.noithat190.vn udp
US 8.8.8.8:53 www.doanhnghiephanoi.vn udp
US 8.8.8.8:53 code.jquery.com udp
US 151.101.130.137:80 code.jquery.com tcp
US 151.101.130.137:80 code.jquery.com tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.178.14:80 www.youtube.com tcp
GB 142.250.178.14:80 www.youtube.com tcp
GB 142.250.178.14:443 www.youtube.com tcp
GB 142.250.178.14:443 www.youtube.com tcp
GB 142.250.178.14:443 www.youtube.com tcp
GB 142.250.178.14:443 www.youtube.com tcp
GB 142.250.178.14:443 www.youtube.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.169.2:443 googleads.g.doubleclick.net tcp
GB 172.217.169.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.213.22:443 i.ytimg.com tcp
GB 216.58.213.22:443 i.ytimg.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 fe0.google.com udp
VN 27.0.14.98:80 www.noithat190.vn tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 172.217.169.2:443 googleads.g.doubleclick.net tcp
GB 172.217.169.2:443 googleads.g.doubleclick.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\GBBNEC4C\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\GBBNEC4C\www.youtube[1].xml

MD5 754a9a5db7ff87dccabd3ab012d767cf
SHA1 83ac1da94a1ed4d54cbdeaa0f30e2eb1ae7c3acd
SHA256 19e75b26d2bf8d0052052157e8012320d82428319a88ab13b4fa5285c3f90934
SHA512 516ce12718fcea667559573ccd8040f4ff18dc6f283fdf320dcf8708da5289e9d3d28adf13dbc21b07e755e4c1cf81d241bac346353562de0abdd66191418018

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8DU897P\j85XBmD3K-auBXRuR4gFy-YbXrRwDWE2e6ZsFqyJZWU[1].js

MD5 c31f785afed7c3bd94e48286a26482ad
SHA1 f66156197cf74e58d6e0a327e8a1e6503fe63374
SHA256 8fce570660f72be6ae05746e478805cbe61b5eb4700d61367ba66c16ac896565
SHA512 8932b515493774d5587a01fe6d3fd08c404fdb694219898ee32a44ef00cd8773ceec0f46af1fb2834211a64a7eb698ed6d1ee7edbf70e80593997ce65113a6a7

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\GBBNEC4C\www.youtube[1].xml

MD5 a416e17f26457d52dab402ad2284997a
SHA1 101213a8b66bb023d241841f74df757c05aec9c5
SHA256 9a5ec12b4a36738bcc0d4b94e52ee0e344c2f61d9029a03c4fa9836172a90f1a
SHA512 94628770004290c3d7eb5d85b948d743e0b4d73d01abea5e6156233702a905b46ea320d9eea9c636ac6adbe73b3bef7f5486f0e25ae0bac8dd2d6dd11e959597

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LT06Y3\embed[1].js

MD5 14d69fc9da4a63c8ad5013b3d3781842
SHA1 e0272f8403d95fd27df22dff5fc014e2ab5d8a3d
SHA256 e2a5632fec9da56d272ccdea5ecfa7000dc70659673c52a11966802e37a2140e
SHA512 0f85c67ae8969570f6cfa4d265013da7d4820ea11349b11b886d480d7d78df5c6aa1e7484724d6b21421db18678d22bae6d478d3d0e35506673fd609805d1976

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8DU897P\remote[2].js

MD5 122e83be4335ed0b6b270ff458ce45fc
SHA1 4cb88bf4d9efe3759b45d01dbdf258ab8b4147e1
SHA256 13bace7cd8fc970632b82a7f1614ffff8f8f9f8dee7d5072d633c4ad5f7cadc5
SHA512 188863a2f4c41b81179f8039874f989163a3c61ad4a6d766dc86aacac71f80add476682b6686f8c95f6be031ad78bf5767ca48544aa64ffd303f522888b558aa

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\GBBNEC4C\www.youtube[1].xml

MD5 9c64367933f3602d7eff58e61376683b
SHA1 6d29d5f1ca0406a17caf92326a9993f71058b3b9
SHA256 16797aa4656b7a7a3fddb4f1e623f92a0fbc41e73e48e6c3509e3bb3f60e2b86
SHA512 f9fd922b572b8b01664e9fc91694651a83a76fde760e9bd4c3f54275f42a77198e8e477e84e717d9a5a60174b8d4739a23f54b478722d04051d1ef6b6cdd1878

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\GBBNEC4C\www.youtube[1].xml

MD5 4f47a58e24f380f064a12c99c403d90f
SHA1 6ebe3e18fa076e62b7336e968fc416cbc6cdc04b
SHA256 c0e0a316c8f2429cc52c6bd83313bcfde4162ce34c955aac38f79dfb6afbcfd9
SHA512 4b2bd7082a90b5572e7af394e3c53defde5e46f1a51c57867bf7c2c74ec58bf74feee5b37da978e80187517410b1881bdc12290ac8bd28f09334502c91109b3d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\GBBNEC4C\www.youtube[1].xml

MD5 06634cf51ef85042e35fb5df356d51d1
SHA1 4a5ce6c00be6d2fda8ac679e7f255a6c23dd6503
SHA256 45d68e7198f382957e9c6cc8a8372d0e4b72ebd4c65900b243e9c80be91dbd9d
SHA512 f04e3d82af715f47ccf2a5debdcba65d093e5cea907afbea9eb8ea4304b97e2897b068570f63076d34dfb7e8ece54cbce530fd508989a5b541990ffb51360475

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\GBBNEC4C\www.youtube[1].xml

MD5 f564c98a2c4495af03f0dfbd22790762
SHA1 7d2bdd35a4ecb5fef0e35e0d386802ebf00d9c24
SHA256 7aa23f7127c7413b16f55e7dbf69680cf4f9da421a5cdf63a024cf2135c94737
SHA512 69b916c59389dbbb686f28848e2adedcdd881e4687938ddbe838b063355c1fa787a67080b3857daeaaa7bbd858b5ee71e5380b27ccdd461764f76cdc129cf07a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\GBBNEC4C\www.youtube[1].xml

MD5 9e3d3a3783578f1fc4c9e0f98e6999bb
SHA1 d9e674f256d50f2a5ce60c4c7f4ce1785d1c5186
SHA256 0435a0268b8a9561d4075ba0d317e9501c3c97fa7de5b22bad8cca111c927247
SHA512 f1b8613a8403680fb76820af53db16f026fc2a13102db1abd907e30ab0ff737364ac9db1e4f78a380efbaf3fa2f1e12bb54ee8a43a2bbde36670baac3080a944

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c3d071d3d81c4b0994baf07e2874b65b
SHA1 addc1735e28798c2c7a3fb5b92d519fea00343b2
SHA256 a3417e24fd8c2d75142d3fe98f3c2a0d58b6193fb0a64f5162ec6a701561816a
SHA512 a3c91cc4458a7d53b6d7f3fcf687d8a587a5b37e2999eeb665d2c3a6ad84b67f59e094508f22770e25e2d652c7ce3948b98ad965444f8a3473569af77c27896d

C:\Users\Admin\AppData\Local\Temp\TarBDF4.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Temp\CabBDF5.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e0950edf72109ad6473c9b075b6bb948
SHA1 4baba6b2b8214e2be03bfba8df3dd4e38caa64e3
SHA256 310c7f76fbb22b562b360eec43bc93f34d567ee5700366f3223c29768ecad527
SHA512 dd2830c8f3b421f7838e9994939bdde9cddec2608228457bc4f3a09aa0432927c9a7f73d6a700dc1fa0a2c1f149cc4aaf26f394ef588ba3550bf4b59cb4289b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8c6f45500824bb26505acd1c43423e60
SHA1 1e401b66b4aba89913877b6b1af6347c1fcb116f
SHA256 55197fa6832ffe643f323a62e9a93566db706f7a54f230be4502aeeb1695a2ee
SHA512 92f031e36bcc6426bda25f31fdb831e0a0a0c59389597abe9fe2a7d1d9547c782e65d1552343f2b24f705111e7775ff09c82ed54329197a9f83f06eb1c09362a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6bfaf9b13fd39faaaee4106f8faaccd9
SHA1 631f37e67cff5d1ff2dc9e81a76487adaa185202
SHA256 727fc6efd8717b8a04882fb6a123de584199f47baa249774328abdb079775f15
SHA512 b746f218cb99113b449825d7d7a023cc13f3e9154e0d4b40d9b14d4f333389d4c2380036a97bcc2afe23ac7a1b59ccda63879e157ed58019dc5c00dcbc36017b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de201f5ec2edea54d789ff7ca308d77e
SHA1 07ed4a450113a453748c8c2783fb809e633deda8
SHA256 0dbc4aa2c533670ecbdd133f265e30576e4fc76968cf891b4c80c219d8395a4c
SHA512 ba34eaa439c35279885b4523fecfcfc0a95f301cc771b7bd23821aa86e7ce9fba68f45e5535efd4eafa9589a7f2b34e68282864672938fc2b750c78bc8e8bb76

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dec6491085352a0294fb52b8c3f3c24c
SHA1 259c30c560ef282b1c8a88a6109ec9b24eb6ca7b
SHA256 5da9ac699667ddfb8e9f99ecf9701625474f0420d62ee4047bfb602d20622cb4
SHA512 c7f9f345d7681c172f8ae34a18fa3f24f7e26388abc10ecc2024c45aca4747099aa0825fb7c0d987a131d4eeb3b0147db0fe9b980ace05fa526ee40e953ef2c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3a2cbca18468d55c7721a0fc02bcf4d9
SHA1 0f92af8c13738d302eb6dcb3844a8e5f61129c38
SHA256 42d038df05ec01069824c077b1001e4432040ba2686facb39187ade4889b4a4f
SHA512 7f3519f544326a49036687fd8256ca2a51a6bd85f834cebb42021131383cfa29b9885d21a053e2e395452747b25c2eff77d5f7c45fa2875d6504d0e412d851c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f94c278426dbfbc3284f872b4214d95
SHA1 4b2e235a3c127d4b9641828a0b6ec40f0d3147a8
SHA256 b939325b745b41702002fda0498cd4a1ea761d6c967bf2bc247bd5c34eb3fa68
SHA512 6169d991b26e29be5e3d23a9726827ca1aeb657b8a372701af69971a25f4db1493e83a6bf15fe7535ee3fb59be5f0bbebf1314e686cdfc3b54b89ac464269397

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1764e23fc29f083595d3b7d24aad47be
SHA1 f380a53f5b1ff6d290ac1e490c93e825d4ea1178
SHA256 a5a01630bbe3adc5ffa783fb18904cf509848f1d23bcad8fb33599e53be78c51
SHA512 ff0e93ea3a675aa61094519c5a2ea5b27b5769ad8015e43f4f857bc230fbce6a8a14cfc05b4345b7dfc6f10469fbdc59375292a05f6c055786add14695b0cc5a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\GBBNEC4C\www.youtube[1].xml

MD5 108f9eb2f99ecd3e3a72643be85a7ebc
SHA1 4cb1637e51f25064b5ce0e0ed4a31c412347ac16
SHA256 2703fe0d91a55b63fb817e1b986e4d16fddcb98a174d7d24a1b869abe87e0d6e
SHA512 31cb83efc603ba9bd9cca81047d3770206eb5e9759ee83f1f04a5a7b31506111f810222145b29a9bb1c6cbf8156c756b9fb1390f5a2a3f0235d0d5fb0773187e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f888326be3096ae5da139f5e3cb2183
SHA1 fee8e078b3bdfc15a61fc8b743ba2c266d740548
SHA256 f48bb25311f93ded48a57f167cfc5b77969b338a2b13de2e48f65b34d02dbd5e
SHA512 c079281b6222f37e87bb11061246f7c3dbf570b3e047de0e60f4fe501d367dc880e40d862c4e36276bbdba88e39c1a829a8f64240f8cb755382c5ada36585b15

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 40e65a54f98774b82ed30bf255adf78c
SHA1 6cebfe437910b875c236b1270eb4f948d6410bf4
SHA256 3116dde72b0af6268b1a0e64705621ea648adee532ec5471f341b36b4b8cbbaa
SHA512 0868c6a973e47be6dfe20f7d28a602a5106ffb646a20223d00519695eed26f062af12ba6c614536a09bdab66bb25b149f29f2066884a3615e3acefd5d3620760

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cec04b7245558315c18496ae5059372d
SHA1 e5869f6213637aa4f7211d9ce863a358a81f42e4
SHA256 3e317751c9b77c1471424c22008af6a63b9e06cc83cf7aa4c6da56d3c616a58a
SHA512 74721836be6fd9bbd105845553ab6ecac50f845ede6f4eb39b2bf5f8f286ade98524b7937e84409fa2742fe2e495895af4d45338e9bd2eafb9436ee10eb6806c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cde1de018f90ade8d378ae9c2a7a7a9a
SHA1 60c1e94eec2c57337b4b841af54af2a2f7840e7e
SHA256 87b1cdf0c25425992565f8b1bc6e5770105413eb30eb14b1cb6a8b041f1f96bc
SHA512 34a98f42c70ff0f98188aa25ec5083d4e1e509907b03189c9ec67d8479592a40d8eaf4704c86fc827d19458b1ccbc7202d338d499a41a9b4ee57fc6d0ac5a370

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f15717d8f61d84efefbeaa5fee4860f5
SHA1 5d5733bc737f4a093a6e831264c18d2298ea91fd
SHA256 05fc460846d2038c6731076d935c49f933f1c22b4d2ca82e3666c9ed38ebfc4e
SHA512 694a5084745a762fb5e10df4fed2f258495d03625925f8f02c6ddadf41aa45030115944e34e6b6f2351715960401bbee29bd5db022b63f53a5b54749ec714676

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 37b03da475c535377009d761f1c2b65b
SHA1 cf14afb7eeb9cfbec4c3822abc854522063281b5
SHA256 e6546b37de5caadbf8fd251925a8a276db214377551080134f13e57177e19059
SHA512 16f61caa67e6dcd713221d22a320b6fd46bc8d39bf43022d7b85fe2158566db35b10f52020c665ce2957ff6c57ae3d1b64d058f3dfa2977e331a9952f94f4320

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d16699ab573b29c68baa4e5fd6f022a
SHA1 4bf4d3033f00fdebe61cde99bc255e54407b2329
SHA256 471cd71b145c9297d5b3d565fd8a5bac1c8fc810e664437ba920a1977c96add7
SHA512 62f9bb5dbafcce66d1f1d4d2b5578a2a43fac512190023683121e3a0445f402189ddb62a4c009d3de340d66173082ddde7b7bc71d3ed8a8caf620a52b3404db7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cbd66cf6f36c55f882f0a54db03b6d71
SHA1 71c9b4c2e0083bebf42fe94bf3704f6cd8dd7fa8
SHA256 c44bb69b82b4becf8ffa63959025195688b399e3d075eb4973762207041316e5
SHA512 491dc6e41ed1a6c6b82166319cd10aea5bbd76dfa1db4000f6020c33d94ddab9949bf9084936e28be63760f7e6d3053db08f186f256c8f9ccc89025228f3ff44

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f64ccda00c320b8c09035776477bac4
SHA1 f90bd76990f87a8a72806f406d3052813a35e38b
SHA256 d8f33146a0ad3c997aaa6434c29b7ea5243e5947c26b44006cacd826d863eb5e
SHA512 69f6f41ac209109345706cd04a1cf008aaa5fa03588d4434442a7fe8b3ddccecee9092b23d8d836fb6c44e978d9bc5e41c2852e633ff336fd095e4b7fef9a1b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dd1117ec9c84178165af6ed724da5ac4
SHA1 8cc194c19058f2d01f7cae94dd92cacddfe44761
SHA256 8f1ff85d4fa753e709e0f582577ba4bb8ca7ae42f477a18aa370e62c90886f3f
SHA512 b4c30d67bdf1fcbaf7ad69c5bb0f022297affe9edabab88c9f23fd57ca5ed37481025ffcc23e87f012b9b53efaeb1ea5b5f4884ae876f0181b816dced2266817

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 50db987fc65a5a7c03db007b1c5c9baa
SHA1 283f62dd04ba4e03afc7cb824d2d0763c26eac8c
SHA256 c9bce32bd2fc40855d4204ca52bd9bc58646aed6d459204063087e9c2cd5391e
SHA512 7f06a8a373d052ec02124fb6a2f97c2bc7a8479a9084db44090f8dcdd30fb367d131e716f4f3b8faa61a5293cba167f5c157813ba451ba86279a2436d88e4222

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 97e0b9fd7df45b637d56fff0cce21406
SHA1 544fbc77e82cb74b579961b30e0fc29108de2fbf
SHA256 966eec97cf251399735764032fdddc7018fda5afc5558506e252e24ad03e672f
SHA512 e63a1d5afa5365db53c9d2d1e7a9799a0e4b6eb641ef8caf1b9120f952aff3b988db9040366240dafcce0754faddb82b17406d460b228fbcf3d93e6bd3f936cc

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 01:21

Reported

2024-06-13 01:23

Platform

win10v2004-20240611-en

Max time kernel

145s

Max time network

140s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a357434db77dac116428de0b77dbf389_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1496 wrote to memory of 4892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 4996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1496 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a357434db77dac116428de0b77dbf389_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd08de46f8,0x7ffd08de4708,0x7ffd08de4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,40104536033284034,3671788597598913297,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,40104536033284034,3671788597598913297,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,40104536033284034,3671788597598913297,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,40104536033284034,3671788597598913297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,40104536033284034,3671788597598913297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,40104536033284034,3671788597598913297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,40104536033284034,3671788597598913297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,40104536033284034,3671788597598913297,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.noithat190.vn udp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 20.242.123.52.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 98.14.0.27.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
BE 2.17.107.105:443 www.bing.com tcp
US 8.8.8.8:53 code.jquery.com udp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
US 8.8.8.8:53 connect.facebook.net udp
US 151.101.194.137:80 code.jquery.com tcp
US 8.8.8.8:53 opi.yahoo.com udp
GB 163.70.151.21:445 connect.facebook.net tcp
US 8.8.8.8:53 www.doanhnghiephanoi.vn udp
US 8.8.8.8:53 www.youtube.com udp
VN 27.0.14.98:80 www.noithat190.vn tcp
GB 142.250.178.14:80 www.youtube.com tcp
GB 142.250.178.14:80 www.youtube.com tcp
GB 142.250.178.14:443 www.youtube.com tcp
GB 142.250.178.14:443 www.youtube.com tcp
GB 142.250.178.14:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.213.22:443 i.ytimg.com tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
US 8.8.8.8:53 105.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 137.194.101.151.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 22.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.179.234:443 jnn-pa.googleapis.com tcp
GB 142.250.179.234:443 jnn-pa.googleapis.com tcp
GB 163.70.151.21:139 connect.facebook.net tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.179.234:443 jnn-pa.googleapis.com udp
VN 27.0.14.98:80 www.noithat190.vn tcp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
N/A 224.0.0.251:5353 udp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56067634f68231081c4bd5bdbfcc202f
SHA1 5582776da6ffc75bb0973840fc3d15598bc09eb1
SHA256 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4
SHA512 c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

\??\pipe\LOCAL\crashpad_1496_CEHSUHMYDDCYBPPS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 81e892ca5c5683efdf9135fe0f2adb15
SHA1 39159b30226d98a465ece1da28dc87088b20ecad
SHA256 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17
SHA512 c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0b39ddfa8c0f4983e4ee71b1bfffdea6
SHA1 e52981875480312c240f6147b918913856262816
SHA256 aa2279eccd91d7f5513941d859f6c9d346c4ab10c0e5851672872feaca23f304
SHA512 068b2c1a3b837f4f0cc8c822e4a209a90fedb69c89c4b696b397f241fc6000bd070467988d44d60471fb7e62ce0225c17675381b52fd8a7be1cb4109a09ebbb6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8694b7939e3f13eb5cfaf4b668b5614c
SHA1 33e2435214de6d58564af7b13e3b1827dbf6b185
SHA256 c015cbd25213cdf9690e37ee8cc1176774daf34f7768ae2ecafd3f8657084461
SHA512 87c5cb2358c7888367c93d7c7870e75b4ad1db09130d64732f8d4d209542b3ea055614850dc15da5f996c6fc436c17ee73196c7bf052cfe5d75780da50baad3c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 edccb6d663ddc7b66f3ecb8037e8c302
SHA1 0fc2bd37032ac7f3c8b076e95c3fb632d1652f42
SHA256 d73cfd0f1b0a7d126b3f5b94813e8af115890104ae7bc85ab9f524d534401abb
SHA512 d8ee02c90d8c14d0dddf7fdfba35254f91acb8d03654553bf35b9445133e374bd3ebe41187cc2bcb4b48fe09d65024a49708d4df32782e9ae289753d7aa1579d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5f0609ff702b5102ae6bc5e472e4e917
SHA1 8770db560771b3bab4d014f3e6fe95ca895703d0
SHA256 74f0681c47aff488d87d6a27456e1bcfc093fb3c608a491054d518396fdd2c2a
SHA512 15e0582fcbcc02900f0875eb296c408e863ba073dd0989e0b4ca64f18cc56d26247cdba20895871cb791bb2672d3fba195b654f97e608a1a0417e05588eabca0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 87725bb3a345e97d0a68694b8466f1fb
SHA1 aa8260f1f3d5beb319030fab33c934a427c30f4a
SHA256 aa3635c9172924f1a7a700a99645b5980faad311063287c3ca2f73c7b36bd944
SHA512 059b81673bec6d911c09e5f77273f014ea59c691152d72df7badb0fbc5db8d71c906e7f9057c2d0422d26ce54dd557536a0a698c80bfe406d08e0ad624303044

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 127e0f658c66f8ee523d1423e4024651
SHA1 d7ebaa2253764499abd4a7f6b3dc4acb21547b35
SHA256 5b5d0c1e93506a707fe6ad909e2b5170dde880fbb22597ca220446bb89c37e98
SHA512 dd6a3d2a3cad146dd3abc217646715beba2e6957abefddfd98ca78bc1aca8ce3a9a03b0151154b923b989889366679546c261798f10498365182ca2ccfaaef19