Malware Analysis Report

2025-01-17 23:18

Sample ID 240603-p7s6zsgf62
Target 91def404e86939c8786fd017b935532b_JaffaCakes118
SHA256 3cb96b9407d1c4fe9878a458847553a6ca31b86d4f4aac08663512e5e2953d82
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

3cb96b9407d1c4fe9878a458847553a6ca31b86d4f4aac08663512e5e2953d82

Threat Level: No (potentially) malicious behavior was detected

The file 91def404e86939c8786fd017b935532b_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 12:58

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 12:58

Reported

2024-06-03 13:01

Platform

win7-20240220-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91def404e86939c8786fd017b935532b_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423581387" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FF52CEB1-21A8-11EF-8554-DE288D05BF47} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91def404e86939c8786fd017b935532b_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2028 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.thelittlegym.com.vn udp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 tcp
VN 203.113.135.54:80 tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab9B3.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 099b78be571e1da0b72d4281df3d0e81
SHA1 ea3cf54407bf423b2d55f0d25b24f0874e6dbd33
SHA256 0d54a6ea9233dbcc8c301983e4361c3d8e43fec4daf1977ebf396bfbd19acf9c
SHA512 7f1680a6b9e55b7880ef632f608f5ec2618a60ae30a8d22340c2240177de1dd1f070a15032f48abee135f75cc065b645f0e604aaf95e7b58c0f12b004bb30797

C:\Users\Admin\AppData\Local\Temp\TarA95.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4f69636765521b917098d345b821ddea
SHA1 c91ba44bf2d51c0c28b92838a43a199f14012dd8
SHA256 e8c6bcd7752c98aa524401854e0f70badd80f436b1d2b0642b8375d0f7900eb5
SHA512 66444f98764db8d236a938230292bebe1704f93341fa0152b1db253f6e54673810b5b295a85a8028c16e6ad4435e38444da75aa2056c7f9844492983d8caf691

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3639987b03fe19f58b995a6cdeaaaeaa
SHA1 fdd320dbd8c311d36468d2f749b953a7c1e251f1
SHA256 1ecd45dbee1ebae003ca5d7a56df028fb883907f106a009a713a07006cda67a4
SHA512 1e1dd53bb9ff244ab9a4134b1164ff8cc14b469e22882405b43c5a9f879b29c99bc833d049d66d45bd46f661620326746acf2f1028e25a2e166e26be1b93ed90

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e5194c32d6fce573acd286e3d9ac645
SHA1 7cfc84542fd6e7818d6cf02898f52383f1a8d52c
SHA256 380e3885e7b7597aceeb43ddbda83193ed8f44d545bc3a9db62302a1210f169b
SHA512 d87780d155fec902be0860fd85d8e0fb812d999fbe628eb962241576348dcbee6e688087982b14c3d9dbcf3d9ffa9cfdee8e27fb57285b3a0443ed199b1972a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 287aff579961c6b986876885b0060c29
SHA1 611018af10b7697cc885f4441f9c9bdba0226e14
SHA256 c2a2fbe809556981ad49f88aeb15d453bab78fa68e00ef978fe6b50de4d44a2b
SHA512 0d7b4a881d88dec91b4c83af297eaf72e9a48b0647031d6a0a2f24fe2dec8b9a0527196bf4bf9487577c4b4f550062af4208c12912d66d72d4c08969c5e5e54b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 afd2fd458fa159bd0e99bcc1977e5a4c
SHA1 33888b40ba722e818216c30edcf51ff0079398e0
SHA256 69a297bcc6584cdae0ae2fa43197a01c5802c28dcfc2b02a664ed34590727527
SHA512 0a03346e36385ff4b160a3dfececb4db07e0c12faddfd78d36a38f4dfdaa756eea0ceecea1c3bb411f505a232cca4485fdbacef54efc226f415307922fb37949

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f95262e6f5d96a29971ffaed80337c5
SHA1 4961b08ae5eac748a17317cd3fedea94d2110314
SHA256 1dc42de007db758f4a8e180a69495e9916b67587fc323ea2a09b190bb33e3912
SHA512 3871e40d0f5faeb18ff20f8a1f1fc1f17f737413e9da358e41dca87b4f9e263711448325a535bcb27e8caef322b0d212a51150a5f28b8b21fc2473519bfa8063

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7976f2e91b22b00506697fac15863483
SHA1 ea2ea7a4e6d468e04e6b39663995848d7c8d229a
SHA256 b6e42831f7002a3ea1d1dc3a0dd1c23550b48268947dd6de4b9d240f46ff20cb
SHA512 e79ed31fde1ded7ab88dec15bcd0a36a28dfda6d2302092550f4bfed3da3fa5b2320a57ec59e8fd8aab14a881261e4a58f92cc702f4cede2c33e131b8517bf58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a94ec84b17b590cfc52ef7271535c823
SHA1 415369c839094290540218c056b6cff2e743aa0f
SHA256 a09a5e5405f3233e26b23e133a12b6bee1cb46dd9806a541aea4a3e48db63eff
SHA512 e26fe534080eeb6e08a2d1a25f512b5f2c1ef8e129045441e648cb832725abe6c95f1eb36d14bf8bc840d9dccdf63535448d9ac639e7c8450a6fd3956a023b7f

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 12:58

Reported

2024-06-03 13:01

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91def404e86939c8786fd017b935532b_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3924 wrote to memory of 3704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 3704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91def404e86939c8786fd017b935532b_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb55f646f8,0x7ffb55f64708,0x7ffb55f64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,3673657257079191530,10268516644523691226,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,3673657257079191530,10268516644523691226,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,3673657257079191530,10268516644523691226,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3673657257079191530,10268516644523691226,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3673657257079191530,10268516644523691226,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,3673657257079191530,10268516644523691226,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
GB 216.58.213.14:445 www.google-analytics.com tcp
US 8.8.8.8:53 www.thelittlegym.com.vn udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
GB 216.58.213.14:139 www.google-analytics.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
US 8.8.8.8:53 drdiskradio.com udp
US 35.208.59.108:80 drdiskradio.com tcp
US 35.208.59.108:80 drdiskradio.com tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:445 connect.facebook.net tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:139 connect.facebook.net tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
VN 203.113.135.54:80 www.thelittlegym.com.vn tcp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b2a1398f937474c51a48b347387ee36a
SHA1 922a8567f09e68a04233e84e5919043034635949
SHA256 2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA512 4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1ac52e2503cc26baee4322f02f5b8d9c
SHA1 38e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256 f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA512 7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

\??\pipe\LOCAL\crashpad_3924_LTSWMUVWNUQYWIJJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0d00c804fa8d26180b7bc69b3ac06235
SHA1 57eac5e8db4494534e5a23f5d748597be5022763
SHA256 1ee0bae5381bff4faf6b07a9f4d1a9a8b9fa762d8bc7b2bc3fbb81c209db6aa3
SHA512 6ce3d245690dcac1b272914a5ed6fc109f3a267ea0db285be35a8a01160b2072064a65794223cba6edfc061579ba44a4ffb95069025a9c04b571410c1e52e18e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cfae9c96eb36a91896e79b1a8c606b38
SHA1 a3867302d47ac1bd661f687d30a95bab3f2a94da
SHA256 3be11bdfc3174f6d6999623c3471a03c8ccc2ca5a53c596e02bad65891504423
SHA512 ee0d994e330af6a50d47964b2ee8a77a8c86d0124e1fd7fe431a17f04fc3f4f39ffa15d98a73c0a40e231b5026d2bddd3d21aeb0760fb08ec7576e607fb2233b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4bb41de5c7170a4907d7881beb260cf9
SHA1 5327d981fbcf3ce70e81b30d4c4e4e91afb1b5bd
SHA256 659bf5d506e83b54eb2d60e865183875e97f5d7f6ed3d391e5b9669ccd76ab92
SHA512 3c02f934d35a356200364a62f9238bcf4c52f376bfa0a0f25eecb7d6be1804b8e74d1e33bc9580b0557a21f8888483516418df6f21fa51322457afed324e791a