Malware Analysis Report

2025-04-14 00:26

Sample ID 240603-ktjyyahe6s
Target 9130eef1f328aec9bccdf37c2f5e9ec3_JaffaCakes118
SHA256 a282e1d5559f9adbc3dd4986024e2bf0e4fba1dc29001ab2d4b07e71624fff0c
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

a282e1d5559f9adbc3dd4986024e2bf0e4fba1dc29001ab2d4b07e71624fff0c

Threat Level: No (potentially) malicious behavior was detected

The file 9130eef1f328aec9bccdf37c2f5e9ec3_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 08:53

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 08:53

Reported

2024-06-03 08:56

Platform

win7-20240419-en

Max time kernel

142s

Max time network

143s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9130eef1f328aec9bccdf37c2f5e9ec3_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423566678" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000008bc9bd79888b9baccb2944f480d5984d06a5a61d2d5a1dbd3754a0265f07ea14000000000e800000000200002000000028d40ef81c760b9e0617194dda47e4d619a6def4359f696292aba8dea3ffb3a59000000019bd7f6cbfbdadcf8f86cbc2a65f21b4069212d8d5471c8fa0d41e81501e3c118d0123ff89462fde3797ecf7784f2a80be2752ebf1357fe70c6c00f5eaa5860214bb31f00b5b37286079d03eb3678ebf0a3e387456b72d24c3a3aeda808be4036cf0e213b2437567b9e5a33f05d5c6e300b97f27de27e464fec71ac54e6c74d939ce13818661cee40315beb9a1caf7d8400000007dc510ef2f4f352bc155225ae3eee318320f47ec935aaeb663b2736fc891fb5eb74095dc6caeb4bf0b82a4ce6bb92579dc8d0149cddfd16102ca74308d079d84 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0429e9f93b5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C0AA20E1-2186-11EF-88AC-F2AB90EC9A26} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000009c003d5a5f7df8db73eea22ee4b29d0d62c7b65cc2f90194f92c669662514b10000000000e8000000002000020000000d28e198a563447c3d7f047985c639c13720f81736b65f5d720865d9953f49a0520000000c0ac15fb6ad02895d0c600aa1709a8fae965a38b1df9795a5fbe70d4d69101a640000000587815355440fb91db44f7afbd346279ef58e3022e7fcd09c76cd6965d32e9eafc5faed235d3e0cf4de9049fdfa52673670d687224cfa1d7864caf08d19eeb31 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9130eef1f328aec9bccdf37c2f5e9ec3_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1008 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 info-flashaber.com udp
US 8.8.8.8:53 parisimparatorfm.com udp
US 8.8.8.8:53 www.paypalobjects.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
FR 213.186.33.17:80 parisimparatorfm.com tcp
FR 213.186.33.17:80 parisimparatorfm.com tcp
US 154.41.250.186:80 info-flashaber.com tcp
US 154.41.250.186:80 info-flashaber.com tcp
US 154.41.250.186:80 info-flashaber.com tcp
US 154.41.250.186:80 info-flashaber.com tcp
US 154.41.250.186:80 info-flashaber.com tcp
US 154.41.250.186:80 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:80 info-flashaber.com tcp
US 154.41.250.186:80 info-flashaber.com tcp
US 154.41.250.186:80 info-flashaber.com tcp
US 154.41.250.186:80 info-flashaber.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.parisimparatorfm.com udp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
FR 213.186.33.17:80 www.parisimparatorfm.com tcp
FR 213.186.33.17:80 www.parisimparatorfm.com tcp
US 8.8.8.8:53 cdn1.iconfinder.com udp
US 172.66.42.211:443 cdn1.iconfinder.com tcp
US 172.66.42.211:443 cdn1.iconfinder.com tcp
US 8.8.8.8:53 p.jwpcdn.com udp
US 151.101.2.114:80 p.jwpcdn.com tcp
US 151.101.2.114:80 p.jwpcdn.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 hosting-serv.com udp
NL 23.63.101.153:80 apps.identrust.com tcp
NL 23.63.101.152:80 apps.identrust.com tcp
US 8.8.8.8:53 turkishradyo.com udp
FR 51.159.37.188:9100 hosting-serv.com tcp
FR 51.159.37.188:9100 hosting-serv.com tcp
DE 91.108.103.148:80 turkishradyo.com tcp
DE 91.108.103.148:80 turkishradyo.com tcp
DE 91.108.103.148:443 turkishradyo.com tcp
US 8.8.8.8:53 s0.2mdn.net udp
US 154.41.250.186:443 info-flashaber.com tcp
GB 216.58.204.70:443 s0.2mdn.net tcp
GB 216.58.204.70:443 s0.2mdn.net tcp
DE 91.108.103.148:443 turkishradyo.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
DE 91.108.103.148:443 turkishradyo.com tcp
US 8.8.8.8:53 x2.c.lencr.org udp
US 154.41.250.186:443 info-flashaber.com tcp
BE 23.55.97.11:80 x2.c.lencr.org tcp
BE 23.55.97.11:80 x2.c.lencr.org tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:80 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
US 154.41.250.186:443 info-flashaber.com tcp
FR 213.186.33.17:80 www.parisimparatorfm.com tcp
FR 213.186.33.17:80 www.parisimparatorfm.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
FR 213.186.33.17:80 www.parisimparatorfm.com tcp
FR 213.186.33.17:80 www.parisimparatorfm.com tcp
FR 213.186.33.17:80 www.parisimparatorfm.com tcp
FR 213.186.33.17:80 www.parisimparatorfm.com tcp
FR 213.186.33.17:80 www.parisimparatorfm.com tcp
FR 213.186.33.17:80 www.parisimparatorfm.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab782.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar8A1.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OV51DDG5\jquery-1.9.1.min[1].htm

MD5 5d8d79c3cb9af023240b1be6f5057aaa
SHA1 df22980677b134e83d878893f7c7984e0d78a240
SHA256 e8b101a7c7f64aad528cc734513cbeb02243c0af37930dc0f3239749cff184b6
SHA512 66f432b622cee0bcc06cbc0f833de1471ea36c295b4cd93eb848d97e69c2252acd2fc8972db51ea35475a424f4d6cb5001325525fb04f71b8704eb24de1c4008

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ba0d1735cb239ba932b982b0e0d9711
SHA1 2d94f0955ab34e800e7a8de740fc9991386a3078
SHA256 0431280f621e91f99554bd370f1371b56721b453b60ed6b0a3f3199717da8f49
SHA512 2084a9e3d16fa88e1c4fd3043644b1971ebd920330e9a46c99e33b79a1087fa2c8d30bc1cfdefc909c24a01b7f605273b19089d5ec4bd9db1690fdea7e12f99e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 89d991df1ccffab7ef0c618388bfa5b2
SHA1 6bdd97d563e77ed94998adac9c8864edb9176dfe
SHA256 ededdb90fa89258f496fee59c07a78a18ae5ae92d46bde72603bdbf713a88760
SHA512 92389be87a9dbea5a8c3be4e9d500f15512ff8ad3fd4d7899e90bd4ebb57e2de91b0a0dd9ac9a86f9186812588e1208dba3e12f2d74c01670b5fd393c1b1df85

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 07924d84ddae1b8178cecfde546822fa
SHA1 20a2289b604d058306d339867c70d44b48d43d0c
SHA256 35190fbd880cf59f05747c8638065bbc67dead8c941c963642c6db99a90ebb48
SHA512 aa73bdebb1328b3a6783fe927abe7ffaf92367fac87e0e7ea3dcc3dd0f36e3959b6a669e3a1a02ab1cac585fac85977d911c696c91f29d96f5dcb02b2654d59e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3d6d9e2ea75fb127c749aef94d26e3cf
SHA1 9752897913d0314fa827ec4852fdd097943b737b
SHA256 e5d5282ff1f52a89ba217a105ed25a1e98f50570d182dd07e9c9c8192f32ad17
SHA512 7e0af1b9161cd27da6a9301b4f65bcd5157160f9a79997b9d4bbef11c1de0fc118c4cee8d0b7fbfea8cf68a713460b13d1ebf78c13c89b5e72deb6de6e2d611a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7648a52277f90bff1a037ba3b3cc9f73
SHA1 594647f599c324fd2ac35544e0ba9f50755fb067
SHA256 3cd82cdd5566887e3c4f98e87faa1304702c19ecdaca087962fd3a3b6a90389f
SHA512 89d16d84f6f234f8821d9baffc4983cf6f396076cb95d9d32afeca3c990c6eaaef9d65e17bd475c94f028fbd1e9673eb8425cd71dca350c83cac294f7786baef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 03070ba754c747a0b7cb6a3b7e3e39df
SHA1 364b3bdb41b145e4d941b2c95a73198da8c2eb62
SHA256 fdd6bfe3dd40234df02d892a0b43136886ed8b504d09a293afbc34855494587b
SHA512 6b22fe893290a5c2c88c4367a4b84af5b3cb14c5ae68c21f5722d9b13e5157a46aae3f11d77382f2559be3ad6acd5b51aac55b6d3c3b65230b099025f96d982b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aee4ad089a3f64448085a025fe04ed72
SHA1 c716344340fe159f7a7c44ff869ffcc0ac4ad94f
SHA256 d0355416c971a70a1770f66f1fcabc63363dcc39495373ca1c179d8689fa0ba0
SHA512 1fdf18a92eed43e4487611f3249ebd73d21cf47e9c5364609f6149e88e46c63e64c7c3c82f5193eaff8ea2b22805df934803a9ea565bb09dcdd0e9fd17d1ced6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5269abd2346b3d8a1aa2eb1c9fcff860
SHA1 01a05e3a735d8fcb3c5a8051f36b06f844e1e2e6
SHA256 9bc25c2ec0ff9b7bf6d5d55fcfbf3c38514829d1fc4cdf3e2dc8783a8a7d7f9c
SHA512 5acf2f10fd9cedd5d6d87f5e3cde071001bb16d4e023056648f0bda409dd07ec5bd1215b7483eab0f4f80989d1cd29464cbebfaf439427bb346788964a8ea9ab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 354f6e3eccbf0edbda30974878ff3fa0
SHA1 9b334646bf9a6cc5933f061d4ab1d4f5c593905a
SHA256 cca5bfa6d327a91d46b6c8d93809f801ef89cdab5ae81b4286de5843d6f50c2b
SHA512 947e51a88a77667e0607f93c3fbaa365f380cf4c7b490bf71ef8ac679d05460667c0831cc209f11ceef619fcb1e5cb3a943a7ed10284f58319c1d3e6990a2548

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e81362ec8e676ad5a5d114d7059a22c
SHA1 fd5ff50897d2e795b8a815c6749e74ee788cdb67
SHA256 baf8550629555927d0c642b7ae16045dd4669066710ece2b16df4584df33e4d8
SHA512 acebb9a6a53810bf4a903a6c4ac26bd1296c899b293670e51d874888c871b9ede55ee4ed3b79fc633fea101134e6ca85cc6804c3787686567536569a1d6c1680

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a8d2a273b374e626fd6f601562edb049
SHA1 bc32e4a834755538f5b491b6a896e14203ebde39
SHA256 841a22c7ae41701aa50c4b7f36f5dc4ada3809ec12403685da1dd7512c693d0d
SHA512 ac1983acc01af30e25a6409441de613ac5b8438556b50787883e40fced44c34608e9f8cead328a2efd97bca44024e71b4085abf0f7dabb8e1a55ba81b5cff8f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 98d8b31c505dc561175d9be182b99a04
SHA1 edb6316f4a1f9a7425eb9c307ff89b2aa3768219
SHA256 3d8c8bc510f2befbc5bf445fcf42e5a8a7a7406cbb0cf6a0ccb237006c8477a6
SHA512 c5879fa0e06587219bc9f5999558d2944bec52a29352cf8ed220065ab92ea9d39b5dd9d8a8bd1b8d6d03dba62edea3efb1f96f4b7dfda839364c95918c1048b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f2af76329d8b603cff002f4854ee946c
SHA1 c068949d0eebe8eb0c9d378b18f64c2a57f64cdb
SHA256 821b48f2745005a32dc1543bac6967482dfc5fe59e38541281085e845b36a35c
SHA512 dc69588bafede48e85a0c6cfca2d50b32d12f8432c1d207abdfbba3c029c68c2c6f319b3e40c77e921c50ac2ed1679a53d1a8fbb144e055def31503d4b2ec55a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 aca85d08a7222a90dee0075293cdd2eb
SHA1 b9cedbbf3deb1a2c62293774713e6fbda6607152
SHA256 786f0b78cc094dd5e6fc9843daa43e89df2a1536293d5eccec8fb835c07c58a9
SHA512 403802b4922291d40117181b88f9a8df22c267e45051626c4fea2416100120a32db790fb233d7cfb83563d0a5d010cfaaece94f8dfa80fb8a2570bafd9f40e74

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 12d26a6637369e71eb19963ba8dae948
SHA1 a965e569cf28feb0d28333f339bbd94a9ab3f04c
SHA256 a2613a2ce85f1b5f3905911ca7752794846350f59aa552d8b9e881ac0bb461ef
SHA512 ba51e23d061e1ae7a9fc29b0597ed29cc230de71848875a9efdaa3320a972bbf9cb9fdbcd34485cfd71a1a5c0e9a3b16e4577a5fab72d5c1ae707da81a53e0c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0617f9100aec1b877236e85ed82abdb2
SHA1 1d8bf836863a0fd59174c3e6bc9a8ec75166fccd
SHA256 b9abc868ab93598c0b3c8ec45d4678347e3a708f02296dc42e888abe2833fba2
SHA512 352abe0b3265c5e62aa5d75224c3b1a9a9029a1204afba07e70ea20becac77b2e8c070cd0d825a19168eaad69bd7857e0cbfcacc8aef5c7d79a918a2c606b7db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 61bfa3dabc5527a331980253373cf405
SHA1 229fd4d3d1ce119a61f3af420b8fc5da82d2db99
SHA256 537d5814a9642e285773689cfe59dcc4cb9f187dcfc2592bc7340966861807db
SHA512 436a3f9e1637de13302457e0dae62a978c8fe1ad263aceb78404aca329a4324387f852308449e9020d8fa1f2c94aece7967026f8c3b364f742e47e615be5d6fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bb10bd585677b88bbb7baec6831986a6
SHA1 772d916b64f5cb73183c4230bf15cb60d49528bf
SHA256 58b346370105ace8ee58961aa8195f64802f18decf2d6b66146b52c8ab47fd3d
SHA512 e79f6c7712de2a24546c472ccc0a0b638d4d1c6d90be6a115e759b80def749df24e915dffd5175ba5858db3817d2a01224553829094ced04b2406753c2a03b63

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6263b97b89f930daba8564574ca1f195
SHA1 4c1ac90d0a35b0e14a8ffe91f20cfc47e39bbd40
SHA256 6155351dd23ca72a4539992501410bd6ccd07d084658c670df186d17f64b671b
SHA512 4c0faa9beb9a9a5b5f6aa7feef7d7ef2578c5aa922b698476a15e98baf92fa277469f00c56f33f525b5cb92b4d76809149d02ddfa841c6e151164224c29b0cf8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc182f445f272976c5ab9e63439dc904
SHA1 8c3ae9b9e1153b72c7a6255c6f1c0e3dd0a5852a
SHA256 4f6272a58ff83131f8076e1995b7fdf9215d08ebd1c9f1d88a72153f42515ef0
SHA512 46577cd48ec712fe4e80dd27adbd2a099ef82c6346b84641feed4457185b502a4d01c3d5532ce76b766398887a78a383e791e9422a03ef865054a8fd654320f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bd148c75c9a07218d7bcb68888c51302
SHA1 fa2127b7e49204380d141304f7b363ef3686d0aa
SHA256 09d4ba9c4a49b910a64d0c882c2e280bb078a84ba85c7d356351b3cb084eeeef
SHA512 fe6c67b6e982b4a8e625bcf7d6d034d7027810f5fedba9790fa1b8989c3d161f88a7aa2be3d6399ce740669d9f2a0390f01b8f2b0b42fd023e08f6ed3ea6d077

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 9c0a401426983071193a8f887e298e5b
SHA1 871c746bd7efed80971dbb061b441ad6322fa447
SHA256 b4817cbcd95fef5274f8ce086e76b9a4944f7f5967caec0be8cb320de5b5dfd3
SHA512 0348ab4831cdda3bea2ba97425ba6a8ee8eb1a047e906068745e2e0d01d411d6b8712ae2e906e18da00292c7604dbc2ad33643a961dd4b04f1e0cd0f0887bd9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7756c616b2774bea8b43e477951a5997
SHA1 a617a803015a85968289062b38db5bd2b861071b
SHA256 e7680986949a4185575fad4304908203757be4dd37ba5991a806c57ce01e2c66
SHA512 0ff8d19035fd4325ceb2cbc3da6fdbfea86e4f33f59cd844ec4a146a80c4a19ea34aed5290e0d7048fe069d6e32d26259fc958cc6e7ce258dfd4c41d10a1fac8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06d6ebe2bd70a87c8c8ac7936b19e1c4
SHA1 a1258a8dfed9f41fb3d0a0d547dd447c33e4e1d6
SHA256 6212e1e79d14fd903168dc8631f2c66084c7922dac7f6b44504b607d38c0942a
SHA512 dead1762fa61258afffbed4f10900dc442a1a4439be753e6c21f1cdaa6572a417dac20f7e60ef8a0c10b7ce96a1829178bf5c295d51f6996cec3d2d51d523720

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\dest[2].htm

MD5 1a2e5d5a3083b536c62800362e1e4cb9
SHA1 24303e15b13a5bcf0bb82e2ba856dbaec8950c57
SHA256 f9c414ace2986735e3d8b6f435dba0122a631b88cee5a8f6ae735cf0cf0ebe85
SHA512 746eb6696fa1dfbe01816bc8b4c401d0d11e0ca40c5393158a8fe6b261a038ef4b36b77bae39702df1389e657c9c69a7f7281c47e170dfad5af946a1eeca5661

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 08:53

Reported

2024-06-03 08:56

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9130eef1f328aec9bccdf37c2f5e9ec3_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3328 wrote to memory of 4368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 4368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 2512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 2512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3328 wrote to memory of 1816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9130eef1f328aec9bccdf37c2f5e9ec3_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff85d2746f8,0x7ff85d274708,0x7ff85d274718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,14440315329628789607,3412479734776251955,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,14440315329628789607,3412479734776251955,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,14440315329628789607,3412479734776251955,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14440315329628789607,3412479734776251955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14440315329628789607,3412479734776251955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14440315329628789607,3412479734776251955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14440315329628789607,3412479734776251955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2064,14440315329628789607,3412479734776251955,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3964 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x40c 0x404

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,14440315329628789607,3412479734776251955,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6148 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,14440315329628789607,3412479734776251955,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6148 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14440315329628789607,3412479734776251955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14440315329628789607,3412479734776251955,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14440315329628789607,3412479734776251955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14440315329628789607,3412479734776251955,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,14440315329628789607,3412479734776251955,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4288 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 info-flashaber.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 185.77.97.178:80 info-flashaber.com tcp
GB 185.77.97.178:80 info-flashaber.com tcp
GB 185.77.97.178:80 info-flashaber.com tcp
GB 185.77.97.178:80 info-flashaber.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 185.77.97.178:443 info-flashaber.com tcp
GB 185.77.97.178:443 info-flashaber.com tcp
GB 185.77.97.178:443 info-flashaber.com tcp
GB 185.77.97.178:443 info-flashaber.com tcp
US 8.8.8.8:53 parisimparatorfm.com udp
FR 213.186.33.17:80 parisimparatorfm.com tcp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 178.97.77.185.in-addr.arpa udp
GB 185.77.97.178:80 info-flashaber.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.paypalobjects.com udp
US 151.101.2.133:443 www.paypalobjects.com tcp
GB 185.77.97.178:443 info-flashaber.com tcp
US 151.101.2.133:443 www.paypalobjects.com tcp
US 8.8.8.8:53 cdn1.iconfinder.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 172.66.42.211:443 cdn1.iconfinder.com tcp
US 8.8.8.8:53 www.parisimparatorfm.com udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
FR 213.186.33.17:80 www.parisimparatorfm.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 p.jwpcdn.com udp
NL 23.63.101.152:80 apps.identrust.com tcp
US 151.101.2.114:80 p.jwpcdn.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 hosting-serv.com udp
US 8.8.8.8:53 17.33.186.213.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 133.2.101.151.in-addr.arpa udp
FR 51.159.37.188:9100 hosting-serv.com tcp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 211.42.66.172.in-addr.arpa udp
US 8.8.8.8:53 152.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 114.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 turkishradyo.com udp
GB 163.70.151.21:445 connect.facebook.net tcp
DE 91.108.103.148:80 turkishradyo.com tcp
GB 185.77.97.178:80 info-flashaber.com tcp
DE 91.108.103.148:443 turkishradyo.com tcp
US 8.8.8.8:53 s0.2mdn.net udp
GB 216.58.204.70:443 s0.2mdn.net tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 188.37.159.51.in-addr.arpa udp
US 8.8.8.8:53 148.103.108.91.in-addr.arpa udp
US 8.8.8.8:53 70.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:139 connect.facebook.net tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
GB 216.58.213.14:445 www.google-analytics.com tcp
GB 216.58.213.14:139 www.google-analytics.com tcp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
FR 213.186.33.17:80 www.parisimparatorfm.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
FR 213.186.33.17:80 www.parisimparatorfm.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
FR 213.186.33.17:80 www.parisimparatorfm.com tcp
FR 213.186.33.17:80 www.parisimparatorfm.com tcp
US 8.8.8.8:53 7.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 eaa3db555ab5bc0cb364826204aad3f0
SHA1 a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256 ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512 e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

\??\pipe\LOCAL\crashpad_3328_RTYIXASFIMFTPYDL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4b4f91fa1b362ba5341ecb2836438dea
SHA1 9561f5aabed742404d455da735259a2c6781fa07
SHA256 d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512 fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b4afbc564fe43faa286f11da42fa2a4b
SHA1 c00931e47fc7ce5be14c2d930601ea934d17fe05
SHA256 ac12f6abf068771957a0800a54dc81be054b75592129816405b65fd04091fc21
SHA512 e6814c9fe84ec1fb7df64cc4b9ef75575c3e16c4558e3294cb0873a84382a283ef2f432071eb7e04c102d7c06b879ba7c9a1c688218468427c5bd37f581f5f60

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a863e6902f69fa8dd782b8268ce314e7
SHA1 a1c61bc15b9ffe62faa003be86c14c3889bfdfff
SHA256 86760fa8f14581dd09984caaf291461a9bdd88fb2fd42672cafa44e791354cbf
SHA512 5eeaffc3875909355f59f3f37e54c0d10be0d7a6420c173e06181f1c14f24048a07e13d2974384b5e4a5ff0c6d70491476e42d5771520cec905cf0ec94440af2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e482efc76bcb2f3331e2905e2bb920a1
SHA1 dcaacea88c12f8e1ee6fb90eb5d7324d074bafb7
SHA256 9095c46e2228763cf9655ebe2cdda36e241b2b2b70399741d51f21f5382e7edd
SHA512 551d33fdfab2c314ecad79d8446e7c89e7f9037451040958a12614f5fd3ab77ca74c491bd42ac95cb93584bb8045fc8ec67d1259741d57bb769db230935dacb6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c01ab50c0d22127df8fff53e358cad5e
SHA1 01002502e6b1fd497ab4ca4712e5f4db476b4573
SHA256 0312079c4883d160f827e3be81d2276c1c14f455e7d69fe3ad8a90b4413b9f73
SHA512 2d3b884d168b6210c60819c3239940832e5af3469baa59e844159d30e88cbfc8ee0d2483c755f2f791437ba4d9731eaab607ebfd63040c540d1b96a29fe47ac3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7cea61bc553645bf857a7f9e2874d8a7
SHA1 1a3784938f360773dea4b60338899591f083d396
SHA256 5e3fd6301c8dfc8d0eef75fa4646dddf29b2b47b253cd9c329450b147ce8a77f
SHA512 df009cfd9b027b551bd2545f2308893aa2035c6db3c4e2ac536d35600d4a5148b1381f86a251a13b0b1cd6b9c3c52cf6e4856474c2fb942d2838818048b870c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f4b64b2cc79c7f84bbc39dd4f6199fd4
SHA1 2a1d4f4e019039b504be65746d95eefe463203bb
SHA256 3c36742e511fccacd39d50fc8cc82aa458e849c5e0c2dc87eed28fac4bfd2689
SHA512 e9bbb97873d520bf4eb1628083f7b8e49d38f9a259cfb45059e0f9c009100348eeb437e9c4568e1d9a17bdf52fe81019ddc36eefb8ae0d2d722e3c460d129543

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5b4f90581c566e23006a75cb484f523e
SHA1 52250fd6d68fe0398778a26275cff303569dd05c
SHA256 90e3537bc710b22281207fea3f828bc0ff822d1b780e7190bff73b5f0dcb5cf9
SHA512 9c7e148c786cc30d9239838f0dc15570d6e81fb938c11c4cf031bd6f857466f6282052c56a060d52bfd5d72722fe9a1e733621c0830298590cf9783e71574d12