Analysis Overview
SHA256
a282e1d5559f9adbc3dd4986024e2bf0e4fba1dc29001ab2d4b07e71624fff0c
Threat Level: No (potentially) malicious behavior was detected
The file 9130eef1f328aec9bccdf37c2f5e9ec3_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 08:53
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 08:53
Reported
2024-06-03 08:56
Platform
win7-20240419-en
Max time kernel
142s
Max time network
143s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423566678" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000008bc9bd79888b9baccb2944f480d5984d06a5a61d2d5a1dbd3754a0265f07ea14000000000e800000000200002000000028d40ef81c760b9e0617194dda47e4d619a6def4359f696292aba8dea3ffb3a59000000019bd7f6cbfbdadcf8f86cbc2a65f21b4069212d8d5471c8fa0d41e81501e3c118d0123ff89462fde3797ecf7784f2a80be2752ebf1357fe70c6c00f5eaa5860214bb31f00b5b37286079d03eb3678ebf0a3e387456b72d24c3a3aeda808be4036cf0e213b2437567b9e5a33f05d5c6e300b97f27de27e464fec71ac54e6c74d939ce13818661cee40315beb9a1caf7d8400000007dc510ef2f4f352bc155225ae3eee318320f47ec935aaeb663b2736fc891fb5eb74095dc6caeb4bf0b82a4ce6bb92579dc8d0149cddfd16102ca74308d079d84 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0429e9f93b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C0AA20E1-2186-11EF-88AC-F2AB90EC9A26} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000009c003d5a5f7df8db73eea22ee4b29d0d62c7b65cc2f90194f92c669662514b10000000000e8000000002000020000000d28e198a563447c3d7f047985c639c13720f81736b65f5d720865d9953f49a0520000000c0ac15fb6ad02895d0c600aa1709a8fae965a38b1df9795a5fbe70d4d69101a640000000587815355440fb91db44f7afbd346279ef58e3022e7fcd09c76cd6965d32e9eafc5faed235d3e0cf4de9049fdfa52673670d687224cfa1d7864caf08d19eeb31 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1008 wrote to memory of 2424 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1008 wrote to memory of 2424 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1008 wrote to memory of 2424 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1008 wrote to memory of 2424 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9130eef1f328aec9bccdf37c2f5e9ec3_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1008 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | info-flashaber.com | udp |
| US | 8.8.8.8:53 | parisimparatorfm.com | udp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| FR | 213.186.33.17:80 | parisimparatorfm.com | tcp |
| FR | 213.186.33.17:80 | parisimparatorfm.com | tcp |
| US | 154.41.250.186:80 | info-flashaber.com | tcp |
| US | 154.41.250.186:80 | info-flashaber.com | tcp |
| US | 154.41.250.186:80 | info-flashaber.com | tcp |
| US | 154.41.250.186:80 | info-flashaber.com | tcp |
| US | 154.41.250.186:80 | info-flashaber.com | tcp |
| US | 154.41.250.186:80 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:80 | info-flashaber.com | tcp |
| US | 154.41.250.186:80 | info-flashaber.com | tcp |
| US | 154.41.250.186:80 | info-flashaber.com | tcp |
| US | 154.41.250.186:80 | info-flashaber.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.parisimparatorfm.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| FR | 213.186.33.17:80 | www.parisimparatorfm.com | tcp |
| FR | 213.186.33.17:80 | www.parisimparatorfm.com | tcp |
| US | 8.8.8.8:53 | cdn1.iconfinder.com | udp |
| US | 172.66.42.211:443 | cdn1.iconfinder.com | tcp |
| US | 172.66.42.211:443 | cdn1.iconfinder.com | tcp |
| US | 8.8.8.8:53 | p.jwpcdn.com | udp |
| US | 151.101.2.114:80 | p.jwpcdn.com | tcp |
| US | 151.101.2.114:80 | p.jwpcdn.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | hosting-serv.com | udp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| NL | 23.63.101.152:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | turkishradyo.com | udp |
| FR | 51.159.37.188:9100 | hosting-serv.com | tcp |
| FR | 51.159.37.188:9100 | hosting-serv.com | tcp |
| DE | 91.108.103.148:80 | turkishradyo.com | tcp |
| DE | 91.108.103.148:80 | turkishradyo.com | tcp |
| DE | 91.108.103.148:443 | turkishradyo.com | tcp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| GB | 216.58.204.70:443 | s0.2mdn.net | tcp |
| GB | 216.58.204.70:443 | s0.2mdn.net | tcp |
| DE | 91.108.103.148:443 | turkishradyo.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| DE | 91.108.103.148:443 | turkishradyo.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:80 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| US | 154.41.250.186:443 | info-flashaber.com | tcp |
| FR | 213.186.33.17:80 | www.parisimparatorfm.com | tcp |
| FR | 213.186.33.17:80 | www.parisimparatorfm.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| FR | 213.186.33.17:80 | www.parisimparatorfm.com | tcp |
| FR | 213.186.33.17:80 | www.parisimparatorfm.com | tcp |
| FR | 213.186.33.17:80 | www.parisimparatorfm.com | tcp |
| FR | 213.186.33.17:80 | www.parisimparatorfm.com | tcp |
| FR | 213.186.33.17:80 | www.parisimparatorfm.com | tcp |
| FR | 213.186.33.17:80 | www.parisimparatorfm.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab782.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar8A1.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OV51DDG5\jquery-1.9.1.min[1].htm
| MD5 | 5d8d79c3cb9af023240b1be6f5057aaa |
| SHA1 | df22980677b134e83d878893f7c7984e0d78a240 |
| SHA256 | e8b101a7c7f64aad528cc734513cbeb02243c0af37930dc0f3239749cff184b6 |
| SHA512 | 66f432b622cee0bcc06cbc0f833de1471ea36c295b4cd93eb848d97e69c2252acd2fc8972db51ea35475a424f4d6cb5001325525fb04f71b8704eb24de1c4008 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ba0d1735cb239ba932b982b0e0d9711 |
| SHA1 | 2d94f0955ab34e800e7a8de740fc9991386a3078 |
| SHA256 | 0431280f621e91f99554bd370f1371b56721b453b60ed6b0a3f3199717da8f49 |
| SHA512 | 2084a9e3d16fa88e1c4fd3043644b1971ebd920330e9a46c99e33b79a1087fa2c8d30bc1cfdefc909c24a01b7f605273b19089d5ec4bd9db1690fdea7e12f99e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 89d991df1ccffab7ef0c618388bfa5b2 |
| SHA1 | 6bdd97d563e77ed94998adac9c8864edb9176dfe |
| SHA256 | ededdb90fa89258f496fee59c07a78a18ae5ae92d46bde72603bdbf713a88760 |
| SHA512 | 92389be87a9dbea5a8c3be4e9d500f15512ff8ad3fd4d7899e90bd4ebb57e2de91b0a0dd9ac9a86f9186812588e1208dba3e12f2d74c01670b5fd393c1b1df85 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 07924d84ddae1b8178cecfde546822fa |
| SHA1 | 20a2289b604d058306d339867c70d44b48d43d0c |
| SHA256 | 35190fbd880cf59f05747c8638065bbc67dead8c941c963642c6db99a90ebb48 |
| SHA512 | aa73bdebb1328b3a6783fe927abe7ffaf92367fac87e0e7ea3dcc3dd0f36e3959b6a669e3a1a02ab1cac585fac85977d911c696c91f29d96f5dcb02b2654d59e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d6d9e2ea75fb127c749aef94d26e3cf |
| SHA1 | 9752897913d0314fa827ec4852fdd097943b737b |
| SHA256 | e5d5282ff1f52a89ba217a105ed25a1e98f50570d182dd07e9c9c8192f32ad17 |
| SHA512 | 7e0af1b9161cd27da6a9301b4f65bcd5157160f9a79997b9d4bbef11c1de0fc118c4cee8d0b7fbfea8cf68a713460b13d1ebf78c13c89b5e72deb6de6e2d611a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7648a52277f90bff1a037ba3b3cc9f73 |
| SHA1 | 594647f599c324fd2ac35544e0ba9f50755fb067 |
| SHA256 | 3cd82cdd5566887e3c4f98e87faa1304702c19ecdaca087962fd3a3b6a90389f |
| SHA512 | 89d16d84f6f234f8821d9baffc4983cf6f396076cb95d9d32afeca3c990c6eaaef9d65e17bd475c94f028fbd1e9673eb8425cd71dca350c83cac294f7786baef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 03070ba754c747a0b7cb6a3b7e3e39df |
| SHA1 | 364b3bdb41b145e4d941b2c95a73198da8c2eb62 |
| SHA256 | fdd6bfe3dd40234df02d892a0b43136886ed8b504d09a293afbc34855494587b |
| SHA512 | 6b22fe893290a5c2c88c4367a4b84af5b3cb14c5ae68c21f5722d9b13e5157a46aae3f11d77382f2559be3ad6acd5b51aac55b6d3c3b65230b099025f96d982b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aee4ad089a3f64448085a025fe04ed72 |
| SHA1 | c716344340fe159f7a7c44ff869ffcc0ac4ad94f |
| SHA256 | d0355416c971a70a1770f66f1fcabc63363dcc39495373ca1c179d8689fa0ba0 |
| SHA512 | 1fdf18a92eed43e4487611f3249ebd73d21cf47e9c5364609f6149e88e46c63e64c7c3c82f5193eaff8ea2b22805df934803a9ea565bb09dcdd0e9fd17d1ced6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5269abd2346b3d8a1aa2eb1c9fcff860 |
| SHA1 | 01a05e3a735d8fcb3c5a8051f36b06f844e1e2e6 |
| SHA256 | 9bc25c2ec0ff9b7bf6d5d55fcfbf3c38514829d1fc4cdf3e2dc8783a8a7d7f9c |
| SHA512 | 5acf2f10fd9cedd5d6d87f5e3cde071001bb16d4e023056648f0bda409dd07ec5bd1215b7483eab0f4f80989d1cd29464cbebfaf439427bb346788964a8ea9ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 354f6e3eccbf0edbda30974878ff3fa0 |
| SHA1 | 9b334646bf9a6cc5933f061d4ab1d4f5c593905a |
| SHA256 | cca5bfa6d327a91d46b6c8d93809f801ef89cdab5ae81b4286de5843d6f50c2b |
| SHA512 | 947e51a88a77667e0607f93c3fbaa365f380cf4c7b490bf71ef8ac679d05460667c0831cc209f11ceef619fcb1e5cb3a943a7ed10284f58319c1d3e6990a2548 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e81362ec8e676ad5a5d114d7059a22c |
| SHA1 | fd5ff50897d2e795b8a815c6749e74ee788cdb67 |
| SHA256 | baf8550629555927d0c642b7ae16045dd4669066710ece2b16df4584df33e4d8 |
| SHA512 | acebb9a6a53810bf4a903a6c4ac26bd1296c899b293670e51d874888c871b9ede55ee4ed3b79fc633fea101134e6ca85cc6804c3787686567536569a1d6c1680 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a8d2a273b374e626fd6f601562edb049 |
| SHA1 | bc32e4a834755538f5b491b6a896e14203ebde39 |
| SHA256 | 841a22c7ae41701aa50c4b7f36f5dc4ada3809ec12403685da1dd7512c693d0d |
| SHA512 | ac1983acc01af30e25a6409441de613ac5b8438556b50787883e40fced44c34608e9f8cead328a2efd97bca44024e71b4085abf0f7dabb8e1a55ba81b5cff8f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98d8b31c505dc561175d9be182b99a04 |
| SHA1 | edb6316f4a1f9a7425eb9c307ff89b2aa3768219 |
| SHA256 | 3d8c8bc510f2befbc5bf445fcf42e5a8a7a7406cbb0cf6a0ccb237006c8477a6 |
| SHA512 | c5879fa0e06587219bc9f5999558d2944bec52a29352cf8ed220065ab92ea9d39b5dd9d8a8bd1b8d6d03dba62edea3efb1f96f4b7dfda839364c95918c1048b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f2af76329d8b603cff002f4854ee946c |
| SHA1 | c068949d0eebe8eb0c9d378b18f64c2a57f64cdb |
| SHA256 | 821b48f2745005a32dc1543bac6967482dfc5fe59e38541281085e845b36a35c |
| SHA512 | dc69588bafede48e85a0c6cfca2d50b32d12f8432c1d207abdfbba3c029c68c2c6f319b3e40c77e921c50ac2ed1679a53d1a8fbb144e055def31503d4b2ec55a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | aca85d08a7222a90dee0075293cdd2eb |
| SHA1 | b9cedbbf3deb1a2c62293774713e6fbda6607152 |
| SHA256 | 786f0b78cc094dd5e6fc9843daa43e89df2a1536293d5eccec8fb835c07c58a9 |
| SHA512 | 403802b4922291d40117181b88f9a8df22c267e45051626c4fea2416100120a32db790fb233d7cfb83563d0a5d010cfaaece94f8dfa80fb8a2570bafd9f40e74 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 12d26a6637369e71eb19963ba8dae948 |
| SHA1 | a965e569cf28feb0d28333f339bbd94a9ab3f04c |
| SHA256 | a2613a2ce85f1b5f3905911ca7752794846350f59aa552d8b9e881ac0bb461ef |
| SHA512 | ba51e23d061e1ae7a9fc29b0597ed29cc230de71848875a9efdaa3320a972bbf9cb9fdbcd34485cfd71a1a5c0e9a3b16e4577a5fab72d5c1ae707da81a53e0c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0617f9100aec1b877236e85ed82abdb2 |
| SHA1 | 1d8bf836863a0fd59174c3e6bc9a8ec75166fccd |
| SHA256 | b9abc868ab93598c0b3c8ec45d4678347e3a708f02296dc42e888abe2833fba2 |
| SHA512 | 352abe0b3265c5e62aa5d75224c3b1a9a9029a1204afba07e70ea20becac77b2e8c070cd0d825a19168eaad69bd7857e0cbfcacc8aef5c7d79a918a2c606b7db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 61bfa3dabc5527a331980253373cf405 |
| SHA1 | 229fd4d3d1ce119a61f3af420b8fc5da82d2db99 |
| SHA256 | 537d5814a9642e285773689cfe59dcc4cb9f187dcfc2592bc7340966861807db |
| SHA512 | 436a3f9e1637de13302457e0dae62a978c8fe1ad263aceb78404aca329a4324387f852308449e9020d8fa1f2c94aece7967026f8c3b364f742e47e615be5d6fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb10bd585677b88bbb7baec6831986a6 |
| SHA1 | 772d916b64f5cb73183c4230bf15cb60d49528bf |
| SHA256 | 58b346370105ace8ee58961aa8195f64802f18decf2d6b66146b52c8ab47fd3d |
| SHA512 | e79f6c7712de2a24546c472ccc0a0b638d4d1c6d90be6a115e759b80def749df24e915dffd5175ba5858db3817d2a01224553829094ced04b2406753c2a03b63 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6263b97b89f930daba8564574ca1f195 |
| SHA1 | 4c1ac90d0a35b0e14a8ffe91f20cfc47e39bbd40 |
| SHA256 | 6155351dd23ca72a4539992501410bd6ccd07d084658c670df186d17f64b671b |
| SHA512 | 4c0faa9beb9a9a5b5f6aa7feef7d7ef2578c5aa922b698476a15e98baf92fa277469f00c56f33f525b5cb92b4d76809149d02ddfa841c6e151164224c29b0cf8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc182f445f272976c5ab9e63439dc904 |
| SHA1 | 8c3ae9b9e1153b72c7a6255c6f1c0e3dd0a5852a |
| SHA256 | 4f6272a58ff83131f8076e1995b7fdf9215d08ebd1c9f1d88a72153f42515ef0 |
| SHA512 | 46577cd48ec712fe4e80dd27adbd2a099ef82c6346b84641feed4457185b502a4d01c3d5532ce76b766398887a78a383e791e9422a03ef865054a8fd654320f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd148c75c9a07218d7bcb68888c51302 |
| SHA1 | fa2127b7e49204380d141304f7b363ef3686d0aa |
| SHA256 | 09d4ba9c4a49b910a64d0c882c2e280bb078a84ba85c7d356351b3cb084eeeef |
| SHA512 | fe6c67b6e982b4a8e625bcf7d6d034d7027810f5fedba9790fa1b8989c3d161f88a7aa2be3d6399ce740669d9f2a0390f01b8f2b0b42fd023e08f6ed3ea6d077 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 9c0a401426983071193a8f887e298e5b |
| SHA1 | 871c746bd7efed80971dbb061b441ad6322fa447 |
| SHA256 | b4817cbcd95fef5274f8ce086e76b9a4944f7f5967caec0be8cb320de5b5dfd3 |
| SHA512 | 0348ab4831cdda3bea2ba97425ba6a8ee8eb1a047e906068745e2e0d01d411d6b8712ae2e906e18da00292c7604dbc2ad33643a961dd4b04f1e0cd0f0887bd9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7756c616b2774bea8b43e477951a5997 |
| SHA1 | a617a803015a85968289062b38db5bd2b861071b |
| SHA256 | e7680986949a4185575fad4304908203757be4dd37ba5991a806c57ce01e2c66 |
| SHA512 | 0ff8d19035fd4325ceb2cbc3da6fdbfea86e4f33f59cd844ec4a146a80c4a19ea34aed5290e0d7048fe069d6e32d26259fc958cc6e7ce258dfd4c41d10a1fac8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06d6ebe2bd70a87c8c8ac7936b19e1c4 |
| SHA1 | a1258a8dfed9f41fb3d0a0d547dd447c33e4e1d6 |
| SHA256 | 6212e1e79d14fd903168dc8631f2c66084c7922dac7f6b44504b607d38c0942a |
| SHA512 | dead1762fa61258afffbed4f10900dc442a1a4439be753e6c21f1cdaa6572a417dac20f7e60ef8a0c10b7ce96a1829178bf5c295d51f6996cec3d2d51d523720 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\dest[2].htm
| MD5 | 1a2e5d5a3083b536c62800362e1e4cb9 |
| SHA1 | 24303e15b13a5bcf0bb82e2ba856dbaec8950c57 |
| SHA256 | f9c414ace2986735e3d8b6f435dba0122a631b88cee5a8f6ae735cf0cf0ebe85 |
| SHA512 | 746eb6696fa1dfbe01816bc8b4c401d0d11e0ca40c5393158a8fe6b261a038ef4b36b77bae39702df1389e657c9c69a7f7281c47e170dfad5af946a1eeca5661 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 08:53
Reported
2024-06-03 08:56
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9130eef1f328aec9bccdf37c2f5e9ec3_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff85d2746f8,0x7ff85d274708,0x7ff85d274718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,14440315329628789607,3412479734776251955,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,14440315329628789607,3412479734776251955,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,14440315329628789607,3412479734776251955,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14440315329628789607,3412479734776251955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14440315329628789607,3412479734776251955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14440315329628789607,3412479734776251955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14440315329628789607,3412479734776251955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2064,14440315329628789607,3412479734776251955,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3964 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x40c 0x404
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,14440315329628789607,3412479734776251955,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6148 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,14440315329628789607,3412479734776251955,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6148 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14440315329628789607,3412479734776251955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14440315329628789607,3412479734776251955,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14440315329628789607,3412479734776251955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14440315329628789607,3412479734776251955,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,14440315329628789607,3412479734776251955,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4288 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | info-flashaber.com | udp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 185.77.97.178:80 | info-flashaber.com | tcp |
| GB | 185.77.97.178:80 | info-flashaber.com | tcp |
| GB | 185.77.97.178:80 | info-flashaber.com | tcp |
| GB | 185.77.97.178:80 | info-flashaber.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 185.77.97.178:443 | info-flashaber.com | tcp |
| GB | 185.77.97.178:443 | info-flashaber.com | tcp |
| GB | 185.77.97.178:443 | info-flashaber.com | tcp |
| GB | 185.77.97.178:443 | info-flashaber.com | tcp |
| US | 8.8.8.8:53 | parisimparatorfm.com | udp |
| FR | 213.186.33.17:80 | parisimparatorfm.com | tcp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.97.77.185.in-addr.arpa | udp |
| GB | 185.77.97.178:80 | info-flashaber.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 151.101.2.133:443 | www.paypalobjects.com | tcp |
| GB | 185.77.97.178:443 | info-flashaber.com | tcp |
| US | 151.101.2.133:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | cdn1.iconfinder.com | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 172.66.42.211:443 | cdn1.iconfinder.com | tcp |
| US | 8.8.8.8:53 | www.parisimparatorfm.com | udp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| FR | 213.186.33.17:80 | www.parisimparatorfm.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | p.jwpcdn.com | udp |
| NL | 23.63.101.152:80 | apps.identrust.com | tcp |
| US | 151.101.2.114:80 | p.jwpcdn.com | tcp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | hosting-serv.com | udp |
| US | 8.8.8.8:53 | 17.33.186.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.2.101.151.in-addr.arpa | udp |
| FR | 51.159.37.188:9100 | hosting-serv.com | tcp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.42.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | turkishradyo.com | udp |
| GB | 163.70.151.21:445 | connect.facebook.net | tcp |
| DE | 91.108.103.148:80 | turkishradyo.com | tcp |
| GB | 185.77.97.178:80 | info-flashaber.com | tcp |
| DE | 91.108.103.148:443 | turkishradyo.com | tcp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| GB | 216.58.204.70:443 | s0.2mdn.net | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 188.37.159.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.103.108.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:139 | connect.facebook.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| GB | 216.58.213.14:445 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:139 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| FR | 213.186.33.17:80 | www.parisimparatorfm.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| FR | 213.186.33.17:80 | www.parisimparatorfm.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| FR | 213.186.33.17:80 | www.parisimparatorfm.com | tcp |
| FR | 213.186.33.17:80 | www.parisimparatorfm.com | tcp |
| US | 8.8.8.8:53 | 7.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_3328_RTYIXASFIMFTPYDL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b4afbc564fe43faa286f11da42fa2a4b |
| SHA1 | c00931e47fc7ce5be14c2d930601ea934d17fe05 |
| SHA256 | ac12f6abf068771957a0800a54dc81be054b75592129816405b65fd04091fc21 |
| SHA512 | e6814c9fe84ec1fb7df64cc4b9ef75575c3e16c4558e3294cb0873a84382a283ef2f432071eb7e04c102d7c06b879ba7c9a1c688218468427c5bd37f581f5f60 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a863e6902f69fa8dd782b8268ce314e7 |
| SHA1 | a1c61bc15b9ffe62faa003be86c14c3889bfdfff |
| SHA256 | 86760fa8f14581dd09984caaf291461a9bdd88fb2fd42672cafa44e791354cbf |
| SHA512 | 5eeaffc3875909355f59f3f37e54c0d10be0d7a6420c173e06181f1c14f24048a07e13d2974384b5e4a5ff0c6d70491476e42d5771520cec905cf0ec94440af2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e482efc76bcb2f3331e2905e2bb920a1 |
| SHA1 | dcaacea88c12f8e1ee6fb90eb5d7324d074bafb7 |
| SHA256 | 9095c46e2228763cf9655ebe2cdda36e241b2b2b70399741d51f21f5382e7edd |
| SHA512 | 551d33fdfab2c314ecad79d8446e7c89e7f9037451040958a12614f5fd3ab77ca74c491bd42ac95cb93584bb8045fc8ec67d1259741d57bb769db230935dacb6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c01ab50c0d22127df8fff53e358cad5e |
| SHA1 | 01002502e6b1fd497ab4ca4712e5f4db476b4573 |
| SHA256 | 0312079c4883d160f827e3be81d2276c1c14f455e7d69fe3ad8a90b4413b9f73 |
| SHA512 | 2d3b884d168b6210c60819c3239940832e5af3469baa59e844159d30e88cbfc8ee0d2483c755f2f791437ba4d9731eaab607ebfd63040c540d1b96a29fe47ac3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7cea61bc553645bf857a7f9e2874d8a7 |
| SHA1 | 1a3784938f360773dea4b60338899591f083d396 |
| SHA256 | 5e3fd6301c8dfc8d0eef75fa4646dddf29b2b47b253cd9c329450b147ce8a77f |
| SHA512 | df009cfd9b027b551bd2545f2308893aa2035c6db3c4e2ac536d35600d4a5148b1381f86a251a13b0b1cd6b9c3c52cf6e4856474c2fb942d2838818048b870c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f4b64b2cc79c7f84bbc39dd4f6199fd4 |
| SHA1 | 2a1d4f4e019039b504be65746d95eefe463203bb |
| SHA256 | 3c36742e511fccacd39d50fc8cc82aa458e849c5e0c2dc87eed28fac4bfd2689 |
| SHA512 | e9bbb97873d520bf4eb1628083f7b8e49d38f9a259cfb45059e0f9c009100348eeb437e9c4568e1d9a17bdf52fe81019ddc36eefb8ae0d2d722e3c460d129543 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5b4f90581c566e23006a75cb484f523e |
| SHA1 | 52250fd6d68fe0398778a26275cff303569dd05c |
| SHA256 | 90e3537bc710b22281207fea3f828bc0ff822d1b780e7190bff73b5f0dcb5cf9 |
| SHA512 | 9c7e148c786cc30d9239838f0dc15570d6e81fb938c11c4cf031bd6f857466f6282052c56a060d52bfd5d72722fe9a1e733621c0830298590cf9783e71574d12 |