Analysis Overview
SHA256
1943aaa2da4484e257432fb0c6921d4f46be1515bdb6bf10a98f4aebdab6311b
Threat Level: No (potentially) malicious behavior was detected
The file 704e0c2ae20a90309ffc757c884d6609_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer Phishing Filter
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Modifies Internet Explorer settings
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-25 00:36
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-25 00:36
Reported
2024-05-25 00:39
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
153s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\704e0c2ae20a90309ffc757c884d6609_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa322e46f8,0x7ffa322e4708,0x7ffa322e4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,15989883573094665591,9163443093187426240,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,15989883573094665591,9163443093187426240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,15989883573094665591,9163443093187426240,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15989883573094665591,9163443093187426240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15989883573094665591,9163443093187426240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15989883573094665591,9163443093187426240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,15989883573094665591,9163443093187426240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,15989883573094665591,9163443093187426240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15989883573094665591,9163443093187426240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15989883573094665591,9163443093187426240,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15989883573094665591,9163443093187426240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15989883573094665591,9163443093187426240,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,15989883573094665591,9163443093187426240,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1876 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.mackeeper.com | udp |
| FR | 18.164.52.69:80 | static.mackeeper.com | tcp |
| FR | 18.164.52.69:80 | static.mackeeper.com | tcp |
| FR | 18.164.52.69:80 | static.mackeeper.com | tcp |
| FR | 18.164.52.69:80 | static.mackeeper.com | tcp |
| FR | 18.164.52.69:80 | static.mackeeper.com | tcp |
| FR | 18.164.52.69:80 | static.mackeeper.com | tcp |
| GB | 142.250.178.2:445 | www.googleadservices.com | tcp |
| US | 8.8.8.8:53 | mackeeperapp.mackeeper.com | udp |
| US | 54.237.18.11:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.237.18.11:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.237.18.11:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.237.18.11:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.237.18.11:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.237.18.11:443 | mackeeperapp.mackeeper.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.52.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| GB | 172.217.16.226:139 | www.googleadservices.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 11.18.237.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assets.kromtech.net | udp |
| US | 8.8.8.8:53 | loadus.exelator.com | udp |
| IE | 34.254.143.3:80 | loadus.exelator.com | tcp |
| IE | 34.254.143.3:443 | loadus.exelator.com | tcp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.143.254.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | event.mackeeper.com | udp |
| FR | 52.222.149.107:443 | event.mackeeper.com | tcp |
| US | 54.237.18.11:80 | mackeeperapp.mackeeper.com | tcp |
| US | 8.8.8.8:53 | 6.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.149.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f53207a5ca2ef5c7e976cbb3cb26d870 |
| SHA1 | 49a8cc44f53da77bb3dfb36fc7676ed54675db43 |
| SHA256 | 19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23 |
| SHA512 | be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499 |
\??\pipe\LOCAL\crashpad_4048_MURBUBWYEGSAEHLC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ae54e9db2e89f2c54da8cc0bfcbd26bd |
| SHA1 | a88af6c673609ecbc51a1a60dfbc8577830d2b5d |
| SHA256 | 5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af |
| SHA512 | e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d07ba1a80973536fc690b6feda9552e9 |
| SHA1 | 10ae24271309b602d3ef10422896505e457c6b70 |
| SHA256 | e67d2831bda7e470199abb2c62e4f70d8d92bfa5277896e5cfc458b8d2778f8c |
| SHA512 | 5fb9e3a5e24a1abfbd7d9e1a483c8a83d662390e7a99dbe9ff9673a6ed4da054dbc006f6052c9b4cc312326032308467c3396a73b21563053609227c6e717ca1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c7a948d1a3c6ada62dc70b713aeb4419 |
| SHA1 | d70d7f95f3deed6cc3cb24a5d814e2234daa766f |
| SHA256 | 400f144388e3b7ca52f6bcf73bf9defe6ced174dfa2432b7d43c6cb64f1c9c2b |
| SHA512 | 9742b445d62842dc2609a7dd811e254db20e457df0e10809ed1d425376b3247a3eae54fb0830a4bb101a0a9fd5b7842691aafe39de47f078a44aa103c045c8aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3359360d3e25e98d4151c5d80792bba0 |
| SHA1 | 0097e81dd8a5bccce9930574cb3d3ac2485bd0ab |
| SHA256 | 49277f51c53222da291d93cc27e18c792ff7b81156cbe3aabf1e93481b7e4aed |
| SHA512 | b14aff949b11751fb1dcf1c1307a58db3dcbec9873e90018706d263b2607f895cf7cf015b390d3ec011624a04bf654d93b64df84e6691fb651d77857d0b049d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f6a5d979267647f561fab6a698a412e3 |
| SHA1 | 638cc869456003b0c658b1c888f8c9b51d1332ba |
| SHA256 | 84ed470d8e04d374119dcb6da4e0fbddedcc716a384d8888f076c83a1a79d2bf |
| SHA512 | ca994aa30e4328c26a52482d5d4a0bcafdffb6470d9432352137eea6102ea27954c8f4b6e856922606e61890e76672788e5eb90e5b4941677961d4b29e0458e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e9440af1a19725199b9803af2d02cc50 |
| SHA1 | 0e29dc7e9b89156ce6baa7677ab200e2cd15f623 |
| SHA256 | c5783cb3fcbdcbb31c38ace1764da3ce9248328cdebf171a319b0251f86e3431 |
| SHA512 | ec39d6ad308668a986c7f19ff413c46ddde5256be4d2099ab3ef795c3601246dd40dec296b9b59fa8e3174fc73c1d28ae59d02f0a153741e00d31c5d76ca84d7 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-25 00:36
Reported
2024-05-25 00:39
Platform
win7-20240221-en
Max time kernel
141s
Max time network
146s
Command Line
Signatures
Modifies Internet Explorer Phishing Filter
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PhishingFilter | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 7041c1ad3baeda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007ed55da27be32a42b4aeed6458b706dc000000000200000000001066000000010000200000006ab0eb997069ae5bd48eb17de89100ba29e7d3ab9747fc84d315bdc6379e8b34000000000e8000000002000020000000a87ada1c253987232e5720d7acb20a229f597ae0ddf7acaa9590e485208ca96d9000000035f991892453266cc0e05990e60820001fcc0114d75dc9eb045b152bfa2fa0084861c2e931dc1d391e797db47113ccd4c47cd938e3510ca06b95db14d8644876b47cf510421ae6bab8d986d5131fb3b5287feefa762f471e81412ec829f95f0dad3b0ff4f979d6c17cb6bb8f8819cd3a8db5a64ec09aeac60fd2053508f390d0728ace3ac3dbd452404fa11bf9c4f8ac40000000b5a74cd2bd40bf55522fc14a8c8e351e2b28ae0092434b94ad545e0f790e26e12867585dc8de8bfa52b79c47025a71bd094cc6c9deae3e592cb0624537e60211 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422759291" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E7ED5FF1-1A2E-11EF-92F7-4AE872E97954} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10044dbf3baeda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007ed55da27be32a42b4aeed6458b706dc00000000020000000000106600000001000020000000ba0e975fb124c739378680fee4430b760a16b12e9a3d7e485fc82153b7a27922000000000e80000000020000200000000ab17cc9aeed1b619406b4525b0c1aed7b38374b077ce340772bff3adc705d5620000000a27898667ce65c72f2d6035ed7e4563f62b5692b58b9c05f0f953ffef2120269400000002cc5dc86b1b6e149aa8bd62282fec815144d5a57a588f401a1af463ce7104e81d193a606e9a20ec4d3b961e82c0a1cf15bbb1a0f1a90b2f107b8ca91fde76b05 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2864 wrote to memory of 2372 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2864 wrote to memory of 2372 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2864 wrote to memory of 2372 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2864 wrote to memory of 2372 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\704e0c2ae20a90309ffc757c884d6609_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2864 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | static.mackeeper.com | udp |
| US | 8.8.8.8:53 | loadus.exelator.com | udp |
| FR | 18.164.52.69:80 | static.mackeeper.com | tcp |
| FR | 18.164.52.69:80 | static.mackeeper.com | tcp |
| FR | 18.164.52.69:80 | static.mackeeper.com | tcp |
| FR | 18.164.52.69:80 | static.mackeeper.com | tcp |
| FR | 18.164.52.69:80 | static.mackeeper.com | tcp |
| FR | 18.164.52.69:80 | static.mackeeper.com | tcp |
| IE | 34.254.143.3:80 | loadus.exelator.com | tcp |
| IE | 34.254.143.3:80 | loadus.exelator.com | tcp |
| IE | 34.254.143.3:443 | loadus.exelator.com | tcp |
| US | 8.8.8.8:53 | mackeeperapp.mackeeper.com | udp |
| US | 3.225.22.167:443 | mackeeperapp.mackeeper.com | tcp |
| US | 3.225.22.167:443 | mackeeperapp.mackeeper.com | tcp |
| US | 3.225.22.167:443 | mackeeperapp.mackeeper.com | tcp |
| US | 3.225.22.167:443 | mackeeperapp.mackeeper.com | tcp |
| US | 3.225.22.167:443 | mackeeperapp.mackeeper.com | tcp |
| US | 3.225.22.167:443 | mackeeperapp.mackeeper.com | tcp |
| US | 3.225.22.167:443 | mackeeperapp.mackeeper.com | tcp |
| US | 3.225.22.167:443 | mackeeperapp.mackeeper.com | tcp |
| US | 3.225.22.167:443 | mackeeperapp.mackeeper.com | tcp |
| US | 3.225.22.167:443 | mackeeperapp.mackeeper.com | tcp |
| IE | 34.254.143.3:443 | loadus.exelator.com | tcp |
| US | 3.225.22.167:443 | mackeeperapp.mackeeper.com | tcp |
| US | 3.225.22.167:443 | mackeeperapp.mackeeper.com | tcp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| FR | 3.162.33.170:80 | ocsp.r2m03.amazontrust.com | tcp |
| FR | 3.162.33.170:80 | ocsp.r2m03.amazontrust.com | tcp |
| FR | 3.162.33.170:80 | ocsp.r2m03.amazontrust.com | tcp |
| FR | 3.162.33.170:80 | ocsp.r2m03.amazontrust.com | tcp |
| FR | 3.162.33.170:80 | ocsp.r2m03.amazontrust.com | tcp |
| FR | 3.162.33.170:80 | ocsp.r2m03.amazontrust.com | tcp |
| FR | 3.162.33.170:80 | ocsp.r2m03.amazontrust.com | tcp |
| FR | 3.162.33.170:80 | ocsp.r2m03.amazontrust.com | tcp |
| US | 8.8.8.8:53 | assets.kromtech.net | udp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | event.mackeeper.com | udp |
| FR | 52.222.149.36:443 | event.mackeeper.com | tcp |
| FR | 52.222.149.36:443 | event.mackeeper.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\reset[1].htm
| MD5 | 4aa7a432bb447f094408f1bd6229c605 |
| SHA1 | 1965c4952cc8c082a6307ed67061a57aab6632fa |
| SHA256 | 34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a |
| SHA512 | 497ba6d8ec6bf2267fe6133a432f0e9ab12b982c06bb23e3de6e5a94d036509d2556ba822e3989d8cd7e240d9bae8096fc5be8a948e3e29fe29cab1fea1fe31c |
C:\Users\Admin\AppData\Local\Temp\TarF90.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed4b00e4a403a3de972f5608286e448a |
| SHA1 | 421f54fda29ddc79624bed01617c206c9b414370 |
| SHA256 | 1c490ec1f2a3b536e2d133d9cca8e8cb2031d1af6c5e10b2f6a20a9c15235c69 |
| SHA512 | 1d01b1aa63f8cf14c1f40559c2defb0e9eabc33c0c08eabf4b92f69ce8c3257bf098aa4501c7cbbc819e58d7413fa87b5bc9d694dd62ec110cbbe70a6954d9f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 36e5f37a4a43ee198a1a2886bfd768d6 |
| SHA1 | c74c381b64f370411ffc258e5228860087b3b7e4 |
| SHA256 | 0b9614bb1ada70a701f7c35a9aeb13719aa0002357de5ed0212a35ec1ce60230 |
| SHA512 | 4784c9e3c990f2e8f8780bc1c8f8ea9b61d70bef50dd132894fcef6f7c67d8babe64d6e5a47c9acc78d861f2c80593493aa98acea803d55b2e6250df4923cf08 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b8058472e4ad8f564862343dc7712d4 |
| SHA1 | 5c527c3a4b5cf1b1976dc8b6c3740f3824fced8d |
| SHA256 | db053e353cd37707ed208820cf941eb6ecf2e469dc6615da188a54e6b127735d |
| SHA512 | 461af8189ec86a777efd3e9fa8d0a0a27bd8f700a3b74400e634f6c54ddf7a7cc5a4058b434e8f4428981136032c5e9e5edf0188243cf274817408136e153aff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 31a6d4fb2106731b3aba7ca46b1738e8 |
| SHA1 | b24c1a69e3efd4c3cd5ce26c01c24240b6f904c1 |
| SHA256 | 5bf8af264b83dadfa3a3d7e8b1f37101ba795c12ca7da69068227051d889fa33 |
| SHA512 | 7785ed91534678eced78ab189e5c351473379cfa9ffdaeb5480f48cffed261da48762d7245208d3a2afa612ec28e17c65b4bfc8f2baa96d8385f605d09f6f729 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2db1250bd85979799aa9524ff68a144f |
| SHA1 | 58ecee9b96f889cdbe91fa9edb0f845e23eac9ca |
| SHA256 | 3399f279bb3a5bbbb663286cd2a33355cd13433676b3f0b2c0e051da1a9201fc |
| SHA512 | 568550f868cd21ecaec926a91f7f569d0b02bd5f4a8c097f32b67c1b9701075e9e7f871c787ccd0bf327d4bcc9dcd7f8c16efdecf0b8f17b6b8f71d2becb3c21 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0db1f419b697ed775dd8a1551abcb53f |
| SHA1 | b1f6053d6e6e77623f7dacef79f4f493bf612c07 |
| SHA256 | acaeeff7687f2fd29967a910c40b9fc50f11f244de339a9d81e874673ab45342 |
| SHA512 | 20750d1c4d541ddb070b6be9e66afd902ffbe3b26dcb09cf947d8b217eabc3a301245a7ca6869b53337d0eb611e86e02f879f3710ef082d7cfab3fbb83c32060 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e36514a129b2e7aa275164bad26124b |
| SHA1 | e4e6485e5aaeb68535f839a8d48a0f39c9b43b57 |
| SHA256 | 0836f5e273e4a0bbdd06d785e390d17a4842018b5dde9f3250865c4256854307 |
| SHA512 | 81b83a55f105d898774f14e10b7bb7392266700e3314ae482703502decb2f48f140d80b6909a4e21271663647ee4b371332f920735b38de0b36ed1bfd205de24 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c8385e29e90602b873e40646c62712d8 |
| SHA1 | 9c827b479f98e8dd16dca13eca254c7e3be4138d |
| SHA256 | f3a561aaf7b80091cdcabeb4260ce203554583a8e293e941d3dc014992abb5bc |
| SHA512 | 653a4f7693529d473937b808077e323c681380890662bab928f104bda8603703cc4acf86f1513c9d4a83514c8abb9fcaa49e7729580ec61c5068580e15cdd7a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | 2dc500be02f79b1f7fbd720bea02c775 |
| SHA1 | 617cb73c42db7a889c41856774af0b95d75f0042 |
| SHA256 | 09c363d018d6924c6cfc98fbe3d29a2eca43eb29851daea5f32ffc58599dfa6c |
| SHA512 | 4c834eddaf78c3174cfecc2af8a2ec54af422347397a8bc130b9f800c647ffb52dce9c316dbc9411d27ec3528977baa4dcad51205995529893ce38aed56365be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | db8ae0246992839301befdcba4f9afe8 |
| SHA1 | b23be3263ff6ada9119196c0db164b91345331e9 |
| SHA256 | a1e03ec72fd7f997df3e3406fe567c585f54ac4b2ad6fd215f22d01244152b92 |
| SHA512 | bee23a68bfcb66206293810bfb86af6e232433c44108d3b75449690fcebc8b88bab1aa8ee39f5388c2786e4adfcf8a3441253d52479c6b150c76dcdcc7bf79ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | e5e8541de21e6211702aad54c3bc3665 |
| SHA1 | 26475f374e3f23f009470ca9d2f207a4c2276eeb |
| SHA256 | c778cb4369cbc00ca5ff1311fbaf207c007b743e83028352be13992e8b3536d5 |
| SHA512 | 9c6789e834daca57d8a92db88fd1775c78031365022f3f5cf2a6de697e4fd769412d9667feb9ff9eabc41ea019bb154a3e343222f71e375a328ff1f215e9776e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 12c73c6e1eb22ff57b1502b410dd95ab |
| SHA1 | 1028a742321fe75058c343fae93277a8e6b2d4d2 |
| SHA256 | 58b189130b00500dca80b9248bd5e5750e4836cbee3c1731e79f207e227701e5 |
| SHA512 | dc29343f249ce46a8b4ac3ca708752bd3c3a90b052a17cd8d7afc4843e457b6e420077878821fe66d5621a311be679acdcade2263c667ea92ac1d137b27b5091 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517
| MD5 | deb2a1bf76a8f96cdbc782259a222dc8 |
| SHA1 | 597d37477d3499ffca3e5c47905a31e74ddc311c |
| SHA256 | 69d862ac1b8b175bbb205c6658864342b064f5a9d99ebc13a184191d66ec8587 |
| SHA512 | a5c20e9adcc4dad9c31936a054f0e128b94fdbd7efa6cab20699adfb096ad95ff00527f630d2de90707318a6888890cc7896d846285dc4f629508fbea8f40128 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\83D863F495E7D991917B3ABB3E1EB382_4D506EBD8371D43E19D08592A41A426D
| MD5 | 40b28268e39fd6cc4c15b3a5e1022156 |
| SHA1 | 274fa85961d8184568c641502c0effd7504fb793 |
| SHA256 | b56addd285bc45c7b577baaed045b40e44e6f980960c955a7afc90eab79ced3d |
| SHA512 | be3739a259432b80c47c7d1adc7f3e8fe5e192ebd4c5d97b32bbaf368e97cc276a7152927bccb28e57fec4c1c19a22273b821259c17dac4fad3ff8317f3eb6cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\83D863F495E7D991917B3ABB3E1EB382_4D506EBD8371D43E19D08592A41A426D
| MD5 | ddaf86892820549603e13ea5c9192978 |
| SHA1 | 857282675a80ff7f7bc9388d25ef27df0eea03fa |
| SHA256 | ddc1e52dd65554c1f192d605aa13a140d868d70e15d6f8417a12f9d6f9a2d4a7 |
| SHA512 | c347fdae7c50a397b39069c1e31e4ecbd05ff581658151711ac203670f08150c2015b8627527f609076b94f614214f2ec169bb526e28e88ab86fe8df53a31d65 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 81445c7b8e3993a738caaebb91d80a18 |
| SHA1 | 2584920bbbd7d895e68f0baac20cf5e2d6f3d3cb |
| SHA256 | 15a75062ffc095bb11153b9af96c0377b910c71a6e73d23ac47608ec6081fad6 |
| SHA512 | fb89834b922f8d6ff07e6a16b3bdb9cea5fd424a92fb0197da8f6c15a21209549d3f66998a61a80fe836e94b5c30c3b39d169f933c0e369750be857f0cff48c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 60744219804facbad80b7ddfc675b102 |
| SHA1 | 8aa30aa210b2ae8a2148ef2f4ec4f4dba8b5873e |
| SHA256 | 1d3f28ac731ff459d0361d2a154cf60e1ad2ed31c1a7ae5fef5c41ed145732d9 |
| SHA512 | 161000ef191f2bf52c81e018b1e196bef1cbe304a9542838f2e7dab8750957f5290ae0e6f880dee6a8d5eae58b3831d377645091750e6989f03a6073a1c0804d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 78f022f24d63f79e7ceef7d307cba8f3 |
| SHA1 | cbec1396a23dd0e7c6bc4885b1f79bb38f92010d |
| SHA256 | c95453b0c2a0f8d9f165846f43116a37295b50b32ff9f7a72cc52dfa267aa393 |
| SHA512 | c3d39cf3659b97305608ad0d488cff5a6d5cb33ba6684cb4072b6dea29c82451ed3f0734bb6d2bb04a243f11f5d24df525948df3d815a2a8c7c06ea6b30bf7fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d343f08c3dd2019b09be18e1d2af2fc |
| SHA1 | da721e1631a6ec18d8091121dd76482a99368f34 |
| SHA256 | 3e0b9b70c1f591e1cefdcb359d588cd79157e8d43dc79fc4dea35b3ec4bb8f21 |
| SHA512 | b67de2ffb9b4c09ae73be0b6be7914de6ab4a23197695c61b30ae47509d8cde7a077a3951e1ebf30e09c8764d4de0bbfe2a7cca4fde47f6110fa20779a908f09 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 755cfc45d9e5de2da763e4d8d511de8c |
| SHA1 | 941d19543666a5e57935eaf11c31b4c44a23b253 |
| SHA256 | a3984cb7cd4342dacbcd74ea947269f122065548d3f9c9be479a4afadaef782c |
| SHA512 | 0edde9bf65d8355fb101bcef6f5664b63d0645e7b4bb24c98b9d38cef10f9e1d9361a0f14e12a2a3f00946827b99f51bca4fa12a87572a27ad1bf285c476d94d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f6b95c1cb1695f3ba9872ad8ccb039d5 |
| SHA1 | 34717b5b982e6ad80c603e898b981408d955283e |
| SHA256 | 8262e36bbf52177a365327e8051aedd91871056915af9f1ead50a337dcc080be |
| SHA512 | c9ee98ed35f0cb9a81a825f15da664625e885a878061ad64c49b322c42b074e99bf29fac4fe1c584481fdaedbad45959953380a9bcfdba2db8e33f7efee2f1c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d99a278ef839d21f4678b8c52fad1868 |
| SHA1 | 6982e3ac70cc818f5b49a9161f4a457c781a69ac |
| SHA256 | 575121e3a48e6763ded36e4c229e01e05a3fd5edf5c7e7262cde0d5b3785be45 |
| SHA512 | 7378b8cf9a48849ac3e6c448aaed9940e16ce689bce02cfeb024ffaf175ec4da0fb8e57b17b6ebb9656543b1b23b52a40ab2d8dc00c45d21c024d3797a977215 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b31689e648637e34ece8b36ba354d762 |
| SHA1 | 112cdd047a0abdd47041977f4c6e93be3cff979f |
| SHA256 | cb4f5f1f5b66d8d4678938e13a91689c163c987267c0ef93363eef7c105568ba |
| SHA512 | 6b795230594e65ac61643a046bf7fc46b31d39dcc3de0973ad7198e7f65b35d4a9e56629600ebbeada10f8f9571ad20516b7bcb22140133bba281af008b8a88c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8156badfd1db83e231aff4c830eef801 |
| SHA1 | 083af37433e6e30d743ad5f0b8f9ccdfc12fd802 |
| SHA256 | 75574039ac96d31b118b3e09a5166f50fbfd5cf307c8e8e2b2b0a1a2cac61fd9 |
| SHA512 | ca7fa1dc4b02c725df972f4bd3ac1f7837bcad61a6b25d37338b6af45d95d06b7238e4e653ebc0332ecfb63ea05b8f049055b123c2820a3feb419449b7b664a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 7a28d1810080a92ea942333274ab301c |
| SHA1 | ac8df52999c15a25f462170bec135f90a95192a4 |
| SHA256 | 994a499b2bf603afa9eb64e03ad6da64fa6d64d7e0255a9508286069e56faf9e |
| SHA512 | fd9a6d6f81283c0c7d834583e692da0cacb11dc353f9a9feea9e35ca2e698d01c4a81f6b79af257c0495dbdf554198f95bee113e8f00ff8d20fa40cb79e6de38 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb787d28b6ac99d53d5f6455453b87a8 |
| SHA1 | db9cdfb61887d78024e9242b0a945dd000410697 |
| SHA256 | 8f78a8a246e9df770d90214aa406fe10cc122371c121e7b5139410fce3385251 |
| SHA512 | 0f0c85e3e51abea06edb540c89e010a7791fcd710b88afdc30ff77d958306bc91b6322c21bc4bce7679178ef5f1fef6c696f927e3f2d82f9d37e867130d4bef1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 51411db4914b6fce808109d0d598ee2c |
| SHA1 | 7962046478346caa79ca36e66d31a95cef2a8bf8 |
| SHA256 | 680227391c228dd5c67e8568a39038594b422c87660b08def4141872ea97c483 |
| SHA512 | 7b5801955a53314a99ad97b9af7629d12d86f0be5c83c0ef0dca36fce792e4d03da6ab46d103ebaee515a562dcae2ac3eb53577d54560742306798f7bc91d12d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aedf2b93478118ff18a04b3145c9091d |
| SHA1 | 80dcac05390b6f83254ad73ff75b91ced3f34755 |
| SHA256 | 5cb08530b6ce055a4e7059bd7b1fdd52560d5557331b1d958931076de43219b6 |
| SHA512 | d1a5b3c57c7ea2d90f7197d43171c6bffbc28e089cdb0e5c22d18135fd79fa612c891464a95a6fd91d1553945b962510347d337651163d8e273aeb07757f4bcb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d70ca606e95952a5328ab716bcf4760b |
| SHA1 | d0729b184db80252e6c353a3bfba1cf8070fd1ae |
| SHA256 | 4248e5a1edc21058f0c1841e60d7b94f175ec0750cf68de9e9993b0e94004ec9 |
| SHA512 | c1618fda7d31104c48d234a6b2a934ef579e871659aef998e697e9fe988e128efe04137f344b943821782bb6cd98a0ca3ec31ff9c77d4221d874c4ad989fb35e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00ee6de58488dbc18763cd8549919580 |
| SHA1 | 0b2996a48f1affb321e0828a70aa9abd5a74c11c |
| SHA256 | dbe373e57efafb4e1402c72020919c0575b933605b220e49aa015a39fa7a4567 |
| SHA512 | 6cb8932511ab5e245dc359cb32fb74e1a261462c89de88d7e4a34a599161250e0884cb99fbca9d411418cc622763670e9cad0b86c728d673575858eb9a7d6e1a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 28d56645f0014c279c0370eef808f18a |
| SHA1 | 45a771b0509cf02e5adf53ba923fb28f44edd216 |
| SHA256 | 1b87a9e9f03702aa5279ced618c95d81cd8e9cf5da723d84264bb42bef20863d |
| SHA512 | 37d2740c02051b9cf8f74daf59e891b0e1fbde3974a2765989daf11c2bc98cc070cdffcde0f498c6f4630511cd980642cf8ed84ded45d9a4f358a832c79986b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | ecb13dd2b95d1ee8778319edadd84a38 |
| SHA1 | 9336b89800c9514b81e53ce92ef809426f301e96 |
| SHA256 | 8e773ac7e85e41a53bd00096dc6878074e6e8912a5b13e9cbe52b6c27f0b0fd7 |
| SHA512 | 5f07779bf7ae9d3a434d8f14898a4c7ad695e0189c70f80419fd4b09b59a9232471a43af94dc0624e691fbfe3d838904f7dab3a4c177a2f33caddf3a7f8fa952 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8b80658419996840b20fc62804c08ac0 |
| SHA1 | ec40f50b0c8e2133c13058003d90d97b91166083 |
| SHA256 | 54bca365140570ee53dffd3eb1c26ff45610dc919fea6497849b7a1e03f196d7 |
| SHA512 | cfcef2a4596c93b4c630a146e5c9d1d1f5f97866a84965ec816186d53ffcee17b237627c334b21313ead29dd9b488c790d29a7682631c17d0ee2d7e0c70cd328 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c95d53e10387b5c18b464466aaed81f1 |
| SHA1 | 18acf36a6f4391065eab05bc1713e057ba7c8d40 |
| SHA256 | 7029a642cb4a045a3362dcebbfc340c42e84b8e3a4d394d6a5049007bd5a4862 |
| SHA512 | d9ca5806ad2b2b86758300130e867906b86b819f0bc2eb09210f0dc45514b6c804ae24552db0f5cda17eef266d5eba1027a8b7d2b4fec3c0d70730d46849dfca |