Malware Analysis Report

2025-08-10 21:27

Sample ID 240525-ayejxagg27
Target 704e0c2ae20a90309ffc757c884d6609_JaffaCakes118
SHA256 1943aaa2da4484e257432fb0c6921d4f46be1515bdb6bf10a98f4aebdab6311b
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

1943aaa2da4484e257432fb0c6921d4f46be1515bdb6bf10a98f4aebdab6311b

Threat Level: No (potentially) malicious behavior was detected

The file 704e0c2ae20a90309ffc757c884d6609_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer Phishing Filter

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer settings

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-25 00:36

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-25 00:36

Reported

2024-05-25 00:39

Platform

win10v2004-20240426-en

Max time kernel

145s

Max time network

153s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\704e0c2ae20a90309ffc757c884d6609_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4048 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4048 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\704e0c2ae20a90309ffc757c884d6609_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa322e46f8,0x7ffa322e4708,0x7ffa322e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,15989883573094665591,9163443093187426240,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,15989883573094665591,9163443093187426240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,15989883573094665591,9163443093187426240,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15989883573094665591,9163443093187426240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15989883573094665591,9163443093187426240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15989883573094665591,9163443093187426240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,15989883573094665591,9163443093187426240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,15989883573094665591,9163443093187426240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15989883573094665591,9163443093187426240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15989883573094665591,9163443093187426240,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15989883573094665591,9163443093187426240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15989883573094665591,9163443093187426240,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,15989883573094665591,9163443093187426240,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1876 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 static.mackeeper.com udp
FR 18.164.52.69:80 static.mackeeper.com tcp
FR 18.164.52.69:80 static.mackeeper.com tcp
FR 18.164.52.69:80 static.mackeeper.com tcp
FR 18.164.52.69:80 static.mackeeper.com tcp
FR 18.164.52.69:80 static.mackeeper.com tcp
FR 18.164.52.69:80 static.mackeeper.com tcp
GB 142.250.178.2:445 www.googleadservices.com tcp
US 8.8.8.8:53 mackeeperapp.mackeeper.com udp
US 54.237.18.11:443 mackeeperapp.mackeeper.com tcp
US 54.237.18.11:443 mackeeperapp.mackeeper.com tcp
US 54.237.18.11:443 mackeeperapp.mackeeper.com tcp
US 54.237.18.11:443 mackeeperapp.mackeeper.com tcp
US 54.237.18.11:443 mackeeperapp.mackeeper.com tcp
US 54.237.18.11:443 mackeeperapp.mackeeper.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 69.52.164.18.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
GB 172.217.16.226:139 www.googleadservices.com tcp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 11.18.237.54.in-addr.arpa udp
US 8.8.8.8:53 51.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 assets.kromtech.net udp
US 8.8.8.8:53 loadus.exelator.com udp
IE 34.254.143.3:80 loadus.exelator.com tcp
IE 34.254.143.3:443 loadus.exelator.com tcp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.143.254.34.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 event.mackeeper.com udp
FR 52.222.149.107:443 event.mackeeper.com tcp
US 54.237.18.11:80 mackeeperapp.mackeeper.com tcp
US 8.8.8.8:53 6.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 107.149.222.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f53207a5ca2ef5c7e976cbb3cb26d870
SHA1 49a8cc44f53da77bb3dfb36fc7676ed54675db43
SHA256 19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23
SHA512 be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

\??\pipe\LOCAL\crashpad_4048_MURBUBWYEGSAEHLC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ae54e9db2e89f2c54da8cc0bfcbd26bd
SHA1 a88af6c673609ecbc51a1a60dfbc8577830d2b5d
SHA256 5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af
SHA512 e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d07ba1a80973536fc690b6feda9552e9
SHA1 10ae24271309b602d3ef10422896505e457c6b70
SHA256 e67d2831bda7e470199abb2c62e4f70d8d92bfa5277896e5cfc458b8d2778f8c
SHA512 5fb9e3a5e24a1abfbd7d9e1a483c8a83d662390e7a99dbe9ff9673a6ed4da054dbc006f6052c9b4cc312326032308467c3396a73b21563053609227c6e717ca1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c7a948d1a3c6ada62dc70b713aeb4419
SHA1 d70d7f95f3deed6cc3cb24a5d814e2234daa766f
SHA256 400f144388e3b7ca52f6bcf73bf9defe6ced174dfa2432b7d43c6cb64f1c9c2b
SHA512 9742b445d62842dc2609a7dd811e254db20e457df0e10809ed1d425376b3247a3eae54fb0830a4bb101a0a9fd5b7842691aafe39de47f078a44aa103c045c8aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3359360d3e25e98d4151c5d80792bba0
SHA1 0097e81dd8a5bccce9930574cb3d3ac2485bd0ab
SHA256 49277f51c53222da291d93cc27e18c792ff7b81156cbe3aabf1e93481b7e4aed
SHA512 b14aff949b11751fb1dcf1c1307a58db3dcbec9873e90018706d263b2607f895cf7cf015b390d3ec011624a04bf654d93b64df84e6691fb651d77857d0b049d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f6a5d979267647f561fab6a698a412e3
SHA1 638cc869456003b0c658b1c888f8c9b51d1332ba
SHA256 84ed470d8e04d374119dcb6da4e0fbddedcc716a384d8888f076c83a1a79d2bf
SHA512 ca994aa30e4328c26a52482d5d4a0bcafdffb6470d9432352137eea6102ea27954c8f4b6e856922606e61890e76672788e5eb90e5b4941677961d4b29e0458e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e9440af1a19725199b9803af2d02cc50
SHA1 0e29dc7e9b89156ce6baa7677ab200e2cd15f623
SHA256 c5783cb3fcbdcbb31c38ace1764da3ce9248328cdebf171a319b0251f86e3431
SHA512 ec39d6ad308668a986c7f19ff413c46ddde5256be4d2099ab3ef795c3601246dd40dec296b9b59fa8e3174fc73c1d28ae59d02f0a153741e00d31c5d76ca84d7

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-25 00:36

Reported

2024-05-25 00:39

Platform

win7-20240221-en

Max time kernel

141s

Max time network

146s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\704e0c2ae20a90309ffc757c884d6609_JaffaCakes118.html

Signatures

Modifies Internet Explorer Phishing Filter

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PhishingFilter C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 7041c1ad3baeda01 C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007ed55da27be32a42b4aeed6458b706dc000000000200000000001066000000010000200000006ab0eb997069ae5bd48eb17de89100ba29e7d3ab9747fc84d315bdc6379e8b34000000000e8000000002000020000000a87ada1c253987232e5720d7acb20a229f597ae0ddf7acaa9590e485208ca96d9000000035f991892453266cc0e05990e60820001fcc0114d75dc9eb045b152bfa2fa0084861c2e931dc1d391e797db47113ccd4c47cd938e3510ca06b95db14d8644876b47cf510421ae6bab8d986d5131fb3b5287feefa762f471e81412ec829f95f0dad3b0ff4f979d6c17cb6bb8f8819cd3a8db5a64ec09aeac60fd2053508f390d0728ace3ac3dbd452404fa11bf9c4f8ac40000000b5a74cd2bd40bf55522fc14a8c8e351e2b28ae0092434b94ad545e0f790e26e12867585dc8de8bfa52b79c47025a71bd094cc6c9deae3e592cb0624537e60211 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422759291" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E7ED5FF1-1A2E-11EF-92F7-4AE872E97954} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10044dbf3baeda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007ed55da27be32a42b4aeed6458b706dc00000000020000000000106600000001000020000000ba0e975fb124c739378680fee4430b760a16b12e9a3d7e485fc82153b7a27922000000000e80000000020000200000000ab17cc9aeed1b619406b4525b0c1aed7b38374b077ce340772bff3adc705d5620000000a27898667ce65c72f2d6035ed7e4563f62b5692b58b9c05f0f953ffef2120269400000002cc5dc86b1b6e149aa8bd62282fec815144d5a57a588f401a1af463ce7104e81d193a606e9a20ec4d3b961e82c0a1cf15bbb1a0f1a90b2f107b8ca91fde76b05 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\704e0c2ae20a90309ffc757c884d6609_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2864 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 static.mackeeper.com udp
US 8.8.8.8:53 loadus.exelator.com udp
FR 18.164.52.69:80 static.mackeeper.com tcp
FR 18.164.52.69:80 static.mackeeper.com tcp
FR 18.164.52.69:80 static.mackeeper.com tcp
FR 18.164.52.69:80 static.mackeeper.com tcp
FR 18.164.52.69:80 static.mackeeper.com tcp
FR 18.164.52.69:80 static.mackeeper.com tcp
IE 34.254.143.3:80 loadus.exelator.com tcp
IE 34.254.143.3:80 loadus.exelator.com tcp
IE 34.254.143.3:443 loadus.exelator.com tcp
US 8.8.8.8:53 mackeeperapp.mackeeper.com udp
US 3.225.22.167:443 mackeeperapp.mackeeper.com tcp
US 3.225.22.167:443 mackeeperapp.mackeeper.com tcp
US 3.225.22.167:443 mackeeperapp.mackeeper.com tcp
US 3.225.22.167:443 mackeeperapp.mackeeper.com tcp
US 3.225.22.167:443 mackeeperapp.mackeeper.com tcp
US 3.225.22.167:443 mackeeperapp.mackeeper.com tcp
US 3.225.22.167:443 mackeeperapp.mackeeper.com tcp
US 3.225.22.167:443 mackeeperapp.mackeeper.com tcp
US 3.225.22.167:443 mackeeperapp.mackeeper.com tcp
US 3.225.22.167:443 mackeeperapp.mackeeper.com tcp
IE 34.254.143.3:443 loadus.exelator.com tcp
US 3.225.22.167:443 mackeeperapp.mackeeper.com tcp
US 3.225.22.167:443 mackeeperapp.mackeeper.com tcp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
FR 3.162.33.170:80 ocsp.r2m03.amazontrust.com tcp
FR 3.162.33.170:80 ocsp.r2m03.amazontrust.com tcp
FR 3.162.33.170:80 ocsp.r2m03.amazontrust.com tcp
FR 3.162.33.170:80 ocsp.r2m03.amazontrust.com tcp
FR 3.162.33.170:80 ocsp.r2m03.amazontrust.com tcp
FR 3.162.33.170:80 ocsp.r2m03.amazontrust.com tcp
FR 3.162.33.170:80 ocsp.r2m03.amazontrust.com tcp
FR 3.162.33.170:80 ocsp.r2m03.amazontrust.com tcp
US 8.8.8.8:53 assets.kromtech.net udp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
US 8.8.8.8:53 event.mackeeper.com udp
FR 52.222.149.36:443 event.mackeeper.com tcp
FR 52.222.149.36:443 event.mackeeper.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\reset[1].htm

MD5 4aa7a432bb447f094408f1bd6229c605
SHA1 1965c4952cc8c082a6307ed67061a57aab6632fa
SHA256 34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a
SHA512 497ba6d8ec6bf2267fe6133a432f0e9ab12b982c06bb23e3de6e5a94d036509d2556ba822e3989d8cd7e240d9bae8096fc5be8a948e3e29fe29cab1fea1fe31c

C:\Users\Admin\AppData\Local\Temp\TarF90.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ed4b00e4a403a3de972f5608286e448a
SHA1 421f54fda29ddc79624bed01617c206c9b414370
SHA256 1c490ec1f2a3b536e2d133d9cca8e8cb2031d1af6c5e10b2f6a20a9c15235c69
SHA512 1d01b1aa63f8cf14c1f40559c2defb0e9eabc33c0c08eabf4b92f69ce8c3257bf098aa4501c7cbbc819e58d7413fa87b5bc9d694dd62ec110cbbe70a6954d9f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36e5f37a4a43ee198a1a2886bfd768d6
SHA1 c74c381b64f370411ffc258e5228860087b3b7e4
SHA256 0b9614bb1ada70a701f7c35a9aeb13719aa0002357de5ed0212a35ec1ce60230
SHA512 4784c9e3c990f2e8f8780bc1c8f8ea9b61d70bef50dd132894fcef6f7c67d8babe64d6e5a47c9acc78d861f2c80593493aa98acea803d55b2e6250df4923cf08

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b8058472e4ad8f564862343dc7712d4
SHA1 5c527c3a4b5cf1b1976dc8b6c3740f3824fced8d
SHA256 db053e353cd37707ed208820cf941eb6ecf2e469dc6615da188a54e6b127735d
SHA512 461af8189ec86a777efd3e9fa8d0a0a27bd8f700a3b74400e634f6c54ddf7a7cc5a4058b434e8f4428981136032c5e9e5edf0188243cf274817408136e153aff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 31a6d4fb2106731b3aba7ca46b1738e8
SHA1 b24c1a69e3efd4c3cd5ce26c01c24240b6f904c1
SHA256 5bf8af264b83dadfa3a3d7e8b1f37101ba795c12ca7da69068227051d889fa33
SHA512 7785ed91534678eced78ab189e5c351473379cfa9ffdaeb5480f48cffed261da48762d7245208d3a2afa612ec28e17c65b4bfc8f2baa96d8385f605d09f6f729

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2db1250bd85979799aa9524ff68a144f
SHA1 58ecee9b96f889cdbe91fa9edb0f845e23eac9ca
SHA256 3399f279bb3a5bbbb663286cd2a33355cd13433676b3f0b2c0e051da1a9201fc
SHA512 568550f868cd21ecaec926a91f7f569d0b02bd5f4a8c097f32b67c1b9701075e9e7f871c787ccd0bf327d4bcc9dcd7f8c16efdecf0b8f17b6b8f71d2becb3c21

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0db1f419b697ed775dd8a1551abcb53f
SHA1 b1f6053d6e6e77623f7dacef79f4f493bf612c07
SHA256 acaeeff7687f2fd29967a910c40b9fc50f11f244de339a9d81e874673ab45342
SHA512 20750d1c4d541ddb070b6be9e66afd902ffbe3b26dcb09cf947d8b217eabc3a301245a7ca6869b53337d0eb611e86e02f879f3710ef082d7cfab3fbb83c32060

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7e36514a129b2e7aa275164bad26124b
SHA1 e4e6485e5aaeb68535f839a8d48a0f39c9b43b57
SHA256 0836f5e273e4a0bbdd06d785e390d17a4842018b5dde9f3250865c4256854307
SHA512 81b83a55f105d898774f14e10b7bb7392266700e3314ae482703502decb2f48f140d80b6909a4e21271663647ee4b371332f920735b38de0b36ed1bfd205de24

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c8385e29e90602b873e40646c62712d8
SHA1 9c827b479f98e8dd16dca13eca254c7e3be4138d
SHA256 f3a561aaf7b80091cdcabeb4260ce203554583a8e293e941d3dc014992abb5bc
SHA512 653a4f7693529d473937b808077e323c681380890662bab928f104bda8603703cc4acf86f1513c9d4a83514c8abb9fcaa49e7729580ec61c5068580e15cdd7a2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 2dc500be02f79b1f7fbd720bea02c775
SHA1 617cb73c42db7a889c41856774af0b95d75f0042
SHA256 09c363d018d6924c6cfc98fbe3d29a2eca43eb29851daea5f32ffc58599dfa6c
SHA512 4c834eddaf78c3174cfecc2af8a2ec54af422347397a8bc130b9f800c647ffb52dce9c316dbc9411d27ec3528977baa4dcad51205995529893ce38aed56365be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 db8ae0246992839301befdcba4f9afe8
SHA1 b23be3263ff6ada9119196c0db164b91345331e9
SHA256 a1e03ec72fd7f997df3e3406fe567c585f54ac4b2ad6fd215f22d01244152b92
SHA512 bee23a68bfcb66206293810bfb86af6e232433c44108d3b75449690fcebc8b88bab1aa8ee39f5388c2786e4adfcf8a3441253d52479c6b150c76dcdcc7bf79ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 e5e8541de21e6211702aad54c3bc3665
SHA1 26475f374e3f23f009470ca9d2f207a4c2276eeb
SHA256 c778cb4369cbc00ca5ff1311fbaf207c007b743e83028352be13992e8b3536d5
SHA512 9c6789e834daca57d8a92db88fd1775c78031365022f3f5cf2a6de697e4fd769412d9667feb9ff9eabc41ea019bb154a3e343222f71e375a328ff1f215e9776e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 12c73c6e1eb22ff57b1502b410dd95ab
SHA1 1028a742321fe75058c343fae93277a8e6b2d4d2
SHA256 58b189130b00500dca80b9248bd5e5750e4836cbee3c1731e79f207e227701e5
SHA512 dc29343f249ce46a8b4ac3ca708752bd3c3a90b052a17cd8d7afc4843e457b6e420077878821fe66d5621a311be679acdcade2263c667ea92ac1d137b27b5091

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517

MD5 deb2a1bf76a8f96cdbc782259a222dc8
SHA1 597d37477d3499ffca3e5c47905a31e74ddc311c
SHA256 69d862ac1b8b175bbb205c6658864342b064f5a9d99ebc13a184191d66ec8587
SHA512 a5c20e9adcc4dad9c31936a054f0e128b94fdbd7efa6cab20699adfb096ad95ff00527f630d2de90707318a6888890cc7896d846285dc4f629508fbea8f40128

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\83D863F495E7D991917B3ABB3E1EB382_4D506EBD8371D43E19D08592A41A426D

MD5 40b28268e39fd6cc4c15b3a5e1022156
SHA1 274fa85961d8184568c641502c0effd7504fb793
SHA256 b56addd285bc45c7b577baaed045b40e44e6f980960c955a7afc90eab79ced3d
SHA512 be3739a259432b80c47c7d1adc7f3e8fe5e192ebd4c5d97b32bbaf368e97cc276a7152927bccb28e57fec4c1c19a22273b821259c17dac4fad3ff8317f3eb6cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\83D863F495E7D991917B3ABB3E1EB382_4D506EBD8371D43E19D08592A41A426D

MD5 ddaf86892820549603e13ea5c9192978
SHA1 857282675a80ff7f7bc9388d25ef27df0eea03fa
SHA256 ddc1e52dd65554c1f192d605aa13a140d868d70e15d6f8417a12f9d6f9a2d4a7
SHA512 c347fdae7c50a397b39069c1e31e4ecbd05ff581658151711ac203670f08150c2015b8627527f609076b94f614214f2ec169bb526e28e88ab86fe8df53a31d65

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 81445c7b8e3993a738caaebb91d80a18
SHA1 2584920bbbd7d895e68f0baac20cf5e2d6f3d3cb
SHA256 15a75062ffc095bb11153b9af96c0377b910c71a6e73d23ac47608ec6081fad6
SHA512 fb89834b922f8d6ff07e6a16b3bdb9cea5fd424a92fb0197da8f6c15a21209549d3f66998a61a80fe836e94b5c30c3b39d169f933c0e369750be857f0cff48c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 60744219804facbad80b7ddfc675b102
SHA1 8aa30aa210b2ae8a2148ef2f4ec4f4dba8b5873e
SHA256 1d3f28ac731ff459d0361d2a154cf60e1ad2ed31c1a7ae5fef5c41ed145732d9
SHA512 161000ef191f2bf52c81e018b1e196bef1cbe304a9542838f2e7dab8750957f5290ae0e6f880dee6a8d5eae58b3831d377645091750e6989f03a6073a1c0804d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 78f022f24d63f79e7ceef7d307cba8f3
SHA1 cbec1396a23dd0e7c6bc4885b1f79bb38f92010d
SHA256 c95453b0c2a0f8d9f165846f43116a37295b50b32ff9f7a72cc52dfa267aa393
SHA512 c3d39cf3659b97305608ad0d488cff5a6d5cb33ba6684cb4072b6dea29c82451ed3f0734bb6d2bb04a243f11f5d24df525948df3d815a2a8c7c06ea6b30bf7fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d343f08c3dd2019b09be18e1d2af2fc
SHA1 da721e1631a6ec18d8091121dd76482a99368f34
SHA256 3e0b9b70c1f591e1cefdcb359d588cd79157e8d43dc79fc4dea35b3ec4bb8f21
SHA512 b67de2ffb9b4c09ae73be0b6be7914de6ab4a23197695c61b30ae47509d8cde7a077a3951e1ebf30e09c8764d4de0bbfe2a7cca4fde47f6110fa20779a908f09

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 755cfc45d9e5de2da763e4d8d511de8c
SHA1 941d19543666a5e57935eaf11c31b4c44a23b253
SHA256 a3984cb7cd4342dacbcd74ea947269f122065548d3f9c9be479a4afadaef782c
SHA512 0edde9bf65d8355fb101bcef6f5664b63d0645e7b4bb24c98b9d38cef10f9e1d9361a0f14e12a2a3f00946827b99f51bca4fa12a87572a27ad1bf285c476d94d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f6b95c1cb1695f3ba9872ad8ccb039d5
SHA1 34717b5b982e6ad80c603e898b981408d955283e
SHA256 8262e36bbf52177a365327e8051aedd91871056915af9f1ead50a337dcc080be
SHA512 c9ee98ed35f0cb9a81a825f15da664625e885a878061ad64c49b322c42b074e99bf29fac4fe1c584481fdaedbad45959953380a9bcfdba2db8e33f7efee2f1c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d99a278ef839d21f4678b8c52fad1868
SHA1 6982e3ac70cc818f5b49a9161f4a457c781a69ac
SHA256 575121e3a48e6763ded36e4c229e01e05a3fd5edf5c7e7262cde0d5b3785be45
SHA512 7378b8cf9a48849ac3e6c448aaed9940e16ce689bce02cfeb024ffaf175ec4da0fb8e57b17b6ebb9656543b1b23b52a40ab2d8dc00c45d21c024d3797a977215

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b31689e648637e34ece8b36ba354d762
SHA1 112cdd047a0abdd47041977f4c6e93be3cff979f
SHA256 cb4f5f1f5b66d8d4678938e13a91689c163c987267c0ef93363eef7c105568ba
SHA512 6b795230594e65ac61643a046bf7fc46b31d39dcc3de0973ad7198e7f65b35d4a9e56629600ebbeada10f8f9571ad20516b7bcb22140133bba281af008b8a88c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8156badfd1db83e231aff4c830eef801
SHA1 083af37433e6e30d743ad5f0b8f9ccdfc12fd802
SHA256 75574039ac96d31b118b3e09a5166f50fbfd5cf307c8e8e2b2b0a1a2cac61fd9
SHA512 ca7fa1dc4b02c725df972f4bd3ac1f7837bcad61a6b25d37338b6af45d95d06b7238e4e653ebc0332ecfb63ea05b8f049055b123c2820a3feb419449b7b664a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 7a28d1810080a92ea942333274ab301c
SHA1 ac8df52999c15a25f462170bec135f90a95192a4
SHA256 994a499b2bf603afa9eb64e03ad6da64fa6d64d7e0255a9508286069e56faf9e
SHA512 fd9a6d6f81283c0c7d834583e692da0cacb11dc353f9a9feea9e35ca2e698d01c4a81f6b79af257c0495dbdf554198f95bee113e8f00ff8d20fa40cb79e6de38

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cb787d28b6ac99d53d5f6455453b87a8
SHA1 db9cdfb61887d78024e9242b0a945dd000410697
SHA256 8f78a8a246e9df770d90214aa406fe10cc122371c121e7b5139410fce3385251
SHA512 0f0c85e3e51abea06edb540c89e010a7791fcd710b88afdc30ff77d958306bc91b6322c21bc4bce7679178ef5f1fef6c696f927e3f2d82f9d37e867130d4bef1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 51411db4914b6fce808109d0d598ee2c
SHA1 7962046478346caa79ca36e66d31a95cef2a8bf8
SHA256 680227391c228dd5c67e8568a39038594b422c87660b08def4141872ea97c483
SHA512 7b5801955a53314a99ad97b9af7629d12d86f0be5c83c0ef0dca36fce792e4d03da6ab46d103ebaee515a562dcae2ac3eb53577d54560742306798f7bc91d12d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aedf2b93478118ff18a04b3145c9091d
SHA1 80dcac05390b6f83254ad73ff75b91ced3f34755
SHA256 5cb08530b6ce055a4e7059bd7b1fdd52560d5557331b1d958931076de43219b6
SHA512 d1a5b3c57c7ea2d90f7197d43171c6bffbc28e089cdb0e5c22d18135fd79fa612c891464a95a6fd91d1553945b962510347d337651163d8e273aeb07757f4bcb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d70ca606e95952a5328ab716bcf4760b
SHA1 d0729b184db80252e6c353a3bfba1cf8070fd1ae
SHA256 4248e5a1edc21058f0c1841e60d7b94f175ec0750cf68de9e9993b0e94004ec9
SHA512 c1618fda7d31104c48d234a6b2a934ef579e871659aef998e697e9fe988e128efe04137f344b943821782bb6cd98a0ca3ec31ff9c77d4221d874c4ad989fb35e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 00ee6de58488dbc18763cd8549919580
SHA1 0b2996a48f1affb321e0828a70aa9abd5a74c11c
SHA256 dbe373e57efafb4e1402c72020919c0575b933605b220e49aa015a39fa7a4567
SHA512 6cb8932511ab5e245dc359cb32fb74e1a261462c89de88d7e4a34a599161250e0884cb99fbca9d411418cc622763670e9cad0b86c728d673575858eb9a7d6e1a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 28d56645f0014c279c0370eef808f18a
SHA1 45a771b0509cf02e5adf53ba923fb28f44edd216
SHA256 1b87a9e9f03702aa5279ced618c95d81cd8e9cf5da723d84264bb42bef20863d
SHA512 37d2740c02051b9cf8f74daf59e891b0e1fbde3974a2765989daf11c2bc98cc070cdffcde0f498c6f4630511cd980642cf8ed84ded45d9a4f358a832c79986b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 ecb13dd2b95d1ee8778319edadd84a38
SHA1 9336b89800c9514b81e53ce92ef809426f301e96
SHA256 8e773ac7e85e41a53bd00096dc6878074e6e8912a5b13e9cbe52b6c27f0b0fd7
SHA512 5f07779bf7ae9d3a434d8f14898a4c7ad695e0189c70f80419fd4b09b59a9232471a43af94dc0624e691fbfe3d838904f7dab3a4c177a2f33caddf3a7f8fa952

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b80658419996840b20fc62804c08ac0
SHA1 ec40f50b0c8e2133c13058003d90d97b91166083
SHA256 54bca365140570ee53dffd3eb1c26ff45610dc919fea6497849b7a1e03f196d7
SHA512 cfcef2a4596c93b4c630a146e5c9d1d1f5f97866a84965ec816186d53ffcee17b237627c334b21313ead29dd9b488c790d29a7682631c17d0ee2d7e0c70cd328

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c95d53e10387b5c18b464466aaed81f1
SHA1 18acf36a6f4391065eab05bc1713e057ba7c8d40
SHA256 7029a642cb4a045a3362dcebbfc340c42e84b8e3a4d394d6a5049007bd5a4862
SHA512 d9ca5806ad2b2b86758300130e867906b86b819f0bc2eb09210f0dc45514b6c804ae24552db0f5cda17eef266d5eba1027a8b7d2b4fec3c0d70730d46849dfca