Analysis Overview
SHA256
93e870be7886aab58a21f4cbf88bf73797e82b59e87fa2357c82d79570830b75
Threat Level: No (potentially) malicious behavior was detected
The file 91e43c6d1f8448e028f62c174669a407_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Modifies Internet Explorer Phishing Filter
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:07
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:07
Reported
2024-06-03 13:09
Platform
win7-20240508-en
Max time kernel
147s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer Phishing Filter
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PhishingFilter | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = c014f8f3b6b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000008374ec02125026f79665fce884387d1f1f4dc7871dd8634fe1d49adbbcecf5f2000000000e80000000020000200000003ae04b9aec5d57b9012b5b3ecf7e20e9258100ab4adb8310b899338484fa3ae1200000005b39273ff4314d61157ed7f8070f731dff970f6a1946bb51100fa80853455b6240000000c22a63220e263117c4de29a918415d4e169dce5495ec422e29a01b1466df51f35426d69ab8be55a81ca5e2676d8a962936bd71f989ee68c8166b01333b9f56b9 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2F475E51-21AA-11EF-818F-FAB46556C0ED} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000ed92937d0a1a31bb2c8cf8b7f970fa1f3d35264ff847b3ee5b64175adbc4d91f000000000e8000000002000020000000e943e49b729ffdc53cae94b18439235ac1afd8509dd86063eb2308c5c55abda69000000045bbb4d44a15448b984c628c21b11a4e90aafea037cec785c030e6f75a3679e04e6524701f680295ed479a308ace3cfcf7b6d984b946daa47d65b02dfd6499b7c83e1b1a43f54556039f778933e9f29a426d0037e5596e08819bd24f73a006bd92dcde2e0bf7e7e4e9428c9b3332396c9753304c7933e229c56bb5fb5549fe97765a86240866ac763033defaa1d28c12400000005873a26607410b459f89825608440061be995aa3362d9a6808d7bd2df9588afeb5d3f0adcd04d98147e4e997e5b768b647c90a7e256f1fdedaee3e8218e35370 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423581896" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0f60006b7b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1932 wrote to memory of 2584 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1932 wrote to memory of 2584 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1932 wrote to memory of 2584 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1932 wrote to memory of 2584 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91e43c6d1f8448e028f62c174669a407_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1932 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | static.mackeeper.com | udp |
| US | 8.8.8.8:53 | loadus.exelator.com | udp |
| IE | 34.254.143.3:443 | loadus.exelator.com | tcp |
| IE | 34.254.143.3:443 | loadus.exelator.com | tcp |
| GB | 18.172.89.42:443 | static.mackeeper.com | tcp |
| GB | 18.172.89.42:443 | static.mackeeper.com | tcp |
| GB | 18.172.89.42:443 | static.mackeeper.com | tcp |
| GB | 18.172.89.42:443 | static.mackeeper.com | tcp |
| GB | 18.172.89.42:443 | static.mackeeper.com | tcp |
| GB | 18.172.89.42:443 | static.mackeeper.com | tcp |
| GB | 18.172.89.42:443 | static.mackeeper.com | tcp |
| GB | 18.172.89.42:443 | static.mackeeper.com | tcp |
| GB | 18.172.89.42:443 | static.mackeeper.com | tcp |
| GB | 18.172.89.42:443 | static.mackeeper.com | tcp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| GB | 18.172.89.42:443 | static.mackeeper.com | tcp |
| GB | 18.172.89.42:443 | static.mackeeper.com | tcp |
| GB | 18.172.96.64:80 | ocsp.r2m03.amazontrust.com | tcp |
| GB | 18.172.96.64:80 | ocsp.r2m03.amazontrust.com | tcp |
| GB | 18.172.96.64:80 | ocsp.r2m03.amazontrust.com | tcp |
| GB | 18.172.96.64:80 | ocsp.r2m03.amazontrust.com | tcp |
| GB | 18.172.96.64:80 | ocsp.r2m03.amazontrust.com | tcp |
| IE | 34.254.143.3:443 | loadus.exelator.com | tcp |
| US | 8.8.8.8:53 | mackeeperapp.mackeeper.com | udp |
| US | 54.225.68.202:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.225.68.202:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.225.68.202:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.225.68.202:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.225.68.202:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.225.68.202:443 | mackeeperapp.mackeeper.com | tcp |
| US | 8.8.8.8:53 | assets.kromtech.net | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | s.yimg.com | udp |
| US | 8.8.8.8:53 | www.clickcease.com | udp |
| RU | 77.88.21.119:443 | mc.yandex.ru | tcp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| GB | 18.172.89.73:443 | www.clickcease.com | tcp |
| GB | 18.172.89.73:443 | www.clickcease.com | tcp |
| RU | 77.88.21.119:443 | mc.yandex.ru | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 6102726.fls.doubleclick.net | udp |
| GB | 216.58.204.70:443 | 6102726.fls.doubleclick.net | tcp |
| GB | 216.58.204.70:443 | 6102726.fls.doubleclick.net | tcp |
| US | 8.8.8.8:53 | event.mackeeper.com | udp |
| GB | 18.172.89.107:443 | event.mackeeper.com | tcp |
| GB | 18.172.89.107:443 | event.mackeeper.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| RU | 93.158.134.119:443 | mc.yandex.com | tcp |
| RU | 93.158.134.119:443 | mc.yandex.com | tcp |
| US | 8.8.8.8:53 | sp.analytics.yahoo.com | udp |
| IE | 3.255.41.64:443 | sp.analytics.yahoo.com | tcp |
| IE | 3.255.41.64:443 | sp.analytics.yahoo.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab19AA.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | b06da39ebf02ef25cd333e9d0d5587d6 |
| SHA1 | 3c1c401d2850de2da99a591ed89797374b320cb5 |
| SHA256 | 7b41ac83005e92fde27c43525d62375a903e598d3ef682b6c8d5fb40ee79d8c1 |
| SHA512 | 6f6bac4b14b789f2133194569f898be102dfe0d188590d85848b6b83ad186ea384304df02748e91baf2dedf1042647fcf62db4ace475e5300b70ad2ff30df6ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\Local\Temp\Tar1A2A.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1A79.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a67b16c38d2b30748a936bd61d906ab8 |
| SHA1 | 8f956ff2682e3b4530dbb3372cff5fe7a70f3d1b |
| SHA256 | 05cb19c36de7283872eed935e8398a7902a90222a377f428e72eb71e8335d356 |
| SHA512 | b5bf80768ae109fb00b3b6cf1acccaca0240f2fd1156cc1f75a00ef719d904a5c168573031f9f1e8607c25e491d9e5fc103238f2e0fd8b1e615f0d6cf4231687 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e047c94e47b1cca81574af49cd2d5eee |
| SHA1 | 549a2b98df9f77404d416c2bb91d859749fa1107 |
| SHA256 | 99e34f48fd59d0fd7a740f923f48a7d23128d2d169388a58eade8a6d568a560d |
| SHA512 | 7ff20fea3a7c852158148c5e664645e0ce9c72e1d2b212c4240bfac6bbecdfb9b9fdc11dc5333f432341c6ec82cb772d3ec00dc3d389fe83716522d7700e8bd8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e2889609bd40c04cd0dcafb08dd7d2d3 |
| SHA1 | 3ea2228cf53ec239777c1d88810c8ad80073239f |
| SHA256 | d5211a43a85ba5c5b8ec9b751c9bcfdd8ade455416c4da41c2bb1da92e33f344 |
| SHA512 | 0ba252f056047b7add8f8c83a163f845811142b747a856f59551eb125d3fe23ef288d2de90f4d92e290ac0fea31f4e8b292b89d7d8b23c1d6789b419f2b52fc3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2230ef1e74362eef87bece106d8dd507 |
| SHA1 | 960d511070d3910d526b604a3f41287615f95514 |
| SHA256 | 8b595563b1ad05e181346bb4b3c296184f4b3f05cff0e951b6c09c8f4cf7d911 |
| SHA512 | dd39a88b30568fc0b073403049cdac1d88ebb67eb757d221dfe7d2b92a64966d6110fdc3db070f1040fdccddf123181028fbe7883ede92c979bd39482cc2c7ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 6158e34f8e64d0fc25511a5d085b5afb |
| SHA1 | 2cb31f101816e5d2122e8640a511b59fed06d035 |
| SHA256 | 3510e06faeb66198d880b4b8e09416ab209b18c231a8e699aa6261720a395f60 |
| SHA512 | 7108b180d2a8c80003f11adeaf4154bbdb4c5358b1223d1d6d277be0596a6f13c4dc1dad89e463f12810bf2f50061e5b15538448151a20390f8bc8fa00a97bc9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c78d420d4b876a675ee9d5d17daf2182 |
| SHA1 | 02363a5f27f76e0020ef26616d608337d11fed04 |
| SHA256 | 26be6cf2e9aab851e7f410ee5e8ca0e4b3fdceee971eb8f38f10f53f9a89825f |
| SHA512 | a37c483ee40d1cf6fa1e0979f56ec57a8b59e71f3a019e93d2946eda8e7d724a6b20f181f0c174363aa6d1f664ce69aafbb8e724d219f632ffa735011979da22 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ed916ac08048a2f8b9a3f3be606c551 |
| SHA1 | 4a1e51615de12e8ceb062ce07c9f024e588a7609 |
| SHA256 | 0beb3d5bbb697e1471d365c8f833842a6a15a8179918a2e521e3cce2790bc48e |
| SHA512 | 1ab2866f414b9413ef7fb5fdd0491b7559e701e88d6adb547044af830b278518e7163011ba0d7d4f55fc88065fe1e45e484f2db9e8e25b3bede3fca3dc980a9d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8343b6134ff86bc4f534ecc172ad8ae5 |
| SHA1 | daa818920be9c743a118d36e4fbfb1f244efc588 |
| SHA256 | 0941ddb661adef613511e8365fc0b4274114c0c03ea6a5a535c1f32a1c278996 |
| SHA512 | d2565c63733c5abad94106a082ef5dc5c4c2b80ff0c5a927b9f66333d31e8c6bcbe9a9e88a9ce0ef9c2d26c503aa04ad7e858fe01898ff1f73b7a8e6be773250 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a98ec54d8f0d0f23cad6060043db396b |
| SHA1 | a46e2da6b340cbba5e1b6cea0abdd405329913b4 |
| SHA256 | 05b5c4ffd3501724d45a3e598c2ea372deb8d131b107f071df66d10e4e8f88ae |
| SHA512 | 937baeb8ba5aba33f018ba74798290a7b8370022955ad43c472629e2c1dbd9c1fec5976746cfa53d5e3188774e3c5b530f5742ee185732f094129a2af79bf18c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3683f105cc656a393e8bd90c5d284fa1 |
| SHA1 | df4c7d40afdc70c6896f91b5d104655521eb22d5 |
| SHA256 | c91725794dc1b0bfdd223115c38956bca2d5a8387dcdbf7656ece6b2a97c9246 |
| SHA512 | 5a71bb0d1f0f438a0eab441a80768b872721be3ae7cacecb325a9252297dc25a199cceb8b9584df81c9e9786b76c336f56d361335bef9af16127df0c454e1c0b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | 1b69f2d264c4fef530ab30dafa5f589c |
| SHA1 | 6dd95611b2e7a6662e06f96f4c301b9bd11b8057 |
| SHA256 | ed3586a2f31f523d9f4fb5fa99d13a48c832bca6f910c90860a05c6db0e33c27 |
| SHA512 | 2432dc83fd604af5d3ee242646a192fd91677aba776cdb270de736dc0d67de9ecdf55cc37eddf7fd423f97c1828488a336031a413469ef81a47af3c672d94318 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | 22d0bcddf87d20ef09293ab586e69db5 |
| SHA1 | d7b4abb218147bb9437b7a2ba7dea76d561fd8b5 |
| SHA256 | 1bfb2ec7ce4282ca339de1f8ff9e27b3543a840ed077366fb99b25ac9a664774 |
| SHA512 | 2daa4843fd455a37f49aa0d9e90ed98237034be3a868467f9a88728992bbb1b24f871a9d233261e4e64fe4fe14e2e32c39b7cba3b09322687fb8f9cb902097b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | 6a1221de9969133733fd660426b5baad |
| SHA1 | 890fff8166fa18f38ff66bdf9b7894061798722b |
| SHA256 | 6182eb287e81e25ac394b54ece8297b57650257c93810d099200170a55d40bd3 |
| SHA512 | cd239928ba576f941590007798e5be18dcbf2582843551fec0a2d1dd48735800912e97193a0cfc5e6ca9032258b8b7216c1d62a1c3c2ebbd89925a1b02f2f753 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a1d346ea5c8cc655899d45e0ca076c85 |
| SHA1 | f7b9c59cdc0234e01661dde331838170548f0d2d |
| SHA256 | ca7490a18e607d049b5bb34aa73a8425e2436e387fce41df2397586e7d268463 |
| SHA512 | dfcab1a511b3f816ff2809dc749ad6b76304c3ca1717675a82f77dcb7424284ce8ec95492efb72d5157bc95d2779b391f25f68e5131d70db99b6e60c6448840c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 818f7cc003f0ff0f76c5fdd40416cc03 |
| SHA1 | 46157985cceb1e0d4f4647adc56bf6473553df4e |
| SHA256 | 37f46161c3b033960d8b5ec59c1edbe4ef77614ba0aaaa4ead477c39e7fcc81e |
| SHA512 | d5b61579161e2835617a1c9a766777191ddd40289db3d636b3952ddd532e3013c10077279674d1084c05d01d9ec5053dbd926a5368bed0ae161b28f5b729aa78 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | e5e1c61f536253e33b3e55f0110b3a37 |
| SHA1 | ccd84bbcf91d1f221d3ccc4f3e1ecc9d6b82b4e5 |
| SHA256 | e6118eb5464777b6aba2a930ac1909cff9a6a784926ae82a3a8bd589a9694e27 |
| SHA512 | 827ef417f1b5bcef432a552bf2fbc6bb6adc7a714420e4f1df79c4d6c221582b8ab8360966d30265531aee9d474557ac71c60c76636b823058f783af038ab241 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 260fd17d6b6e30dcf757b5689b874af1 |
| SHA1 | d44a385ab7be86e4d79d5cbe069c225891bc131b |
| SHA256 | d592d4f13e1678bb6d0c2d30b18727292e1ab7befed4b3a22374df368063a43e |
| SHA512 | eb16c812406e83741cff3cbec4c46d01225ecbbcd702a684bc8909d1754736c7eac98cd1b99118ebce8f5ee97b8cde37525d68aa00a83bab8c2adcc1f0b88c97 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a55cf59d78be56db02c9954bf48b562 |
| SHA1 | 610574c9f96b28120a8f5b1b3e7d02b4dab7c173 |
| SHA256 | 4bd3cde719246df6bd3e1caad7648b00006df216187aaf8ef42a912da4775e8d |
| SHA512 | 73e03550dfd074fb0c5f280dff81628005036d432d41fccfb8c2ea043a729a7d8aa14ed9dc810a129d8e3d34f8834976294ea2e2d5706c37965cd5ed2db72b9b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e9d2aaefa82aed080fb20d4496641b71 |
| SHA1 | 3d5ab311871923fb252ce02c8f4a400973278e7a |
| SHA256 | f7c3a76dc08be5b6e5e63f0343a1b4298a049f5410ba2110435f5e1cf6b30aff |
| SHA512 | a848d26522ba1cc21a910cb3a0687be1ca736d24c8804008b37aa568f350bc4a279aa1fa6c55b844fd6b23d881f1a1f6fdd919ee1bbe68c3f50a0c268ebd18ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517
| MD5 | ef3aa3b00bf4be406748f6d434dfafd6 |
| SHA1 | e22382412283239594b14589f22679e3cf796fb5 |
| SHA256 | 355e50d16fc34ba293149e221e63c38f3e2cf8e7cf3df71a2ed8dbd209805cad |
| SHA512 | 878a3f9ce9edf403f62cfb75c136d822d918771f97c568b455a52343e54bbc789dbe291dd6698ab95b39076afc6c673562834757ba0fb30b20eaee81da177a38 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ae6a72db4ccf4c672730dd3e08c67e1 |
| SHA1 | 491ae9562ad0de3edc80cbbcf2c5ffa811453389 |
| SHA256 | 55a00509e01b19ed1013b16ac7630b05a7e62eb48ae7a1c1a5e8a527125a2eb2 |
| SHA512 | d2331b93f1eccf65ea6f9d8b2651569d23eafef058a8d9aed156c1f56799e4b48327fd5aa1ce043327cf895f0168d2de1624a306aff4093a0e2c4ed9dabef874 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517
| MD5 | 46606ffe97bc9e9fcba0543d6f47462b |
| SHA1 | bb4d869c924d1741f4ead0c78c263904a9f85f13 |
| SHA256 | ae0a805efea37d95ac4937babb96d6344ba6a42cb7b36ee8077bd79f3bac84f8 |
| SHA512 | 33e7c6a1abe4e9b2c6da5c34936da6ea64bfacfe18828d41fdadb1a1772693fbaa06be984448aaad2ca87255f289f66a9bf1d27377f370e6a36e4a9b79dd8af2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 13561946f11b3bb3ef6f40ca1ab6c305 |
| SHA1 | e14c66acd186cdc1ad2bbc2f3b7c0dd768bb8796 |
| SHA256 | b22feb5796ee205bf9ddd9a09041f04c5fb8410d88b09f0fda05813f8983d590 |
| SHA512 | 48dd3394f976403a07a53c98874c643bd1b11d4197d26c409f6ddfdde655601eda451975935ee14115ed2682b62b37c53a4e39daf3a2dccbe05a051cc84a7dcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\83D863F495E7D991917B3ABB3E1EB382_5F77C0C9928B8D1890CC6CEDFA8F13D9
| MD5 | 3e10fd49fdb15d20525d0561d03fff7d |
| SHA1 | 8ac97ff015baa8dd74e09eae08bc87300f925ee9 |
| SHA256 | a3d58bf86ab86352c112366632d0d5f8b0eb942cda872b02a53c04a4290af776 |
| SHA512 | 636e7e87d36d19041d8bd60e3c4de6ecbfafe036cbf7a64b816022e4b3114c0f942b46f5dec38671b8f1c64b5b79bb3182a5200e9f074f27a5acd5a926414f88 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\83D863F495E7D991917B3ABB3E1EB382_5F77C0C9928B8D1890CC6CEDFA8F13D9
| MD5 | 19a5154505a33e59b6914bff6f4a161b |
| SHA1 | 661aebe876aacfbaa6728bd42076829eab28b936 |
| SHA256 | ec662235bcef9bcae00b94fb075e6d18465a482cbf4b10a839b218aa58d39a23 |
| SHA512 | 7d0458d41207dfc83a69286587ba33635764fbe3f5b7671229a1b751458548444be7b2ae656f13eb0b4e1e356059916a8de77ec3aaf7b55a536b5acb562d8c53 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e23570e0966ebb395161838e54d01e7 |
| SHA1 | 499e14a421ebe1d339dac436a3783fb6547406d5 |
| SHA256 | 6ddefa56269e7c4cb436cc8aa53644f2db23d45cf7bb33b7dc344aebb639b33a |
| SHA512 | 3072ae4844346a65424f9c2fbef8b38f0672e495f11faf196abcc8c20108e351260caa451adf8daaab39b08202f177dc80e4de23570989d7c90b02c7cf28b196 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fcea92d4b784c6b4d2c3f800a0a9162b |
| SHA1 | 7ab47cece1878cf69ab1ee9a3855b7f7000bf323 |
| SHA256 | 0e57782a5486ded9369393d8c3370b974da15a9a28a976a54aada71553c34626 |
| SHA512 | e7becf15764304af58192c839b506c2b46c8fb04c79b6ec2c0d8038c9e5a4690139395e7a0798a049d7aef9d7702391cb336fddb9261fba5ca233014f9c6570d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNCIS1YI\Safari-step1[1].htm
| MD5 | 4aa7a432bb447f094408f1bd6229c605 |
| SHA1 | 1965c4952cc8c082a6307ed67061a57aab6632fa |
| SHA256 | 34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a |
| SHA512 | 497ba6d8ec6bf2267fe6133a432f0e9ab12b982c06bb23e3de6e5a94d036509d2556ba822e3989d8cd7e240d9bae8096fc5be8a948e3e29fe29cab1fea1fe31c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517
| MD5 | 053ace766eb086415bf5323df641df32 |
| SHA1 | ea09c3e3a7aa8041dd915689b319cd19c4d7dcff |
| SHA256 | 69c3ff60569c7032fb2842e082edcecc71a59c5fa7b4d1769ac5a9a77bc6b89a |
| SHA512 | 8055dd4b66b79f1084164d59c70520a7a18ce0a61b0f1f8c5b353bdf376f8094e99900130a437519165de45859fa6611afe2dd65fd0aa1086f3c8acea5ddf068 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517
| MD5 | 7416cebb1dcd0af047c3df03527c2138 |
| SHA1 | 372de460c0d8b27217a5e6eff66e4368082e065f |
| SHA256 | a0c64e20cd0f680d3ca27a13a0d2868c090063b53788849baaf0508988482f1c |
| SHA512 | ad0332062e2846f350063d5dd991aeeaeadd9b0820849947518f04e5d2fd1f8140be2e58b061f14e4759bc49aa4728a7ce3d382d61272046698f1b861bc9bf8d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a9ddf6576137a3ca077e80a6a55fc9fe |
| SHA1 | 684501ab3a9c34afe9609b584f7489dd4abd7e19 |
| SHA256 | 77027514a07fd5fe41000d20f445b5c39b618e69e1127b8848468e9bb56e4e5e |
| SHA512 | 483a5623d5101351bdc96d3335768479ecc6f08ff1b76296fe6dcbe7d2e4569180f599f99277d293223ca0008a32471481e6be6b9ee25c3446c8cc6449ba50c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f21bb9093432c0c22de5ddab205c383 |
| SHA1 | 87705d09e0ccca4fbdd0ba6021404c96fd243c2c |
| SHA256 | 2d1097074777c9724a63100a7bef634308481617374e0e031d8104664062e4c6 |
| SHA512 | 7bf32bc89ee42fc17ea393166b9035de886de70707bf67f3cb8bb4cecd0de4cfb88b1586952bed2378e889e99a81c64f3edd55139e4970e585c21ce4b9525a28 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTL9DZJ3\js[3].js
| MD5 | 200bf8a69745e0c0e7611384c0bc2bed |
| SHA1 | 9884e2dcd2cadb890d0b5e1359b81dc5f539814f |
| SHA256 | d221640be6332ba00ae8b24a1d969032c26f0f4e28533efc911695bae7fa04e1 |
| SHA512 | 860e5a864150b8528efb32bf6488c21fb6034625ad55415ae795866f66aa593ebaf362ec6bbb61d54f7fad7e472db3866f72316dfb345ede49854700e2bfc1e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4369dead47f6d7e00949bbdc1500636c |
| SHA1 | ac493cce4d07f70c1874ae5d974ed845e609925e |
| SHA256 | 36f2626bd4ea9fd40675fed90368e899a5bae63fc4c0f751d3076e4c00cca0d2 |
| SHA512 | fd712b7c7108f58890b06cfe63d5cbef0256c05331c4a1ef381c2d1a2c53871aa80fa1fd0ca95f635cd8a5baf304cbf9ccf28c8bac175135f7907ece6d1862a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_D727CFA7BCFAF501CEA426110263B756
| MD5 | 495abe1928643ed730ca074a5266a645 |
| SHA1 | 1e29b95486a0eff557b8535c607c2240ede505db |
| SHA256 | c4267593e63a51c0e3103d42bfa4667515ce34b8636011959e0aedf58e82cbba |
| SHA512 | cb994c8fede0f952460368b3a53e8bcb76b45f92e53f38f93fbf57d91cdda01354b22e172c40e4057ac002a6e443a0a5beaf0fefaf2c7f08b3165a8dc45c5e1b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 19a21dca66768f9a3fdbed5cff41ad16 |
| SHA1 | 4dc7521f5f798bbe653e9a7a457cd3a762de503c |
| SHA256 | 43a839299ce64425c1b54f1d5f669aac53909bf37ee98ee49ce1e10c81f674b2 |
| SHA512 | 91578aa5e6161f1e725a789bcad80c831928641001d4d13f38600aab3044e991ffdb31157d892bd29dad0e679628a2afbc185bbfeb687028fe87b9a49a71f0c5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_434205A76CE72E9356C6165EEA1227C2
| MD5 | 9f2818b6934693c6f8b336938c1b83f7 |
| SHA1 | 83aba9f7c80313992553f1c40188e09a404ae943 |
| SHA256 | 1bd3a70b593d33b1bdc4af80560509778580aed3c3a6a81c0085a7e6c41bc37c |
| SHA512 | 75651c264caf478f23f6a3abf8989e38de20ed2469cdf03cba38ac92d7e4b4c45e5fe24db57245a7fdfc2f9f61320ee72fdcab498ec614338728c51847516366 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
| MD5 | 07c79cc9a1b8409e130864deadcaf826 |
| SHA1 | f86c1632bdf76da65526d2739cccd94afb1b0c02 |
| SHA256 | ed37d249c9349ac0dcba30d2d29f970023c37b4493da7c07f31d562a4a1ae294 |
| SHA512 | 9e4cbfe3939ea18ba10b88f54665dcdb74387b753d9c600660c1aed50ade7c7567199930a515f56e16d131bf80ad15bd2c56393c7d0cc13b2d0e6952f9c08e77 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_63F40B816FCC2D8AE14321B58D77EB6D
| MD5 | 357c037607501879c7c5986f643a7619 |
| SHA1 | 6cc71f4dc64c5b84371964a97a14ab53929f4ecf |
| SHA256 | 1ff07b0a6126ae98bb5b0b2842ed1fd70f7b19f877d5f5aae68540c0b536f167 |
| SHA512 | 83f7d6b531a7f71c7e2d5df8991310887f956778ac8241b7cde4bb74a67b0d8ffa2385249667f74335ed8da9168378f404ec3f04b2fd7af728a3aacad083b161 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_63F40B816FCC2D8AE14321B58D77EB6D
| MD5 | fb98be0e2a2e62e55c0578d27a67af72 |
| SHA1 | 9a4854164ac1a4d1ed3c40ecaa003a76ea0fd452 |
| SHA256 | 8382a2b41dd2b2be0900ca2be9fd647a00ac2a6abbe9be988c0fd4fcaaaa4800 |
| SHA512 | 9e6e30be2258d954539821026e4ad01f6d5d30c7591c7939b2e5e66b8e1215139b39338397e1caf3e6147d319d1e5971edf31f9d0e0d29e062464638f1cddab0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eff79f3806646e33db3c5a51d513ee61 |
| SHA1 | a21e985d14f457b1fed9b4659bf2bb20a04a50e8 |
| SHA256 | 5a838809984ac36eedc4cb57f40e2cf5ce80ff5e0e0231847c0c33eb6c5e15f6 |
| SHA512 | 2fe3af73c037d283b36f7330d32709257e4545613d7249183966fd017c4b35de15b6859e40305e02d8c668dab3ff91957ba604c860a3b0aa956a73d6757fd614 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc1ac33a42b057ca7892047a6dcf2a97 |
| SHA1 | 10b9ea997d2339e826f595ec1a0f98c2852b09bc |
| SHA256 | ecfb0bfd2c00490284ebc96870f6bb13c181a1daf8d94c3f297baa8a3d0e7fe6 |
| SHA512 | 8a37e20f5b63d9ffd253a9987f286b4ebcc691972366a130821e4751064e93e2e7f5af2427cdf5de69680ccd1e745d1b840bfcfd836e3096070872030e985706 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 078eddb5c97e68dd1be2aa3fecb494a2 |
| SHA1 | 54e3df49ca7c8c3628391d309d092999bef04a88 |
| SHA256 | 779f7fa0b9dcd3891d618200e6e9c7316575f10d71444374d109fc2669543892 |
| SHA512 | ca4b874db137dcfca95c76a63364b96f68ac91179c69a8e8d713ada5c426439236f7521e1977488f40da2e0d818c963c2023210599fdbd5f8dc230401f0d76a5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a91b558c59833688718b497433df0b3 |
| SHA1 | 23cd3e89bc3475ed382cf61723e02b109d74932c |
| SHA256 | b34143708de448e0f9e916900ec15e1aa13acfe42fba0bee4750654e5872cc8b |
| SHA512 | feef9c9e8ec60ce225805ff17d66baef268cc670108f9837522505e7dbe1bdb18e14497144e4d533bd96f6f10ea4b3d4f715b8fdeba73b836becb99f26c2fddb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 801036625b344d92ae10c46df05ce64f |
| SHA1 | dd762d2d1d03fe0207cc0c10ab1c8570ac3ef7cf |
| SHA256 | dd1eb0e0bceb9ac8e41cb25e87b21ef750461669d67a594d6f07947f6b9ed2dd |
| SHA512 | 1f36e814b93ab9dce5862edad843261f3c286536c7aa2c034c2039e9ee158199e21d3640a0598b29ea8c7daa7fb7cff8e70cedfd5cecc571d9b57d8ed66b0c9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3caa93dacd56d4488d81d67fc927374f |
| SHA1 | cc66569088cfed5b61c4389d662b4ff4b1db7494 |
| SHA256 | ecf27576ab8ec5d272ceb94b26f442af4deb253b382e495d006a74a16a847d9f |
| SHA512 | b752f364f3dcb23d07b704f8b25c429971a31890f1ed9be529fceb94509ce775f0413118d0d29e0a85699ec6433b39f29fc1ea24cce2c2a14ec9165b2b248707 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ae924730cd810e5711a758e6f60da59 |
| SHA1 | d8ce19b2bb5e90f72a7f3f58a4bad5c441e76597 |
| SHA256 | 28b5b90cbb9e908a0af0ea28ab6ef4c138ecebe9033acac29f7f939ce658e64a |
| SHA512 | 0168f25f6ce2bd576b9ce7d2d2046307ee96c8ff7258f2a244c8b0dcb099c9e6e2bb5e9fe4f8d616acfc974bc6042cd43406317f2fa089ed83fcd018f4e9ea8c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6ef6a9cfb4255e7ef395fb24bd56b02 |
| SHA1 | 382bc7e3eea338090fb5959b04e541c19d12521c |
| SHA256 | 74f26a641d8457316f3b03b6577e615e63d501b563f3ddf3b961fde2b9f817ac |
| SHA512 | a8ec803def8b0f1789d8139f950a3076f349d4fc769bf3102d0861dc393a76ec79185c28d1354c52742e98c0fe873ea8bb5a60dfa62a50592ef25ab26c094db0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e5319c3c2b7bdcd8ea2292ee77845b3 |
| SHA1 | 005cacc73c877bb213499a6aa6a33066a8b8269a |
| SHA256 | fccb76b888ecbcf4e3d2a873a18e13878075c3da5de9e5fa75da23aae192b7c9 |
| SHA512 | 4a611a0c0d1dbf435d8f80abfdf5051b17c9fe9a76091bebc6e54169d2897311f27f44a6956c8ae37f0266eab1752f3ab3b2c78791a0d4c3ed47c525b5eccd9b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9334cbf7328c46aa1f445bad75e5d2b5 |
| SHA1 | 260639ccd3b186ea01f5cc08c3a60c908e6e0d09 |
| SHA256 | 1a3e5ca8329de93da9f53a7fe9257456aa8c0af47940a7007185d95d3b87d4c1 |
| SHA512 | 85d9d02fb9b9a84d59bcba4d383f8c5bd200ef52c29dafb9f7520fe5f0d375fc43fcf4d0fbcfc21517939c3862ab9f4b0d466c25259b9edd39f8d26c9916d879 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c3d38dafa32c1b637f2255535fe10fd |
| SHA1 | d38c92980480857556f1b5e1db5c6ed4cf497fe5 |
| SHA256 | ab988d45853ed0a99c2db01b3abe308ababcbb13abdecb7281657d6b1691a324 |
| SHA512 | b2051de367e4022f27b281dc96a028cbe313ea43bbc1c13d3ddaafd1a09fb7d03e54a3c25a5614e38f7ab5f426916e85833b87f48615da6579364c9231ba3777 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e9f3f0f85c944ea1f6e60c53770dc8d |
| SHA1 | f1a0786c27e4421d83217c239494ef20144351bd |
| SHA256 | acb2e2ed0261658f28f736c9c1c57f435894329d8d1623f4a450f9cbe3ccc531 |
| SHA512 | b813e47c1cffae91ad279b1e59d44709b66c1b04da73cb8b85e5cebe7d9a8d8ae8ec957b447d7f9e98bdf22e527570b0d0dcf9e073d80ff7d4514ef481d1fd94 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8723820364ca28377ab04c5ccaa8bf9b |
| SHA1 | a4bf6d1bc2e5758be4d90689cd490fefe770b8e8 |
| SHA256 | b6605bf14451fda96dd77bba484557b54816f56fcc012db63630b2d992d78caf |
| SHA512 | bfe550e498b859dd671867d8b45df54bce2e2cacc6a58ba8af050ed9a179dd21baa07171ccf07892ac53b8a9a2144d59454f0bf58af83b801872245d5028c522 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e195971c4e5faac65e22f85e345ad25 |
| SHA1 | 8e4c8123d2eb566f049d0b5a73d6e6fe9778de40 |
| SHA256 | b7c587584f86c912a5169a9ee133d67892629cb9d23e3d873532d47c05fb1efa |
| SHA512 | a9bda739cae9c38be3ba06956c1a65b64f7018ce7b60c7b60d456e07e54af1c91dcef9320c225afa3b3acb83719f41ba5b5dbeef58b356d4995757fd07357251 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6ac7feb8fe1c6d746ad15450b29e4cbe |
| SHA1 | bf6331c628c9a67232d9be871ce524eb76932d19 |
| SHA256 | 86137ecad72e4f82f0a539054f81248af2875a1c6ade87d38c09b410dae4f53a |
| SHA512 | dddd886a29bf9db0122d4d936decdce44dd81bf7204534844518c4c5ce1defc903b405966dfd328cf7e417b66b8d88902c356089f3707fcecb50d73617020968 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc8fd486b057135f146ce1a21bcd9de6 |
| SHA1 | f4278caac55073497fa2eff8f84878b8171959f3 |
| SHA256 | d50cab735bd5893bf3d8522b540383cc489b68e3918dbfab0924e5e0b93c7044 |
| SHA512 | da8012b6c6ae5181e0a0bca43ec9cd39cdeddbfac035bb7ca841cd44463d4995274cb72bc00203e010178a2e5740478e8ffe8ea8b911b0217b3fd3391aaaa8b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ed8d888ac37d1312b5e72bcf20d2871 |
| SHA1 | 92a02683d7145f50fc87175a90e10bda58d6658e |
| SHA256 | 6e3080a4ac299ce225c79b07e8e76f7d44ddc13ce4864e27336398f31dd31651 |
| SHA512 | c3248f72af5f004b1a1f101f6c58aa33ff50eba0145625ba21d424cf9e4c2fc5dc79ac01f7d0c673639ebdad8242437a1d0efc0790ad14e60cae0ddee62f598b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a0a89a78add5daa0743e7c41efb059f |
| SHA1 | 9dc850ee296c8ad91fe03060645d2e52244a8455 |
| SHA256 | abca5bc32d9e315097835979586fb234e92323afe7dbcf681b4b5a7df5614064 |
| SHA512 | 7de956dbb6d66c9a761f824ca5360d1c25ef9258e22df1b9cdfe69bedf3c32240684af255b15980c9d7733f29b9b9ac55f6abfc9418177a2ce9e0a3c1e469e4a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7fd5c2ea6e96585d480722c8cfd71f19 |
| SHA1 | adc7298943e90ccd579717911bd92c2d0cbf5ee7 |
| SHA256 | 86bb0278013f10fb70c84c4bb17cb2b5bf262456515f88323636ad1e4c516964 |
| SHA512 | 4c0ea2ec7004ae162de5a9fa85441d953499906b4729c291ef534ddd25f34713cb79107b2ed676509bab002ee97312344ae951649a85f0f3465657f9783baa40 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:07
Reported
2024-06-03 13:09
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
153s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91e43c6d1f8448e028f62c174669a407_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e53746f8,0x7ff9e5374708,0x7ff9e5374718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,3520817577581694713,7765553358315483122,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,3520817577581694713,7765553358315483122,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,3520817577581694713,7765553358315483122,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3520817577581694713,7765553358315483122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3520817577581694713,7765553358315483122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3520817577581694713,7765553358315483122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3520817577581694713,7765553358315483122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,3520817577581694713,7765553358315483122,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,3520817577581694713,7765553358315483122,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3520817577581694713,7765553358315483122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3520817577581694713,7765553358315483122,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3520817577581694713,7765553358315483122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3520817577581694713,7765553358315483122,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,3520817577581694713,7765553358315483122,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5880 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | static.mackeeper.com | udp |
| GB | 18.172.89.42:443 | static.mackeeper.com | tcp |
| GB | 18.172.89.42:443 | static.mackeeper.com | tcp |
| GB | 18.172.89.42:443 | static.mackeeper.com | tcp |
| GB | 18.172.89.42:443 | static.mackeeper.com | tcp |
| GB | 18.172.89.42:443 | static.mackeeper.com | tcp |
| GB | 18.172.89.42:443 | static.mackeeper.com | tcp |
| GB | 142.250.180.2:445 | www.googleadservices.com | tcp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.89.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mackeeperapp.mackeeper.com | udp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| GB | 216.58.204.66:139 | www.googleadservices.com | tcp |
| US | 8.8.8.8:53 | 55.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.11.174.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | loadus.exelator.com | udp |
| IE | 34.254.143.3:443 | loadus.exelator.com | tcp |
| US | 8.8.8.8:53 | assets.kromtech.net | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| RU | 77.88.21.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.143.254.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| NL | 23.62.61.121:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 119.21.88.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | 6102726.fls.doubleclick.net | udp |
| GB | 18.165.160.12:445 | static.hotjar.com | tcp |
| GB | 216.58.204.70:443 | 6102726.fls.doubleclick.net | tcp |
| GB | 216.58.204.70:443 | 6102726.fls.doubleclick.net | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | s.yimg.com | udp |
| US | 8.8.8.8:53 | www.clickcease.com | udp |
| GB | 87.248.114.11:443 | s.yimg.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.212.194:443 | googleads.g.doubleclick.net | tcp |
| GB | 18.172.89.73:443 | www.clickcease.com | tcp |
| US | 8.8.8.8:53 | event.mackeeper.com | udp |
| GB | 18.172.89.107:443 | event.mackeeper.com | tcp |
| US | 8.8.8.8:53 | 70.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.114.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.89.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.89.172.18.in-addr.arpa | udp |
| GB | 216.58.212.194:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 18.165.160.116:445 | static.hotjar.com | tcp |
| GB | 18.165.160.39:445 | static.hotjar.com | tcp |
| GB | 18.165.160.73:445 | static.hotjar.com | tcp |
| GB | 18.165.160.116:139 | static.hotjar.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | sp.analytics.yahoo.com | udp |
| IE | 34.252.40.201:443 | sp.analytics.yahoo.com | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.40.252.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 204.79.197.237:445 | bat.bing.com | tcp |
| US | 13.107.21.237:445 | bat.bing.com | tcp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mackeeperapp.mackeeper.com | udp |
| US | 54.225.68.202:80 | mackeeperapp.mackeeper.com | tcp |
| US | 8.8.8.8:53 | 202.68.225.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_5040_YMRKBKZNSBOUTTVQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b96ad31c49b8c2be7ddae2cd0384a0e6 |
| SHA1 | 20a7aef1ecb6e35dec8939b3b460211d84c11338 |
| SHA256 | 45ce478e03530b2f1a5b39705d85f8e0b46eda36392384f539478bc0db1cfe95 |
| SHA512 | b4e511435e9455d1e43b8f164114151d19852aa6354213f0b544bb765dc15a28c2af0c05c1d82e064cf5e6549e1272bcb6dd0b1d90fdf57723a12006fa63dc0a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7a52ab21cbdc15e336005b3ebe2e369f |
| SHA1 | e83c63de7dd2566b54891a9c80d39f82c4ed34c8 |
| SHA256 | 0da2fc798971cd13357e44b2871ea44120a8c2a60c8a74bb4b9a6c7cc5f4f023 |
| SHA512 | 65a952f06427ad6ec7b1f4ee8d04a62d426b6ad07665e8edf6213ec006de4319ee38db5e8e570a1de61b9273cf5392e2fcf4c68bdd94a8fce7756107838d896b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4c70434b789b1384e596ab46772c5664 |
| SHA1 | 0a20645f25b846ba7bc22c934430f1459ac51e70 |
| SHA256 | 7a6f4634da67d6ad4f21f478c022c6258cb4a08f0ce498f64dcc22ab52911e34 |
| SHA512 | 2d0863ab1991188bb7efdb31dc3031b5775940d4cc03942d4cd69e3942569c8de239a655a2ab2bfd4a09dc8c6f7681ed7cfb5f7f0b221d1f01f24a5989f19b30 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bb70.TMP
| MD5 | 7c46ed01ab9e52bf3d6490d83e540597 |
| SHA1 | f46b37cdfb7031a35cecf5ad6f75b732f298cb50 |
| SHA256 | e325eb6b979ea779d3187a6091247c4ccc2e5c597a99292185ebbb0a354cfea2 |
| SHA512 | 93a2f5f7a49f72505522fa27d43a4608624b717d5740eab2f72dc4ba4951d464acd7c41448a4269ccf1ba484f57be30a9c13ec0f3b43c2b77c63ebb247a8d627 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5ce57fc96cdd55093b62c72b88b45272 |
| SHA1 | 8f5fbd5e000da1b824dd8204fff46503a738261c |
| SHA256 | bcdb91e2187000606b3f84cb4f23bf2476e66133bbbf48eab1bf0aaddab659b3 |
| SHA512 | 6d536a8552e5b52960837a5c980063b6b4012b81ee32e8dde2422a84064b5272fb317c1769f693a863a30d8a1cd2a63087c8c498b732834accbef5e1e4e1d912 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4b0e573f397aaca36c839cac0898af00 |
| SHA1 | 5eb32615c70f412c0fa3d290bcf6616e7e3dd1d6 |
| SHA256 | bcd7a6d770553e532e6358d8929b2df63bd290ffb8d6f60f19f38d2202839769 |
| SHA512 | 0240e4ea088276c5e429d4ed338f336eb1de058e0e545bf9d73100f1d3c31e4f32bb6c3064ee77ddd843cb7b6c8dd780ff2ab9c71b10bcbe27c759c17a43d699 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 965f1e278a5a4e7f44c673eaf0519cd4 |
| SHA1 | 26516ff684e2eeb2eb428f83f2eba77364cae6d9 |
| SHA256 | d2068954a53bc1774afc308b47c78b2a92944e89e5f853c5cac679d585dc9288 |
| SHA512 | 1b298c8c758940522a0d1c8f66ca08c822d1a33e6c4cdcf5bd8a76077d8ad3ab1c2a0140144820d55ce3056f0470f4ac91edbf9678cb605fcff2904096813f54 |