Malware Analysis Report

2025-01-19 00:37

Sample ID 240504-18hmesdb2y
Target 14b96fd5dcadb82dd574cd15b0d4b897_JaffaCakes118
SHA256 415f038947fa99798b957e76eee1c0d6fc4ae937f2ea80460fa08a7ca2f1332e
Tags
microsoft phishing
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

415f038947fa99798b957e76eee1c0d6fc4ae937f2ea80460fa08a7ca2f1332e

Threat Level: Likely benign

The file 14b96fd5dcadb82dd574cd15b0d4b897_JaffaCakes118 was found to be: Likely benign.

Malicious Activity Summary

microsoft phishing

Detected potential entity reuse from brand microsoft.

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-04 22:19

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-04 22:19

Reported

2024-05-04 22:21

Platform

win10v2004-20240419-en

Max time kernel

145s

Max time network

153s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\14b96fd5dcadb82dd574cd15b0d4b897_JaffaCakes118.html

Signatures

Detected potential entity reuse from brand microsoft.

phishing microsoft

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 624 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 4980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 624 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\14b96fd5dcadb82dd574cd15b0d4b897_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd39046f8,0x7fffd3904708,0x7fffd3904718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,15269067099469838731,3623568680931532403,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,15269067099469838731,3623568680931532403,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,15269067099469838731,3623568680931532403,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15269067099469838731,3623568680931532403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15269067099469838731,3623568680931532403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,15269067099469838731,3623568680931532403,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,15269067099469838731,3623568680931532403,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15269067099469838731,3623568680931532403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15269067099469838731,3623568680931532403,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15269067099469838731,3623568680931532403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15269067099469838731,3623568680931532403,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,15269067099469838731,3623568680931532403,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4880 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 secure.aadcdn.microsoftonline-p.com udp
US 8.8.8.8:53 ajax.aspnetcdn.com udp
US 152.199.19.160:443 ajax.aspnetcdn.com tcp
US 13.107.246.64:443 secure.aadcdn.microsoftonline-p.com tcp
US 13.107.246.64:443 secure.aadcdn.microsoftonline-p.com tcp
US 13.107.246.64:443 secure.aadcdn.microsoftonline-p.com tcp
US 13.107.246.64:443 secure.aadcdn.microsoftonline-p.com tcp
US 8.8.8.8:53 160.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
NL 23.62.61.113:443 www.bing.com tcp
US 8.8.8.8:53 113.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 24.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 51.15.97.104.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 919c29d42fb6034fee2f5de14d573c63
SHA1 24a2e1042347b3853344157239bde3ed699047a8
SHA256 17cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141
SHA512 bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d

\??\pipe\LOCAL\crashpad_624_RURULVBFSCUJIIGX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8b2290ca03b4ca5fe52d82550c7e7d69
SHA1 20583a7851a906444204ce8ba4fa51153e6cd494
SHA256 f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2
SHA512 704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 aad97e40df9ee38569c2d56de5396607
SHA1 8b40d67626b9a3b66b6f2a1e174d87bfd653f92c
SHA256 e403fe1c5bdd99b6f9e0bd204ccbf6fa7f8ec07d81afe144a5860a0d07d13051
SHA512 ce6d097d5434dfed826f2ec048b19550fed065ca52da2d60ad9b70930b8fe7e268ba7fb9fdad4fbdaa5c1464932036e3dbc6fe4fdf34f5d3361954817c5a73ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 45697bfa98d7f147b819b2d504f57448
SHA1 bca5658756191c40fac46debaf063ee25c13ad23
SHA256 d87f52c471aa7f630f4a1a953f9fb9710d004b0209755360916ef2b72fc777c5
SHA512 7d6c915ca4e2f38bb601ff68cecb1c39951693f841cb1b2a2bd3762f654e5372e9dfc2a7ffb4d8da056de0b42b99b9260b3c49feef51b465ac48296fab47f807

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\01271cc1-f766-451e-8b73-1a68b346ee1a.tmp

MD5 1d8c21ea15b25f7f73f88c8719fc41d1
SHA1 5817d51ad5b33bd6df97f6e9502c6f7db09c208a
SHA256 e990b7a16490f789f553a27da9a92d6c69b84e3ee081a0a3174b5015d005b58b
SHA512 44656d765e5dc8d9b1f3ddc7dddcf4142b19069773b4716cedd2e116d67bc55330e58904ac760a4b19d6b090c252284c9edd196e80abd469e32b1c732dfb5df3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 807419ca9a4734feaf8d8563a003b048
SHA1 a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256 aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512 f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c401274b19e17e2e5b3f2020bc3c058f
SHA1 5c2ca0484f94ad4bb5e31d3fb1364c0be9411a86
SHA256 6106976139f9410cc79bc44c54c17c52d4f1124b3a438fed675d5ff7a214bb62
SHA512 d231ba6712b8be69824aa186689e3422fb56e20861c419c536124da4be851cf5bc02d0d595fe87b0dd81a3e83324f7dc8b1be1fe3739389638d1e8b5f4c77e56

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-04 22:19

Reported

2024-05-04 22:21

Platform

win7-20240221-en

Max time kernel

119s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\14b96fd5dcadb82dd574cd15b0d4b897_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{522AD1C1-0A64-11EF-8442-DE62917EBCA6} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90273829719eda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e00000000020000000000106600000001000020000000ce5b739132ca53db07f6eb4734b9a1eca3b51978433b94bd6d9a3f6e49ef0512000000000e80000000020000200000002f910a1a191cad6cd161ea57a572da770e410bef8593cd63fb87d172777ca62890000000dea60053ed4e7a33a6ce4995e794ad9e034a5586cff28bac0bac6f960b5bc28944dfa9f32d00e2f1c736b2664f141f89e553d1451251e9000f1254860de8d38ce07be6877d3ae37571a79135fa4878a767bdaa9697d887411343dc59f36355dea77696b0fc4c5602543f3ba52f7ff0ce7e56619d6b95ab028daed9a8b4adff602010b2e836135cdaa293439c6b806ae0400000001da477c5e1d8fada8bce2dd89bab7618cbec85e16ea8261c10785b6d1dc8372c3aeaeda83aab44802bc160f08db2c7b3d79da6ac997b397f9c4505d0be157904 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e00000000020000000000106600000001000020000000111e82661b1b0e612f40805a5d8d21b437d920b86eda3775975fd38cd43a2b7c000000000e80000000020000200000000e9786bb2246eb32978ae713749ca60a19d8592a8467f3ce7499652ec542406320000000374dfad6ee10644a2954eb1053ee5163a802f15fe13c35b6fe23a5447bffc24a40000000a1eba728d7fb14bb94859dfbbe909957183de353cf697ce7cd67f7d446950e98fba1c3a06cf4abcbad70eb4064eb0ff987ff0adc8686b78085dceeb7d615c4b0 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421023014" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\14b96fd5dcadb82dd574cd15b0d4b897_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:328 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ajax.aspnetcdn.com udp
US 8.8.8.8:53 secure.aadcdn.microsoftonline-p.com udp
US 152.199.19.160:443 ajax.aspnetcdn.com tcp
US 152.199.19.160:443 ajax.aspnetcdn.com tcp
US 13.107.246.64:443 secure.aadcdn.microsoftonline-p.com tcp
US 13.107.246.64:443 secure.aadcdn.microsoftonline-p.com tcp
US 13.107.246.64:443 secure.aadcdn.microsoftonline-p.com tcp
US 13.107.246.64:443 secure.aadcdn.microsoftonline-p.com tcp
US 13.107.246.64:443 secure.aadcdn.microsoftonline-p.com tcp
US 13.107.246.64:443 secure.aadcdn.microsoftonline-p.com tcp
US 13.107.246.64:443 secure.aadcdn.microsoftonline-p.com tcp
US 13.107.246.64:443 secure.aadcdn.microsoftonline-p.com tcp
US 13.107.246.64:443 secure.aadcdn.microsoftonline-p.com tcp
US 13.107.246.64:443 secure.aadcdn.microsoftonline-p.com tcp
US 13.107.246.64:443 secure.aadcdn.microsoftonline-p.com tcp
US 13.107.246.64:443 secure.aadcdn.microsoftonline-p.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Tar24D2.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\Cab24CF.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar25ED.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 69b8dbb6e937e161fd3766997faa85d2
SHA1 cc01a329c7e80d9b820a2671b7d91e529065b2d3
SHA256 f57b675e4a9e5b8b9259f289d9adbce2e66cef4e52f6fe54ae66625e23249fb1
SHA512 cb78bc59686581985204115050969ce7cb9c3a8025d6b91890ab994a2544e83d9e98b200eff58e81dd3efcb11f82f176ae5f366fe2d187f375565c068fa17aac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 21807062f21a9f28d6247bdb355043f6
SHA1 96b8081f94096ebc29091803238a2e788270b952
SHA256 414c1ba0df2452b985d9cd5cf3dec3d343d0f30e4213fdd17fbb8869a666cace
SHA512 ed9451999dd303ef58ff70d56297dc7c59d7d5c125c9b3403cf60e221e43b72c4c61358b937fc30583f569062ed427922fea86e4d579303af51e2030ae7ea3d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 acdea6c6ec4c0ff68a6a526790170536
SHA1 8f1a27782736cd0db2ae69d99c76a4c712b0158d
SHA256 25b933e6158d240fffabac64afef8c9c687991e6e29695d413f0fd5a3b58d8cd
SHA512 d0487a552c1dd319955f30689ad0b289ccce72a589a8eb262c8793ba0305c4e10441f3a3a77e41624930b17dd86e70e9f2dae2405a5d51bafc3222b34857e2ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5f0f7873670ff88f270c345ced22c9c0
SHA1 6c75519065bc6b69b788d72d666f52873ec78ba2
SHA256 786b21a4b11e74d67d8482227d7b6d67cefbddcae07a72dcac6561b8b715675c
SHA512 f7d8582a8905c33aa02b3d419d9a88107b977031a2eb4b05d7f7a048febaeda53efe3783196f9164ef80524fd6db9861440a2c0f2fb3cfc913e8dfbcca9a4678

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1bb06cd79be04c0d215dfacc377e09d5
SHA1 1aa5992903700917fbe46181540110a32b982697
SHA256 fda10a5741ecfd432b509716f5a55921bc8c26aac9ff23d05ace234826f04f57
SHA512 0a2b4dcefd1953605402bca5fc38a6b387b5b17539fc9e4b512878f2bdcdd09cc7dea77c2562a6615f98dacc5d5afe5ad14795edb890259fb9633ff111561ffb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 43e2944542586dc17d4ff101b8ea30b0
SHA1 ff9ca802a86cf9333ea13fc5d7254cc0bd02fb99
SHA256 b3d90968fa0d6d810cd95b32165a8b5032f4aadf2fd4a9f6a9aa7045b3acfc42
SHA512 5a1850046faa6d9594dd4f05e20e5d72323cc634bb04fcea4dcf49dff49fd60d7c90bef79e336f6b788b3b2c6f6ef15b3d078d916f5cc96160fef127373f5e7f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ebd7d3d85984b1e0a76dc2825c9e4134
SHA1 f5ef477ca467f4c0dacde1fb92aa2699e3498ff5
SHA256 7b74b552805e1442a8ab39f5a31c92af7fedb6bb9e2ef06fbd6636901dfad011
SHA512 7941cf92ef93cfb101e114bec18532ff4b29f628a8c4777a2c54cd8cc8da4d6d117f74f381c011366440acf6b2517c90ef1a0db4fe365d63abfe1723d23258c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c3fb9bf22a433ed9daa8342c0133a3e0
SHA1 93c3442ad545e34c606a786dd16ade70fc27f12d
SHA256 12b631eb437849a884ce560ddc32152b79ce255844db630fa7f15364be2d809b
SHA512 a9a7eede7bc79d41708060ee6590f8cc2e36d18f4c26651bbe51b90e397faa455921691f1e086d092286713c77c7c4912c8ad822d7e32fb4480826b8058703cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9483e5ad4f911cb763eae52a7d37360b
SHA1 5d7babbb396805bb8189f7a163bab5b702be9c85
SHA256 6b8d3348a1228a17dd359c9e83c7601e4638c4c3e8fd18b08a1a93d66c099133
SHA512 c845864271ec45752b911dfab38a34d0bc9ee19e0db76a4159d37a1507e02718f3905c92d01d3d37524a3c4554a433dc72e1cd1193016b6bcb03a2a387e644c0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 547d23180fe0ba7c6623c40421583865
SHA1 f9a03a0bed04ca83b4c5bf4778b83381224f32ff
SHA256 ffe7ed6baee867f1ea3d6f5a2823674c348fcfc706c664eb85a1ddd87d0c0769
SHA512 51018623f5839dc8519f6c858ab4ddf60d7fc4a92668784ea7b00f3b564df98d818080136f098531cd76c3bf86abf0a4b87104effd571152d17859fdd9d260d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e96151e3c5fa7b72271efa841d2abfc
SHA1 7a256843547971cf7240bc2f97b6b747a2d00efb
SHA256 ecdbf0808fad9b03061ea1af11f550c6749489505fccbbc00d2fa4a7cefc8f39
SHA512 619cf919d758357ae0bf964e49756616da5d4d1c35c0d724a51753fabfd6a9c7374960cfacdac79045834019b751e9891818ec0c99d48530780fe8c92bf6dab8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4e8e73eb516ff561ea0345c5cbc453dd
SHA1 e0655d75a43de92fe21d1eba1153e68c6750d41c
SHA256 ec4f6723ca70c632a1fed5756a60b04f7111fb057f24f2716fa623b818a60982
SHA512 c07a34ded1bbe3368fb508e22eb32ccb3a71e798dcedc4c487da33e7c7e197acc2a255fb7d02000c9d59f13e2172c7e85876268f03ea1d05e6aca0e671bc9496

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 97c1147a2aa1baa7bb473c0947cc373e
SHA1 4bb02e2a6428ba975e6e73d596e15d6744811868
SHA256 df13ee902f1871835dbef77a59bdf58b1119f8537ac6f983a8ed25f1e8b270ec
SHA512 4d14754b3efd66d61481394569a85c3d53644f8b7347f8df8ae563480ee4e864a78a1c455e1d6f575f70862e12215252f554bba9fa50671156a06f814e1fef5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a679e689c6980a380d50bf01b8f8064
SHA1 be5f99ec05f106329fb2c324c1db99b73eba7de2
SHA256 1feced07086cb4ef0054be3244bddeb2178c840c695381f4f77e558e4f7378d5
SHA512 dc02619332239963c10f5fa9b1885dcf041a01a4cffde2df21a949c28257346c6b049766fdbe2e61755d36c3318e01b7f95f941ed976871906ee7071ca59eb4c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa5bad2153b4bdf42b20f93ef733e6c9
SHA1 ca724849b51968b19c53e258111db26e55a5205c
SHA256 f99aefb983fe46c60aacea2f19509aeb58d54f05656abea2fec3f2a779ffc786
SHA512 b27695a49a1d4f9c1d0b4f92c6b33aa4ebe80e28a777e6a937613dddf4d3975e2b5b4208ecbc284fbeef58fa577bb33ab393e91ea88442e707b1e3bb0c2db9e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec3b8224c033a22d7a9ba6ede7d561e9
SHA1 7bbb0cee9927ebbe7290b2c498d39f5434649a25
SHA256 63338d558a5f0e36f153da2fa06788a7a41f5528c776548e6594d9a7d3b49be1
SHA512 d26b2cc477fa68fc67d45696880ec4d2e187f433e86363725543b4df1bbbca165ad454a5774d5ecf6d4b9f6c6bdcb1ad0119a5d60cd93d02257586f94801b08d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6645346416df80f1c30879799e1c8353
SHA1 3ae322637e451a3ec325b1c32b7e35c89a07d549
SHA256 9d66113765ed3afe27de92f184c0d0fc5446a080e3288ebd47e1ab2b5b50a20d
SHA512 35edb3841251b9c6672c7c9bb48fae263e4340b0f8ac3ce772f1692121d3b734653b38224770e898e8af4aa9e03c1fdfaab769ccdab8b70247621bad99198b1e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9f4e0856bc0e97370e3bc6e02d4b8198
SHA1 479812caeccd9e24f1dd9d7cbc132ea65cd7f421
SHA256 f7d6d31c5e4cf6a6ac2c8a6879fa19d7db0c388a3ce626e230962280cff9503d
SHA512 e90d63c23da18733399ef37f15eb011bcfd9496b622af65b02ccdf780464da5d3c4382b7ad775fb78524e02b8d4f478355a72c8e0a3cd767bb0e4d58b1cd5b9f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 69dce19cb757c03b480d14321a4a2985
SHA1 9d77491085f2698580cbd1d3651c6f88ec4403e6
SHA256 75f94ac62cadf38d94ed4fb2f780b5eaff686045d0ae2adbde825e590ec7060d
SHA512 51e72e71cb2799c90ebec3c684155081bda83dc0ffb76f09f946241ebd57604734621e57ea2e7e7ad6cbb71481d16cd93e70bcedf2276a3d0e3802417b26ec4b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 54c89f836719c74825c654df51663887
SHA1 bf45e3c20a8d0de05b9fed4c7c2c1f84b0e255a7
SHA256 6cb2097207780e0faae9ef5cce47b24aa4d27d3ac439040f67468b187c4f7352
SHA512 03300aa0a22695c211bab9bf4f9fc3775ed2311ffcbf1f8d1e4a7435260320ccb282329508768cafdefe458f078b0e6fd312a137c8d2458d5f0aed701100a466

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9987024e7eded330e9d4ea98367d20aa
SHA1 0e5f083371002b31ee4102fac98a3645204c70cc
SHA256 38a59d8a5b9f2073cfd7bc1928b21a9e9ac5ec7c771a847099a8fd446f912cea
SHA512 113df24dc207d62ca81f22afbdd72432633e009832699dd914c6da2d35f9eb940521d7879adec820e4a986d703611fe8380c61eb83f590104e08f30ba3c91900

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 62d5e9ecc3d2c804fb68a1ca11caf06a
SHA1 793099364df6f951c82fd102b3677471c2291f2e
SHA256 c1926a93a237b88dc3c0e99f5659b63ef7016a9ad7cc17f7a9913b73ca91cf13
SHA512 07ec5e22f0df2a0b0e8da239c5e582705bbe62591ed85e080c84a03eaba2905ef57541a79c0063727178d9240291883fbcf18ae8a980c38d028277dd1c725230

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 628067330ea8e66574d3f87fe429400d
SHA1 9facde3dacebdb71a735f48bda1d17a8a5665dda
SHA256 61e25b605a2d99c629faa9a27cfd47520ec49a60350d5bc2b8905543ace73d21
SHA512 d4bfb115e068dfdf65e8dfd06f2813a448145740299bd66648926044a33ee4fba8a26c28218bbada4916cf048b54f40436a974a55499957b69e4a5e37bc5ea7d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b5d363779a69bc6672526f5209ce424
SHA1 3cf0e74ac89defb6942bf0f58923ee93074dbdb4
SHA256 131aafa48ab58c16c50ca23d7f718ce6be8eb9135ce88bbac08bd4d7fec21d73
SHA512 f1d5115054ccaad00fe17b390f25e9cdbbab3ed141ad681c184f28a71d413f41c1f0ea8ed9618b5b242e75fd4b7a99dc08088f78663e8aa23125bf6ed9613db7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b572a15b21c614f3fd342ad70b2dc40
SHA1 e7af7ae83e1b780b1f3e7bfea0fc505a9ea7524a
SHA256 1e2941690890cde052714bba3bc44d6b437da801c83052c60995a6dd25dbc3d4
SHA512 1605c26e87ff630080bbc43df935017ed4111c18d1a4c3c87e1ea0289da4b6bf928748fa87ffa9c75207e07bda3fa0ca9e018c0237c7856a20d72169beb33d26

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c1235e1a62378e7cc8a543479984c15a
SHA1 23a8fe535b6990ecf84cbd181874f8f28c7fc849
SHA256 cef293d59d9a2e84f116bf2faf97b153dda40040b3329c2c67725901f6b58889
SHA512 6e6d76d04033bc3898e2d4b616de48ea98d050580b498e1f6dca21227951c72f8022e27aa15a8b287129cb0c24af9ca29eed9457487d195cb4cc4e227a0c804e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 32cbf5b59af67104e5aade5f3ad58d4f
SHA1 6b75f9723e9b350a618f87caa1106fd147ef9911
SHA256 121d91320212650873a1f4aa983473ef5588fbe368050c20f943fca7560212f4
SHA512 4b66429be913244a3c1b0d2b7ed0f06f4b7d92ac1bc81e51310124575bf7eafe06602afc8446380cbf1f01560ac8c6b39a6322c3e0f20f7cc728e1c60de61d3d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a582e3cffde661ed787c0786de56da1e
SHA1 b683f032ff6d6e25425b018f419cc2289156f6b6
SHA256 728305bf64fbe2a8cd22ae9ad36bc17e0d867e616ae2acced097a3560d0fa9d7
SHA512 58a10da711bca59595345c905bfe6ef50ec439319a729d72b1281e9e6809a723a3e0bb1fa795be8666c40141eafa0a2c5b12418273ab76f091d5a0affdde7293

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c89eff902ce4ba77a73ddd14c09563f0
SHA1 d54c0477d13ecd4f18fe5108a050eeaa48269865
SHA256 47b656abae9b21c20a40034a4132fc62a3fdc0bbfb1ffee082ce17755884c278
SHA512 d8f610719e9d083cc7bf6e5c90b4c5f906b374c02bfb1b0438479c5aa1e19c43dc7e855bf7cc4946d876461c3742592cc9232cd633d87b97b2ffcbba2e12736c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f4e4b1c4c4a8e7e5bf2b5bda3f35caff
SHA1 d46fe394c64280bedfa16f2e41792247af4ac9a0
SHA256 a6816a75b3f23fb205571488639910a23808f3fd91907287b1d373ba0d0a63e7
SHA512 117d5afb6e2b2f76f578ec26dc62b0a69c32a4810c2a001e4d05785d1775934683a53e73bb1dd1a63f13026f2b0fee0a6ba74a1ce40bd4df19b23cd1dc694468

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f2a2708810dda7965eadc57d45885e0f
SHA1 9a84e98349e814e3a28adf9dc5a18f994082af33
SHA256 c70abbf18819fb1bbdb7e525e228ebbb012bc27154b809f58061a3ff7c996e47
SHA512 a19e83d4a2a0aa07ddd2034fde069d46a570e25360f7ac314e1bdfcc7669460738c38356d486ec31afc15a3e53815c513a4b95218a11a3fa18866a2a5d309e57

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c32c4aa41a1633465b3658a8a902240d
SHA1 4d3ff59ad869830fbec857e5f147c1afd5afeac1
SHA256 4f88a61ee0abc1a6cabdac79878ee3a60e6ff8a9980b10cc8dc3fa340d08a009
SHA512 d411de813ff04778f9544d53035d6c5984fdefd782a961cf92194ea21671057a7fc642c2fc878ef380a1c0d21ab1e4aad207663301b2853e7fde211b1c0cde86

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 480e082f5cb755ffa681b13d2361d1dd
SHA1 070393b33b02c6d9a5e810245f52c61cd4b14ab0
SHA256 b2bcb6234c2f7cf2a3571a438500d08e8b64b882646e1a4eedd7fe4a63ba5340
SHA512 cecd14578038da45492ac4c4c2b3c13b6751983c0ea6bf438efeb41ea42828af2750cc9b138285a0f622c9e425735c969f8c7f63b33cca08a14f8a7eea843b76

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1bdcfc8ce39a59cf941db0e863e96ceb
SHA1 7fef8d2f873f6ead769e9b50771d1f6b89fec2ee
SHA256 a23b5bc467e2eebf747f45ed13483825241e4460a7388deaa386b47e093638ef
SHA512 eb8d184f0b0b8e1ab463853a3abcb1c29b3df1eedc90ee2bc851012d10d668747edad5608b94c2f090efdc3aab6579ce532880bb8ffdb0f9bc9e69c83f6f9b3b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b7b75a660566dd2079afdf1fbeea5f41
SHA1 c3c96e71261d6be99d23994b4f56dd59ccd05652
SHA256 9b1c7f74d6e180f47cebb52098043b184a243b4b192f93e9491060bc540ac10d
SHA512 9da79e22d3cdd7baf5f54ca81c357fa4ee68905af75de66a0c5b457a4da2aed759dfe245b946c601c9e82bdab74e96d4f30e874b7b35e11e4c64eede0edba750

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 514e81adaf647e81b4c7ccbc634f9b78
SHA1 68bd02af5701111f25acd93842b7ed8d548f189a
SHA256 3c6e0ff03535659f7a7ff49d0ba9a09ac4ffc85b283071327311e9e5b0dcd974
SHA512 73f44f0f3803153e08b8286a3e832ab7b13e691c97de761f717652fdbb94fea727437e9df47da5bce9777d471bfa3b74af2713201eb103f7315d1bcdf0c7a89f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e97d9e0ab1e071723f780ff561a09c84
SHA1 54f8a9bb62eda069bfdc1a38a1721f3c579a3f06
SHA256 e2edd1672cc69db8d3141df99984bc4b622c917e52be3f33465932e72f239fd0
SHA512 8234f821c4b6249044e17d4905fe163d209a13ffaebe66837cfc2559dd2290e1f5adfed9f1445c90eeb867c07f26ce6d798a43fd26ab42151e2db969f31954e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff094168f36c2a0ffa1bbc65c262725b
SHA1 94477e1540fee0ed2d98ae35e7a3d8971ddaf982
SHA256 ebd4160e8811f50830ca285d0627f41957669d0678c72b7ea52525ead7ac8e87
SHA512 b2595beb544f4fadea6efc5f8467927e715a52ecc2470a1f47a96da413dbe64081edc26806fd9047c4dbd29fe665973b17efe2484a06327e8a490ebc83584a87

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c8ebb9d1032cf26de4510981786711f5
SHA1 c5062fa2ceabb2e0c4875ddf31f608a433dab2b6
SHA256 67c1ebd432df0b88de21dc563faf8dd08bd045c9c6f84314558b6aca1d580b68
SHA512 c6fdbabff60432f1d052659951c2da4cb4067f4cf782c03baad14888de2f75b979ce73d65362b1a719c3daa13cf1cfa339c73e8f3dff24eac200a8211358da91

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c36d7261a40c68fbcb910b11035ffbdc
SHA1 564a545268524796d64687f118fef9440817e14d
SHA256 189b09806a124862957d84b09fc66f41450fdb1f6073c2c26f13054bd3247059
SHA512 d42dbbf6559d8e9e256c7497bf68ab309f659d6e074f542f530bda2edf192f5e897cd7145f81097a2c2058a6572b5414da6c0f8e29e76ae109aef0a0fd505cfe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 7c4b25c33512914b5a5788a5f358c157
SHA1 50fd589df28a2e15288d8da4310cddb50b773b3d
SHA256 3c023e6a9ef676d3a1a2447e2f71d324b538632264d150f3e5a35f4c44f90f3a
SHA512 b808ae13e6cd16ddce5209ef34bc00a89be3877bbcd2d7378dfa17d5f8568a3ce54293f2be323ac9b712edbef0f6212285273d8893cf08c61a48315455b4e6f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 daf15a4c6b55a35eed2e698e0232f45d
SHA1 4d59451aeeb3fe36ccfa91bca7d2c32351de8f8c
SHA256 9bef9f2e14dc8ec1f3451f88db1ace995ad69fc2ae0b58a87a6951d93c14b4bf
SHA512 a0658f5ed1eb73148f629e51cb9b56b782b3f7426db9f8ec685316f8579e3c7c30bafff93d3ee76ce59b5bb64a28d49f75145362300695df010050c8918f699a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 34570d21c78e38d70b1180ef31668153
SHA1 44a6e5f0ee67ace1a3a9f7777701d90780a2da2f
SHA256 4baed461b6ecaff000990edb030311bc6f44a5f662a2ec8ab6cc50125848450c
SHA512 b2ef4ecdb735eb2ab478cd1da40fe875f956771112cf4d8127622817d43778f1f31826953f8674c19294b0343054cf7b4c5ff0fc7300ff89e3c99511aaa8751a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc7911e56f54bda4edad8d8a99935a3b
SHA1 67653093e50cc916d39dd39b1816feac6a05ab1a
SHA256 be5a9660df95e52a0aacdcdbf30a827a11b2c0a7e98d2ac57ca6fd55fc7a9c01
SHA512 db2efc04c2719de7ca7735071eeff667d7d56d9a15d6d324a883aedbcdc1666402fdc334124b29856bfd14f69498f1f09620afc5e4dbb5d425942ac896f3e685

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d58d0afc0c96efd3c6732d5a421fb79
SHA1 41a6601708050834e0641dfc6f46b0c7fd3dcd76
SHA256 6142ad0c937e28210453c39c26c35ab92ed1f8c20d6288831300a31a4ec252b2
SHA512 45e6ceb78147c24d383b6b8c7ae7f08cbbcf5237e18c7a5eb207c2038c0dc15122e9cf64d5a6235a903e662328be313ebd79018142c2230b3ebb43e76c8d60da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6b1a16361ac61845e62286108745ccd3
SHA1 1d5da115adab4ab1acd33b1b57b31450bcb623d5
SHA256 8ea758b7607be1f893a65f40743ee31908a9dbd997571bf7189466d560fd3019
SHA512 32625aaadd6b671d5e573078c59b2ed073394165ad3966d92acd53756fc9bfabab4c8fcdd5db7edfc51b62ab5a1aa734db1c66c91f88dd2da71b8fe1042b7825

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f8dbe5242f3e170d0b9dda870b5b96a0
SHA1 a735213122f88d64f6863e4347e77c8ff5b1b517
SHA256 742415c2c6d76ef48024d2c6eb6c2c9f60405031e3c0b67c0897f85f4257ac6d
SHA512 405eb1fca2eed37858782788b807c318b3bcf292a8d680db61acc53208f82b6b74d2c53810ea26e8eb967fe59f25fc26522001557103069e0c6ab498c888350a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4ed4d059b64ce8578c496c311e36ae0f
SHA1 157345c7d244e0ddecc641321acd704eaae8489b
SHA256 915e76004691256fb28dcdd8f3a56735dd4022bf1b5402232b541a865ceefeab
SHA512 b80a01b3d5c5933576a39787aeeb10816ed9ef72a37ac3d325369aabad09811fd46ab26b886a735522f33c9a7eed3efeb411bd6b91f456fb24432e77618c0029

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a127bdf416f3ee134364cd3100df4a2f
SHA1 65d6f9a064fa010193a9da522cb84214efed1d57
SHA256 64fadbe98363dfb264aebe8d8d7959024c536bf583cf2c66ba7d9b885099f336
SHA512 3489509f6cc25738fc392ed7e986af91a47983f849b925dbb623715f61f2b3a55c4771582f3a038f3e5dddd7b236eefb5025e105d5303c18d7cb5b30b14b4c51