Malware Analysis Report

2025-01-19 00:35

Sample ID 240506-kxhv2saa99
Target 1bbb9eb27e030cea9fc5becb430b9098_JaffaCakes118
SHA256 163bf79b153e85ef0bc2a110c94e68b4b27eb7b6792883036e2e6bd7df370c5f
Tags
microsoft phishing
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

163bf79b153e85ef0bc2a110c94e68b4b27eb7b6792883036e2e6bd7df370c5f

Threat Level: Likely benign

The file 1bbb9eb27e030cea9fc5becb430b9098_JaffaCakes118 was found to be: Likely benign.

Malicious Activity Summary

microsoft phishing

Detected potential entity reuse from brand microsoft.

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-06 08:58

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-06 08:58

Reported

2024-05-06 09:01

Platform

win10v2004-20240426-en

Max time kernel

145s

Max time network

131s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\1bbb9eb27e030cea9fc5becb430b9098_JaffaCakes118.html

Signatures

Detected potential entity reuse from brand microsoft.

phishing microsoft

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1976 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 3224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 3744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 3744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\1bbb9eb27e030cea9fc5becb430b9098_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa4b146f8,0x7ffaa4b14708,0x7ffaa4b14718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,16563989675219839418,17606012804627451457,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,16563989675219839418,17606012804627451457,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,16563989675219839418,17606012804627451457,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16563989675219839418,17606012804627451457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16563989675219839418,17606012804627451457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,16563989675219839418,17606012804627451457,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,16563989675219839418,17606012804627451457,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16563989675219839418,17606012804627451457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16563989675219839418,17606012804627451457,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16563989675219839418,17606012804627451457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16563989675219839418,17606012804627451457,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,16563989675219839418,17606012804627451457,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 secure.aadcdn.microsoftonline-p.com udp
US 13.107.246.64:443 secure.aadcdn.microsoftonline-p.com tcp
US 13.107.246.64:443 secure.aadcdn.microsoftonline-p.com tcp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f53207a5ca2ef5c7e976cbb3cb26d870
SHA1 49a8cc44f53da77bb3dfb36fc7676ed54675db43
SHA256 19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23
SHA512 be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

\??\pipe\LOCAL\crashpad_1976_BAZQJXWNVACOQMWH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ae54e9db2e89f2c54da8cc0bfcbd26bd
SHA1 a88af6c673609ecbc51a1a60dfbc8577830d2b5d
SHA256 5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af
SHA512 e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f88049217826177a001494de74e59e2c
SHA1 612497481817782682e333c56135aeae315d4c64
SHA256 d040104eab27f90b488f09f901bd26f3e125687cc55b668acfc72c419bdae81c
SHA512 4cc7d3ec07e36859c2c433be98f6649946351620ae692cfe253b384313f3aeb330ab503f5798c45dd231efbe33d0075977c8ffb6f87ce92017bd7273d2b6e53f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d0d6b4506b4e913fb2df1dcfa6131883
SHA1 6888d498e0d9e5cd943f64f0996c8936043f3342
SHA256 fe79d41f381509ffcdbca6d84aa490a0af922cc0b60e56f638837c7a2f365f1d
SHA512 7005b6e2a9fe77dbf41440fb9a5582004fd941646283793932f2034b170c2801b9b301505d2c249cb0a17c9307299feb2b67ed5ca032fac0444960f4a1f01caf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 39ffe90dc2b65ca0340e87c5ef4ea03f
SHA1 46e5dccedba5ab4e91e4ca2d441982c91968d668
SHA256 006191f93b02948e54e17e2432f308f86c94acb6a78212b904f8c34cd6f55a07
SHA512 4412fc829a70c588885d447e812af498760746deb187939fa733ee0ce165ea7770664878a2ccf85c10163c22b462dbd49c85bbd1cee8257af6a8401fa5933c0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 807419ca9a4734feaf8d8563a003b048
SHA1 a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256 aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512 f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7f682555b9a717fbdfa40e3e6a705279
SHA1 bf3ecf42fd4ecaab2a2651b44404f99c9d636a9f
SHA256 aef3ac61b005edc44fdf0e7c664427ed0f111adc79e78d3d1aebc567b57c6b9c
SHA512 789156d84687970b385dde02666d53ce4e15f3918edeb6b01ec84869c2c993aa640e99bbc6881ba85500f29ea26582ad0e72f5f5e63087b92caaf3fb8fa68c0d

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-06 08:58

Reported

2024-05-06 09:01

Platform

win7-20240221-en

Max time kernel

117s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1bbb9eb27e030cea9fc5becb430b9098_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a7000000000020000000000106600000001000020000000ce5415856ebdcd769318162d7769cb8416be117c66ad58784856f458a8a05598000000000e8000000002000020000000e8e1493dda9b85aef2ed2e6bc35f4ffed66b91b4c89d84ba432e8fa1455eafcf900000006a9600b0e2799869baf8a4e466bdc46cf20ddacd580fe6369e4fa1da5c4d49c133236836b4dec002a30a76c633b3bf115f3098eca31be3593deda8b2673f54edc745fdcf6def0ccb158db29bc496aced8e39f478d10b4d9ec3600bdfb5edeff9610bf7abaa041e763a3ea77f453d1e8c4991c4d5992693c2da1500456f40ed53673fcea8af1635cddc630f3587010083400000004e4d10b5d1135c302cd6cfcb0cbcd497169ae903a009e3a5e2e51606ebb72eadcf73d70430c16559fc474841d324fa9fece9435087892de1c466388a7bc898d7 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a700000000002000000000010660000000100002000000027c201d4cd31a244adde9929bc562d0f714f8c489662604a532411b353909323000000000e8000000002000020000000ee405b5b57cac2d928541ab09f4cc2ee893d223488a51a946be2707a1e1a6ce7200000002888257f681b85234daf5b6e9747516ecd6e2989efa7e70f77d03c903b10e116400000008b0cced43bfe4d6722fffb545e54fa09175c401b0f2878952dec3bc927f8aba3dad5b0c03a3156f3e09f2c2eb15b37ca44c0dbe53a2343272adec746b267ec16 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D6718DC1-0B86-11EF-A01B-4AADDC6219DF} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 0015d4ac939fda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421147789" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1bbb9eb27e030cea9fc5becb430b9098_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2264 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 secure.aadcdn.microsoftonline-p.com udp
US 13.107.246.64:443 secure.aadcdn.microsoftonline-p.com tcp
US 13.107.246.64:443 secure.aadcdn.microsoftonline-p.com tcp
US 13.107.246.64:443 secure.aadcdn.microsoftonline-p.com tcp
US 13.107.246.64:443 secure.aadcdn.microsoftonline-p.com tcp
US 13.107.246.64:443 secure.aadcdn.microsoftonline-p.com tcp
US 13.107.246.64:443 secure.aadcdn.microsoftonline-p.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabC32.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\TarD14.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b2bec7dbd856cd5905a6b5a938c29c7a
SHA1 8dd2d6399e5e56b3257e9fa97d9f09d18755d457
SHA256 ecfccd1817d2c8753643e3be7633d563fe8ae3790894ceeba45a877210b21946
SHA512 6996a0a6a7c51fb19ec5f1adfbd9aef7f6266d45fd6cd3b44a76d25a878514419e0560fbb60e51371951de11cb31c5a4abb9178baa96dadae4526af684e9a171

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8197646be2628dbcab806d334a970e56
SHA1 318f5d9cd0a0f4935d29aa0e58d43c3d0eacf3c5
SHA256 81e6471017efbf65cf68b42416905c11d6688ff9798f13ac13d0f7e5ad7eab76
SHA512 51ec606e1cf09e15c8f2a3e534da0ce1d3356943d74a2570a9adf5e4dab138badef9345150107a645fd74aca464b62d669de7bc7b96d20c443820c6fafd4a551

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88dbe01ca9eba626f94a2a084601d182
SHA1 b706670c2253d926c6dd9ec0b298d38245f2a511
SHA256 0774efd08dd47ed125fc6c36e14411f22e7559a7d11cad7f36ddd6b3e3f735c1
SHA512 500c2b62f6ad48c3be58301b9281cfa3aced2b7ecc81ca46da742becfde7767e0932bca01127014f89d26a5222725a7eaa98b02511d746a4cf0ceee2b2efb646

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e299df8a3ddd664049ed588176fae14
SHA1 e690b00f468455425e473ea8f815d7de5c6124e8
SHA256 306e1aa1a43938d05eda5a145c26a377110407efa56405af675bbb5cb8648a53
SHA512 dac40621edb066777b79e6757b0526247560539777d9d97902aa78c1c97258462f1dd9259742889daa9afc20c425186124ac1792710274bf2815b0d50198be9b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 21f31a556bcdb9e3e22d3a4ac0c85036
SHA1 e1d6b42f5a775690f15dfaf2f628c59bfb2c88e2
SHA256 c6d73780fc423a9843857a4e3fbb219466a89a8faf89bfa0da99674b1d19ff4c
SHA512 4f0146663e1bf98fadc1ca737167a057247eafddb635d27d53850d004ba4617d04bcc24c50668f016aa4f4c92adc49fb79ca413d0afbeb70ca539a730f8aeba9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a24fe20edbeeb758d7e4a1892e458949
SHA1 7bae55e97847dc8e1944e9b76bfcd4fc39ef9ec8
SHA256 6d1c0fd2e8f66de7cd0b7014c0eb9dd28a1987ef294981e2b354bb39ee11e020
SHA512 4947dcd5cac6de6b5dd1ba1ced62d264bdc2afd5f60740397d9cc6a1bb0c3b7e90e7ba8b6032a92dae9deada1d5f59c7460b7f96c44cb15ba84cb2583b903129

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f61b40d4d8519cb92029013b51297221
SHA1 32c6e4f946483c9b9e93496bc070b69a8bd83cf6
SHA256 19f48dcc5791fadc8fabff4f2c2c631b5c9d998502d192a44b31850796d092fe
SHA512 1e665433c867bb3aa1e89da6abde5ee4a32b654755b887f866a9447258904367fa4ecf0fdb6d1b18e22c20e38557f5e80041af00c34f2c61ccb075bbc2c7ba4d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb810f28d0172eefca99e270764b18b2
SHA1 dc1fff718f2cf72b3b5511b964385b5a1d219f79
SHA256 75266500c18e50dc97ba80433a51366ab653a7dfe977e71bd4a4cc445904117e
SHA512 07cfa114c186cd4de3aa14052e833572170f4a82e3ce8189cc45f887163a016e9d49db130cff4a195fa3dc465c6a0a7c95f39e26f8f295d72b23f335db173d05

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 199c6efd84102ba9d5ef0c4adcfd7a63
SHA1 9bca9a0b40892d579eef5d8e7be13e37eca58ffd
SHA256 d4bb856f618dd972f9df70d3f83c8760567ea90f97abdeccdfadd0e294ba10bb
SHA512 61f5493646827b73287c58b22796b863dee65f3c4a392f26c7f1a6bc5f126372f98b809379f4fb8197320d520440ddbc661a654421cb480446fd3c6f77e5eba9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 48ac12b5aacf828d4a2f803f26d07029
SHA1 b86c4f84b989fae878b6e4d97e6fa0f8b193d3b3
SHA256 b71497814f0bbe9c2285989038ade351f39b57a87508786164ee7a736e4c3549
SHA512 38a3c215c060331fb2579552308870629faf1436d10c77dd79148211c68ea2e8b918cb04009b5f0b279715d10c1471a0a33b6d706bc302ac6236b7ea7ad18aaa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3bdbd2297c784ad957f52a08d5cf9d70
SHA1 f04e4a4c3c9e99cabcfee11488b66560f1a391bc
SHA256 14ab42234f2c3840bbd3b0608f4bdbdf659cb04409067d1bb3e8d926cf556da5
SHA512 067af404cc6853e5aac8306d22ba9b8117008f4359a483d36732ef3970307f6d545194afb9a58942cc8292a7ad8e014990ad5f7d5e8e3481e94090449415c92d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d5af3aeee9ec696537ea2814ffde524c
SHA1 2d18fce6081d5c59e52c046ca85c4bf9226a4aa8
SHA256 805bde66d74fb91506daf41f657f92fc8463f01f715b869322b4291d8a871432
SHA512 d035845e12932fcd5e767492f4492c90f416bdf576b3c3481c5df5a9eedcab70894c05fbf03d9415bce271b531caf5ac63af67d65215e341bf1958458a3ee645

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cf3ffa5cf1e61220dd660346f2f5d60f
SHA1 1de930ebe4e67e56384bfa901aa84e10e5a654b5
SHA256 5f23d836a0e97bb47614b065a04dee99602842f0e094cdedc60954f951ac5de0
SHA512 1ff67fe0d1ad4b66f4472993af679bee57e4a3c1e119253cba25e1a8f2ad55dbc351d22a023b7ea77af5f9324844c982c7ef2caa5a742ce49ac5bb89d924d79e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 61318c281dfdf44871786f7438f62ce2
SHA1 5a36be6c72e3ab2b9e9cea5b1df23a2ef41a0caa
SHA256 c64f9b5c08ca3f25e5fa4d09014a6ed560406ab9402f06308a4aa0ac074de2bb
SHA512 35298deef0d1b49a37375d1f4fa6cf131f7583ffe728b801bc692c6b1257b3bc42ff12833fdc6f47cbc76eea5ea9ffb5c6a5a79ef89d8ce988e05c48b661e1ff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf664529e13a44d823e5256461afc5c6
SHA1 19fea45394f04689a6c643b18e36934a28499161
SHA256 6ece18e9e265ff3d875994f2606b8b5989af8470e4d9642ca37d942c165fdeda
SHA512 826caaf9829197b5d225e6eccb7fd9f52feebbee58e7a8cec01dad5b6e3e2f1399c93c56dd10a5a4fe31fcfb7b185d4e3fd049cebc4ac8c56ec5f17412844e20

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8dffce7affacd8ab39f72c8ae0719ca4
SHA1 6916ad614952eb3fbc2a97324959b5c5c23cd4d4
SHA256 08929afd8d86c6b1db133579a5136836f4f93ae4f21ceffc54b5b937dedcd68e
SHA512 f1cd16a16340dcc0a6a3edc35ffba04ded85ab5c8693f8d9b37a4512498b228662ba62b12728dfc8a84549d8ea650bc55ac33329071f52d517a0da5b31c505f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e9b28ec85704ca9c223f70f25efab05
SHA1 d9e2f5f3671b4fe645bfe4f7914f39780b05dda2
SHA256 9ffd1c5cf10ec06e08ca05c6ab1f445afe325a312034dc95d3be41d34a6c636f
SHA512 044435393403e226702d60b64bcbd32e0ebd94cbe0fb7dc9813f906c9abb84f747ec290d0c91901f58634c1e5bb60b7a0b62e9b51bb7b1169d8b5761964010e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0d347b6d29925e22b3a6eabea070594a
SHA1 9080611b68ce1f52427c5a016dd7a33fcb56289a
SHA256 944887349081f0289491633be261b484ad6db6fa53c49ef2a2f04e95b8ddfce7
SHA512 9c16ea5cfef3f971780eb2da99f72e618d16c90aa5fa8879bfc97127e3e5be0444b992093f61d4c660f3ff445aa041f4daa1c0c16f3ff74b0f86c07031285939

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f1172c6cf008b8dbbb1295e536b058cc
SHA1 83dcd089f3612f78ce31e279bb5479fca63fa0bb
SHA256 90886c4ecfce599c8f163dd3787c8179fe30363a31ad2964f55ca211fd7b0dd4
SHA512 725d6508b0278346f8bfdb0165965c0f85b96e1dee2c5909ae9854fb3ec5154b3075bc8ff3683eff64cad7e8f35821908ed6005ac325f5f53112ef5f1b63eccb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0d105183ebdcff7bc612ebf9da8ec1f5
SHA1 f3a3ed28255e0de5f78d3a70d75fae4304b5ce07
SHA256 edcbc8f5b39471af39d5d669eaed077edb672f48e3398772dc518e34bafb5af2
SHA512 6e3a94840871a0deaabdb87f94244edaf16728b7c29881573ea4db0d3ee4698935d266300dc14ddbca8ac4643c2604d530ecc0b3923ad07b0be451bf74c94f73

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6317463cf1e85b200464fdf03618e518
SHA1 22a271211460dd383441fa01ead757df4b39c09f
SHA256 f1c82fd5f54c33f1ee13d1854d28a819e692d0066f056ec5e2fec1ceeec85894
SHA512 d7e78dd882805126f3cdcf8915c990d9c086f444d258565e6684d47d6a12beda51f5de6afafd107367e2bcb2b6e61695bd98ae8eda0c4d31573df0d19b8e789a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f132c44ec79d19712848b56ae874e96f
SHA1 e0ee648a7ddd3901ca4fdd762bdfb8dfd39f6c87
SHA256 d386a11071cd408676abf8d01f2f1d122a9759b2e90c31d2ede089328f50120b
SHA512 3517b40eafbe09e873702610391d10eead5a8a4ac94ed12c55ebb6ab9cf6272790cca1a18f502ca6cba240f44ea7d04cf4093e60c2fb7088236329783d499fe7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a68c69d0907e82155fafdf8390757bda
SHA1 e13832d13e22e8c8bfc08f8ceafda1ff3060565e
SHA256 3bb95e58738b4a435400a113fd1556fb5094de6bd667ec7fc0a9e0fcfdc8a05f
SHA512 082b4d3c516aa3257d5a2c350248f2b09e5935ae85c22bc1a13f508e70510b77283f9054807835cf1e29b3c5cb57498d5e5dbeb6190967318c6e17bed1fd160f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 084974567ed57160a4a03bd805809656
SHA1 e5743dd2f42a3a69d21fc0aeb23cb99c769679c4
SHA256 967b8130f834cd02af09163ee037ce646f03d3c57596f9554c24cb0131186dd1
SHA512 87ca80bed991dbb20796a47fc09fd912161a7a8e3c2140b6528f50bce9e2c16c3cebe481bcb0ffd7f1974a4b8de16fe1bea22f8378c93020f95b76d06d9cc75c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a2f4e56b16d322d2468a87aa4de057f
SHA1 a024c777a720c7df717c1998bcac7fa9a3bd8f4d
SHA256 c85867ceab35d195cca03f46552935c65ecefcc19876b7f658db4e66e9b28b7b
SHA512 1664033684db2a1316b01752f52d4d51214e2a7e2de29892d1504a741be93be1688853129fa748c5f93553cb99aa5272282a501cdabf49df2a3f1b2405e5979e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3057e6e150307f15eb52f7d4eb2de92a
SHA1 f325e547c630a3c2a4248389051a7e9e8b8ed450
SHA256 03bc1e601ca61bcb9e694be21771f41141ac22ec66763131bc2c354e090bc772
SHA512 9f04430f6f359be842501e753698023f049d504a34721f4f3a2b446a800a4a6412734b69df15f8950843cf50dfccdd7f8064f23c43ad1bdd0128a2088303fa3b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c18cd85c9eeb60a2ec994be69c45580
SHA1 9ef1b238907693be70f6b91da9212d07b7cb135e
SHA256 d62e8a924aad2c08b6c82a3b48a3a5cfab9efd359e7582193f19325b5de39753
SHA512 70d22886986e1df158383ae649cde7e0675ad600261581fd366c5bebe12c76631636790d954c6f6e18f8b52d6d9663f2b558fba1a7d2b5ec97a6e3319224f26f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cccef7866b407296bfd32db4b7ef99d1
SHA1 49a09511e5665f7eacede3ed8fe1019b1e3a3068
SHA256 e1590b03abc6804f2a07ad7973e94d4e79958d00e3a030655e92489e223008ac
SHA512 d8933521642575e12ac56b6dac1b739aac7703d65ea25a6d1ab71d57f1a8af391523e5b9388da8ec8ca9dc7e3daeaa3ae8c05de02406fea6c2bc3decc16e0777

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 503555e63a2b0e0b71129f1cd1f20683
SHA1 99fac8077f312220d487c32a5c35ba12c27c1158
SHA256 ce578e33e57c56bc4390615560365dada460e4fffa4b02215f90d5010e060986
SHA512 e00166037a67d89d2e78f7438a742a870d798239f4ed63fd8bade61ae292ba5c758498664733a360ba6e1d3a9b7cdbcd8c07c614fd76180c27d7a806d81035e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f78159157ab868b26f7c488c0130ed5
SHA1 b6a41b7c0a62f8dbd5d9ff38b27ed78cb37cb6cf
SHA256 27d30d8d1f0ef5ff42a9f8b379ebc86d424058848b89c7274caee40102705e2c
SHA512 ff8c9cb3e459fc537b0f987a8753f11cdde93650e5e6d30ea3244e2b1407d1ad8e0a81ac4f214e8d5cc68b831dc3561ee5ec9a775078493b1db83798085bbf6b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8979fbfe48db4fea2bcaf82af0c9da3f
SHA1 371e63678440c02fd6b74d228e13504403fc534c
SHA256 78af2896317d127c8c08000a425ec9a742ee4ff708f67554668c813678d39edb
SHA512 b9ce561c1c476d0b09145502a091e6608185d0e1f2700256e7fa8ad4114d4b9bde484041df53139d0a2c727215a8f1aff83fc0ed4769dd5b2107748d92f95210

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c5975f31e157971cba4c703544c99e87
SHA1 11a198cdc278251b0a8a89e87981ec88a8834f73
SHA256 aaa418b159a9db0ecb1af3606a296ded921f39166ed7144b42e0a5fad4d379d2
SHA512 7496f43bd0de5a3c363c7ffe3bca618c9defd3ac4bd1d924cdcc1278e2eb0279777a565a74095f16c1c723e05a383b75f85fd004e90ae40df4fdb0b2d240c24a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f6b4741c1839373b78a7ab99a04b64a1
SHA1 645c08fdea816aa932b2c3661b8bbdd696dd1f73
SHA256 70f7392dc8181fa41aa95f74294f649d3780076920d32d876fe4c08906899e2a
SHA512 bc2f558366d4d4a084b4d27faa0f9d1ac6d258318fa5e85f0c7910e54064b36adec170dfff447b4cbb79ea87cf71c1de2c5418009a2879726339544a822ec5b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aa6bafdb3d27b13a8d7e17c5aa3a0e54
SHA1 fb5b47eb64ef0630f3d87f6f31e5e4e9f9d57a2c
SHA256 bf2eeaefb512eace70473defe80b7f85534e5ab53d8430a0db49ba7bdc44cd31
SHA512 82616aa59b21b85e732a4d241328379ae3644c605eb0980e25518a98e6031ed47400806cbc1349aaab8438aaebbdc693c2c49f420859598ab00f4b1d4f4e7164

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d9365ca1d653c1f4b240fd76fe73d6f2
SHA1 21b5e2b35e5f415f6ccd4202eabca756f1641534
SHA256 3ca405a73c063c257feac573b2d8a53e58fd609eeae3311d901f696e3b985c96
SHA512 45ff4534daf7f509228e7fb382b72da48034a4ee71a5d9ae803bdee5b1567e194f79266ea58e779e1eeb28cc3965d0e9556e0f3312a78b37d3b05df13e718ed7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b45409c1a071d9edc003b99551137495
SHA1 171d18661606ba7788051ab880fc433ae5653522
SHA256 d69d78731b79033b0b4baca62985e33913a47e3ba4fa936855c415a203bd92f2
SHA512 7d7400e932f109d4e094a2c41d5ee5e7de5af839d4729e32dcacba5c002519139c7cccf27febe3a83411616ca0f7fe65c4d47227a5b048a53cee7e21e305027e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1332688d87e556dd895147f7d4d181f2
SHA1 ce7aadb466bf09441945ff0d57cfe1b08c8077e8
SHA256 aea2aafa6426d4a8f83a144c10c0ed6794e57e5392b25a0fc6327658d6f01c3b
SHA512 62ced80ec677777fbfd190cd50d283900d49f6face4ba52bad2e013de342b3d828e89042cbea66c195b2a583f338277720eadf421316e7bfd2b1818807f59b96

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5799c35781b44e1358ef6089aa8b2793
SHA1 96eae84348f55819a08c6eb7cf5887f7bc309077
SHA256 e549dca64162ec76a0304c5c4fbbd009c18e3f6701b8fbae20ea3f99b47758e0
SHA512 e6d107fcc7858a0c873030fd5e2b3f991976f777a98bd54a492aa53ae2becc20b311492557fd0214c1068db39417981442bd07327fdf165ca64e9d7fb8c6ed8f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 51c3894f151bc72f716734d2698bdf43
SHA1 661569b3522222f94144e400df8cc49d2b1c0ef4
SHA256 34eda3e0b583ac7bcf258e44075c5db8c1422b318d97f5e33394c98f3c99503d
SHA512 5be6b49ccc3b22a1e5fd09609beef9b55b5ccab7f9e93f9287c3a7aefba9487689c52c88b35d6889c8d2b6c427d4748b3fd2ebf0ebdab73078886b592f334992

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 73f533365f53a7b162fcc283118cf4af
SHA1 4dbb66c0267531bb7e91b1db85cc2a0a2e8e2fd5
SHA256 c8cbb91166f3483a8ec64d579dd641d18985f8ceca7d75891696a786f0aabb40
SHA512 524dc878af12a30fb53e16d10dadef98e384f6674f656761a1f153f810e1ba7da900408407a74daeaa6bb8e62d1094e6e01c707d814d871e2bac783d03a5ecaa