Malware Analysis Report

2025-01-19 00:30

Sample ID 240507-qh5n6abg92
Target 20ace871dae60cbaf4e4fb13ea4d4fb5_JaffaCakes118
SHA256 7b96b6503d54d1e8a96bf85d575fbc21e05bdc4714f3c69de1fb22a95e79a6f8
Tags
microsoft phishing
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

7b96b6503d54d1e8a96bf85d575fbc21e05bdc4714f3c69de1fb22a95e79a6f8

Threat Level: Likely benign

The file 20ace871dae60cbaf4e4fb13ea4d4fb5_JaffaCakes118 was found to be: Likely benign.

Malicious Activity Summary

microsoft phishing

Detected potential entity reuse from brand microsoft.

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-07 13:16

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-07 13:16

Reported

2024-05-07 13:19

Platform

win10v2004-20240419-en

Max time kernel

145s

Max time network

137s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\20ace871dae60cbaf4e4fb13ea4d4fb5_JaffaCakes118.html

Signatures

Detected potential entity reuse from brand microsoft.

phishing microsoft

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4028 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\20ace871dae60cbaf4e4fb13ea4d4fb5_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff453f46f8,0x7fff453f4708,0x7fff453f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,7508072073575686830,5076849174657494725,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,7508072073575686830,5076849174657494725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,7508072073575686830,5076849174657494725,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,7508072073575686830,5076849174657494725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,7508072073575686830,5076849174657494725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,7508072073575686830,5076849174657494725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,7508072073575686830,5076849174657494725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,7508072073575686830,5076849174657494725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,7508072073575686830,5076849174657494725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,7508072073575686830,5076849174657494725,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,7508072073575686830,5076849174657494725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,7508072073575686830,5076849174657494725,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,7508072073575686830,5076849174657494725,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4128 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 portal.microsoftonline.com udp
US 13.107.6.156:443 portal.microsoftonline.com tcp
US 8.8.8.8:53 ajax.aspnetcdn.com udp
US 8.8.8.8:53 secure.aadcdn.microsoftonline-p.com udp
US 8.8.8.8:53 aadcdn.msauth.net udp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 152.199.19.160:443 ajax.aspnetcdn.com tcp
US 8.8.8.8:53 aadcdn.msftauth.net udp
US 8.8.8.8:53 156.6.107.13.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 160.19.199.152.in-addr.arpa udp
US 152.199.23.37:443 aadcdn.msftauth.net tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 37.23.199.152.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 48.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 850f27f857369bf7fe83c613d2ec35cb
SHA1 7677a061c6fd2a030b44841bfb32da0abc1dbefb
SHA256 a7db700e067222e55e323a9ffc71a92f59829e81021e2607cec0d2ec6faf602a
SHA512 7b1efa002b7a1a23973bff0618fb4a82cd0c5193df55cd960c7516caa63509587fd8b36f3aea6db01ece368065865af6472365b820fadce720b64b561ab5f401

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 62c02dda2bf22d702a9b3a1c547c5f6a
SHA1 8f42966df96bd2e8c1f6b31b37c9a19beb6394d6
SHA256 cb8a0964605551ed5a0668c08ab888044bbd845c9225ffee5a28e0b847ede62b
SHA512 a7ce2c0946382188e1d8480cfb096b29bd0dcb260ccdc74167cc351160a1884d04d57a2517eb700b3eef30eaf4a01bfbf31858365b1e624d4b0960ffd0032fa9

\??\pipe\LOCAL\crashpad_4028_YOAAQYEWMSMFIJYM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d3caf2fbd3fcecc043743dde195278ed
SHA1 c20c1038eb6a112e2fa8fca444a84c66f2f1d571
SHA256 624dc61b95a2826078e3a348cc21535c8cf9c7dd8ba63c30bcf5a9fe03637f0c
SHA512 cec8287a422e63f08356154d46201a7d53ca05235f15113d2ef9d9acdc5113e8f69e06249c97b63309b826ec9044abc485393e23810afaba8408a86b793afecb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c97e6b59fb804e19da4b8007eb25ac0f
SHA1 53ff7291d540bef717ba4b406cea326a89cabb66
SHA256 6582961548853c846098aeaa55abadb31e22490dc622407ad3629e739751266b
SHA512 961818272a06ec6b3d6ebd77f239e2b0128071e648d53aa14bdda9fa297b3fba8d83f4c002460b089a9bb8693901e58fe995385f4969bd11eac4b56340d5bced

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 af91b5ca8a449c1aad56f373e22abc65
SHA1 d56a5012dc1f19ebd5b06c24087153629cf671b5
SHA256 54ae6fadf69252e48827fc5e576fa71f197ad9b560e8dd4c0ba70ebefa300d68
SHA512 e38c5a8a82a1d59460d697079e76943efc6fe270a85df5ca00e018c8a7d2f2bd9b4e6a03aa9877b0d5cf54d6f0bcfd8955933818bd16ca06ad30e57012f59099

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 50a6e812f7a58e0ba42f8b0025418074
SHA1 4c2832cf9517d252e2c5e29442642367d46510d0
SHA256 c7af8882f6587df1c6e0a523be1eb3ee5844426fa46f72df4d659b78e034d360
SHA512 034130155dd642aff5ef1001c71954072c31695ecd5b92e4f360a848489fcc12e46b03d56fdab788945fda46c0ca39ec7c33efa50bff7ef127ea53975de6f0aa

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-07 13:16

Reported

2024-05-07 13:19

Platform

win7-20240419-en

Max time kernel

122s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\20ace871dae60cbaf4e4fb13ea4d4fb5_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0e926e280a0da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000c6fd9144d04fe7417fbf92b6b26bafc0e1eff9132882bc8c6c162cdc928e064c000000000e800000000200002000000036a42bc45a1c2a232ecadb9be010ed60726ca8e73f84aadebefd9b61fa71cc3420000000e7e71b9b11752edde076c7658256ff9575c53c4391b5bfd66a5771a48f58349540000000f67ca5aa7ea9fc6059ca5beefc23d74627afe01803820e28af487becc0f41aa079414de31c6c33f349a7e63406d28d0ab19a997fcb8b4e6f74c385cbc240d919 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421249668" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d10000000002000000000010660000000100002000000053f47470769be2083665945d6657a4e491ed3f4700694c8266e95455866e7437000000000e8000000002000020000000f026ff3d38cd0dbeeb8308debeb8f8c03ffb994d8789c6e1dda2cd606233e73790000000579ccf7eee6a5af8a5a54d98d9653b9082dd9357a056d344494165638c4bfe21af6fb25374d8e117ccf1768de4fa92ff8475b094b7a48f1a4affd2904456c921235fcf413addcda05f6de0ce5d51f76152066eb396ab3961fc16f4eb5b1458ac46a1be2e3438c62d510f8bd9f5bf0d4a90dd1cdcb1b0bbb325062af2af00d967a66d6625a92109de836ea249e9af38d94000000013dd9e2f48e0daa951ef6efcaab6871d38516f9ab9535c78347b0c4d33280c066d4bf32cc9c41a3d97673ba67e8bddbec8ab1473e604f4627f65850cf03845d3 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0B0E9F31-0C74-11EF-8004-DAAF2542C58D} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\20ace871dae60cbaf4e4fb13ea4d4fb5_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1148 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 secure.aadcdn.microsoftonline-p.com udp
US 8.8.8.8:53 aadcdn.msauth.net udp
US 8.8.8.8:53 portal.microsoftonline.com udp
US 8.8.8.8:53 ajax.aspnetcdn.com udp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 152.199.19.160:443 ajax.aspnetcdn.com tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 13.107.6.156:443 portal.microsoftonline.com tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 152.199.19.160:443 ajax.aspnetcdn.com tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 13.107.6.156:443 portal.microsoftonline.com tcp
US 8.8.8.8:53 aadcdn.msftauth.net udp
US 152.199.23.37:443 aadcdn.msftauth.net tcp
US 152.199.23.37:443 aadcdn.msftauth.net tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 13.107.6.156:443 portal.microsoftonline.com tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\TarD62.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\Local\Temp\CabD5C.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4bb3488e78e554f02c6a6a9460c3fd5a
SHA1 35cff35d73911b503695bba6d8a70ebc9281b6fa
SHA256 c9719ae927d713d8d990668758e891d16cef473add308078adeef46ec7a42382
SHA512 5dbb5260750756735212d3f22431c187eb0d5f3451120c30c500e990400e3d6aa09a45c3a9a6658c898660300158bbb5281d694d68d2fee29bc2e484112dd140

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 11e2db256f54ff4b6cd642485fd2209e
SHA1 e94c7749dda77c98e6f6419b024906bdc655ddfc
SHA256 024ada2e8d97e2e1dc0c095bc2f681f4a1ab14bcad8fa542c9d00f4d1d928fdc
SHA512 5fb307f93c9f3d567cb2b58545ac4c3a84c2f80f6cae47fa2f6950ae130747754bd17572f85fb25951bb7aa12e6a7f8e9a7340387b9ca41e435c7ba253cf3ac6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1dae596fb9af4579928c5ff6cc250dfa
SHA1 1ff1e6885cf28fb34c8e861cd9bdc263c9cbc2b2
SHA256 fc7f59ec45a07b39c93cf3437b7b075addd24d55973bb7385c84b944d720350f
SHA512 21cf646fefeff0267f2a397c5b01317f82224375461bdb5bc2f02b3ecbb0effb4d0476aa1780d469bfae191055e9786586eeff334a6dce1e36553d3ea49ec2e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4c68337fb7ed742fbc2e375e0020852a
SHA1 07dca667086774d7e29ceba5ba865daff7e31671
SHA256 8d20006cbcca3d52136645aacb6b199aadb187a56b52a6f6d96379a7ab569a2e
SHA512 a44eaf14d91c64b340120fd344bec8e98e759b2bda0db51544f8b9dc0b1ffdc608ae73e89f041a5c14e1a364e2a65bad7a35df60d2962c2a6632c1667b869b2b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c41f5347f10ff9ef1b8ade9f4a0fc052
SHA1 a5205410a00f0e1ae787ee7290b13bcbfd260385
SHA256 af838c719c2d18efd500a1920b560691bf4942e965507a81ee1d45c2d6ff2757
SHA512 d00b8db90c36088bd1463ace91447c4f2daa60d6f7eb8356f4cdadcf55321fbbfb23d062eacebfbe0774545718a6071cf38f848f6e5b2f6b6231419408cf425b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4fb0638cd5a066bf296618bbbcb5c290
SHA1 ff58c9af26b9fdfe9c47de4096c9ea2db65fa04e
SHA256 bdcdbc1afd6361bf68bd3b42a758a85bf2e0d1b69cf6d2d45193e5ebc604a0fe
SHA512 df2f52bd64a6fa247df18f516980f65307e1c46294e3d003da3efd8103055e483990fa2f189b7ba8323638e4c2cfbd6b4b131face06b8d16bbd5c7c8279c8c51

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ddd53a1c67349d0da03717c5fd1bf6bc
SHA1 fcae379d5da88e831f940043d8c9d45ed6f246bf
SHA256 b56a208fbabcf7e487c38993f734846997aafdcdfebf966866bdce74a516edf5
SHA512 53f1cdb359e70021552f8dbb62a1f49a9c6f6d672ec4d526bf270bab82ce9f5740f18950eaa18122a32d3a86949f4e5bc4e4f1bd0fc3647dc33898c0bdb758bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1a69057f9d3cafbbee48bdc7c463d5a
SHA1 fa4352dde2c41922bb25a2e23ada47cd60af162a
SHA256 e15c311b6fbf5144bb90bf0c63cee6db3f0a8651a83267a46399f774d879dad3
SHA512 556450d274865ec06ea3206189c61c2405f234571246fc16825cacc089992a48d583cfeaa9933159efd2e0185a8f40326d45f021ad02534c4b505de00bcc8716

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a7094d9250332871f4fe4e7eec80871
SHA1 350b76f69039c48f4828278dc214b2ee603d056d
SHA256 ae4eeca64393d9caa77d4f641b12c5101ce50a6ab44c517114a2c8cd98cb2aa0
SHA512 aa5e455ef7abdb09c8f1d4ab42c80a790539653b1a88132fc696894e418082bade491417bafbdbdfcb68c90e0a64f9fcfa8a49320e6403092e9de849dba08bd6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b4b637a15824a19bc117cfdc2cab9606
SHA1 dba7e440246678972022e3cdb37f3bb57115327a
SHA256 c70510e4bed526c57cefd910ba1a6ff3d8b180ffb691c8a1ea293de69abae11f
SHA512 887c3029fccef04e856d81b55a50a25c80370a1a58fa117b18b72e82adb1d43ecb17b050596a2f9dec5e07cb258176b5e2da49515eb3b5d8bcf39547fba79320

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7905b26c838b932c6bfdec05dd823141
SHA1 e179e0391190e1769a2cf0a4a6683e6c881126e7
SHA256 c1cc6b2ea407d079639e5568c2593e388d7b61d6fbb64c1753d697458d3548ab
SHA512 3d4a5573f7349a3a66de37220b9592c386a8393cd6bf8d756a12e1bdf0ebec40b21730c0b31619281aeaf320d23bf62e03bccd14bef7212eec66fc34271d1a10

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 776777dd81bda3600459af9dc96fc84c
SHA1 ee4a72ac527f7c90a0bf3eb3707a9be912713419
SHA256 ed1769d7fa948e2cc11a93b7fef13aef2c3a9d2f2e7c5d45560a14cb1e7316a8
SHA512 3a59f6c8f5e317a72018a4f8ec10ea6f50fb8be92982638b539990afeefd124e1c473748d5e62a50ca5ca35ab9c2d23bb7c803bf4570107e616284a427275973

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c9929e5f3035b214ec12f1eb2bb48b1d
SHA1 eeff7841fcd2588be78c937af862f760528c8259
SHA256 b78400408373b311977b8c5c20c98f88aae398dcc486d2fe34777e98b2118f91
SHA512 7d80953e52bcbe1a68d914a8fa291bb0dd7e1ae6aabcbefac4858f45bc96c00c929ac5115e0aaca5b2d571294f5e5d0a593eb2779e524aed20e6f5979ba78171

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f6bf21cb58f118699ad6d06782114083
SHA1 68aeb5e73f386041087f5d358e367dd5cff68009
SHA256 427422e40f41436fd8d66820973504e3bd71961da1988c983ab73b7733d1b2fb
SHA512 f5ed6f7e3026c8c16b18781c7012fcaa5e4072b25aebb3048fcb91c5d80b161e2e90deba46cb7f8acb2b7070423c6e3dae28ea59219036f19f21424e924924fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 21a2dd7242538b4da13e9e67454406d6
SHA1 dd24220701d4eab0795cbfbc0d87838755ade8d0
SHA256 4e1d762f1215f8b31b1dd14405ccc9dbb8ca482c832e1f37439a9fcf3158e9e7
SHA512 74e10f9aaee4a753c8a7abdbcc3dd83ae66b47496542bbb753ea97e552882bda3e90feb4cd14059e23111dddd2d8a4ad371f2d0fc7afeb0c8402281f25488888

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bddd7a873c6861a771df1764141d3a07
SHA1 9ec9cdb0fd7f3c9b3fb97b2a2684f3ccaa74364b
SHA256 143f266026ae8e435171a7c3f2a0a5f4b9369836ebb7022cd78afaea199b82dc
SHA512 a7ff9b1e739c8955ab68c2b21fd3d484a7df32536ec0b9e03a3b1f653b049e66d47a60d582348c64384b11502ea48d90433af3099905163cdee003ddeef20257

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 59638dfcf06072b9d1b300fec7363228
SHA1 331f16afd56a19c33374b30580e18a412ab13ab9
SHA256 9433d376ec7329e578d11c164312e30be6b72e50858672510d5b844b0e047b86
SHA512 8f0b6b218a41c545d524f7a8e89d12b1802f7d9a544616a7cdea07fd6b13a1e7e804b6648099074dc718ddf2d4f128c0e7a4f9df9559d2816f3c06436283fc00

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bbba9ec03ce92e2eaf93a4974b61856b
SHA1 316529a2bc70173590584702ca3f1a8781c0e50d
SHA256 90fa0fda29080152610451e2246603781d75506254bafc55141d3e3c27754c18
SHA512 98a82fa8ff9ef290748421343ae01c2eba4a399c1a8f2d33ff1d6ddd30182fdfece91114f0b062a8872c4432a3072927fcde3d2cb0d4661a566c6c6457260dd7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 886813e91ef492654be0646f7aa4da49
SHA1 128bb8230be7c4422594f83b48bdc0d7c7c28f71
SHA256 d9c26e49f0b4b538f9e11dce725763e9d1ab56b591a412ce6c03cbb03f3733bc
SHA512 e9f13d1518ea5efb048388533fd3d9539adc974c3b4443ef5eb45fff24ea1947dfd2e3aa0d80030cc56f1d2edc528858a9e04ce9b3abed7d2765f5ef461dbb4f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 62b1a2c266081cede850e9b96c66c216
SHA1 7fba02e08e7b9ff79bc9172cedde93437795c0b4
SHA256 b435ed6acb9bd2ff6e38642fc69e94116508278437b701484d315f5233f87fe8
SHA512 a800b0f49f9e8eff11cc326db19a45a5bd0e4f77e4acbcdc5f5ca68e9c645ad4b656a7390965ac50a1680c905c95688a30064f753a14dc0a0f5f8373dafaa331

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5ca80e79fd82b60357d21ce233821a9f
SHA1 b801557a08fca79006cd5175d3c4d3a6b2b1979e
SHA256 512483f7758cea4853e68c9b8204eb16c5643f812ab2e0f1c7d7c0092e25b43d
SHA512 09a005dca5fa49e2a84a3a52525f568e8c6bf598bc5c81299af2866ea2b5c066960cfc6a56242370ec325ca7e1a43ae0d3fe5f298f6cf4a98136cf116d0a15eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f5e7e3687599fb35e886544a7f2dc04
SHA1 a4fcaee20d46a8797a2b586c77efd0cf22c86633
SHA256 5d2eae5bcc43e50a572107891eb724ad7485002d01fd9fcf2f0ef45a4d59dc88
SHA512 02595ef53d12b9405c97e19438bdd1a2313675281d319138071f9ffb659487e25fc0f606f53a89be3c4e3cb64b4e182cb840e64b34869d507f6e595af864aeea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e583cac7ffeb5929403beeb6c83f2fd3
SHA1 cef309eb78489e4c04a9fead4d152e58f41cdb23
SHA256 edc25a2706ce18f354860580e73d5a52b2b941ee7fd00d764197b0128dd6d6ea
SHA512 9dd412c8bf35fb375deadb41cc637986ba430d4b7a0ffd4a69cdf97b640c57a850838c6d39cf9ca7a6bbc0c197147e33c4448f866952abde73bacdc0f22ce3fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4733c699f7b0a9bfcf20556966684a40
SHA1 97c7ff0d91aba49cf30e15d8339f3720825a4e2e
SHA256 ae760479dfd823c105438c4d95694679a703cd41c7d53a95787f1b9aaee3c6be
SHA512 a1d0f0c7d4431f752f93185f13b2480737ab28f1bf19f2a1024b95e42cc902a77587bfc38ca4525b403339741e2e7c366e0a017cb95f70a692b3ac1109eecaf4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 78ffc7b068bd9c62e2721d0adc75bc2b
SHA1 a6b9a34e880e4a0fd665ae27f11017f353552027
SHA256 9f8c71ccdd1bd1f6e015f8b095a4de8f50ba808d7cfb89268f67f169dba1a94a
SHA512 fcacfb6773f281c6ca1b8f92af3bf94cac91a1d42836b4e5cc126d3e21821b47604583673ab28cb2b472de4afb161a07d0f546d012d5a5a8321a18ee36449029

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b55e5b4cf08fe5c017b69946d33f83ac
SHA1 595626b74ef4c41156361b5eb9e55fc3fd8a7b7c
SHA256 95ad0e6fe97371a24d29edb36f7f61a2a5d9d525d351f9b3c177946ba1c2e92d
SHA512 050c3c897eb2f81fed983c35ac80315ff27ade602abfaf2030cb86ffe588b73cc420b25612e2463434ee800bcb72ebe1a9a3bdb0d2148bb7d1fc1d258950b7bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a54e12fb2879247a7bfb0e65c9741afa
SHA1 d9f739ece297a59058847aad3c8d84ab7177aab7
SHA256 8269a7abeaf3e52d84b0b49116d999cf6b9556ceef37508a78c7ad0e09d81d4d
SHA512 8209ce2fd19de0b94c23e6dc9b718fcdfc3cfee5d795e5b93b0c40e05d39501cd37f7f267566a0d778482594592c61a3bb4d6c2558f3a1f88fb459491ef4ee3b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c9c4152dd5af691b6e6b80ba5afb558f
SHA1 1e8e4d6edcccfb5a2d7a6e0ab5dcc7aad1eb9759
SHA256 40a996230db8fb0ade64295e8e0f17a09b645c06c4c656678e30318ed4833690
SHA512 2bfce2c2a9760698dab4e118fbadf1abdacdd282e2f18e34b4e4bcd4979ccf80cf1960169478c75bf968bdcca102bb31aeadb9cbce768cc65bb0813acc4e030d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ffac453e515602196a006756d39bf38c
SHA1 3f66db7755684dc28475bab1d7cdd5ff7dfb3254
SHA256 2a8cbf8bae69431dfd7960844f6872c04c01f87db9b0bba7bd272575124864e1
SHA512 0be59e59a3f242a97fe91522e09be39174db274511124d1a59012ae8d82845c3bb6f077f13f7f4c4cbfab2d191333d5508127abf50ec67c588190974eb1fbae3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c26ff4e07eea02b03f46a6238fb987c
SHA1 3a97cbb56706a5928df97d93fe1ab7887d959427
SHA256 abd0147eaa51de7967bf37ea4a53ddc5413f01ea8c24aa649edae9b5ff2614cb
SHA512 c6afd620184bb567ad4a8429348b6d7c9d58c1227278ca55961f3f4ca71cacd09e15bd8e9c3b98516f72e703a4094030a5dbc00bf952c2536eda2d9f8fe2f725

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e1cd6cca44f43ea20de68a54f83a9925
SHA1 c72e324af634c1865710b3577edc76a3ff4c96d6
SHA256 165488eb8402463a556b403cdff11f8da2e03275ba8350c9a9411fba9ade9acd
SHA512 5318fe336d30a20cc366ad16404a43cdbdc96bfef9ede59f6113999f7f1f281bf5aa62e8b5b24db0e097832dc112547179c057fcfb04e0d241ad7361d461e10d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d1bd0d082bfa73fffec7be2953a9b45d
SHA1 59dc0661fa03cb5d906f50dc4a4502791e1bc435
SHA256 45166ed992ad833ae3336fe9fa3e183791c78dfeabe2e48a0418d15414077cfc
SHA512 baf8540bce77e4ffb0c51ad59384ee715f4790dbd46aafe83b006591d52680fd41e747b708027d9f0797799719df05df5fc6e8361b6daf21aa3c54332d8a7546

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ce8e2aa892ec5a3fb39397725afb8a98
SHA1 7f778e002f11774769c61ba5a864ebccf25ef76d
SHA256 e407f8477483eeb1a3ef2a5270a657ffba6efd1420626bbdeba945e5bdac22ac
SHA512 1d27aaea7e782c9604f304e689dcbe1ce86f4e711509afa9d61300d57f63012dee2e6f7436a715dc598c147d75177603b0a44c5e3ca9bc73df77a50561d71208

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fcc4d24818cac8538bb30664f2c69644
SHA1 cb0e16b3bd382b562dbfd9f673d0c295a5082d64
SHA256 e18f1331562d69ff26002e6d819ebbc4d6447923d7f900840d554d2e308a2162
SHA512 3520ea69a74f4484397ee9e24898e00e025a50bafd9f79e71fa7657de88d30e52b1578e245a91aa45af6ad06976600b9cc48ba83d33cf89f38aa3f237eec146c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff3f242ad780e88a9a50d5259d7d8aa3
SHA1 47bf1d7d3556c7c0a0c176b350bea1d03b648acb
SHA256 af08acc98537346a74b74e2a8f076b1706e815d7c337744720ec4dde1d6a2b0b
SHA512 87d2a56a0c54087cd6be57d5069473344c36a6e268655215fcdc1b1c6da5ad5afb8c7bce8c6f170bc8c9cab3afea8b916ae91079ef65909ed3f5f915960a7f39

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 14c691b9a72a7f3afdddc55142dd8b9d
SHA1 841273ae5f656b35778151420939b2a2102b139a
SHA256 9f3d1a6a8a627ddaa79f1c7ecf99bb31967680b47f86c31f22f46e5214efc616
SHA512 d5bf767496127d61b6cdb19f748fb6f5e9f337c0af0008c62d942b44cbf3307fc3974677d04319884b6863642bd6929893bb05e2e5db16b0d7b85ade766c6522

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b63851f792619337cd6eda23e78205ce
SHA1 d3bcd3778bb21f0f52747681fda71154bcddd948
SHA256 402ccc30e6daa65a40f2a5c6e11b6f6fb318b15e8693eea3ba39a2cd40f1166f
SHA512 f8cb100a529929191cc0ba356f597501034b7efcd4850eb3fd731e5068b105d972809987ef23190c88fada3d1a9ba55f97c1aadc1be0a45aae1dc5009ca471fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1a5c65ca505c66ff2baf0618a39d8a60
SHA1 f47588a216c7efff04b075f3d0322f2c26817a3a
SHA256 4a85c96a493b53b357a69e7ba77bb7770bd70d4d76d372a59c1383304f1417d9
SHA512 9fe824a6350bacbcbe6994effe599ec9d6149363fe249216319cf50715f964605b85032a55cf5bfbad10ab96ab61aca42c009d0ac6ea3966c0630d14742ad5dc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 595f8f5fee54acc94e2e4abc4898bdab
SHA1 c7325d2159493e52396bc44cc49a5588600cc03e
SHA256 268dad88750378350194504d047f820a2ac5ce0726214f651e1333e2d95b2158
SHA512 fff3bef37eea1a03482e1657a0fc95f814e40d7956280ffc91895b80b79d45a530de90b224f160d7e9f060e10b33a5afbb1c4f492b38c8c3303975dc5849f6eb