Malware Analysis Report

2025-01-18 02:24

Sample ID 240613-bkbrjascrk
Target a34f34e5fe17106e4f0052a6d59b51bf_JaffaCakes118
SHA256 19c1614eaa2a36966f4d13aca33c1f43be5de9275568fdd0ee1d5b962b2a9931
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

19c1614eaa2a36966f4d13aca33c1f43be5de9275568fdd0ee1d5b962b2a9931

Threat Level: No (potentially) malicious behavior was detected

The file a34f34e5fe17106e4f0052a6d59b51bf_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 01:11

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 01:11

Reported

2024-06-13 01:14

Platform

win10v2004-20240226-en

Max time kernel

143s

Max time network

152s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a34f34e5fe17106e4f0052a6d59b51bf_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a34f34e5fe17106e4f0052a6d59b51bf_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4536 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5684 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3896 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5440 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5652 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=4536 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5788 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5848 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 57.234.16.2.in-addr.arpa udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 www.microsoft.com udp
US 2.20.12.87:443 bzib.nelreports.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 23.55.97.181:443 www.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 tychikigli.pro udp
US 8.8.8.8:53 tychikigli.pro udp
US 8.8.8.8:53 tychikigli.pro udp
US 199.59.243.226:443 tychikigli.pro tcp
US 199.59.243.226:443 tychikigli.pro tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 104.242.140.51.in-addr.arpa udp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 226.243.59.199.in-addr.arpa udp
US 8.8.8.8:53 87.12.20.2.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
US 199.59.243.226:443 tychikigli.pro tcp
US 199.59.243.226:443 tychikigli.pro tcp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 tychikigli.pro udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
US 8.8.8.8:53 partner.googleadservices.com udp
US 8.8.8.8:53 partner.googleadservices.com udp
GB 142.250.178.2:443 partner.googleadservices.com udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 74.125.71.154:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 afs.googleusercontent.com udp
US 8.8.8.8:53 afs.googleusercontent.com udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
GB 172.217.16.225:443 afs.googleusercontent.com tcp
GB 172.217.16.225:443 afs.googleusercontent.com tcp
BE 88.221.83.187:443 www.bing.com tcp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 187.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 154.71.125.74.in-addr.arpa udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
GB 172.217.169.74:443 tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.42.65.92:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 92.65.42.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 13.107.253.64:443 tcp
US 199.59.243.226:443 tychikigli.pro tcp
US 199.59.243.226:443 tychikigli.pro tcp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 199.59.243.226:443 tychikigli.pro tcp
US 199.59.243.226:443 tychikigli.pro tcp
US 8.8.8.8:53 8.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 01:11

Reported

2024-06-13 01:14

Platform

win7-20240221-en

Max time kernel

119s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a34f34e5fe17106e4f0052a6d59b51bf_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 908b28bc2ebdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ff65422243c7114e93e6dbaad6a35de900000000020000000000106600000001000020000000abab74a5489fd5173dae293383a0b1d0fb6b05fd9fa677fb9b3bb500c5a579d2000000000e800000000200002000000030365fcb2c91e849a713cca9ff5dbb891d0c03edbd95a7b8613960f48a0e55bc20000000b62c894f8a978fb4fe20053e9495dcca1634227475509ee8305d9e9f728f9ef6400000001a559dbae581d1bbc2320cd8aebce132d919e7ea2ba0a1ad42131b119d9f5ab77fce54c7f5dd58b2032510939638fd458b3e82e28fbc06174c4b9c318d5fc75e C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424402973" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ff65422243c7114e93e6dbaad6a35de9000000000200000000001066000000010000200000003c8a7663fb72f2688e6b831dd33e239e68e908f7375f306e10c2c67ea43207f3000000000e8000000002000020000000df139b6aba2e0f6c6aa9b7c83b4b5aca75edd96f66f1977b1decba7f597671b0900000005a157f34007059970d94d305ed93b66ea3892c9fcd45588611e82cca06426bd666511d1c08ed10702b6be3a6eaa9bafc7ef6d8979b893d60f44ad0265f9165331fc99037b6861ef0f2c77f8e8ec66324a01eb2c0ab80c3fa18c4336655840c9e272fbaac05a6f0f66e9c61a903fe88ac6d5b0714e83cba34dc58ee5d2bdee46e93a603e9457867da08813becebe95bc84000000047481cc0515e6fdf901d25fce379154d5acbe6b6fc7a6506c491ac5ce3650e8e13f72fabb427f70892cd5572cab10d683455b79f4e438778d9e1fac7886df6d7 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E6B7F5D1-2921-11EF-A965-CAFA5A0A62FD} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a34f34e5fe17106e4f0052a6d59b51bf_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2872 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 tychikigli.pro udp
US 199.59.243.226:443 tychikigli.pro tcp
US 199.59.243.226:443 tychikigli.pro tcp
US 8.8.8.8:53 x2.i.lencr.org udp
US 8.8.8.8:53 x2.i.lencr.org udp
BE 23.55.97.11:80 x2.i.lencr.org tcp
BE 23.55.97.11:80 x2.i.lencr.org tcp
US 8.8.8.8:53 x2.c.lencr.org udp
US 8.8.8.8:53 x2.c.lencr.org udp
BE 23.55.97.11:80 x2.c.lencr.org tcp
BE 23.55.97.11:80 x2.c.lencr.org tcp
US 8.8.8.8:53 e1.o.lencr.org udp
US 8.8.8.8:53 e1.o.lencr.org udp
BE 23.14.90.74:80 e1.o.lencr.org tcp
BE 23.14.90.74:80 e1.o.lencr.org tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 904c1fb19099177fb09c87c3a969e83f
SHA1 2fcab35986e07ab7324534c30da7a5d13b26d116
SHA256 1b437f6a0a63d79363638ffeea5aaa22b487c4580477bcedd4524a59a1b95fa3
SHA512 58c884e63bec3ec27c8b77e75e2b497e00114a0662d8fe28b9dd2fefe9c8d24f846ad1c0aeb39d2cbdaa946edee9a497c0c98f201a022a44dd5512f9329c82b6

C:\Users\Admin\AppData\Local\Temp\Cab344D.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar344E.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar353E.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b0f0f9f7f1b903e3ee183e27c32605ea
SHA1 702fd25f45f8cfec60b94acdff4d72e0fb07cc72
SHA256 a34de295ae9d8bf225c61ca3ca9f41f4540fd80b74c2ff5833da19fcbc2d1701
SHA512 785fe32870cb6973b4b46e4b96682e2f321e09ad596cde2d46193d3774765ae647f03561bd1bff1ac3b7ababe14459e71923a374b822df5ae0f2090291bd3e5e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4201ca07c0cfe535076ff3641b46a8ce
SHA1 7a0fbad0998e9ac7aa5922f23cc45e7ccae3eaa2
SHA256 de5d21f44b6f170ef6d5249e76ded335b3a9d21ddb2108aa27880d8bf1260599
SHA512 adb8fcf83a108b49ca21d89339fc604a9fe770fec52d8783c85a817e4919add1d5c976ff21ec29e894f367d292a41b42045672757abccbc0ced8d73b337ff50d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4ddb5a4cecd6b544f166bde14eda20f2
SHA1 7f1051640da7af2e146a86892e6cbed1fb0fae27
SHA256 ba628eab581c9a0d45bdb97db8944f25932dd9af9e7542a0c40bec48c054c306
SHA512 a0b31d8b976c7f767cadb49bc7c383abfa81f194d109e2e8ea4384bf1dceda17251b71a02304aea6794571638be70f2a63cae1322c41d8a802b184209da5b09e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 574099bf80a088b15e61c103af9a7e9b
SHA1 6080c594873199b1e787eb8c32e9cf2bce9e0511
SHA256 b1f452150554e2d74cc62f1e91328edfb71893c408794b24a10f709d10386646
SHA512 430b6d35735b2243c41798d51afe5fba2557981844ba2e88af6574da53818f48ab7fcc3fafda9aa7d50a6bdde069e3b1db1d2fc1f369af58a165f4f3a67df87a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 46e926f04f477901122b318cc9f0dedf
SHA1 5a9f7d5fb743ecba16bd85b6ad1b2879dbb66547
SHA256 222f867e970caed9936e0f23bcb1a74e9dbd85acfe0c5c9b1604d7009d5c4601
SHA512 6e4444e469dbb236aa9f4a75ad316f0344730d94f7a820223b8deb80ac50c9fa2cd66518ff31da4ef05c7324526c27395a42f968285237a26031014c839f4c9d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 86f14b00cdce5c757273f4ac78a82aad
SHA1 aec24cb78eadd0d80b09f0f78e8a9f51d9cd3fee
SHA256 a314a64b0ff8cc16d0a599bcc8d8a8ecf7e80fff973f5e6736d4b21e1f5edf0c
SHA512 67ba20da3be77c73562e0cc82ea26688e9c8d04d658c729e4874982cb50ca55b10999d3604431b0f0a3c7128b0e427ea838ec67eeb4bea43e270834a5cd0996c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 675f413fbca0e0db25c671839765bc34
SHA1 8ede4269b56258a6bb2532fb55f80b8b66def0b8
SHA256 d74d2311b5f964d5ae279a6716bb0ec4eec56ae89d926e0f70a3c47998c9cd7c
SHA512 9dd0d6dead8b00847aa81d3d4366165f93ccd4c07275c766a125c64c9a8bbe50c5d7a7766ff0c0ab6052b3ceae76c386c01dc4a1ac38a796abcdf30073f3351a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7510aa3d7b17309632ba8dd0ea04029c
SHA1 757f9fe918c71e0ff3a137b993523a2ba41650e5
SHA256 97016ae8655398ec4f8c36ef81057b3c9e536ed4ba017ebfb44f026496b831de
SHA512 9055a34d6f97cc5cfe9f738caa3e4e8a939f4843ba6a014310f046f3b7faef23eb645f04fae07668f07cbaab69dcc891ab5ef0a8cacec234da1a9dc938076ebe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6aa10fcb61cf387c623c8f5083043f4b
SHA1 25d16509d4e76a50151f4227b7e43ca575988bb5
SHA256 e92bb3bf4278f60a92e932da3594233ca3bdb9e3e1d424ec020e3a3b192a8a64
SHA512 b36076589ba22a2949f41a203eb8e8978916ac8458074e5d1557e24993a11241cd739833d7cbfd9b7a994f75be7aa811c21f12d043b27925dca31063b250dc92

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e2e09fdb9e6b105c47102e429dd6a39
SHA1 3579a00b1c8c57cdb6dc20008105ceea7ada0b2e
SHA256 5e7b37396f729c98b6aab1bd7caa0e8d71bfbf44b3893270638bebfbdaeb3a94
SHA512 b5e55a0cfdf04d585c0b3e5b6b9e31355f8cad33d5b5e9055b56e818ce28a3bdf0b180e261e4b74917d4d6ceb6fcc622a38ea6340da714c67ba3c95b48dba024

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a686056d288e6d34aea92e2b5373553c
SHA1 8cdc1170ccfc40a7addc0f8e18907c65b8cd9dfe
SHA256 0f13f1325cbcae7bd957d9f68177916de53a234daa87b4f0bb4204e2a92f5afe
SHA512 ec573868944614a46ee5778e0ad4c840a833674ad13d8c06f8025e44d58f45f60e4544b7780a912f33bb7963f99175683f4088d2d30a3a1953a209693928a703

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5a216dbf3854c4921801af3d61e1947b
SHA1 70cc6056c8bff374c8713ca3fba74033610114ca
SHA256 62f3c1d7d0cf0aed420deff6bf0be4c71beb4dc7a1f49a25748b610a2fca889f
SHA512 4202045e3c5a3f06628a3ce72559644eb7fe3efd1d94c436e50600d35d37ba96fa33d74f7f5cc5db7348fc80fbd4e137301b5554aac5687d077e77c03d7e8333

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6b88bb3fa6201efba8c9a1938c07006c
SHA1 d41ea08a5311ec2402385d37e93a4bc750f1d0fe
SHA256 275b5a6a4fb9ff9f866e2a0f96ff073b56c876e465cdaf11322062bbe564c522
SHA512 956b2ddae38de57a84eb002fb9d8f986ecea78ad6b608eb0684a6d2319cff48c621d7b615b7b8fe6bfce7422a8dde116b8135c4d925080fc9ce964aaadc3ee67

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0060465ba375d6fc2292d57b914bd86e
SHA1 36d76d02e1c75ceaa3ea186d9f3b04e192740dc4
SHA256 3426d39ec70eea9a0a8d62a6844a33d19e5b1d8551e993661fd567bf6ac0aa3c
SHA512 c25467774f4bf8244cd6f67229af02eb5dfb4356a977ba845cd661a77a813248b7b2feed2954cc5579b9a2d5204e6e9c2c6f44d72bfc398da14c7ab3ce1ab805

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 68b7ce407c5f1b921fbc91d6bd2982b0
SHA1 024d11a9d63a8dac029b73fccdd03fcd6e0b8b84
SHA256 898b400259302dde8d2658323147f55728711af7a5181ce49e13248885c41940
SHA512 75114d444216e00f8200a5b42fb416ccd4b48e8b3075abb697566115cc187230863010171307f8c83c34941b71fa262e1aad00b04c7c9c387943836c56523c08

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a3f454bddb211924ad85591b384c8f97
SHA1 48028f6ef2b288317be435309532aac56514c8ac
SHA256 1ef35b4ae7b61f92d3113581c1b40043059dd9babe881fa851269706b265fa15
SHA512 293dc7ec42b2c60c98eef834de0567ca4f78d0412bb12e0db137672ef326e6660bd6edcbcdac57c46ba4d9731d7f52f7909517da0d07e1fe3f5248de3cc80e30

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 61e5e0f0f4bcbac3fb52912b880ddfff
SHA1 c21a6f5de80e74a460e224a9d1d4c66b77729566
SHA256 40db1334b113be2bf1b1b1bbf6e55f6c3b84f68fff991f8d16588d2e00d598f5
SHA512 87419de80cd80aa7abf07631816dcecf3d7fbe4fa9e92049cc3a2c4eae0fbc47e9738d0fe8c4f29ba7ef2cd17195e1b2d0c620f6b320c2d0466749e7c31b9246

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 99f65b5dd9ff296194001327afe8a0b8
SHA1 a08b9c515d005954471e81d7f245e2492ca2fdb0
SHA256 8e7ba42b31b253c886d15de8c94ae62a2338c7f6754292cadddc4bfd894b0be4
SHA512 317efcb286786b71146e280593c4bec29d448cfe9b263d4eb2fecce64bae8037c3c301c9b85f853507eef39013f0656380d848ba2cfcca337f15e2738698d229

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0606c33f085d768a8f2b09fe0d766a98
SHA1 e38bd4f4c1fd2c1192d52d756790f4721e0b6b51
SHA256 33c823cdab244642874251e0bb1f369d278ddeb204f7d1dc6f0caeb1bb392e4a
SHA512 c38e1440f6cd0bf0eab28d32f39fa31214f1c5c05075e99cc5e1fa0357f36091cd676cae5d72ae1de0d4c01252b1112e225c74158d5393a66578aca6cc6547c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ed275a2a0bd70f62bb86075aef90b8c
SHA1 5d3749dbeeabcee86c9e7b10647c507f651acd9c
SHA256 803c251d7b5859d4d3e5b1f1e680ec3526c979ff38410f5ce2eb86fde611b079
SHA512 080a8480bab7213698968b1e4589cfb90a8dbe99695afc44b58d74f2bbc8141384a2b5103148a808fa92c365fc047281c191921854d42097504287d23c236575