Malware Analysis Report

2024-09-09 17:25

Sample ID 231029-wlhaxsgg3z
Target https://ewasmash.com
Tags
google phishing
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

Threat Level: Likely benign

The file https://ewasmash.com was found to be: Likely benign.

Malicious Activity Summary

google phishing

Detected potential entity reuse from brand google.

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2023-10-29 18:00

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-10-29 18:00

Reported

2023-10-29 18:01

Platform

win7-20231023-en

Max time kernel

58s

Max time network

48s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" https://ewasmash.com

Signatures

Detected potential entity reuse from brand google.

phishing google

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000099b8a3c6ff97044781f9dc0475faca41000000000200000000001066000000010000200000002444699f5c654da6a218eedcb06e55e6179e38bf007b9720d4a6010ebfce8a01000000000e80000000020000200000003475f8e05d3afbf8a92d91964a0d4a3d098b667a3f606ae69b5325e4ba5777b390000000d0dd37f696c6fafa323baf6ff4f85db8c1e9952f6793eeba86cf130a07397b0612d98033d7384cd35136b544cf97cd4ea1fb59257ce2c2e3d11d51ebe66eddcfd8e1107ab5c3458c91180a92469703d7029d3d1ac2920bc36901de3a5fea2ab01b67cb19f06fc51f1f7d2c6f231ca7731b368240ed26043e3e4404b51e9dc639c80c249761c141ab8c157d68de56275f4000000027ea792304564486d7993cf98dc10d2ef00a98eb01f5ab087949899ac6b731c2d1e56c1fa7b7bf8268d7c6d795e9b376d8761c5b4360a495ddf17bfaa0ba9c45 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e08bfbe3910ada01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1513C851-7685-11EE-9C0E-FED21CE29B23} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000099b8a3c6ff97044781f9dc0475faca41000000000200000000001066000000010000200000007faae7f7a96690f3aca20b7cb8e8685691372b1cd81f6eb6f4248e2dfed42c04000000000e800000000200002000000008e6ff57207b043e3fe66a334e2f43ba0d160fe5a2f2f811243aba4bed3db40c20000000994a3ca9911b49c1b1c132b0e977aad1bb87542bdc2b3320ee875a5c6dcd3893400000000fbed7b485a04302ce9ac4daea292c8177b02cf8017159dfd7c01be8cde39c996d36532ed07e5455e6b25e045a1dffc7daa2a3bb034f6a998a0fa6f95dab93c8 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://ewasmash.com

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2448 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2448 CREDAT:537618 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ewasmash.com udp
US 216.239.38.21:443 ewasmash.com tcp
US 216.239.38.21:443 ewasmash.com tcp
US 8.8.8.8:53 www.ewasmash.com udp
GB 216.58.208.115:443 www.ewasmash.com tcp
GB 216.58.208.115:443 www.ewasmash.com tcp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
NL 142.251.36.1:443 lh5.googleusercontent.com tcp
NL 142.251.36.1:443 lh5.googleusercontent.com tcp
NL 142.251.36.1:443 lh5.googleusercontent.com tcp
NL 142.251.36.1:443 lh5.googleusercontent.com tcp
NL 142.251.36.1:443 lh5.googleusercontent.com tcp
NL 142.251.36.1:443 lh5.googleusercontent.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
DE 172.217.23.195:443 ssl.gstatic.com tcp
DE 172.217.23.195:443 ssl.gstatic.com tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com tcp
US 8.8.8.8:53 lh4.googleusercontent.com udp
NL 142.251.36.1:443 lh4.googleusercontent.com tcp
NL 142.251.36.1:443 lh4.googleusercontent.com tcp
US 8.8.8.8:53 calendar.google.com udp
NL 142.251.36.46:443 calendar.google.com tcp
NL 142.251.36.46:443 calendar.google.com tcp
US 8.8.8.8:53 support.google.com udp
NL 142.251.36.46:443 support.google.com tcp
NL 142.251.36.46:443 support.google.com tcp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.46:443 support.google.com tcp
NL 142.251.36.46:443 support.google.com tcp
DE 172.217.23.195:443 ssl.gstatic.com tcp
DE 172.217.23.195:443 ssl.gstatic.com tcp
US 8.8.8.8:53 ogs.google.com udp
NL 142.250.179.206:443 ogs.google.com tcp
NL 142.250.179.206:443 ogs.google.com tcp
US 8.8.8.8:53 docs.google.com udp
NL 142.250.179.174:443 docs.google.com tcp
NL 142.250.179.174:443 docs.google.com tcp
NL 142.251.36.1:443 lh4.googleusercontent.com tcp
NL 142.251.36.1:443 lh4.googleusercontent.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab6624.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 34bf641321aaa9c3024d807dc6d30c80
SHA1 a4ac1ee24cf2fa92e1ce4a55aeab52e865458acb
SHA256 fe1fe8b936aa68088e8c863beb73001775b2ed50f8673348f1a2d57c2679f2ef
SHA512 38b6d96e6ee63331070d35c80e1ae3fdfe0223eb9910f34addc1317d36a085fcea6af9956a0f474f1f7546ec3d21afc19aa73182cbcc30b1d1e6080ba683557d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_B67A81AFAE089B928194572649A22563

MD5 873eff5154cdcf3e8704d26f91d93423
SHA1 217aa0d723b377fa3538105caba9a7976f4f5b6a
SHA256 296eb0cb59945f30405cc1115ca466b6aaab26d34782d63b4f676b8fffd433d4
SHA512 695c35abf170ad86ec1a8c7fd61d0f35b29b52c390701feb78b1cae82900f7d26e7865c11cb518a0457e21a1105a2a7afc218c4e70c08799eb7a2e193e016e22

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_B67A81AFAE089B928194572649A22563

MD5 6884aa3147056dcac73e088baf7f2c18
SHA1 75ace5c794ad5e35fe4741c77c48f842045e79b0
SHA256 92ec4952af2fefb487d9062805d700a17753df5fbf2b2a21425a54601b4a618d
SHA512 0d6f2ecc298727078cefe11157d807634fe53ffeb21f8dfa628c78e76fbbf49152afe34638ac012abf8747a26943fe91b4c60461316adc8288bee3313a8924ef

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SUYBBARZ\favicon[2].ico

MD5 ea69a3f95dd5484853d128186db7e13d
SHA1 5fdb5fe05108fd6e5386bbda06778af4b446dc6a
SHA256 8179e80bcfef62154d1ff7371a1c60bd2c6c1e71c3da2f4a8b1db518a1900ec2
SHA512 2169d31065059c3677d025f27a5650c1e35bf83b6d6b3d80842b0809ff67e85388cb00213a4bd3fa76f71909a21298c824b39299a3980ba3b11c0297db472610

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\bqa1h19\imagestore.dat

MD5 e81f34f2bf5ff0850e569bfed1efb47b
SHA1 06209860606b09c7bae876aa58af9521d285133f
SHA256 2f1feee87b0f1fd513659e1b84b126123aecdf0fd8eaa29a3515f2e49006b035
SHA512 6b1f828d4cdc521b439eeebec7dc59b15363395a4d65b527ae5603fd83ceddaca6e2aafe3e80d0153133927f08f865342fd99e4832f57a3fd94f01a5e06e39e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f62dd97205ccefebec30ab4fa25e5d9a
SHA1 b5d81e4509784bc40ae590aef8529ffc508240e2
SHA256 1896af494372add8e28891ce185070956460c66ca95320eaaa6f33e105075f96
SHA512 480d3db37225867478aad70cc3c39a550ede05646d113cb0a2ceb01b37b3e10c1c1b0bc0808b1bb8954aca34cc361b94a7f419c55a5fe4c282834dd60b1d267d

C:\Users\Admin\AppData\Local\Temp\Tar8816.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c1f04502f16dbadb41a307dcee4a2a1a
SHA1 fbebe8bb58e36f8824d7b67bcd549512b273105b
SHA256 6525e2359f7eb7c2826c6b9ce28198fe838291cdbc5992f3511c187f30aaeb28
SHA512 a61102778768463ffc1ad19c27135b5277824e28be7bc74e22cbfd8e6cab97d816f78a229295794eef8ef1ffaa7be4abeb79b4786eb61cebd2219edeccb411e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e4f923b5d0c310dfc7a2c2b30ef4752
SHA1 6bb6465467615e6ba963c45c02a40d1e873bf83b
SHA256 ce655d28d3e92fd1fc963c93d111edc9f52e363fe136cfca9d99bd4c0a23d54d
SHA512 7c4f35477e46e4a413d6099d38d1f86cc70385261e3f409464ccf943aef8e58a08b4f02a391bb159c461892ccfbe1a93c76fd069ccd322112dfec8fa70124e4b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a4d02b7b2579b2d05f4b64a87ed0a418
SHA1 e2c8ad01cff3a3e670b57deb1c647103ae98d1fb
SHA256 131bc213d3f897d639ccda15edf95f12e20364cbf4ea43a860584d4e3aaf3f2e
SHA512 99d26b3a2802d75052b033d798822ef0a50122d5b51374d46beebe1f0b287ba341199c3077c4f915eb9d9f093bd8059e0e85ef025cccfeb7c0ed5c48616c83b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2025135a8da6f48b3abeeb7da5dd00c1
SHA1 1bc9285e05b1558189b87081b3e1692a33378623
SHA256 d7003cf05c5a23457191cafcecda36be65ab950c9e473c307bc2c3ddac0d808f
SHA512 dd5ec87b203ed9952936f95cd246f0557bbcc3978ad3f26026ec3f7aa284cfcfb5d7063b56e803105815e721742bbe88f93e970572a8153d19324009f91d1532

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8159409a05c9ead8e9c484990552fb5b
SHA1 50d6d89d41579a9716f3de680dd0410165cb3ff3
SHA256 c7b5a227dde6977c8239205f7ad243bf7f67f75ed24ee451e7c424d0ae519af2
SHA512 9674371c31772f6e57f85557ed5046b3ff61a91aea8fa1c8fdaf93b0071fb2441c578e61b5710c9ef97a33df2ff35c3ad1a77002203536c2e03eede8f3a82a5a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e1f779d6a0781e173fc4690178ccce3
SHA1 e4473e3d9514bf4e35c3c4c8d8249f52ea25a87c
SHA256 bc483ee24efe3b4cc988eac1a3b2188b18bc060b3c612ca30af7f2f599518e25
SHA512 8048a8ea6f2eab37ab93f2c828d2fc398344ba00043bf6a32771baa10f7219401cb4ff2bf7f09f629384e118e794a0fb299b0f1e5da24640e0e9ecddcd3cabbf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eed713ff6cc9dfac78edb1f233fcd3b5
SHA1 8784ccac2eeaa73f7c1041d780dfeeb9dc03adf5
SHA256 feaba374dabc5949227c5aa11eafd4edcedef0fcc03b772a591c9a44d243808a
SHA512 0760164a3b72704e27018a48229b75fee1d5bf90318170e28daf88d8da20bdd5cd9f86b9c916c12610e40938d6a61fda931a9cafe2c881d1e37613f7938647ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 48c8da5f146284046ef75aba99bbb5b3
SHA1 ce1a32a3cff40a4764bd098581eda5bec3768766
SHA256 2b62480fd25af486cdfd6c2382dabbeee250203576064d1a2a6795b016fc6113
SHA512 06d31c848b02630fbfa363d91dd2b0ae921490d82179a5d9f23b45b175d86a522aaf34173e3e28d0e2fb0640a14a3249f0aadbf2694d3d09d4e96d3e3e521246

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 deb619d5f5ffa8744b19b2a0ec444e20
SHA1 6595a3932ca6c1607b4f6a75dd70ac0f62a2401b
SHA256 5c9db569c36feb5bc613b8deb05a19365a3e8c2403ce6a15dc44c7a1403644cc
SHA512 ae3f83173f7a2a6a63ac09df663227baacd41854a8aa23d1107409a41ee70c0695c249b7ab29f952864cfdc2fbf8352bd6480c22aa465147c78bfc16a21464bb

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QJT1WABK\css[1].css

MD5 1c75f53bf684f99bafd55ee6d7e56e0e
SHA1 5f5db0ac95e345ebc067e021cba921ffe2287500
SHA256 18109e681171cb915e93f80e38b4a760fb8226c158ab5111589857f6831ef485
SHA512 be3af4a65ec8d74e48edf909df0d044448f75246e325dd50c206dcc1d22aacde84fe1dc84fd6ea5eb88098aca2e6164d4b3e5138c476f629e4f30d2ce0a0870c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IS2BN16O\css[1].css

MD5 c57ddac6b6af107285403a6cec3b996b
SHA1 c04b98caf37386b358d463bde8612fcb045aabc6
SHA256 89998695da788ee95746ca293e3d77daa78ee2cb3192873ca5a95fa647ef7f1f
SHA512 d486415c9bc7337dca8989a938010a5870985a1d5088d4460b5604b84e9b9d3bbafa6e9f10c1f61aebb657f36b45867f69043805ed6ba186c4a794be50984859

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IS2BN16O\rs=AGEqA5m7eSUNfhdxHS6vAGT7uJLa9sXL1Q[1].css

MD5 bf14ca7d4182cdc0c9804211bb002da6
SHA1 ca177f96e8e5d45967424d210b69f2aa56c999f8
SHA256 746fb772d70104be7d1d44a0027e908e586e4a1ed4e847806cb9f36bace64edf
SHA512 6cba13737db99398d46808778d0363202bddfeb17c52d4588532a02caab4ab25976b3a87b82e2692577bd9fffee7d5a8465d4992bfd2fccc0e9c39e982375a5f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QJT1WABK\client[1].js

MD5 b0d0d7c11cc5bf7c6c036142467e25fa
SHA1 321bbce5db9f17d2443eea68f722eca7fd0e5f99
SHA256 20747681d332b2bdc53afd0cc3f32834e8bad9fa1e76549213afb6c1d78d45b8
SHA512 2170aaa23795a7781330911a2fa61a46600e9b45db594db18309b217bce5801a5d4f77fa577f14699f74c1d9dbcfe6d7f0bbdfb5744fbfe0f1dff713b8e284a6

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QJT1WABK\cb=gapi[1].js

MD5 74e2ed30b18badb8e2821b62f0dc86db
SHA1 a44add961324d8d399de79e45524ffa019ffcd73
SHA256 3253ebd8d1a3c41f020b8e18e84bf61b96b0c1bba646b047fa90d87e72438371
SHA512 b978ab53b994948292008b4f6bf9118be48a7aabb50a3bbbf11ede9d36713eebf61360f1cd638e31a029455ef978699a9c318a6a423bde2bc51648fbd2cd6735

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOB1G6ZJ\KFOlCnqEu92Fr1MmSU5fBBc-[1].woff

MD5 ea60988be8d6faebb4bc2a55b1f76e22
SHA1 19cec53c3c7c2042f71066b7a92d6c8d7e207bd7
SHA256 bf14c7d7734b8f9c863b982a4e7b30d4361af8e8747f2ca8672ba58e703e96a3
SHA512 63c58edd438ddcdaeb8ee9227052dc249dd0b672aef53630cf1e7a4e1cf88622be7bdfc5a7b946c76c297e393c8a5b695bdb3686a475a3aac82d2925997a2346

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QJT1WABK\KFOmCnqEu92Fr1Mu4mxM[1].woff

MD5 d3907d0ccd03b1134c24d3bcaf05b698
SHA1 d9cfe6b477b49d47b6241b4281f4858d98eaca65
SHA256 f2abf7fbabe298e5823d257e48f5dc2138c6d5e0c210066f76b0067e8eda194f
SHA512 4c5df954bd79ed77ee12a49f0f3194e7dbf2720212b0989dad1bc12e2e3701c3ef045b10d4cd53dc5534f00e83a6a6891297c681a5cb3b33a42640ae4e01bbfd

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QJT1WABK\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

MD5 40bcb2b8cc5ed94c4c21d06128e0e532
SHA1 02edc7784ea80afc258224f3cb8c86dd233aaf19
SHA256 9ce7f3ac47b91743893a2d29fe511a7ebec7aef52b2ea985fa127448d1f227c1
SHA512 9ad3ff9ed6a75f1a4c42ab2135f1f4a51a4d368d96e760e920d56d808a12b2adb4b524e0c135d3c1b3027ffecb2753293b9fdca6b81aa2c9bd6326743c669468

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QJT1WABK\KFOlCnqEu92Fr1MmWUlfBBc-[1].woff

MD5 0774a8b7ca338dc1aba5a0ec8f2b9454
SHA1 6baf2c7cc3a03676c10ce872ef9fa1aa4e185901
SHA256 e0fd57c0d9537d9c9884b6a8ad8c1823800d94dcfb6a2cc988780fe65a592fe6
SHA512 a0066b2a6b656e54f7789fea5c4c965b8603d0b1c3d0b5560cfbafd469a4cb5a566c143c336bcbd443bae2648e960aa0e635770e7c94d0cb49c19326f6ca7b69

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IS2BN16O\4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrwEIJllpy8[1].woff

MD5 5ec579e39f77190de20a4cb4d7b082dc
SHA1 d99f1d73c37968cbdbe44c7387e7474056c4b034
SHA256 031c66a54247283c9430caeb5c54a90e5974244c9ccb0234d53b27d4a484816b
SHA512 3e11f6d2fa13eecd4fc34b1186a96dad8dacb629c046e606f2dc7cb53385ae9a4e0f3aa950b1698fa188c3e449cbf03423e46f8632b81425d8abcc4b145cb617

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QJT1WABK\4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrw2IJllpy8[1].woff

MD5 46340077cb37c81b2bc0b03299108bc4
SHA1 2957977405fe3c8c0198e225ba86021f37fc5122
SHA256 0bf0857a7247d0ca9f0221bee4203b003207eecb888651660594710230091bbb
SHA512 01ebfa7efb4f7c265b2c0eead23158fff094b2d3a69d8be4ba9844f89d18efde1030ccdd5bc278c47ef0cc202fb14f0879a1ca5fa1609b8a0b70a1750ce93d18

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IS2BN16O\m=view[1].js

MD5 679555ded060fcbd5041ae976692768a
SHA1 3454fe1a7d44ac81ae848a22765c7a8b67ea4c03
SHA256 cc9dbdd76bd51dfe387dfbd490843cc75b5d346bca080068222dbabf4250b16a
SHA512 0dcfab15143f7d90273a75b7d09235a2320e8928e7d01492c3486178ddaaeb4b026bdf4a46797b3a6c624d6fecd330dc26f843f2b6281d306cc8e3d60c0c0c79

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SUYBBARZ\jizaRExUiTo99u79D0KEww[1].woff

MD5 755d029b43c689dda8b91bc228b851bb
SHA1 0829ecb8eb43675a23cb292139243ae0bb4084fa
SHA256 45bb5214819f49da8632ed42afbcfd6b5780f1c8dd648b50e65f674c9a56161f
SHA512 664cda07c0f5dd2a0071c8360550c76d5042fc48bef1e174bab4783637f3da3bfdee9b0737e3c4202f95e724f5cb320a8bc627deafebb6885a7d8524c6884c5b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SUYBBARZ\jizfRExUiTo99u79B_mh0O6tKw[1].woff

MD5 654704e940938b4618d2a8b18614569d
SHA1 f0ee16bf8ee03d913779e4c566fe94cd42b76826
SHA256 ce2bcf321e4da86e84f7645393e431b24d8353283c6f5ce837c2ba46b5520b7e
SHA512 c27d4fb24eff052abfe8c87968cb43976fd990aae9cb5afb1fcbab9befbd101cae1a2b13f2afe023bfbfb79334b507d8050b2bd70e2ffdd6811bb6f5dcb2c8cb

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOB1G6ZJ\m=sy1c,sy1d,sy1b,FoQBg[1].js

MD5 6d3a8e00244052804ea34b2d51435881
SHA1 ed5188c00d7cdf84d66dc3a7038c6cedd0253935
SHA256 d35991943a6a3be7501301cfcc12c777e74a7040de76bfe7f5e9b5785e1b0f04
SHA512 18489f201b5dd553b9a94e37f3680dd67ddf375eaa1b2491f63341d76248f19c5b08824100a8bc9a69c3ab18b47cbad8c10e89ece629d290d8cb528984c2d508

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOB1G6ZJ\m=sy2v,TRvtze[1].js

MD5 a9d358f4facd0650dcf9b500b446c23e
SHA1 8c2cd364b50050049d9684e3c67f8693e7e6335b
SHA256 14d80be92d568723c375fd3e31f39c38d20ad002f5721d13d846dd8c2154ce72
SHA512 6645e9cb40e9e5d8390cd59e3c96f023a34cd269838ad654581b7282d7a00f7a541d0517ffafa7de3f66c5ea543e181b13c550c9e561dfbd416a8799fed8ef16

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IS2BN16O\m=sy3l,IZT63,vfuNJf,sy3f,sy3j,sy3m,sy3z,sy3x,sy3y,siKnQd,sy3d,sy3k,sy3o,YNjGDd,sy3n,sy3p,PrPYRd,iFQyKf,hc6Ubd,sy40,SpsfSb,sy3g,sy3i,wR5FRb,pXdRYb,dIoSBb,zbML3c[1].js

MD5 3e14aac5f22a51ca45c379a15ce696fb
SHA1 f92d2f9d3628f89e1ce595af503442d2d1b2800d
SHA256 56b31a541e2cc5fff9abb5bb2b5b2abdfa461c22efef32a1d14cd894433c4ac1
SHA512 b5013374061334d2de4340cba1432c087cd8d12327164cadb49acf0f1f757ca48141e6ffa83b01b541283e8cff80dbe829e3cd8bc48a4c8cfccc659ff9d72e5c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IS2BN16O\m=sy14,sy15,sy17,sy18,fuVYe,vVEdxc,sy1a,CG0Qwb[1].js

MD5 281fb03fc0f7806235f45449e56ce74a
SHA1 29d09f32e0b88422d8b24981452ed7b33658c6e6
SHA256 968ae78f21eb46c7b31fb86704b4096497bc20e89181e44c7a3eb120aa2192c0
SHA512 4d7b92436662c90a63610879e70f6fe8bcc13605a0bba84f595f0b532594354d94ecf50513678314c95a15a4764f831fa0207928d9ddbb50798e551322e8ed61

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\2PGRQB2N.txt

MD5 154fb1b853eabd7ddb410847024b1fc9
SHA1 6f90951a322e96f97745fde5503ffabb5c717417
SHA256 ff3cb88c1664d705d11c9a286ad9babd7b702850550dbcb5e2efbce88efbec5a
SHA512 d8223f3ab22c095ecce9254ff3e475df7c35b5ead48a39aeb413c703f53892a5b2a41c186057783914da5be3b7eb4091cdd7ff822e5a13a491adbf161ff74f6c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_90E6705D31DA2761A44BA5F5F40B2AEC

MD5 9b33398362599088b9d516ad66ac36f9
SHA1 38c4f7ff43da26ce596d2cafc7fe4b7b309e1e2f
SHA256 3d1429f2f07d90e0705ec82bef581d56019ac8f007c418a40b1d9edd670f477b
SHA512 9a8464ae016a81a3779b47d516c621c6a9b842da0ceead05388f60968b28fb3b93b0a48bcf1c41cf0c3d965b9087b34e409dfb620bd0ebc2c4fb9e3ee16037fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_90E6705D31DA2761A44BA5F5F40B2AEC

MD5 edd92d3a5aef0d6d7d351b8532bd4667
SHA1 1646fc17beaba241e6e174764c8ffbb744641ae2
SHA256 fc13d1f852723352262919fd72af6cac35a46bc020b34ad9e592bd073b48495c
SHA512 97391c00189f73436f9c089cb85f6e61efae73b2fa6fe72bd59cfcbc6140ddaf3de3ceff09fa02333419622c3ba0a99fcce204fff616581763b3aaea95551ab1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 dccd13bb87c34b798bde3d28c7af617c
SHA1 71731a5a01ee3d3f859c6d2b406000e96ed75848
SHA256 a44a4db50708a13763ecce5dbb9204c715f0b5500d520eaebd1c4b8bc38b1f55
SHA512 ed41b4e35257d94a53850facd7e5b31002c36ec9e9fa8ca48abfe1c3e0ef35192da59b848f79442d94e4af8285a432a692998e913978512b5fb1035245d84519

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 55a0f270a8926df4823f711168c36ee8
SHA1 1c523f2023e7084bf6801c620a33a57bba9773a9
SHA256 a8dc6494a92c3c3bcc52f75ac086201c638837982db651a7b6b1af65dd516831
SHA512 aa104366922cb11d40367e4ffc24b9159564c33962e45b5ed66ec866c3dc9efbf982814eef86da6ce66369224fc28159b5d44db623ff69a299f4a73258b25a53

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 313b35afe2403da1cdb0568cee3caccf
SHA1 9f0e5fe8537b32e4ed32d27d5e639d34c61f6ba3
SHA256 6dcf541c34153dd66388bcea2689f07541d7f71ad9524f00f6c595eba5d09a74
SHA512 b62cbfec0a53fbac179c13ac3d97556be30dab6e0d293e2f5b5f0f184e7f3ca4ea8c6b750282221a58d2d6642d679bbdeb69b39d59ff85368bc2b9256a5c6002

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 cdc3d2436488a9055ef8031a519798f0
SHA1 345e3520d207156d4319e0b436ccc17b8dee3975
SHA256 9d25bda2431131c675c0ab2fce014df17f4b83ec121ccedc50d9cb35c3c8fe6c
SHA512 41d1cdc111957bf65ba36533d979852ac4e61812ddda9144f97b6d194faf842e6565049a88b97ff641c865bbb618be40a5c343594bc828ddfa9e1a1e6bb02d3b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_70445D979E6BDC085A06FAD3F5B6E186

MD5 b93c0e56c0bb127fd6be9999bf3d2c54
SHA1 570d7400b96b19db261977db4a60e28db6aa3c21
SHA256 d45ebbd12edd17dfc558f17b959e7cab8e3e77b8c472e152778e17045ad03cb5
SHA512 69f2c2fe9aed24cd5708147aefe11d5257bcc8267680ed8c5172a675c7bb29f725da8ece0996197558059dee8eb1c378d79a8c3b4fd3c892189a2f800aec8721

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_70445D979E6BDC085A06FAD3F5B6E186

MD5 aabe317b8191bea015deeb13ba1a541c
SHA1 0fb8a404f7d6e2c5c4f688efc01ffabc3c52aa40
SHA256 d97ec4f0db614147af01dcc0d769eff877a407fce9c3060bc6e97e1750d13a9a
SHA512 928c406e55d8e9e3d84b1c09f5ecadbc32ff6bc467f2270e8361e2ec4b1ed839e12d2d1f3f0f11af185f46c3440012d88cf15104affa5299f1e65f1e9b6babe3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_3EE3FFC42F54AA63B06BC4435164B649

MD5 69aa2215363ac90cd49860623994f5e3
SHA1 c5815d4188ac75fefdb19e9cdb0aa834736e66ef
SHA256 23493663db7a7fd187722424f445c3d5c96c13cde765d474c5753e726c0ff00a
SHA512 cd82d6114b82dfefbc55c9364505cbcbb0a1923dcebefa4ba060803e768129b4c3de2eaa73c73556e468cc287b27509bd501fdd67e57ce478896c84f398d1917

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_69D3CBB59EE5319B9CFF3CBDD8573A18

MD5 f2dcfb46740200f5f2888f9cfa1cfa8f
SHA1 f4512c89403b4a6201b41ab8f3135e0a101bfb56
SHA256 dbb319a2fb0b2508eccdcbd90058946fc2a6e127f67d1322351cf2c6581f275b
SHA512 64e1b18954451421595eb1780c1b4c3719a75efaab87c552444cbcae2c54438abe43691c606db73aa3917d49c636ad2b26507536eaddef5f78896f3d6fadda1a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_69D3CBB59EE5319B9CFF3CBDD8573A18

MD5 fc28d921c509b1394dcf36f8cc4521e2
SHA1 36360f0d91ef95bdb447f425ed207ffff41cd30b
SHA256 83d545a86855f97003251b62bd1f08c7227f24092ca9b9da2cef364c0bf55502
SHA512 ec152c0396e9eb7c66b66fab265422b4d7662fdc317d2d87d5b3ef23f3e2a81cf04bc9b6a56c24c235dce5f1c366bd363cba6a1246d51917ae57b9912f4c3085

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SUYBBARZ\favicon[3].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\bqa1h19\imagestore.dat

MD5 35ea04ecdda251fd838cd91459d69b53
SHA1 f2e48e0ecd744e1dca8bd81809df7c4c569fc383
SHA256 01742179433c25a7134a873420317ee2ac43f60e7c850c639596887858ca3023
SHA512 975a39892b67c9d0ab4c10458f2eabce78d9a062bf1b822d5e2923b171af8b5ba1e4e7f5a8b797094bc49202043c5e4fd6f8e194227a03758ab2585cb453752e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IS2BN16O\analytics[1].js

MD5 575b5480531da4d14e7453e2016fe0bc
SHA1 e5c5f3134fe29e60b591c87ea85951f0aea36ee1
SHA256 de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
SHA512 174e48f4fb2a7e7a0be1e16564f9ed2d0bbcc8b4af18cb89ad49cf42b1c3894c8f8e29ce673bc5d9bc8552f88d1d47294ee0e216402566a3f446f04aca24857a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SUYBBARZ\favicon[3].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IS2BN16O\js[1].js

MD5 76de4e20283ed79329780938d0dbaa3a
SHA1 ad034ce7b7f919a5aa4eff8c17e73164e902cb1d
SHA256 124f08bc173aeabfeda88248adfa8a34e6981dd6ed9a04bed7a31d944ad24a8f
SHA512 a40f9ba5c06e5cdf62295de735811b9e62428ba4169a7357218acd8b7ee6e3f2eeae76ec69482ff07c1809cb16f9448260c2ac072901519b5ab34b6ca4bf7c28

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOB1G6ZJ\KFOlCnqEu92Fr1MmWUlfBBc-[1].woff

MD5 cf6613d1adf490972c557a8e318e0868
SHA1 b2198c3fc1c72646d372f63e135e70ba2c9fed8e
SHA256 468e579fe1210fa55525b1c470ed2d1958404512a2dd4fb972cac5ce0ff00b1f
SHA512 1866d890987b1e56e1337ec1e975906ee8202fcc517620c30e9d3be0a9e8eaf3105147b178deb81fa0604745dfe3fb79b3b20d5f2ff2912b66856c38a28c07ee

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOB1G6ZJ\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

MD5 de8b7431b74642e830af4d4f4b513ec9
SHA1 f549f1fe8a0b86ef3fbdcb8d508440aff84c385c
SHA256 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a
SHA512 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_B67A81AFAE089B928194572649A22563

MD5 ac2b6af48c374dc6339191ac6290bbf8
SHA1 4ab3b1ee98dd30825b46cbb18ac33cbe3a1bc53e
SHA256 32d68f4000fc220e01b3c40faa8498dea08dd5193dfe71d9563fc1cbdcf38a05
SHA512 e6aaed5f605ea997abf0fb935a743d7730d1998a20b8b7a1b9f9a1769b80445bd07a5fe25523e68a0b95482c8418ab5ff9770c37d087fedfa5ce5557949c4a6f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_B67A81AFAE089B928194572649A22563

MD5 6884aa3147056dcac73e088baf7f2c18
SHA1 75ace5c794ad5e35fe4741c77c48f842045e79b0
SHA256 92ec4952af2fefb487d9062805d700a17753df5fbf2b2a21425a54601b4a618d
SHA512 0d6f2ecc298727078cefe11157d807634fe53ffeb21f8dfa628c78e76fbbf49152afe34638ac012abf8747a26943fe91b4c60461316adc8288bee3313a8924ef

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QJT1WABK\4UaGrENHsxJlGDuGo1OIlL3Owpg[1].woff

MD5 6dd4ad69d53830bdf5232a13482bd50d
SHA1 6fff1079d7e5d02a2259cb5d7833e790239e01cf
SHA256 5ce48d9e9d748ad4686094d3cc33f5ae1e272a5b618f5c6d146c4d12ef02e4a6
SHA512 fc91e8c4eae384d38667e330c5a5e4bf82ebac9a23ab88439d7c22ccdd125de7f1371dd953f18dee60ef68b680df49a32f684157d90f20e1dac3bffc9df84118

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOB1G6ZJ\KFOmCnqEu92Fr1Mu4mxM[1].woff

MD5 bafb105baeb22d965c70fe52ba6b49d9
SHA1 934014cc9bbe5883542be756b3146c05844b254f
SHA256 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed
SHA512 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QJT1WABK\4UabrENHsxJlGDuGo1OIlLU94YtzCwA[1].woff

MD5 08f80de0acf68d82aabab974a47d9e5f
SHA1 e6f1c0f5395a9c297aa162468961c1faf0ec1ed9
SHA256 4070911a1bb9cc52c4e4cd5e85ca186dcde89308a0517a8faa4715c2e0a9d45e
SHA512 720de47fdda648af7ce5f3f574efa3322191c4d0001e31181739d65ffe0cceced56635af58e5e828072a17eee1ed1e318af467b8ed7f4185ee0f5155501cd8d0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QJT1WABK\js[1].js

MD5 633b3ab20f3f30f7a7cde54cfdbcfdce
SHA1 8fe571dbf58a8625c010590c79e2c2d9ec92b687
SHA256 cd8f138cc6d795d736d130fd66475d9e048d329129d3ee2d83cdf8c459b5fb1b
SHA512 f80387cf8befacc4645f7e374329556b148c2571b8331fa954de3d06e1f008a7170d80fffe420998828499cc5c1e583fe96c5cadbf96f67fe4935796b9efc7e9