Malware Analysis Report

2025-04-13 11:38

Sample ID 240120-sh123scch2
Target 6ac17c75fe88942514249be9b99049a7
SHA256 f080d4331b2cb5dba960a4a630113bc2e62ccd87878b440a9736b76fde734b4f
Tags
socgholish downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f080d4331b2cb5dba960a4a630113bc2e62ccd87878b440a9736b76fde734b4f

Threat Level: Known bad

The file 6ac17c75fe88942514249be9b99049a7 was found to be: Known bad.

Malicious Activity Summary

socgholish downloader

SocGholish

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-01-20 15:08

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-01-20 15:08

Reported

2024-01-20 15:10

Platform

win7-20231215-en

Max time kernel

146s

Max time network

154s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6ac17c75fe88942514249be9b99049a7.html

Signatures

SocGholish

downloader socgholish

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "2630" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\damncok.blogspot.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\blogspot.com\Total = "29" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "1417" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000fef2fa3149f88cddda34d23e04288329f67dfbe8d216fb494f8cf02ca2c7c331000000000e8000000002000020000000d0837c2af0d64599c69fccea786e5c945e8b52044d2c1b772e0329e210bb5f1320000000d31d83ee865239cad583f79871b73a6eb02f9feed6b02e878aa00d4338a6972c40000000d249f69fa31b557c3086d4ffe08a9a0488495c556cfd9d531b6ba51c452ef3baad9defa2700e947adbe8dcd1f773a5644b104b47a353965c3de1f2f6809b51cc C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "2786" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "2827" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "2694" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "136" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\chatroll.com\ = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "411925175" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "17026" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "2665" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "1532" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "1450" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\blogspot.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "1538" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "1450" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80dbe4c6b24bda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\damncok.blogspot.com\ = "29" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "226" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "1417" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\blogspot.com\Total = "61" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\chatroll.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\blogspot.com\Total = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "1532" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "2801" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "2841" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\chatroll.com\Total = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "2815" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\chatroll.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "1417" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "1450" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DOMStorage\chatroll.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6ac17c75fe88942514249be9b99049a7.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2032 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 yourjavascript.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 dinhquanghuy.110mb.com udp
US 8.8.8.8:53 layanan.oposisi.net udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 feeds.feedburner.com udp
US 8.8.8.8:53 adsensecamp.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 216.58.213.10:443 ajax.googleapis.com tcp
GB 216.58.201.97:80 3.bp.blogspot.com tcp
US 13.248.169.48:80 yourjavascript.com tcp
US 13.248.169.48:80 yourjavascript.com tcp
GB 142.250.187.206:80 feeds.feedburner.com tcp
GB 142.250.187.206:80 feeds.feedburner.com tcp
GB 216.58.213.10:443 ajax.googleapis.com tcp
GB 216.58.201.97:80 3.bp.blogspot.com tcp
GB 142.250.180.9:443 resources.blogblog.com tcp
US 8.8.8.8:53 ferrysiregar.files.wordpress.com udp
GB 142.250.180.9:443 resources.blogblog.com tcp
GB 142.250.180.9:443 resources.blogblog.com tcp
GB 142.250.180.9:443 resources.blogblog.com tcp
GB 142.250.187.238:443 apis.google.com tcp
GB 142.250.187.238:443 apis.google.com tcp
US 8.8.8.8:53 ilmuphotoshop.com udp
US 8.8.8.8:53 www.linkwithin.com udp
GB 216.58.201.97:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 216.58.201.97:80 3.bp.blogspot.com tcp
GB 216.58.201.97:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 c.gigcount.com udp
US 8.8.8.8:53 www.reverbnation.com udp
GB 216.58.201.97:80 3.bp.blogspot.com tcp
GB 216.58.201.97:80 3.bp.blogspot.com tcp
GB 216.58.201.97:80 3.bp.blogspot.com tcp
US 13.248.169.48:80 yourjavascript.com tcp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 banner.adsensecamp.com udp
US 8.8.8.8:53 icons.iconarchive.com udp
US 8.8.8.8:53 imemovaz.googlecode.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 andreykusanagi.googlecode.com udp
US 8.8.8.8:53 mybloggertricks.googlecode.com udp
US 8.8.8.8:53 www.alertpay.com udp
GB 216.58.201.97:80 3.bp.blogspot.com tcp
GB 216.58.201.97:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 www.lintas.me udp
US 8.8.8.8:53 s2.sigmirror.com udp
US 8.8.8.8:53 vicahya.googlecode.com udp
GB 142.250.180.9:443 resources.blogblog.com tcp
US 8.8.8.8:53 js-kit.com udp
GB 216.58.204.68:80 www.google.com tcp
GB 216.58.204.68:80 www.google.com tcp
US 3.83.73.82:80 www.reverbnation.com tcp
US 3.83.73.82:80 www.reverbnation.com tcp
DE 37.252.173.215:80 ib.adnxs.com tcp
DE 37.252.173.215:80 ib.adnxs.com tcp
US 68.178.195.71:80 www.linkwithin.com tcp
US 68.178.195.71:80 www.linkwithin.com tcp
ID 103.30.145.12:80 banner.adsensecamp.com tcp
ID 103.30.145.12:80 banner.adsensecamp.com tcp
US 103.224.182.251:80 c.gigcount.com tcp
GB 142.250.180.1:443 lh3.googleusercontent.com tcp
GB 142.250.180.1:443 lh3.googleusercontent.com tcp
US 103.224.182.251:80 c.gigcount.com tcp
US 104.21.235.214:80 icons.iconarchive.com tcp
US 104.21.235.214:80 icons.iconarchive.com tcp
US 192.0.72.17:80 ferrysiregar.files.wordpress.com tcp
US 192.0.72.17:80 ferrysiregar.files.wordpress.com tcp
US 192.0.72.17:80 ferrysiregar.files.wordpress.com tcp
US 192.0.72.17:80 ferrysiregar.files.wordpress.com tcp
IE 209.85.203.82:80 vicahya.googlecode.com tcp
US 192.0.72.17:80 ferrysiregar.files.wordpress.com tcp
IE 209.85.203.82:80 vicahya.googlecode.com tcp
GB 142.250.180.1:443 lh3.googleusercontent.com tcp
US 192.0.72.17:80 ferrysiregar.files.wordpress.com tcp
GB 142.250.180.1:443 lh3.googleusercontent.com tcp
US 188.114.97.2:80 ilmuphotoshop.com tcp
US 188.114.97.2:80 ilmuphotoshop.com tcp
US 188.114.97.2:80 ilmuphotoshop.com tcp
US 188.114.97.2:80 ilmuphotoshop.com tcp
US 188.114.97.2:80 ilmuphotoshop.com tcp
US 188.114.97.2:80 ilmuphotoshop.com tcp
IE 209.85.203.82:80 vicahya.googlecode.com tcp
IE 209.85.203.82:80 vicahya.googlecode.com tcp
IE 209.85.203.82:80 vicahya.googlecode.com tcp
IE 209.85.203.82:80 vicahya.googlecode.com tcp
US 104.21.59.55:80 www.lintas.me tcp
US 104.21.59.55:80 www.lintas.me tcp
IE 209.85.203.82:80 vicahya.googlecode.com tcp
IE 209.85.203.82:80 vicahya.googlecode.com tcp
DE 18.155.153.66:80 js-kit.com tcp
DE 18.155.153.66:80 js-kit.com tcp
US 151.201.135.114:443 www.alertpay.com tcp
US 151.201.135.114:443 www.alertpay.com tcp
US 13.248.169.48:443 yourjavascript.com tcp
US 13.248.169.48:443 yourjavascript.com tcp
US 13.248.169.48:443 yourjavascript.com tcp
US 8.8.8.8:53 t.ly udp
US 172.67.75.122:443 t.ly tcp
US 172.67.75.122:443 t.ly tcp
US 3.83.73.82:443 www.reverbnation.com tcp
ID 103.30.145.12:80 banner.adsensecamp.com tcp
ID 103.30.145.12:80 banner.adsensecamp.com tcp
ID 103.30.145.12:80 banner.adsensecamp.com tcp
US 68.178.195.71:80 www.linkwithin.com tcp
US 68.178.195.71:80 www.linkwithin.com tcp
US 13.248.169.48:443 yourjavascript.com tcp
US 188.114.97.2:80 ilmuphotoshop.com tcp
US 188.114.97.2:80 ilmuphotoshop.com tcp
DE 18.155.153.66:443 js-kit.com tcp
ID 103.30.145.12:443 banner.adsensecamp.com tcp
DE 18.155.153.66:443 js-kit.com tcp
US 68.178.195.71:443 www.linkwithin.com tcp
DE 18.155.153.66:443 js-kit.com tcp
US 68.178.195.71:443 www.linkwithin.com tcp
US 192.0.72.17:443 ferrysiregar.files.wordpress.com tcp
DE 18.155.153.66:443 js-kit.com tcp
ID 103.30.145.12:443 banner.adsensecamp.com tcp
ID 103.30.145.12:443 banner.adsensecamp.com tcp
ID 103.30.145.12:443 banner.adsensecamp.com tcp
US 188.114.97.2:80 ilmuphotoshop.com tcp
US 188.114.97.2:80 ilmuphotoshop.com tcp
US 192.0.72.17:443 ferrysiregar.files.wordpress.com tcp
US 192.0.72.17:443 ferrysiregar.files.wordpress.com tcp
US 192.0.72.17:443 ferrysiregar.files.wordpress.com tcp
US 192.0.72.17:443 ferrysiregar.files.wordpress.com tcp
US 192.0.72.17:443 ferrysiregar.files.wordpress.com tcp
US 13.248.169.48:443 yourjavascript.com tcp
DE 37.252.173.215:443 ib.adnxs.com tcp
US 13.248.169.48:443 yourjavascript.com tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.184:80 apps.identrust.com tcp
US 188.114.97.2:80 ilmuphotoshop.com tcp
US 188.114.97.2:80 ilmuphotoshop.com tcp
US 192.0.72.17:443 ferrysiregar.files.wordpress.com tcp
US 192.0.72.17:443 ferrysiregar.files.wordpress.com tcp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
DE 54.230.207.189:80 ocsp.r2m02.amazontrust.com tcp
US 13.248.169.48:443 yourjavascript.com tcp
US 13.248.169.48:443 yourjavascript.com tcp
GB 216.58.204.78:80 www.google-analytics.com tcp
GB 216.58.204.78:80 www.google-analytics.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 chatroll.com udp
GB 142.250.187.206:443 www.youtube.com tcp
GB 142.250.187.206:443 www.youtube.com tcp
US 169.47.242.252:80 chatroll.com tcp
US 169.47.242.252:80 chatroll.com tcp
US 169.47.242.252:443 chatroll.com tcp
US 8.8.8.8:53 s10.histats.com udp
US 8.8.8.8:53 accounts.google.com udp
US 104.20.80.99:80 s10.histats.com tcp
US 104.20.80.99:80 s10.histats.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
GB 142.250.187.206:443 www.youtube.com tcp
US 8.8.8.8:53 s4.histats.com udp
CA 149.56.240.130:443 s4.histats.com tcp
CA 149.56.240.130:443 s4.histats.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 lh3.ggpht.com udp
GB 216.58.201.97:80 lh3.ggpht.com tcp
GB 216.58.201.97:80 lh3.ggpht.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.10:443 jnn-pa.googleapis.com tcp
GB 216.58.204.70:443 static.doubleclick.net tcp
GB 216.58.204.70:443 static.doubleclick.net tcp
US 8.8.8.8:53 www.scri8e.com udp
US 8.8.8.8:53 dw3mgzt87vzb4.cloudfront.net udp
DE 18.155.152.121:443 dw3mgzt87vzb4.cloudfront.net tcp
DE 18.155.152.121:443 dw3mgzt87vzb4.cloudfront.net tcp
DE 18.155.152.121:443 dw3mgzt87vzb4.cloudfront.net tcp
US 208.87.227.250:80 www.scri8e.com tcp
US 208.87.227.250:80 www.scri8e.com tcp
GB 142.250.180.1:443 lh3.googleusercontent.com tcp
GB 142.250.180.1:443 lh3.googleusercontent.com tcp
GB 142.250.180.1:443 lh3.googleusercontent.com tcp
GB 216.58.201.97:443 lh3.ggpht.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 142.250.180.1:443 lh3.googleusercontent.com tcp
GB 216.58.201.97:443 1.bp.blogspot.com tcp
GB 216.58.201.97:443 1.bp.blogspot.com tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.147.23:443 connect.facebook.net tcp
GB 163.70.147.23:443 connect.facebook.net tcp
US 8.8.8.8:53 d167qii8h0pw75.cloudfront.net udp
DE 52.222.190.25:443 d167qii8h0pw75.cloudfront.net tcp
DE 52.222.190.25:443 d167qii8h0pw75.cloudfront.net tcp
US 8.8.8.8:53 d33tru5sm6wy0x.cloudfront.net udp
DE 54.230.182.11:443 d33tru5sm6wy0x.cloudfront.net tcp
DE 54.230.182.11:443 d33tru5sm6wy0x.cloudfront.net tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 8.8.8.8:53 x2.c.lencr.org udp
GB 2.19.169.32:80 x2.c.lencr.org tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
CA 149.56.240.130:443 s4.histats.com tcp
CA 149.56.240.130:443 s4.histats.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 188.114.97.2:443 ilmuphotoshop.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 169.47.242.252:443 chatroll.com tcp
GB 142.250.180.1:443 lh3.googleusercontent.com tcp
GB 142.250.180.1:443 lh3.googleusercontent.com tcp
GB 142.250.180.9:443 resources.blogblog.com tcp
GB 142.250.180.9:443 resources.blogblog.com tcp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
GB 142.250.180.1:443 lh6.googleusercontent.com tcp
GB 142.250.180.1:443 lh6.googleusercontent.com tcp
GB 142.250.180.1:443 lh6.googleusercontent.com tcp
GB 142.250.180.1:443 lh6.googleusercontent.com tcp
GB 142.250.187.206:443 www.youtube.com tcp
GB 142.250.187.206:443 www.youtube.com tcp
GB 142.250.187.206:443 www.youtube.com tcp
GB 142.250.187.206:443 www.youtube.com tcp
GB 142.250.187.206:443 www.youtube.com tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 172.217.169.10:443 jnn-pa.googleapis.com tcp
DE 52.222.190.25:443 d167qii8h0pw75.cloudfront.net tcp
DE 52.222.190.25:443 d167qii8h0pw75.cloudfront.net tcp
DE 54.230.182.11:443 d33tru5sm6wy0x.cloudfront.net tcp
DE 54.230.182.11:443 d33tru5sm6wy0x.cloudfront.net tcp
US 8.8.8.8:53 damncok.blogspot.com udp
GB 142.250.178.1:80 damncok.blogspot.com tcp
GB 142.250.178.1:80 damncok.blogspot.com tcp
GB 142.250.178.1:443 damncok.blogspot.com tcp
GB 216.58.213.10:443 ajax.googleapis.com tcp
GB 216.58.213.10:443 ajax.googleapis.com tcp
GB 216.58.201.97:443 1.bp.blogspot.com tcp
GB 216.58.201.97:443 1.bp.blogspot.com tcp
GB 216.58.201.97:443 1.bp.blogspot.com tcp
GB 216.58.201.97:443 1.bp.blogspot.com tcp
GB 216.58.201.97:80 1.bp.blogspot.com tcp
US 13.248.169.48:443 yourjavascript.com tcp
US 13.248.169.48:443 yourjavascript.com tcp
GB 216.58.201.97:443 1.bp.blogspot.com tcp
GB 216.58.201.97:443 1.bp.blogspot.com tcp
GB 216.58.201.97:443 1.bp.blogspot.com tcp
GB 216.58.201.97:443 1.bp.blogspot.com tcp
GB 216.58.201.97:443 1.bp.blogspot.com tcp
GB 216.58.201.97:443 1.bp.blogspot.com tcp
GB 216.58.201.97:443 1.bp.blogspot.com tcp
GB 216.58.201.97:443 1.bp.blogspot.com tcp
GB 142.250.178.1:443 damncok.blogspot.com tcp
GB 142.250.178.1:443 damncok.blogspot.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 216.58.201.97:443 1.bp.blogspot.com tcp
GB 216.58.201.97:443 1.bp.blogspot.com tcp
GB 142.250.180.1:443 lh6.googleusercontent.com tcp
GB 142.250.180.1:443 lh6.googleusercontent.com tcp
US 8.8.8.8:53 coepoe.googlecode.com udp
GB 216.58.201.97:443 1.bp.blogspot.com tcp
US 8.8.8.8:53 fbcdn-sphotos-d-a.akamaihd.net udp
GB 216.58.201.97:443 1.bp.blogspot.com tcp
GB 216.58.201.97:443 1.bp.blogspot.com tcp
GB 216.58.201.97:443 1.bp.blogspot.com tcp
GB 142.250.180.1:443 lh6.googleusercontent.com tcp
GB 142.250.180.1:443 lh6.googleusercontent.com tcp
GB 142.250.180.1:443 lh6.googleusercontent.com tcp
US 8.8.8.8:53 s7.addthis.com udp
GB 142.250.178.1:443 damncok.blogspot.com tcp
GB 142.250.178.1:443 damncok.blogspot.com tcp
GB 216.58.201.97:443 1.bp.blogspot.com tcp
GB 142.250.180.1:443 lh6.googleusercontent.com tcp
GB 216.58.201.97:443 1.bp.blogspot.com tcp
GB 216.58.201.97:443 1.bp.blogspot.com tcp
GB 142.250.178.1:443 damncok.blogspot.com tcp
GB 142.250.180.9:443 resources.blogblog.com tcp
US 8.8.8.8:53 nwidget.networkedblogs.com udp
GB 23.53.172.71:443 s7.addthis.com tcp
GB 23.53.172.71:443 s7.addthis.com tcp
US 13.248.169.48:443 yourjavascript.com tcp
GB 163.70.147.23:443 connect.facebook.net tcp
GB 163.70.147.23:443 connect.facebook.net tcp
US 13.248.169.48:443 yourjavascript.com tcp
GB 216.58.201.97:443 1.bp.blogspot.com tcp
GB 142.250.178.1:443 damncok.blogspot.com tcp
US 13.248.169.48:443 yourjavascript.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
IE 209.85.203.82:443 coepoe.googlecode.com tcp
IE 209.85.203.82:443 coepoe.googlecode.com tcp
US 13.248.169.48:443 yourjavascript.com tcp
US 8.8.8.8:53 platform.twitter.com udp
GB 216.58.201.97:80 1.bp.blogspot.com tcp
GB 216.58.201.97:80 1.bp.blogspot.com tcp
GB 216.58.201.97:80 1.bp.blogspot.com tcp
GB 216.58.201.97:80 1.bp.blogspot.com tcp
GB 216.58.201.97:80 1.bp.blogspot.com tcp
GB 216.58.201.97:80 1.bp.blogspot.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
GB 142.250.187.206:443 www.youtube.com tcp
GB 142.250.187.206:443 www.youtube.com tcp
GB 216.58.201.97:80 1.bp.blogspot.com tcp
GB 216.58.201.97:80 1.bp.blogspot.com tcp
GB 216.58.201.97:80 1.bp.blogspot.com tcp
GB 216.58.201.97:80 1.bp.blogspot.com tcp
GB 216.58.201.97:80 1.bp.blogspot.com tcp
GB 216.58.201.97:80 1.bp.blogspot.com tcp
GB 216.58.201.97:80 1.bp.blogspot.com tcp
GB 216.58.201.97:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 img.youtube.com udp
GB 172.217.169.14:443 img.youtube.com tcp
GB 172.217.169.14:443 img.youtube.com tcp
GB 172.217.169.14:443 img.youtube.com tcp
GB 172.217.169.14:443 img.youtube.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
GB 216.58.201.97:443 1.bp.blogspot.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 142.250.187.206:443 img.youtube.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 216.58.204.70:443 static.doubleclick.net tcp
GB 216.58.204.70:443 static.doubleclick.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
PL 93.184.220.66:443 platform.twitter.com tcp
GB 142.250.180.9:443 resources.blogblog.com tcp
GB 142.250.180.9:443 resources.blogblog.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
GB 216.58.204.68:443 www.google.com tcp
GB 216.58.204.68:443 www.google.com tcp
US 8.8.8.8:53 fe0.google.com udp

Files

C:\Users\Admin\AppData\Local\Temp\Tar90DF.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\Cab90BD.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\fl-isi-pattern-dan-track[1].htm

MD5 4f8e702cc244ec5d4de32740c0ecbd97
SHA1 3adb1f02d5b6054de0046e367c1d687b6cdf7aff
SHA256 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
SHA512 21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 36c47129f1def11f9d249389133659f0
SHA1 166b48925ff4c78bae9e50d4201d2a24e1b10891
SHA256 1cc834254789aea0cbc04890a6eeca917a5d9d4575300721e4f27ee102918c92
SHA512 8d128c108e51a5a6aa550d33e3267d7b1e4c2a33518e530014f16dcbf90e5cc19d632bfeb0a0763011d9906708e6f861adc32a8dab1f25f3118b261d4269dd6a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 e4690efc73fc756ad5b926656ba1486e
SHA1 4201c8e74618c3e1e50c4c5753d99109b46bb335
SHA256 2e5469c77ff7ac2f3fb4b7548a1baeaf6c0c60b8d9dead0fb5f8a0a03216cc5e
SHA512 a691a2e4bf1f77047ec029f5d8549ff0e39d70ef7f4590944100cdf1ba18aa66b5aee70d8842384f8f4dfbd8477a74d6cd74d483b4b1513215c2a6073eccc56d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b407478de1e79ecfaa060baa653bb6c
SHA1 9e28caa5f7ec6d841b4561fd81a8e106d872984b
SHA256 bdb15e1c2315b802b50b4d43892f38a46c29f07de41116042043adf7d5ff375b
SHA512 7651ba69825dc099a2b258e911b7a9a8968cfd587de20dcda4771085a0ef9212694a674eba7f7ad501305a57711b1451546055c092b02a967166a04bcf376e1f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 e2f9e858cf0540434fa6827f2f5326f3
SHA1 8a41e7e0c080cced8b903cab1679d818400c04ab
SHA256 c0276295cd5274534d09da1a51bfe16708322acc634ce3f65f0e871787f7d065
SHA512 f2d358ff76aacd6227b8b731865ba97b761a8bb2b616c8cdae386bb5d6582dd83262ef81b0aa8965e5afdc9d58a7337f1e4376bcdb0c7034cc20822d0725cae9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 00895cbf702c946f1b7241f7c0b53e1b
SHA1 435da0342b1db0e82daa7f4cbf0f22ad531c2448
SHA256 ad642dd75287e2245fd038645f4322fba13d7d8fee725f6d8745e7ae225c7739
SHA512 92c04f908b400f080e727d601d9d452da028311c84701d0e883618f8a81e84321a8bf1f82d533bf64c5881664990a30265df2b37898985cc672fccf31737ce48

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 7a71ef65c5b7696efe7a38f2d7deb1be
SHA1 ccf4b87d5d134959d78c2f8c7f9d37e2291694fe
SHA256 04ea5e63c64da8443faf2acfe9680ae32286abb5837836da09e020cce13f5d34
SHA512 80ee6e7a30b19c34e3d881964751448d86a0ab000b6c095727fcf48238ed3544caed6e41e5d42a040f262c1fecef8650da70c44629ff92dd264710bb2da30ecf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6da72823030c686befebd0bfb552e1bd
SHA1 35c6f7f51caf51475fced64d49f881f186739fad
SHA256 9c46e6d26c91813f21ccb9f73328ba778a9e3af1e5e1bbad3ed2dafa6ed47f01
SHA512 8a993f30a0240b5ec5fa3f1062fa8328683fd629bf3d559e15a75b57929f08855cafac2b5a1f1ad0fd0241c3c029c68869da2a64261f52e582e0042233854e8c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 60c36a904f450d8cc44c124ffc96c520
SHA1 3b08def4353f906c04f5b56e36030c1d089d209f
SHA256 71f11828876f656cdad1bced03a97678db599f2c3261372aa5afb6b571f72f45
SHA512 2247c19201358c5cb45e21268db96d3342806317334b1080875fa147c2be574ce63f10dcbb932db0e015568430b1701121ba3085b9e5a50d25e8a1f098f27801

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 12d4b9b67a5e6c1a234ba20fb335623e
SHA1 f84355ccbe756bf8305a2094290f7edf3ef9c97a
SHA256 78cd9b6e8e68f4d445b35a06d5546809476f5aaa12923d9595517aa97a8f712e
SHA512 2715239c89de499d1ba0d203f2f8b35fe2fde73f77fe761619aa847681bce412bae173a1799a82b93603d1c50a75df584977d40a062d170606be12cca1092317

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 32af0bc2763be3dca2b9a337638a0137
SHA1 956fe9e8f94e0de4b4189ae2405d06c88cdaa530
SHA256 aab72b4223605147ccd6d47c88cc690d09ba71679c3cd52815a56cba4fa29e65
SHA512 f4a0754b6af83a28a60212d21271c322e67e81501fecd3f9786bdfa440c3ceb8ceb249c39292183c245542e23fc7c53f7c06a32209d944f5a82d7c82efb5ae04

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9523dea668c2d433cdb82645e5de6319
SHA1 22ca7abd1274bd6eb54ea85790f3a785d7135bc1
SHA256 f67198adf4b78326639cc0f5c9adb3804ff15a868e59be47b3d7f162374aed9b
SHA512 f107774316808c24c39b846a55faf44428829fdb959e5d96186c016002d3276687f50984d6a8629a53e571789332e8ee03a89a80b94a7049c513ac3423910d78

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1eaaaaadbef98d9f1c51deb3e6ee2780
SHA1 f9a733b5d25e9257d938f611d17a450e6bcebfa6
SHA256 0c1298068bca84d266e103903a76a76f6c137a78cf3bf10c11c8c1ce99c00e9d
SHA512 dcf4362f0f796f84e2d143230835a4e6cca81052a6df5f763a0234bc9bc8e94776538520fca8492c66d93c59da9cf223366a19f6458500c78e0ab6c3ac416a44

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

MD5 d4ae187b4574036c2d76b6df8a8c1a30
SHA1 b06f409fa14bab33cbaf4a37811b8740b624d9e5
SHA256 a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7
SHA512 1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

MD5 ecfdf819361fb259a17acb4b31676d61
SHA1 9b6592a472dd99573f876fc6a253da0def7a7469
SHA256 574d6fbad2e764d39b06cdd40f46ee6f58209bb0c4cc4a1459c327b58d6fcbb9
SHA512 6657b7b221be736a95c1a2d7737d3f926f78228cd0d5248426168749387c402b7c9a4b08fb2c4a3147debc811cfae19b219b252b3c3e4b1db7d4e0b954a6002a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bff5f97db59894ff8d5c0583a1d20ef9
SHA1 ef372784c98cec4dab8aa5e2f4b45a0a856df226
SHA256 f7b6448a1366dbf33cf98b064149384cfc494a3443882129e75b6fe9fdade11d
SHA512 eeb2a6cfc13c9d26d797fed51b8cb7e28d4ac5724a4c0235fd20d809f0bac89d44ebad732cb88a93ea3112bc4ebe487ad756dddf3944444ef608032713d9c41f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 184d889c0f2c1981245c78cab8b3abff
SHA1 1a983100184d46989e063e43e8af8139c74b6290
SHA256 b51936cdcc53d0b4b82e83ba689bc6889901fe27e48f7c01f2f4037af959e543
SHA512 a5c010f121b09bd2c9fb228e45dad7391229b05b3ef56193e66c966719f8e436db3875b0bee4a1b3d6e3e8fa94fd0050cb8d639da355222151573da744c49f86

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 b7df032cc3a853670350a3032d8e95c7
SHA1 f958ec636da9cff22da13ea8779015026ff936f2
SHA256 fefea411634470014fd6b2714613dfc4226f1a77fe87318c44cc00ae60668887
SHA512 ee1a2e7f0a5dd4ec0d28f5e71207ebaf1ddf5dfc538364ba9147ba8ad524e8fc9c31525c63a37723c7cae4c168a9ae0fcb79fec6c872b18b8803977708671b21

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7eb516932282feb82904b7dbfa3dcac6
SHA1 a7293cfbc302b0073c29875ff17e5357cf04a4e9
SHA256 d6e8feedb8e4df709078956284a8fbc2f1436e0aff1904fbe2217e94e02dafc3
SHA512 52d552a19fffcd4d5158f1312553746bdcf3f08f92c4032c0c1796aa617bdef15265ea73845e42f099d66182cd33f130d69a7392b75577a8c51e1abd7a7eb3c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 95085c86f9e239ce8cef900f3ed464ba
SHA1 8d6c98e225ef4151a3847773a34edeb354ffe2e3
SHA256 7da1b997adae8aab3b5181f362c5603611a3219cf9523d2627e883b5131937ec
SHA512 15b51082655a335b09c29338470be7336d7761b4148fe8dcb86ca7a9ba7f3ba32f5bfa473a57d485f40f27bec9e23973e8fed28ea211464ecad8ae4e84f21c18

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 824a95ff30c78b5def53a9c5db25c061
SHA1 7c5d4a48c75c2eece644aaf076bd20c61bcd95a2
SHA256 2b473787388f0196a8392e5fe9b540a1fdf449b3444e90640df9259c4c28f3b8
SHA512 8c38cb5458a25cd2d24d04eab609a2c3be49feb84dbb8d071021532780574be318a99b157b5f076849f198b6e3533fc396f2a9d26ea3a86352c982ec1398a7b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

MD5 08cf8611eb7a923d19aa811e20f88f41
SHA1 7976cc416ea68b1717bd5b298cc9fb57ceca7007
SHA256 0c5aeb2c9c0698aaebae62155762758f3d24bf34d71bb84857af236b24f1fd3d
SHA512 70c318d2a1dfc33af351430c302f39b0d935aded389f7214eb3736c5a9f2ba9a9bbb78b496cf7c3f17da055f82eec415688796baddecf0fc9cecc3c71bf66297

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3210ac133ad98a1886e5dd6c7f887e34
SHA1 5b072c8ad05e9e502ed658a8d4bedd1ab4c66f79
SHA256 d7623f9eae154f23fb4231ac127bb40ebb1881e1371165e698c119a96a8f24cd
SHA512 3fdee8ed1a9e4b4e6dab6e99fb365f49ff610673e90eb739baef1df1d29886e07d461ee89a4f76a2e69fc675db6ab57359557282599d2738f86997f8d3514c8d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

MD5 32bd3239e2660848bd249be292e15877
SHA1 b39900570e5d3e346fca8a4155365bdd41a70079
SHA256 2ce71544abd19e5ed5cc3aad76e6089fb0896c757275ba50e4be71ff8baf4b7f
SHA512 5cd76b546431614b25efda51d4eabf88c600bfbd11e5ccb51e7c65a2d979f6e5b914887fff60d1424bb6d6be644afbdb35b97ba8a713f486dbcd7de86317927e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 44c9aeb1a693f221adf5e6b27201eca9
SHA1 0b16e655e862841090f2e9431d98f6fedab3064a
SHA256 5f1649a1a485d3dcc14d5eba438276196596154b765914717ead8245d6a7e0cd
SHA512 ca8b9fd5184fe38ac77881e0f6a58a637886bf29fa0ff8f8d451093ac5ad5f73a7a2d1451262c9dcb14bfa0b72d9077f6f8573129b5970a08ef0fa68f67df7c8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

MD5 52b0f8d471d8aa1942727ffdb6e56b5e
SHA1 546d2c77311e46effc4b256d9ebb716f7b31f1fb
SHA256 656b92a51939ff4c0e370ef18c89fac704326080125c93861c317a50cadfd6c6
SHA512 ac4b373cac183626c4354376d0b3912b09652dfe9df65f4798403ee6b0082a68a97e7a992f826ab56ca7e44388a72cd8f86ccdf1eb89aaace9ef8b6685ae8a75

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\53STNJLW\forex-2[1].htm

MD5 fda44910deb1a460be4ac5d56d61d837
SHA1 f6d0c643351580307b2eaa6a7560e76965496bc7
SHA256 933b971c6388d594a23fa1559825db5bec8ade2db1240aa8fc9d0c684949e8c9
SHA512 57dda9aa7c29f960cd7948a4e4567844d3289fa729e9e388e7f4edcbdf16bf6a94536598b4f9ff8942849f1f96bd3c00bc24a75e748a36fbf2a145f63bf904c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

MD5 18d1e932d4a9af070bbdecc99e816464
SHA1 6dbf12673298f13d45536b388df57663c85d7e37
SHA256 812dcd6ed02f733e3c240b6c01303f0dd973485ebc4ce945ab9fe4977c26adb4
SHA512 ff0218b59517b2341ad0554fcbdfce288318805891441877bfe10edb92e3398f8982fa54bba7111d71029281d8ad87c1c1951faed23dd17bffa38f9c9ae07851

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

MD5 e9fb87a0f27b5395de7a3b7e456611a0
SHA1 03d5923e9ca914bf9e33a524fccbe8cc9e77a44c
SHA256 c81a384cdba25b65021f0214ccfe7c8969dd972a2869ddeb7ac38fb81b97847b
SHA512 58c60fa86cd3d24b60a9e5d2b950556356c088e3528b822875bd0fa8af52f2d30e5c90492444664bd0feb0b11760ea55eccdd35d32b5217669cfe18e96a1bef9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ddc4893ebccc2d6626219542ff4bd810
SHA1 1b538980fa76a241984a7df873451c573f990eec
SHA256 88b0a8d8a840dbaed6cab057902b368c7441a2983544baab8f3408f6695e5b23
SHA512 7faf469e249a71d7e819d02e1d5f95ceec2e6b5d71b48a5037d3dbdd96b40c0ac7073ab100022c412bba6f667d004fee0e59bf3ef497d8b392c0291ee7df028e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 230c69f5431b129de0ab4ba1df405094
SHA1 5e10acd50623dab3c9ffc3aee936d91cf94d54f6
SHA256 a6cdbc37fea2ac9b420bc7a2bfebb900a28ec89d52f7efff198b2ca79f7758f9
SHA512 4d222ba581f92fc1ad6943d367b5990bd1df29b50fcf229d4e590b44e0c58ff5bd9a1720aaf36d1d5866ff1bb97809512e5b40e5ab3d61428d1e1405087e9cfb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f36fffa8094767f7bf16f262e6a806da
SHA1 2a8f86f11101ff6f6127eb1e7c1f29f70b582576
SHA256 416660654ea07f922ee2891a8f60d43f75807474aa1cd9c7d0036e77dd0aaf49
SHA512 9ba3c2735e2c1fbb57bff08908ef99efa252f5e9dad56a442b31aa55e0c0e7b212ce5eacc1a436c82560495a90817382ad9a7eb09b650409f36ab89348830446

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c59ae18690e2635114cae940aa20d48f
SHA1 2e8cf2b7e807148a1a8ebc31110a6f3a963dd697
SHA256 60702ca05edadf5f6a59ba713f796a89ba5090d6e0166403da026e4668651a0c
SHA512 be3adc32faa96b506098cae72093f8183cf630900fcb814d2fd0d7c7b36ec39b6cf322da98a503ea9376aad6fb984daaf432cadf0d1eaebbdf3ece8d56b8cb30

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 987af1da05d0911de06b9596337f79f2
SHA1 a077c88b2fdd63a3c2030ee0984e3eb978f83df7
SHA256 1ad7090152b2b9c3b4d2f1bb0dc3980983f70c31719fb969c97c1179abc97274
SHA512 62a9967b26c75cb6b51d16f0af31c104ca8ae1f3adf2e9cc843c6ae42df88f0f33d6061c302da135129a2aaad990a2f8470da4a4efda8e8be88632feed87baa0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc0e173757237f7e9f024425d8a4d77d
SHA1 db4220b3d9d5d3daf01facba849c4da266c5f6df
SHA256 c3c05d6139697572027b2736c3f8030453a50fd12eb23c24e18632edd4c5c054
SHA512 f8fb8f3203ab1dd7d481f4ca762eda947ba5c71b60352a0fe6d89ad7a75b30a09000eba311751aeff7fe5954203ad721fb1cf1292da9564af4b3a9dfa9913764

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8eb5cbcfbcd075585a423c702fcbbe2d
SHA1 37c708b7337f07d46f9f7cbd5b752603e323fe28
SHA256 f5ec7e8522a905fb567b29728a697032f656bea99092892528ea52314c9b1291
SHA512 66dad4f655d36e838deecc0f1bbd2890b4cc06ffa9985e7cd693bc95bb27cf8812e9d13ec552fb716a41eba6251bb9cd8d2692a320b21076392083baa07f410a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 29ad262779c2c0bf8b273477d2978f10
SHA1 ac1987e2b38a9bf047e353575e67ed0e3a51eab7
SHA256 15ad9a7cfac725f352f335b41b984e7f2bd4837571befa3fda5be7154a94f5b1
SHA512 03350734258dc50cab4b4cfadd729d5e6e7e61cd56b09171ab816df54f00f6a0799f1272bc3895e4c09a51d4226c6154c4e88927db5fb007f9da55f71eb80627

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aadd40a5899092a2fe42278ca6f24a73
SHA1 b7c40e677252fce0705800cdf1058271d7d92025
SHA256 f0628c5fe18d8e99ff292b83800970e5158d28b6ad1fad8ba19530d630b984b3
SHA512 70079af6b004ddba44b29a32bbe283631f9e69e5e96f26c0f852f5b3a94e61847dfb992c2d177167cbbeb89eaf3af37cf7bde3ea302627a19babd14830c83d50

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8891eb4a38801330fa09021c3ba90ffd
SHA1 e4a4c61831e5e5c88942bde60e159296a0043d38
SHA256 d433096fbe0f811fd401195e31242b53ce9a513db00a0c302f7c853d2f387cf3
SHA512 60c1235fa69b1e895aacfb03735fa52bb809ddb6cee809f2167235f3dc033f4777cf02ff014a1855d8be2399931c3307e5d1a2b1efef8b9e56371f656b054cd1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4afe796e88e65dd1d484149634d09da2
SHA1 3c6ab45171f6f86fdcf96ef823ea15bb992afb65
SHA256 fa276810919abfb33c02d1303e75cde171c04b8fd12550ef228e3ec1c574002c
SHA512 3b90a347f2b443ecf6abccaceae416a232203a18d3a879f2075ffccae147ff41f982250504ef83bee8db8111c173ff4ce9b3add8d0d377c0d4c311f1c0b2fc2d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

MD5 60fe01df86be2e5331b0cdbe86165686
SHA1 2a79f9713c3f192862ff80508062e64e8e0b29bd
SHA256 c08ccbc876cd5a7cdfa9670f9637da57f6a1282198a9bc71fc7d7247a6e5b7a8
SHA512 ef9f9a4dedcbfe339f4f3d07fb614645596c6f2b15608bdccdad492578b735f7cb075bdaa07178c764582ee345857ec4665f90342694e6a60786bb3d9b3a3d23

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 349808c18585032f2b27ebf23a3aefc5
SHA1 24e13976a2c6fcb8bc38ac1d9c1432218c49fbb6
SHA256 50fd9da4ac248f5081638798f540d8ed481d9fac79a138149ce9cb1a0111e642
SHA512 1cc23bbdddb07d655089ae80b231cd72b39698dad891b26455a716ea9d57da6122c505c405a27f45c071a7245fc09d4e7af343c8f29c0e359d1d5193655c9d5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 43c84078fb168019e2d83a9de16085c6
SHA1 edcf0bd83364a35ae092fcea3a00a17ac2e6aad3
SHA256 8764de4680ff5e226861658e9749e705c58e598fa4f6f4b12933b0781c1caa32
SHA512 744c9bf964254d42954f1a187bc79624571c7764a9b095011973142117bdf22feb2993c5fc712f6392a69b4b88f5f7f561c4c7cb5baa0725d1d32c1f8c75e371

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 921edd851c9e8d0d0ab899eb54a7c054
SHA1 22f304b1485c2e668bc744e852eec6cbb1d830ab
SHA256 c5ed18d93a4740c1698efd492f6ceabeb11e95b0a6c5c8aafdc356491e41b196
SHA512 6ce959bec898b50c202738f51c8c491fd6349b9844c215ea332001b44ea0489a976f60d3fd2664f712f875e575f202ea92363ccdbb55a4e0c7f8e42ec3de2228

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9EFTB0QA\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e9b40409fea8f7d2687c51db1b01cee8
SHA1 773efe597e2450d3f5d02fb9e5e2ed7b3b03bd4b
SHA256 38f5cd1d3b22843e907e402a6b9985a7689b7ae4773e5ed21389300736cd9f9d
SHA512 c0bd7dcf3e3e91bc13a23dd7e967852592fbfe4a6cd1ff315317afb155fd2ed71fb72eff8ea01bc8fb01ae85f59e1303c65d9a372f5604e60e698cde42e451b4

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9EFTB0QA\www.youtube[1].xml

MD5 afc1b9d865e5e0d8ebcca703b247920b
SHA1 4e5654cc8b22b6a0cddf2b418b4398816b61c7df
SHA256 074baa4b459768ff8938fb96887e1ce947f07a9663bd1cb8ca1b30e15749de83
SHA512 a1d6294b1f3b6a4c800e3a62fca0dc18cde2cc04266fc0bfbc03e61c5379e38e07ffae8be723d3ecfa55230a3f56477a528c6a287617ef053a33d6f93c9f5698

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\jquery.min[1].js

MD5 a34f78c3aecd182144818eb4b7303fda
SHA1 6fca78dac2797c02d86a4bf6514eda398b7dbe62
SHA256 c784376960f3163dc760bc019e72e5fed78203745a5510c69992a39d1d8fe776
SHA512 ddec07100503fdad6655d4e90aaac246719e9667611b35b112e4694e2671b43f4c4ef0b87371d3a6e173f7ade9dfd2058e5e165a41c3a250007d49ec18f2419c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M2VO416U\platform[1].js

MD5 0d25af623d803b10050b53a7b218c652
SHA1 2dd71fa961b5df37134bc6eb987ee7b7e5861488
SHA256 0bcb6531cb0967359e17b655d4142b55d1eac2aed3fe5340f8ce930a7000e5d3
SHA512 919b48cabd548ae63a6b89dd3ac4df919b630b0cf75266d21b35ea3a6b54eb1ea5ed7371e80bb6611e105f2d994abf9f76f6dd8b6915dd2b8fda09edd263c139

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\cb=gapi[1].js

MD5 288c5ba5b7001fe841c32f690f62cc93
SHA1 29aba9d8e4f7cbe25fa5e64b9ecbe256e51fc789
SHA256 c2f33dc18eae27d4e878bf837dd97f1bde5151e44b0271408535bb93265b8c52
SHA512 e375d41344a086d35accfb02bb1f91e2dd383db032af387fc3d6b1230057cc5e432e9b2cdd976e51425b4f587391d42f4d9d857c2e6f11e822a65edcb85f1c9f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b5126014d28a8c54a88a7402ee7a516a
SHA1 c5d0bfe142a5c36c08d00873ca4c94c4c89f8a65
SHA256 f097f3350ecf753667da083c92c889bb86bfd63eb8dcebb9118eef1001ceb964
SHA512 771c3d15ff032f684265301e4f2d27e1c9c825cc5cea89c09fdccaa21a8225ecfdeb3f797e1c1f8f6b81c889382edd72384f9322204031184bff84ccbd7ef41c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b0f38fc250b0a67cf07a78a282fe015a
SHA1 6447e12031cad33eb0537a12ddf05b3b3779df51
SHA256 fed62ae150677a962e8448de296660ebe123998713080989cde3d5da9c0d39e8
SHA512 10884d826142e0a6af442fb9d341bf8243901926eac2f438f07754779f3851e82c7ef2e659b482640078b7ccf062fdc9408f7b39511307518341d823dd7f7f31

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 87785cbc0e2104ad15fd4de01e4d3d26
SHA1 3d5b837f2c2ec257d97ee6632dec148414f79fc0
SHA256 7bf272fe8c0d3c9b8e17613685ae52c33cd84289b1b6d2a283a85938188eae83
SHA512 052938ef3cd76bed88e7abf42347c6e959fdb007d1936439acf69f33c6337742164a7587bb2c121dd51e0b21acaa256ba2486c072077fc328ee77d78436debce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2754a84574e86e41419a12e7d6c95333
SHA1 967a623af3471082cbce1edddc603938cc549509
SHA256 f652693beda73882ef5743de40f531a2f2033cc194739b27a106854bfaadc0eb
SHA512 2dc9806e7f34d8add2563a0f4f69610e07e222e29d9c19bf360d2143532c70efc23aa8a3fd4f50e6356295989563f05edd090e488392ad01937461825067dc1d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1242ce98b1dbbec5e882453787038eb7
SHA1 3763d043733b72f88088018ce285a8eb586762cf
SHA256 ba4696ef79c88fff173d7fc2478ef87d0127c61cace35666a4d1c2918bcaeac6
SHA512 9ab49687d0fd3ea7b8c0294c202550ecf76b0d28eafea4e7c8c2c6e3bbaea3b17a3b939f6ed1aab6d3b73ac0be9111cb43a99e8f391166a95f5f93641486c71d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2dba9c56007d908cf32413678be2a6a5
SHA1 f9b39dd1fd367e5d4fcc5648718d2a52ce7ea3dd
SHA256 3c2e5ba15be3dc35046bb0c3f0401e3b75afbea4072060e5364a89303293dedc
SHA512 5ffcf912e4518b451e305818cefedad791148bc5880a2d17f8f9e359450d680c8bd6995c10788114b1d19f4192787c15e7c86ac9cf300ea26184b9c9ede8664b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cca82d0ab2aaa811e3241299d6158822
SHA1 01d49d2aba35598cac0456a1563e3b1e5f736351
SHA256 12381b931d15e517bb7643d853a982797c35da747475bb5475291fa76c2bc023
SHA512 159ed2581cd03c54de7622a2ed8112470a0151df8debb5f317ef2d9dc36d0e12cbdec34cd52c226d8f14f1d56d29c43c74b0a4714d9d44a49d3256e4c0dccecd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 947558f0c50ab01a4cd56a92458450ad
SHA1 055f4b70290ec212997784a439e714b4f4f785ed
SHA256 88f344334ce8df502ef6eb16807689a6bb0a01c133970f799817ec6916fc0217
SHA512 3f381e3145655d9a0914b075b7a648511bcb8ed75b9ae717c8735589102fada42e45f8651a2f9ae5f930a98a5e90f1ca4c5432277ff0a889fbdb9fe0994b93ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d3d5a9a8736d7e0810e6d3a7f64d050f
SHA1 263b9910fd29f3f595c8edad4f36616e1591a581
SHA256 a04ff4046beaf02e57e50bd1c1afa663df76ab4453507793763d58ddc30e52d0
SHA512 98ed576c6b8783fd6e1e2ac15e61fce0c319ee9576306c71b5bdfe9bf23a45d12646d2ec97c1c98238325237dc55ff8c4b4bb85e82832ab8f3f137080e47e863

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c4bbe947b365585e4ac0f84afd99c0f1
SHA1 6781a325941102e54438121ec66ef84b6781367f
SHA256 e4f2b9da2ed78537c9e1c25d7ebafcbd3ff8ae7c8de1ed25cd30f7239bfdbd4c
SHA512 30c1a26e2ced12fde959bd6e416a67923d39c54f09359fe7200280c69d45a7cf48c2458b5024d6f592f9bef9ae5cb8fa4b20a8a925aac67bac35935d5f8b33af

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M2VO416U\X2424EOB.htm

MD5 e3a85f382fcfbb2a6c0c1fa53c6c0f67
SHA1 df2a904b5cf705c1fc8dcb29933f73138e21e6b4
SHA256 445bdd9b3dbbcc2b7325b62d649171a9ed0db47d29230fd3e58dfd21c9efa130
SHA512 73b108d9f85e466de8ab9ad9238eca0aa2f4591076d8e7b99a4e28a418eeba833e5c90454bd46138ec47b18914d19231732d2469a05dc4a81be7b07ca2c5df37

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf38912832eb6a5c391a7637ff23f8f2
SHA1 8f0ea0fc3eb0921b4cb4dadde66b8216e99102c0
SHA256 644f7c29c3e2feb324e077cc3c117770d3683d7e11a8da76d4d63291128c1dcc
SHA512 63cbcf5cd13ecb8b821f169281a671fad27f0a455d66c696aeedd5f83bc7e102e3c4587fc1c668c3780807fa6bf1ff64e5bf9fe1022d57a6f7f5c3785f770ce2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b05956c6acb1d9ed65e000f4f95e8e61
SHA1 2242deb74f3037b76c14e7f13baf9187735d4025
SHA256 8f1aab85156a421b5dddad31d4905654bc01f5369aa92b7c32d543a98dd53dcb
SHA512 44f188832c8d46a675c0ee3b8e325f32289c007da68a5750f6be306b67d0394447f59c032fb9cc6f460d7d7452e80e958840847c5a4e58b9253a2f2029365b43

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bd9e31fca0af2fb48becb23827df2ba9
SHA1 12316603b93a35f6d74299da7fc7e31e690396a5
SHA256 bc5bc93e308dcebe5386ce41921400dcff8ac45599dbb7213e077430c37114f0
SHA512 5f99d6e860b0ccfdbb318b2a976f843921ca692bd893827e8a0bd5413811f609c71280f68b460a91c209a26ed68c5170b9b9aa67769ca9a40b854dbd142bdc4a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb7b66f8c60f28cefd82f339b0565270
SHA1 25583036c1b8fb4d61860929d337ef6ac716532d
SHA256 25b86585d7b4aaec93e817efa3e97a3c86a3d72360a711b976b256833f53e8d1
SHA512 5697852253727a03fad23e204a90facf974bbfa574beaa15f0ed897efde3d7788557da5b861fb2f958ec6b841bd9971106f52350570f909847f683722cd9e4b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cda1ab4e57da0442cc3137ba183ecc1a
SHA1 890fdf7ed4bf79f467f16dbcb43af7e2f105b2b7
SHA256 34d5dc0b682fb6c3393f367b10c1636a886cbe7321155d53480b26049dab322a
SHA512 d72b3e6671985cedf25c2678367f8bd2e41906f860854fe91b4c1dfac953cd5d34bba647e2fd24d315353f8498a80af9313a6aa2f5a122e3794aa98b37880d56

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a814dd9861210067d587edbbf4ab0ab1
SHA1 6ea806d7968b326bbfd39939ba2feca0b17ab0b6
SHA256 481f532685859bd24f25db0de13c1291d8120338576fa30a086716430bc7768b
SHA512 808e37ab25ad1ee0e79991bf68715f7296978ea853bba434b524d0ef8bb3dc6eefa31da51e13fcecbc4095cd2c3ae9eb99843e7d938d97c0b06bdafa8ca7c814

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4cfd33dd8aef1588f1f10af688d5d5d8
SHA1 c39f1e68548a1cbc7d829cd51a0e436fdfac6bba
SHA256 f36cc1ce920ba7c99e0fd973b494723e9a4958bca7e85c104570cee9e4bf63bb
SHA512 e05186aea19ecdad9d1163bcc32c8b82131a687151fe2e3993e57d6f88e20f7aaeaa5d9cf2bd769123c0264e703aef546768b0611971f3601d1522beb98a3653

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da4ca455a88adbeea6133b11cfa72a32
SHA1 b9f5ce4b87b173a1c461b02c5bd7fefe03147dff
SHA256 a8fb87876961782eb3e16c029eadfcb56d7abb80da345afbed955f7b380ddeee
SHA512 c6646d49afa6680dfc6f18fe3ba8913de455c2c64b7c2c304f7898f4fbb6ee34b5224ad2e2bf1deed92eb21350dacb5134b6f21c3130a13e838390d78137e62c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 78464cc82ebac6d5cc08a7eb64f7c09f
SHA1 1d108020fbebc9ca88f2289d1d7a75e6fd8357d8
SHA256 6d15dece7f498783751423ef64a637fc78da99cc5185b12d764b9d73e98c68e3
SHA512 73e13371abec77aa959831b5cdf550b5c3b7b5c31359adf99d9d39a994d2e6bc01cb6271c27b4983a562c7d4aef2fdadc29e2dc9958a4ab64e248b73e6cc73bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d8442b94d9971ff92c6270a9b46105dc
SHA1 8b41ac165a4c87d05ccce3f05a3f254fd2976ce2
SHA256 8e171d661f104dd74aac47cf8f263bf704c66dd2a34d6923f1df9a73a3970a78
SHA512 14c179bf294c02b36c7b5684e22798e68d9f8719837fdc8db92be66608e8c79be52914c20041e4ead5ea6ca3f22c2ac8263e51c2eb8bcb12855c0411200f7e73

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 215023faa1911299595550b46dcf8f8c
SHA1 9ad10dc3daf113f6b3e8518ccfa37d58dbfa9b2d
SHA256 af1d32f0d1e22e2ee75f58041855ea439dc3c4736e6eb470c1acab089c7ef8ba
SHA512 7487e45fb8dfcc9a392c39b4c04dec1ade5cf55d7a317e36d9970b0b3f8faa1106fee92f1f0078ffdde8659e6c755cd03e693c0bfbbb87367c6423e25a65d25a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a8a8f48da4217bc6f0963e4ad4a60b2
SHA1 f9133321f14158e7a58f6ca7750c7ae8fe48dcb6
SHA256 08060df15c2eabb9c4afcc8181c84fcf40c9b13c8d4919c77ab10397df7c356e
SHA512 4a17462c6f84be735c203e4edb2e9df9ac409af5b90825c7961d0736f95a106246f872b3b4023a6a9bbce37150c75258e13b874b0fc3c5c6017fe7876bb3fbf7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1969defcbae9f1449e54f0097c7883da
SHA1 659305975af38d4a2142ae456bb1ccdd9e0c0051
SHA256 01e54800c2f916d9e592865af4600a837236143ad42a8046ac7a19d3726a6ce0
SHA512 f6e2921db8e211a879560f36d6380abe7dd5abe15cc6179868ee351bc0df196e6553380db46e47643bb02ac355bd4af7f7a2e946a6d60a2e8ffad296ef53fb4f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc53f0214d5c5d07bd0341b97047f50f
SHA1 fd05beaeb779cbced978e0bc47aa1c447dcbbfba
SHA256 af9d91fed23072e923468fb6a22bd726c17579e42e20a08f3c59e5925cae51b6
SHA512 66ca734eb0b654c0691509ab33643f20e5d403114b86fb3955d1bc30f9c98c2c4125c4f0e3feb6d1e993950894462457dafb34803f78c0301005f21c6864c42e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aa5041a66be0781f19500e2dcce9405e
SHA1 0050058622a03611b295d72fd44b5321d4cb9dfe
SHA256 538c731e7cd0731f116d7a9eaae1c393d62940fd8e8798982729d4d03c73909a
SHA512 d1baf13603862a3771e7ebabddea76f85d8871a5224e67925eb854516a522a4f21a94e078db4627047e3dc4cab39c7beb56a36b936043df80927dbf439e1003d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b22cd538f59d50e7a761b505b7612fe
SHA1 9cc0d8a5f48199c1fa8fc6d62890a5032669574c
SHA256 40c3fffa882cd2ce82f063a28d41859c6feec10d5a909b8dcce1ae46ffaa00c0
SHA512 073c57027560b8311512cf97a654b232347a583817e360bc0e95816afcf01b53639f9a27ed68a88eaae6688837adf09a4ce3df9996322ccc17bbbeda9385ac82

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c01157bf37407df43ab14270e91f9775
SHA1 70f5b94ea61fc097126ed045dde6b09a1aee1c42
SHA256 ceffaa6b68608450d8be664f97058c7bddbc3948d9b267e583eef39440948edb
SHA512 685fdc24a38259f93be1ce07a57b1cd6ad863af77bcf5d686aee5681d3441e53ff7abd1d13c55400be02c789eea8558a428076646c96c925100c814440d697d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2bc6d17a746b24f03ce789acc6014cd2
SHA1 dda76dcf3e09ae17855ce309bd1e61fd6dc8caae
SHA256 da70c0ca2c429d37937e9be2ccaafb68dbaecafea6bff06c7b60750e2411b002
SHA512 0e5b329ae85cf71ac52010cc610793b654066577dac8b51462acb80163ba67f4a9647d600de9b61c7be621e31d75bb15dda6c04e9215ecbfa2c9536f67ba1379

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe035a7942f40130db42b4f5a2181d92
SHA1 98f48daa026a57354bfd2a8c275409b445cfdd56
SHA256 3aa28d4e7d516835973474014f735783a2db8e5e7df2a9b9c11029a61fe65ab8
SHA512 1f664779dbaf1191659563334fab313bd354047bd2a1749a251cad3dae42a9dc29fb87f0ac7bf8a0025a51f7a574cec7c5105448dc91468a4efe7e1236e6377b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6140bc835f7fb22e3cb83a83b67de200
SHA1 60f2b7e58f6cc8695cddf824e4aa40b1d259355f
SHA256 a4f3ab5d922e86d38036e6bb724b99014c2acb71e0c605d6d261fe50ae8e2120
SHA512 f07a76a3332770ae4c402da38bee28371157842cfa989e40dcaf49abb2f57b8cdf9cc9faf3619234880b07429e82d2b9c5d7749646ee15339bd3d9159b76948b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ace56b5688cd59d2eedbf42c9a7c1b63
SHA1 2a6da47fb4ece80a534bdc0a0dd77200ac5561c8
SHA256 434da0be9ca05960da145caa4807d2714e3aa1df11530a298045dfeee8b11f37
SHA512 87e4ce73588dff9765f34c2f21e9e638346697c943e9c199a396450f409498dc5eb486625a8d1f9c252d6f157baba606821948833eae167c336205bc66a4d97a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4c19d0decd9552269aaf86b0d7ae79f1
SHA1 0b50de99a5bbe7b3a6ae50f45e0a8cb8e8ddda87
SHA256 f2438a062e139e52145adc6f48604bdf5c735e440ab32c101559f31d9b8ff0b3
SHA512 cc3c95bac7189d86e1843c6f7dd0eb8ed3589ab9dbc0945b9293fdabddcbc308f4f87bae7e96d8688d178c82b42e6ae4915e12677d3a7232ac20059b5200247e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a0a392ac0d6138d0206273eb4f83544
SHA1 c71fd17f6b722f9591b18d6f408d67ba14fe62f1
SHA256 fedb868c7957e20f6ae5b94a15517010a61f2576c2f2c88b2c2aabbe337476b4
SHA512 840d9616508597ea86c29bdb56a7a8298f0b2983beeb182c51d9a52abd21965231635a3d32dafbbc5d577f11a038b6b49040bb08901426743f072ae077369dc2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 52eb1b52e797c38047a94772b1584d8a
SHA1 6e90e82bd729811f1854b219ca562983f6e73e2b
SHA256 7c88dbda94a4b97911ac9f25c43d3c88c148f09cc19c15fc31aebf9c0e8e8f7c
SHA512 0973fcc4993253c7b3c04a665aaa9026bcfea8845c9ef9b6442cb16746be89a5241aaf0f8379faed3ab3a4fc1e2fd8a5f9170f7f31b097aaa188b53aaa47087f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e8b9d1e19e35db5438ba46162a796c8
SHA1 e30d8915b880a159abfd5023afcab271f942e1b7
SHA256 02983143ba27db5486b4c2f06787d219a82cdd38a9f57f80649594f5916ec356
SHA512 e4a43504a9ec30c4fb0165c238855090ed8da12eabe74bb8a0e636096f1591305cc520d41c00b3171fabd07d281fc37d2ba67d78539574447b23d73b65b777cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 acfca73f8a757dec582a2300648e9855
SHA1 346235b09eb0973029a7b77ab481f917a8546b69
SHA256 4a400b90273ac8b1f4d1fd6b3b00791a8e146958a23665768195a8d1f063f160
SHA512 21c9ae23c2e05cef6f6f267f8ab98af9d4393008b59b36c1090237657e3290c0f9bb7c761821423532b64aa02a15496478b41ed64d35404ff6180ea497966a36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1cce8f28b5bb3f72f11a014a67ded5ee
SHA1 84ec9086a7de64fa519d72ba62c5505704c137d2
SHA256 a5c3f6ec96d127333e3a03690dcb07489a384063d60ac6200261a36ee19b1c55
SHA512 72b27afd0bd65d7ba4957294ec4e005b395342f4143c46f651e3c5c0616589b1111b2d6d8a479a98904383a3c5fe9db1c78f81fb9ee09fdcd308612cdd3e3c93

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d76d862394439ecb0c4e5c317ab62c7
SHA1 c2f2164696343757eb63f78685efe8ee68926f98
SHA256 6d7ef63bb13b7c9d7b6c7d3fe0d26cd36072af020660c71ba40d95d828b4f651
SHA512 35d09e632b4fab203f59e315d7427a0aa8f794b6485cff7dea7341a4139ba20951c70c2904c52d232ddc6cb51545506e23c29183c945f643eeec852dfbd6c78e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6573c54ae1e53772d54d75e551e43996
SHA1 9711dc586e227dd91d0adfdfd039453eb84de465
SHA256 6fed0d2f4c8b07ecb74225cd829d60ec4c8039e699a1f08f063bb204401fcf8f
SHA512 04f937852311e808e0dfe0372e9172f7bee7ca2168d215d7d1e0305cace475d4b21823b54ad654358c5966303b0f50485b605d7dbcc7ddc765ae9de02d2f7ae3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a9de4ab3b2316aa02314d54b2a4d84be
SHA1 698f0ab312a8242dd77d52b636d0da7e443678fc
SHA256 145fd72d58ad8c367d14358f8c962dab98f34755eb9b798e19b49d918fe9b37c
SHA512 18bae3c81cd56c41b94a2169e27dff3e688bb5939a67692ccce722ad63fb14c62f37b81fb8535cc24653976d63effa35c0141152de2c14186e14598674d9c981

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e298f74d1691e35c6f180dfb8d3ab14f
SHA1 19b2004e4a64ff2e4fc6a4a4f4367e4ae21cb3a8
SHA256 44168be411510d6aa59e8b00b6e8c3e5dd5a202850cfde8a804e8f92620cbc64
SHA512 7d283595d9938ae0c84956c405f328bef1f68bbba4e36bfad30c897663a2bdd541dd0728f93013fdc68fb877ac18268d43ca1f0752f7dd7f82152e3a790799cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 855bd86d308f1b3c9b2e96722dade7d8
SHA1 d419c9de7c742ccde5061c80d401c4146fa161ef
SHA256 9dfa52e9a825d2ff9f002f7d5c54ecb28e69766f725c326dcc0fbfc1aa8ce41c
SHA512 a8c1fdd0b952fc9a3b0e2811eedbd56eccb3ed9ffac4c9a1c7d2c9bcc95e153b658fed0b6dad7d0f90a8389b13d984e60fd8fed7706be73cd4ce8ddb38af771f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4943d8875d25c73e0ddf85a87b6f4b12
SHA1 2c5d372211de0cd382985c260b14dd3f4d5f49ac
SHA256 d3df7cd7e756749a249ed418f08e7c7e869d8bd8485b8a051583cdece34588f4
SHA512 561b3c8b0621e06a118e7cc9206c528b6cf31737879459a729170d0d5675cf3f62eac4ca0b886e6e20bc6d5e4dc2394b4f544a4f846530391a29c53889e9e7e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 41b3df52fb108943bcf919bec1eb14d7
SHA1 fb7ded459b19ee87b254884a46d413f3825cf709
SHA256 60664ad85eec9b33f0be320f75cdbb770f454ab33cda7ddc201bf964666ddda7
SHA512 0a24167721fe083807970e2de1903086fc277911c86856f5a5065bbd6a3855e5ca5eb0b2192542ce70963ed5072e10bdfd31a66e314e4c64bd6e5867624278e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 789ce234f55132f7c580da294dbe01d7
SHA1 9366c592c1973b74e0a41759a088ee6923f2bc4e
SHA256 0dd786f164eaa66eab37f422bf108af90201554bcda6b0c0c5d8f13f90364c16
SHA512 e4bda616e39da9b1a9ec3567e56697ae35e70e9dba90df46191bb4e17b62e7a2d1e475f8137a542cdbdc4eba30c9b54d8542d3c7762bdcf21cce6c9711516ce7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1d98b58c7ae355d6d3e56347a0279929
SHA1 d2db391e5e91d717cdb37fae97462580b70fe475
SHA256 702d7952a4d014055f28fa8bc8392540afd599e6f6aa76fc7c00a7de6b2013c3
SHA512 db415535090d71c4e34daa1e9b6e4e1a0de194dcf262fe8f85e65f4e2b274d0f0ffc3e233ce04886f18fef0b62903bbce08c8c9f9722f6ec7c3d22a5ae734486

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\www-player[1].css

MD5 a214ab4758b1affd4828b88481e867e6
SHA1 3c3456a1e1d0d42fa3c064af0346ca0de8cab72f
SHA256 1515b988fb1fab95f3ba07b215b8fc214e6834106caf76452ad83045ddc73d5e
SHA512 e16717800217aec0260abe378255d63af8b7992375e5483c1cd77093cfdf2a1dc1145fe037ed78a66a3064cd0df9ead040757fcbcf6cb25e274a59cac29c90e0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M2VO416U\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

MD5 de8b7431b74642e830af4d4f4b513ec9
SHA1 f549f1fe8a0b86ef3fbdcb8d508440aff84c385c
SHA256 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a
SHA512 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M2VO416U\KFOmCnqEu92Fr1Mu4mxM[1].woff

MD5 bafb105baeb22d965c70fe52ba6b49d9
SHA1 934014cc9bbe5883542be756b3146c05844b254f
SHA256 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed
SHA512 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\www-embed-player[1].js

MD5 d20c9387749050e20aceeb74a0560ff5
SHA1 560de24e0729b27fdc5e5e403bd62d185bb171b5
SHA256 65cd9fe803c67f0c4236805273a0453daf900d7006170c8cf38ebb8cde1b2f37
SHA512 05bf21d6d826f90317c547b04228a000ce9885a68451b7894544f9b829f30322d595d9d8de845502bdb78a131ed3bf0cdcc33cff383217732185cad6ef2abd26

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\base[2].js

MD5 458d6b7816ff18c2e70163a6fe7f0101
SHA1 c2dea1ad185b5a27cf5bd0c51fea3ad0280627d3
SHA256 345f1da70f7dae4a1fb5f11297e782df19432a0f174561de4305dc04b14ce925
SHA512 0d72609b6047c258fdd512b432fe4445f8cee7981c50ad49ab14dc1874105a87d58f36659906097dc6ea0def0fb7479cab621f21d004ffb866c23dcb55579fe8

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W79VKSP8\ad_status[1].js

MD5 1fa71744db23d0f8df9cce6719defcb7
SHA1 e4be9b7136697942a036f97cf26ebaf703ad2067
SHA256 eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
SHA512 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9EFTB0QA\www.youtube[1].xml

MD5 38b6a681b200f4028cd08a10d7032ee2
SHA1 5bd0b05e1b8be476f02456dc3f81c88b3df3dc4f
SHA256 35e8bae7a5a455d96dc1f5767dbebc9084725aa52507c9ef56305680c63e211d
SHA512 d74fcdf0624348424927f244b61819a7ee23bf1de8d1229e191e0667d21fb6e31c25e08659b7b6fc9152f4efa113ee454e6ffd49a4594369c76d164f5f93b2d5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9EFTB0QA\www.youtube[1].xml

MD5 7006d5736ce471d829d485ed15ab630a
SHA1 53d6a032eeacf2b0931249d64423a005c20c1645
SHA256 68e0b295dc923d577d57b63fc3011c66dcc95d13c22c2c060cfd17fd4db4091d
SHA512 e1e178a1d04989a4bf88ddaab95216aedbd9dc29a34dcea9e2e0560e577e15dbb2d7acdd2743e6d8ca17afccea48f0bb7c415ac4fbcc84381e6716aafd7ef5cb

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\embed[2].js

MD5 33fb4e2431da0412ee243f624f520638
SHA1 7d11853330058dcc842f36d9cd1a0004662b3734
SHA256 9f22a33e45ca8f1de2e2b3871ce75e95b5b0a8a9712d65febbfe839b1d392f9a
SHA512 3ae69d9bcf93c5af29d4c1f5d97a19f705e1d57314530ac1292cf6c6b480b2717f0d2c851d36294f2b93498588648fcd03ce669474ac4591cc3dcc8e686317ca

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9EFTB0QA\www.youtube[1].xml

MD5 b4ead0b4cb373b6ac6e69ca913bc12e6
SHA1 6bb4b5f7b5f261aeb160af81c8b401f7dbf96efc
SHA256 7c8ec896387c996360ab6ed4a15012adacf7e1f187ccc66d09877d181082cbad
SHA512 6d31ebc0eaa2b5894e2bf9ed62768b3145c7a82d963b4ae6a5e2677ee5ef05c90c638bffc2af839745f28d91774263703d11f48df4c100e469159aaa761af683

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9EFTB0QA\www.youtube[1].xml

MD5 0164652d95e92ef17d0a2a73f18f38bb
SHA1 9a11f02d0879c56aec45ed1b31fc28ea22e3ddfd
SHA256 1a9c8359cc395a078bf6a1b48846838d40acb6cd7276d4967a375dd6a69716fb
SHA512 43de361a1e8989456dd7097f1b6b6689d4f375835274d503cc54f8c5a82f7a88c3e3ba7ec64731c1a0efbb39aefdc0ac55a1e65beb6188b9b3959c73002c6dfc

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9EFTB0QA\www.youtube[1].xml

MD5 aea0f93cb79955ea24b735ba6bcb109c
SHA1 21688251d355ab6f684dbe4b23dc4bd15d6aa702
SHA256 0d377177c711ef4f21cc23f0b447bc08d3f944f902d6aee055b6ea5785d3f08d
SHA512 31a18603a91b1f6b12f668b19bbc8e90f11fc5abcfa7bf9d1405677c52492ba34ea0808cd9dd01208be0285cae1c61f7f2055da88b7011feba179b542d7a6c47

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 744be1ab86d8ce38c62b533e6c6925e4
SHA1 d9a430bea832c580fa998046de79194190f756d3
SHA256 df2f24989048ccd51793de90ccb7a5579eb9b6a1345563b86e3a1654e866c121
SHA512 1824cab9b1454f4b6382173b93f1b96070d2c8ffebe37c2826d3adb244a65a8ac6eef0d85c062201f94fc01bdb77126320288b672484557effac9516273899cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2dacf913b42ffeece2e5c73c43e30003
SHA1 326cc163b3d1784e61c0f83a94ab6f04bab010ad
SHA256 16bb03477c6056da4a5f0f4ff7c1b3ae45f07fa8fabbacba21667919fae61e50
SHA512 1f203003a7694e3402b114d5af25ddb764955eb1cb505f03d780021bab8aea9f1c8a9c7d7191222ee565ba12f9ef28663497957c8884669c03ebeb37d38d66a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9fd3aa71279a188a63919a449e1dd3b7
SHA1 477d4aab53ab28777ff888a217e3ef3e3b5107c8
SHA256 7ddfd18b6c9045cf54addb016e694dd1060a4deb53c7814b64a00bf7052e1e0c
SHA512 ff52dd8e643eb71285f4376bd7d5993f3cb75ca62d658d16d4d43a77ed54a9440cd0054f7433c1b05c96ce96f4a3dc0e56e128279e56a236eedff00b175f4eaf

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9EFTB0QA\www.youtube[1].xml

MD5 32eefead4050149cb8f1f645307c0e9a
SHA1 c448a12e97845f3f0673f096bd5ca5e386d2ff45
SHA256 32601d223301a66ff25d30fed49f0bd81309c98e9044c45b9a868aa36a729d14
SHA512 deb01f608a013718b4350416481417e497075389ce2c851921898f3abde8414b65bc89e4a513a77ba0408a18c2070134f95b7bf1b58f27cabd9c62dd53fdc8ac

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9EFTB0QA\www.youtube[1].xml

MD5 634a79bca34f071507cdadd44f1d3274
SHA1 415b65f888087dbcb627f23fda7bb7a83f613d93
SHA256 396bede78ef5c7bf45dfbbb244dd898798daa1b7d439c115c97075832b0218de
SHA512 79e6ed638165d9050ec5264c08b65bfcd40baa94f99854aa68d7f71318c3e24fb50d66393f45a5b90517b97a2199b6f89f865b100c9a10e6f70bfd093a9a4fac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd7f61c4c51d23bb1bd8d476c4e66f40
SHA1 5f5799cf3ec78051ee4d7fc0843781d5e55e7839
SHA256 c597f07e2e5662030b69727142b499998c1cb5ce2daf0dbb6e34d7bbf7803310
SHA512 203392d3f7d0473934e4df7bd75557fdf2e1a9d423e1a0098a298b417a180dc73bbeed1b6df1d3f2319be033e58b4b01cf3dde57346ce2c7d83d70977c173428

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 80de9ce5ef2c0b9b4565a16d911062a1
SHA1 fee5b5e6798011ad8b1384d13b40ee49dc8a6804
SHA256 7c47150f786a7b6270d3b6d32f6672e75d668f43fd748ff7e5d030021e06449c
SHA512 20427ede3a307484f40dba9ba8a9f1cd552bd2e9f65b9a70a09f2dc2fb5ed6ebbeab6ab721574b340c1595151f9e6907000d3b98354232c435884fd5261b9223

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 30f67318ed35d4bab92cdd98d01ea92d
SHA1 c383f75ee03db574ccf85427493f260cdbdbc53e
SHA256 50023d279b9c01fbcabd5f75a75b88f2e29c69fb8420c518237b2ca83bb8e858
SHA512 848f8f241a792263b379e50f801e97e075f5b2cf285975ea1b6d464f5543d35498a242c1e3168e85c7fdc33d954abb7b3a0eda3d7fc55d727f158619a26e0a76

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa75e2327aea102f6e34df333d02e942
SHA1 9947f03b5d44fd7778a636ed7f00ff0c0d6816dd
SHA256 afcb7343a83cc8b0cd46541e3ba4e5d97e5de7fb6f6b9fb4872d18cb5c317136
SHA512 8e3383a0e203546236ea8e5a919045df7ea1abace283e318a6b6761a182cfb9479802f88fbc79a61b14ef7096f169d00bd21993caf92c997d79848b9aa3001e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9932f9e201dc03539190d4989464efb7
SHA1 4a7b827b188ad0882dbec2da6474b3b65c81dade
SHA256 52c4f8b1b161d715c9edb5f6550574286ebf6772f43bcbf66403da591dfd39c4
SHA512 c6fb1d697f9913217d47f43fa910eb62d3eeeb5dd030185956bb42b1187047e5925ee7fcb0f0a6bf9a8ca91b55c775b0b41685dd6c7356361ef4d7fd650626c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ae28c810a11b81de8bb32d21131d264
SHA1 58dbb29e0a6d30e51b5276553d5597bb68d4813f
SHA256 35b86cf8edf265ea767bad8d8a87f91a5ba7c78bfdd661bf84024369e16503f7
SHA512 15979f58b1806bdb12d65ecdfaf4f74f2d215857c3dda828e446263a1156b9d6d59f973b346247e1c698511393a8dc09174fc898dd52e5c002691d2c44a8da32

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6512b7637c1ba52987c1d9d1fbcb5d4f
SHA1 54b67d0b8f0627f2f3e074ab23cf0573baa044f7
SHA256 fdc5964f2199d0689c7621b033a90adbfe9cfeb15769fc879c578ff6c3403b16
SHA512 a8e9bca69733ca50c1acf9bade8e4ffc4451954fa7e5af3b56a14a4a6f5611f52e1a87a470568b3a009c102cb905f6c9c544824babaade293e26a4d2ecd26580

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9EFTB0QA\www.youtube[1].xml

MD5 82b1321bbda878aa57c48f8be06e9bce
SHA1 9f8402e2062e708c8b7e7d05c3c7256102e9611e
SHA256 f9aad8d563eb60d1c25080212b6dddbbe2277a001f4752f197e53cc32df72258
SHA512 089415b466c4875b5d7765f26c75b7eade1defc1f69f2a0cc98729a7253e612a0cbdf0ee96234fd256f529e8e82e85bef4e3c68eab2e1b3b68c96e5b841ff7e1

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9EFTB0QA\www.youtube[1].xml

MD5 411689914efcdd895edb62f96dcbf142
SHA1 c7576816ad6d1b3587aea1c814e9015bd431fde8
SHA256 0d84931e603804e4cb5232d711cdfdf08e449ea1a7beeb7866836a5b48377646
SHA512 32ffefbb85ac8a298a662c3b5b7530d64842b3d2f3405a223df227feabd41896224b347dc56dabe335b6f96be1c920d9e2c069fab952a09a9d690843300f1b7c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9EFTB0QA\www.youtube[1].xml

MD5 ef0736068b59012fc5c2e7cdffea6d2f
SHA1 aeb3d27765e3dbb747e5b16d63b21bc6cba9bb13
SHA256 eb534ebd4aa69947f95d31563777e358a1746fd21252cc96f380fea4a0d80807
SHA512 b50a893103e56bd391c228591aeb754931c164f94ee8863bf417ddac4e20d977108e5eb6e3e1173b8d6a7d9d47bd01cc7aef77957f5ac9f507444e6660638a33

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9EFTB0QA\www.youtube[1].xml

MD5 ee72254e46b03beaf648fe1529d538a8
SHA1 9bb809d50aa1f7af8f11cd28e8adfd601ae479b4
SHA256 e3af7102cbe6345684ebe2f102fc98722917f5af23e6e19aace9c40e631389ef
SHA512 a0eca3e8db7bc7736f47d179347ba16d430744ec88dd65b183aebf1d69b69f2ee16e26f15f94e7e738b3d5d9c74cdf144c5ca21202d1c84603b74da0a90483d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 424902c8be219ef4ab168ff4ccb6affd
SHA1 97b68a44aab9463685ecfb81ac2ad9cccef8ffb5
SHA256 5a3f5041c9a2cad95770b948043b386558fdceca3a6cf312fa9e0b24614ea21a
SHA512 f4684cf3a782cab2e517dea975aa2c365bea5ec6310416bf1098d1dbaa408438aa5ee264827c2ec656eb2774289f7d8db286b1093896a34eaf4c6b3d26dd460d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M2VO416U\all[1].js

MD5 8ee95b71c926b4c492ca1c33777a326a
SHA1 916ae27fcd698f2ad0bee54f08268aa38d244a19
SHA256 c3a110b214e67dbac48d4fc9702dda9375d89c451a0cc7a7e4c3268e8b498d05
SHA512 64052b42f2753091ffde58931182708a734c6d9feb20b42b2653ae80555691a8a6a0c80ff0d6c9bd44edf55da065b728d3d89eeb2b78712295e09c228f5b0bb5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be8b7bf1b05a8659a430cda19089f245
SHA1 e83982f584569d71d9e8334dd30451cedf67b7fb
SHA256 1b57718350c87b0301f48873853982c896f0d15d4a7e71ce9fda510e382be421
SHA512 1af2f1bdf6ef605503fd2aad7187f521444209c2539e5fd75ab91141cfd997cb3f0f9caa9da9c82d59f222b364513aa8ff5a42456a3c02500a286dd634b53449

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fadd497e0700d11e2bf04adf99cb305f
SHA1 b4a62d6797a98e7c111aca25b725d3383cf1f462
SHA256 86113c0972ec1ef2482fe67bb47958edabd0a692284c83ef666fd1a4f6aac1d0
SHA512 67f26fff8d65ec3a03fa9f66a8a0b132fe0c7f04d48676d146fda91c40eb9bc654ba445a917020d8d0c187288e8b1594f11b7fef492575f8ce67ebdb9fb1c549

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\MYVBUY19\damncok.blogspot[1].xml

MD5 0079d00734d9c32e44efd0d403f452f5
SHA1 5a6eb91a54ded8deb994e654cb05acfa9f7e9e26
SHA256 deadae9de7ef69684fe22663f0c73d8fcbb9c429d49420a58a814e822c57850a
SHA512 0c6203dcab1c555fd18749c19e2aad8bb27aa47896652258b16f7698ed8f3781c0e88e6e3984092a433541b5544c86c9700b4b46269538401ea69c9b5cdc143e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e316d91a27f4304db0a5703ecae18a8
SHA1 760624983f6d5a622ff5d446eba83742e4cf8e36
SHA256 d2cd979c1b9d6e474d1de7f2dabb0021478080503ea57c74220b449897aa39cb
SHA512 abd2a8ec5162ae7b37b20df7e157e34573c697371cacf3e4ca92ab5b28583580eba6ea9aa787577e1f015d7ab6f99bb4c7916fd7c11b71a4418853e0c6ea0094

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1dcad0bd24c21e4db876f31a70d9e4a6
SHA1 15ff7df189c69b112b636093fba2023382577ecd
SHA256 24b5d966fbfa1340b4909fbf14cfdbe99de3467f39885525092d5d59c58e675c
SHA512 ba91b8888b7cc14c531f135108107b08f0a8d2aa59630bb66854cf853b06f44b1617816f7acfca12201c9f41a20a791147303bc96cafb5f6ca98a86b8d7ad3d2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9EFTB0QA\www.youtube[1].xml

MD5 770699d06dc237e2738f85d852457736
SHA1 8d3746e71f7a0dd8310e10cea3fc9f7b28958b56
SHA256 ea4249e731b83b5496285e597f91fe28ca0460e0e604f9f35ebe59c8e6678edf
SHA512 08a0be0573d1399590dde98c8c507abe3939438107c39aa140e0992340c77dbadb4b4e26f674fe03a14004e337208303fd048b11e6ab4d1f588e6937e7bd1268

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3ebc840b0f8c4149f030b1be258a2bf3
SHA1 4d2cda519f5e7bcff3f210d365b0bb084e0e5b9b
SHA256 a30e07380fa61cee33db92bc6a2f31f12459000e24cbcd6652666321b4dca851
SHA512 b53c467971601431864f7bab544231a7ecddbfcf6e5e80fe1db12f7d977228eef5a84ff0e2dff5fc651ecd837eb3df440d1206e3e62d3cc3de8d11e51991f735

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36bd8081aaacb86d97cef9c4b3b1ef04
SHA1 606dcfa630baf1e405c4507c1d6693a33bd9102a
SHA256 fae18d0b9c2143b4d7cfefbfd4c7a3592fceca410287d58cabd0aadbfc700afd
SHA512 68200c63614ca5cb3e86a68e717fe18c72a829017258560d541549b064be96c30be716381b0a5461d5bb02ab7875be801bcdd386bb0244a42a9b51963c156fa5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\favicon[1].ico

MD5 871c1f2e03f0d59f06d5d5262ca7a337
SHA1 546bff947a8917533e8a0ec56c689bb364e0cd11
SHA256 2fa2f956b179e8c6009c18d6e25c7bdb2b9e946ab9a8df2f3ffe35dc7244d4d1
SHA512 f86d18613ee477dffc952a4a73ef85ae3a7e87c64b03a6a88723a7c1d938cbdb8c543775d1d3196d4cd0986dca02525b989b924a0f6898586f2e1aebda799422

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\0ptx2pp\imagestore.dat

MD5 2f339051a3c6f9d0bea133752d6d947e
SHA1 6f07f21efc6d8a0c283db1b41e3eb75d5bb9e3d1
SHA256 8b409f333daac61c0fda6bdc24b3a3611d72761ed5f1f7c34d029b49ba177871
SHA512 1b99b8a28a962a0816fa30d6bb5b0fc4e1dc5852c42d536fb50b6cca9a78928b2b386640eb58e379c1f3101bc0fdf602cbe6e08754c9140657eaa29f3e4124f2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9EFTB0QA\www.youtube[1].xml

MD5 02eeaf4670a62a113c9b5dad13df4d0a
SHA1 3269a23e4f89d94a0b79547eebe7e491e61ce61e
SHA256 72bf51849614d9d5bf6cec8253018b61160ee0e4682c2ee791d3a7ed58be5a98
SHA512 876f54f7ba1e69823f52d0c9bbbd16ab30dccc1241824d318cb13d5b9535be6dc16ee10b3844d63f400b9df1868cc611175c94a6be2a1ab0fafbacaa6e37a51e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\NV7U36CY\www.google[1].xml

MD5 0e50779faca96a5568a11d0f092a64ff
SHA1 d9ebf08be17aa95a926e6844f8201c81467370e4
SHA256 70ee15374550339b9932a46260206e944bc36f3699eb6e7e2b2378bd54d0a13a
SHA512 c557d6eed1ef5f582bbe8fd9aa040f455bae7bf7c02746f5573b6113b38461986c6b02fe15c937cd7ec47de2b3088ee869aa88ff2d7e545008e185d4247847e2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9EFTB0QA\www.youtube[1].xml

MD5 e6d667c328875c10d2481543d5bd63cf
SHA1 6b33ed553944616db5ba8d58501ab723a452bada
SHA256 56bbdeb2c2d48f58061ab094305bbf1b7ce0d65249d92b1e964251e1588d55ba
SHA512 ece5a40646a41f0667193ce9a8c0aba36e103bcda6df3f85094b8178a3556bae4971d4f50e6712f5bdb22fb6020d635df8d118aa1e9bb2e30852d1d49ead1aad

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9EFTB0QA\www.youtube[1].xml

MD5 ce0d8b41554c32e837ab081cbc04b210
SHA1 25f6ea4a56bad6f060141c2b7acf1b0ce71f1ecf
SHA256 25109fd5c8833e9ba958ad1df9cbc01cd603d3efac74f163bfcc367571438316
SHA512 fefb7cfed2ddfa54ebea7503317c8652620fd893ed302684688373bc56f4b8168508b4f12fdccd1d870a4082ec083af6df81405b30f1aa66857ef8b048aa4194

Analysis: behavioral2

Detonation Overview

Submitted

2024-01-20 15:08

Reported

2024-01-20 15:10

Platform

win10v2004-20231215-en

Max time kernel

96s

Max time network

152s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6ac17c75fe88942514249be9b99049a7.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\chatroll.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2529559225" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2529559225" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\DOMStorage\chatroll.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\chatroll.com\ = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\chatroll.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "136" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31083442" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2533308488" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\chatroll.com\Total = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31083442" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\chatroll.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31083442" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "412528280" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{C258F719-B7A5-11EE-8184-D2066D8F1295} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-768304381-2824894965-3840216961-1000\{AA7C1871-B74B-4779-A7C9-28287360E5FB} C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6ac17c75fe88942514249be9b99049a7.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2172 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 layanan.oposisi.net udp
US 8.8.8.8:53 yourjavascript.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 dinhquanghuy.110mb.com udp
US 13.248.169.48:80 yourjavascript.com tcp
US 13.248.169.48:80 yourjavascript.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.180.9:443 www.blogger.com tcp
GB 142.250.180.9:443 www.blogger.com tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 adsensecamp.com udp
GB 216.58.213.10:443 ajax.googleapis.com tcp
GB 216.58.213.10:443 ajax.googleapis.com tcp
US 8.8.8.8:53 feeds.feedburner.com udp
GB 216.58.201.97:80 2.bp.blogspot.com tcp
GB 216.58.201.97:80 2.bp.blogspot.com tcp
GB 142.250.180.9:443 resources.blogblog.com tcp
GB 142.250.180.9:443 resources.blogblog.com tcp
GB 142.250.187.238:443 apis.google.com tcp
GB 142.250.187.238:443 apis.google.com tcp
ID 103.30.145.12:80 adsensecamp.com tcp
ID 103.30.145.12:80 adsensecamp.com tcp
GB 172.217.169.2:445 pagead2.googlesyndication.com tcp
GB 142.250.187.206:80 feeds.feedburner.com tcp
GB 142.250.187.206:80 feeds.feedburner.com tcp
US 13.248.169.48:443 yourjavascript.com tcp
US 13.248.169.48:443 yourjavascript.com tcp
US 8.8.8.8:53 48.169.248.13.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 10.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 9.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 13.248.169.48:443 yourjavascript.com tcp
GB 142.250.200.2:139 pagead2.googlesyndication.com tcp
ID 103.30.145.12:443 adsensecamp.com tcp
US 8.8.8.8:53 12.145.30.103.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 32.169.19.2.in-addr.arpa udp
US 8.8.8.8:53 193.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 ferrysiregar.files.wordpress.com udp
US 8.8.8.8:53 ilmuphotoshop.com udp
GB 216.58.201.97:80 3.bp.blogspot.com tcp
GB 216.58.201.97:80 3.bp.blogspot.com tcp
GB 216.58.201.97:80 3.bp.blogspot.com tcp
GB 216.58.201.97:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
GB 216.58.201.97:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 216.58.201.97:80 3.bp.blogspot.com tcp
GB 216.58.201.97:80 3.bp.blogspot.com tcp
GB 216.58.201.97:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 c.gigcount.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.reverbnation.com udp
US 192.0.72.17:80 ferrysiregar.files.wordpress.com tcp
US 192.0.72.17:80 ferrysiregar.files.wordpress.com tcp
US 192.0.72.17:80 ferrysiregar.files.wordpress.com tcp
US 192.0.72.17:80 ferrysiregar.files.wordpress.com tcp
US 192.0.72.17:80 ferrysiregar.files.wordpress.com tcp
US 192.0.72.17:80 ferrysiregar.files.wordpress.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.180.1:443 lh3.googleusercontent.com tcp
GB 142.250.180.1:443 lh3.googleusercontent.com tcp
US 68.178.195.71:80 www.linkwithin.com tcp
US 68.178.195.71:80 www.linkwithin.com tcp
US 104.21.20.148:80 ilmuphotoshop.com tcp
US 104.21.20.148:80 ilmuphotoshop.com tcp
US 104.21.20.148:80 ilmuphotoshop.com tcp
US 104.21.20.148:80 ilmuphotoshop.com tcp
US 104.21.20.148:80 ilmuphotoshop.com tcp
US 104.21.20.148:80 ilmuphotoshop.com tcp
GB 142.250.180.1:443 lh3.googleusercontent.com tcp
GB 142.250.180.1:443 lh3.googleusercontent.com tcp
GB 216.58.204.68:80 www.google.com tcp
GB 216.58.204.68:80 www.google.com tcp
US 3.83.73.82:80 www.reverbnation.com tcp
US 3.83.73.82:80 www.reverbnation.com tcp
US 103.224.182.251:80 c.gigcount.com tcp
US 103.224.182.251:80 c.gigcount.com tcp
US 3.83.73.82:443 www.reverbnation.com tcp
US 192.0.72.17:80 ferrysiregar.files.wordpress.com tcp
US 192.0.72.17:80 ferrysiregar.files.wordpress.com tcp
US 104.21.20.148:80 ilmuphotoshop.com tcp
US 104.21.20.148:80 ilmuphotoshop.com tcp
US 8.8.8.8:53 68.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 82.73.83.3.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 17.72.0.192.in-addr.arpa udp
US 8.8.8.8:53 148.20.21.104.in-addr.arpa udp
US 104.21.20.148:80 ilmuphotoshop.com tcp
US 104.21.20.148:80 ilmuphotoshop.com tcp
US 192.0.72.17:443 ferrysiregar.files.wordpress.com tcp
US 192.0.72.17:443 ferrysiregar.files.wordpress.com tcp
US 192.0.72.17:443 ferrysiregar.files.wordpress.com tcp
US 192.0.72.17:443 ferrysiregar.files.wordpress.com tcp
US 192.0.72.17:443 ferrysiregar.files.wordpress.com tcp
US 192.0.72.17:443 ferrysiregar.files.wordpress.com tcp
GB 142.250.187.206:443 www.youtube.com tcp
GB 142.250.187.206:443 www.youtube.com tcp
GB 172.217.16.226:445 googleads.g.doubleclick.net tcp
US 104.21.20.148:80 ilmuphotoshop.com tcp
US 104.21.20.148:80 ilmuphotoshop.com tcp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 251.182.224.103.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
DE 54.230.207.189:80 ocsp.r2m02.amazontrust.com tcp
US 8.8.8.8:53 226.152.155.18.in-addr.arpa udp
US 8.8.8.8:53 218.156.155.18.in-addr.arpa udp
GB 142.250.180.2:139 googleads.g.doubleclick.net tcp
US 68.178.195.71:443 www.linkwithin.com tcp
US 68.178.195.71:443 www.linkwithin.com tcp
US 8.8.8.8:53 189.207.230.54.in-addr.arpa udp
US 8.8.8.8:53 71.195.178.68.in-addr.arpa udp
US 8.8.8.8:53 chatroll.com udp
US 169.47.242.252:80 chatroll.com tcp
US 169.47.242.252:80 chatroll.com tcp
US 8.8.8.8:53 accounts.google.com udp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
US 169.47.242.252:443 chatroll.com tcp
US 8.8.8.8:53 84.203.85.209.in-addr.arpa udp
US 8.8.8.8:53 252.242.47.169.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 s10.histats.com udp
US 8.8.8.8:53 dw3mgzt87vzb4.cloudfront.net udp
US 13.248.169.48:80 yourjavascript.com tcp
US 8.8.8.8:53 icons.iconarchive.com udp
US 8.8.8.8:53 banner.adsensecamp.com udp
US 8.8.8.8:53 imemovaz.googlecode.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 andreykusanagi.googlecode.com udp
US 8.8.8.8:53 platform.twitter.com udp
DE 37.252.173.215:80 ib.adnxs.com tcp
DE 37.252.173.215:80 ib.adnxs.com tcp
US 104.20.80.99:80 s10.histats.com tcp
US 104.20.80.99:80 s10.histats.com tcp
US 104.21.235.214:80 icons.iconarchive.com tcp
US 104.21.235.214:80 icons.iconarchive.com tcp
DE 18.155.152.60:443 dw3mgzt87vzb4.cloudfront.net tcp
DE 18.155.152.60:443 dw3mgzt87vzb4.cloudfront.net tcp
DE 18.155.152.60:443 dw3mgzt87vzb4.cloudfront.net tcp
GB 216.58.201.97:443 3.bp.blogspot.com tcp
GB 199.232.56.157:445 platform.twitter.com tcp
IE 209.85.203.82:80 andreykusanagi.googlecode.com tcp
IE 209.85.203.82:80 andreykusanagi.googlecode.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
IE 209.85.203.82:80 andreykusanagi.googlecode.com tcp
IE 209.85.203.82:80 andreykusanagi.googlecode.com tcp
US 13.248.169.48:443 yourjavascript.com tcp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 215.173.252.37.in-addr.arpa udp
US 8.8.8.8:53 214.235.21.104.in-addr.arpa udp
GB 216.58.201.97:443 1.bp.blogspot.com tcp
GB 216.58.201.97:443 1.bp.blogspot.com tcp
US 13.248.169.48:443 yourjavascript.com tcp
ID 103.30.145.12:80 banner.adsensecamp.com tcp
ID 103.30.145.12:80 banner.adsensecamp.com tcp
DE 37.252.173.215:443 ib.adnxs.com tcp
ID 103.30.145.12:443 banner.adsensecamp.com tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.204.70:443 static.doubleclick.net tcp
GB 216.58.204.70:443 static.doubleclick.net tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.147.23:443 connect.facebook.net tcp
GB 163.70.147.23:443 connect.facebook.net tcp
US 8.8.8.8:53 82.203.85.209.in-addr.arpa udp
US 8.8.8.8:53 60.152.155.18.in-addr.arpa udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 70.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 99.80.20.104.in-addr.arpa udp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
US 13.248.169.48:443 yourjavascript.com tcp
US 13.248.169.48:443 yourjavascript.com tcp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 22.249.124.192.in-addr.arpa udp
PL 93.184.220.66:139 platform.twitter.com tcp
US 104.21.20.148:443 ilmuphotoshop.com tcp
US 8.8.8.8:53 x2.c.lencr.org udp
GB 2.19.169.32:80 x2.c.lencr.org tcp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.alertpay.com udp
US 8.8.8.8:53 s4.histats.com udp
US 8.8.8.8:53 mybloggertricks.googlecode.com udp
US 8.8.8.8:53 www.lintas.me udp
US 8.8.8.8:53 s2.sigmirror.com udp
US 8.8.8.8:53 vicahya.googlecode.com udp
US 151.201.135.114:443 www.alertpay.com tcp
US 151.201.135.114:443 www.alertpay.com tcp
US 8.8.8.8:53 js-kit.com udp
CA 149.56.240.129:443 s4.histats.com tcp
CA 149.56.240.129:443 s4.histats.com tcp
IE 209.85.203.82:80 vicahya.googlecode.com tcp
IE 209.85.203.82:80 vicahya.googlecode.com tcp
US 104.21.59.55:80 www.lintas.me tcp
US 104.21.59.55:80 www.lintas.me tcp
DE 18.155.153.40:80 js-kit.com tcp
DE 18.155.153.40:80 js-kit.com tcp
IE 209.85.203.82:80 vicahya.googlecode.com tcp
IE 209.85.203.82:80 vicahya.googlecode.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:445 www.facebook.com tcp
US 8.8.8.8:53 t.ly udp
DE 18.155.153.40:443 js-kit.com tcp
US 172.67.75.122:443 t.ly tcp
US 172.67.75.122:443 t.ly tcp
US 8.8.8.8:53 55.59.21.104.in-addr.arpa udp
US 8.8.8.8:53 40.153.155.18.in-addr.arpa udp
US 8.8.8.8:53 114.135.201.151.in-addr.arpa udp
US 8.8.8.8:53 129.240.56.149.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 122.75.67.172.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 www.scri8e.com udp
US 8.8.8.8:53 lh3.ggpht.com udp
GB 216.58.201.97:80 lh3.ggpht.com tcp
GB 216.58.201.97:80 lh3.ggpht.com tcp
US 208.87.227.250:80 www.scri8e.com tcp
US 208.87.227.250:80 www.scri8e.com tcp
US 8.8.8.8:53 d167qii8h0pw75.cloudfront.net udp
DE 52.222.190.25:443 d167qii8h0pw75.cloudfront.net tcp
DE 52.222.190.25:443 d167qii8h0pw75.cloudfront.net tcp
US 8.8.8.8:53 d33tru5sm6wy0x.cloudfront.net udp
GB 216.58.201.97:80 lh3.ggpht.com tcp
DE 54.230.182.11:443 d33tru5sm6wy0x.cloudfront.net tcp
DE 54.230.182.11:443 d33tru5sm6wy0x.cloudfront.net tcp
US 8.8.8.8:53 25.190.222.52.in-addr.arpa udp
US 8.8.8.8:53 11.182.230.54.in-addr.arpa udp
US 8.8.8.8:53 250.227.87.208.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Q15AV1NQ\fl-pattern-and-sound[1].htm

MD5 4f8e702cc244ec5d4de32740c0ecbd97
SHA1 3adb1f02d5b6054de0046e367c1d687b6cdf7aff
SHA256 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
SHA512 21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PZ64U2GI\plusone[1].js

MD5 1944af3661da46249991197817b6cd8b
SHA1 f952df40ec79fafc7c798f37aff92878977376ed
SHA256 63326a1c4e0eddd3501f0a064b06a2708eb0362f3ae934f53145978d3d0799b5
SHA512 0bef19b32be337cfba179ed9ce4533a207cfe645d2e5fe0da9fadc7b01c72704fc89749670d1ac48b8d494675bc62ac089fdc4d8495979226f10828225594376

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 062fdbb9bb3c118fcc66827cdc26e6f0
SHA1 2033529788108b0514b5acae2b0ed3b7e051c318
SHA256 10a79f11b599e86eb9a03e62f1969485589597cef2b4d8b2a7f1133736e97c22
SHA512 33ecbc35c98d8aa24f24e420dd352fb35048696fdc96cafe15bdae131cc18f81426bc515393a3b940519f289d3b0585516eced7b692ff607bd9ef366db098810

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 a13c51a152a3b2b3db9e1ffe958e6575
SHA1 785b585cb1e1f51b9631c25b93262b5c6d4c95d2
SHA256 4e12d015803c77eedbaaa6e4e4f91a4fe79259b4b36746a43a0870be45599d3f
SHA512 89c115de5e1224051d4a2387899fb98ddb76157de808c9950ef544218a75899fc4d3911a6bc320087fa695d0cf9adbf796e057e695f5aa6dd4c5942f7a857520

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7C34XGPV\epic-effect-10[1].htm

MD5 fda44910deb1a460be4ac5d56d61d837
SHA1 f6d0c643351580307b2eaa6a7560e76965496bc7
SHA256 933b971c6388d594a23fa1559825db5bec8ade2db1240aa8fc9d0c684949e8c9
SHA512 57dda9aa7c29f960cd7948a4e4567844d3289fa729e9e388e7f4edcbdf16bf6a94536598b4f9ff8942849f1f96bd3c00bc24a75e748a36fbf2a145f63bf904c1

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9ALL181V\cb=gapi[1].js

MD5 288c5ba5b7001fe841c32f690f62cc93
SHA1 29aba9d8e4f7cbe25fa5e64b9ecbe256e51fc789
SHA256 c2f33dc18eae27d4e878bf837dd97f1bde5151e44b0271408535bb93265b8c52
SHA512 e375d41344a086d35accfb02bb1f91e2dd383db032af387fc3d6b1230057cc5e432e9b2cdd976e51425b4f587391d42f4d9d857c2e6f11e822a65edcb85f1c9f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\8DEYQRKR\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PZ64U2GI\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9ALL181V\jquery.min[1].js

MD5 a34f78c3aecd182144818eb4b7303fda
SHA1 6fca78dac2797c02d86a4bf6514eda398b7dbe62
SHA256 c784376960f3163dc760bc019e72e5fed78203745a5510c69992a39d1d8fe776
SHA512 ddec07100503fdad6655d4e90aaac246719e9667611b35b112e4694e2671b43f4c4ef0b87371d3a6e173f7ade9dfd2058e5e165a41c3a250007d49ec18f2419c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\8DEYQRKR\www.youtube[1].xml

MD5 28242f11119f4cd1dbf9b200260f3dd2
SHA1 73577c05b2b20e0994ba86aa141b2beabf022caf
SHA256 4e33380e3e4924303d26303e14f7527f553e2239cbce038b73ae5b09a5707c14
SHA512 e4f666cc58e76e84aa6a7956911f93f89956661e251ecc3904f2af6a669dae336f983bba7fa3b9a7ed103e6b2815b1ec53ae8ed885ca67793e8ca9083edf5c8d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9ALL181V\loader[1].js

MD5 32bc41d964faa1b95d9c61fc443df579
SHA1 02d3f83dac14fe996babbfe332779ed182d39d1c
SHA256 369ae154eab37b7ada7776b934833183bb053ebd1d0255f70ef8944f65cabb0c
SHA512 45539d5a40bf03b25c6f4328c0d10bf62a1012ff9be634877d62ec8a7ff35b25dd6cdc0fdfd5fcae2e3d980b6e4ba653b259c099935d52a20e8b6581cce521d5

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9ALL181V\453K7VK4.htm

MD5 e3a85f382fcfbb2a6c0c1fa53c6c0f67
SHA1 df2a904b5cf705c1fc8dcb29933f73138e21e6b4
SHA256 445bdd9b3dbbcc2b7325b62d649171a9ed0db47d29230fd3e58dfd21c9efa130
SHA512 73b108d9f85e466de8ab9ad9238eca0aa2f4591076d8e7b99a4e28a418eeba833e5c90454bd46138ec47b18914d19231732d2469a05dc4a81be7b07ca2c5df37