Malware Analysis Report

2024-10-24 17:54

Sample ID 240510-hzbteahe4z
Target 2df2ce148f8cadd995b146606ab02fef_JaffaCakes118
SHA256 92c29cbb855e9063061dcfc9c205a672c69a405633f0b1781518f3801ca16bb3
Tags
gozi 2000 banker isfb trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

92c29cbb855e9063061dcfc9c205a672c69a405633f0b1781518f3801ca16bb3

Threat Level: Known bad

The file 2df2ce148f8cadd995b146606ab02fef_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

gozi 2000 banker isfb trojan

Gozi

Unexpected DNS network traffic destination

Unsigned PE

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-10 07:10

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-10 07:10

Reported

2024-05-10 07:12

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2df2ce148f8cadd995b146606ab02fef_JaffaCakes118.exe"

Signatures

Gozi

banker trojan gozi

Unexpected DNS network traffic destination

Description Indicator Process Target
Destination IP 94.247.43.254 N/A N/A
Destination IP 217.144.132.148 N/A N/A
Destination IP 151.80.222.79 N/A N/A
Destination IP 150.249.149.222 N/A N/A
Destination IP 159.89.249.249 N/A N/A
Destination IP 158.69.160.164 N/A N/A
Destination IP 207.148.83.241 N/A N/A
Destination IP 5.189.170.196 N/A N/A
Destination IP 192.71.245.208 N/A N/A
Destination IP 217.144.135.7 N/A N/A
Destination IP 192.71.245.208 N/A N/A
Destination IP 178.17.170.179 N/A N/A
Destination IP 82.196.9.45 N/A N/A
Destination IP 68.183.70.217 N/A N/A
Destination IP 188.165.200.156 N/A N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{9A738B2B-0E9C-11EF-B8C0-5A63B3EA338B} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2df2ce148f8cadd995b146606ab02fef_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\2df2ce148f8cadd995b146606ab02fef_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4120,i,11266875042087428226,16669718873272757238,262144 --variations-seed-version --mojo-platform-channel-handle=3900 /prefetch:8

C:\Program Files (x86)\Internet Explorer\ielowutil.exe

"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2312 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.99:443 www.bing.com tcp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 99.61.62.23.in-addr.arpa udp
IT 192.71.245.208:53 g2.ex100p.at udp
US 8.8.8.8:53 208.245.71.192.in-addr.arpa udp
US 8.8.8.8:53 g2.ex100p.at udp
MD 178.17.170.179:53 g2.ex100p.at udp
NL 82.196.9.45:53 g2.ex100p.at udp
FR 151.80.222.79:53 g2.ex100p.at udp
US 8.8.8.8:53 179.170.17.178.in-addr.arpa udp
US 8.8.8.8:53 45.9.196.82.in-addr.arpa udp
US 8.8.8.8:53 79.222.80.151.in-addr.arpa udp
DE 68.183.70.217:53 g2.ex100p.at udp
US 8.8.8.8:53 217.70.183.68.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 32.251.17.2.in-addr.arpa udp
DE 217.144.135.7:53 g2.ex100p.at udp
US 8.8.8.8:53 7.135.144.217.in-addr.arpa udp
CA 158.69.160.164:53 g2.ex100p.at udp
US 8.8.8.8:53 164.160.69.158.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
AU 207.148.83.241:53 g2.ex100p.at udp
US 8.8.8.8:53 241.83.148.207.in-addr.arpa udp
DE 5.189.170.196:53 g2.ex100p.at udp
US 8.8.8.8:53 196.170.189.5.in-addr.arpa udp
DE 217.144.132.148:53 g2.ex100p.at udp
US 8.8.8.8:53 148.132.144.217.in-addr.arpa udp
DE 94.247.43.254:53 g2.ex100p.at udp
FR 188.165.200.156:53 g2.ex100p.at udp
GB 159.89.249.249:53 g2.ex100p.at udp
US 8.8.8.8:53 249.249.89.159.in-addr.arpa udp
US 8.8.8.8:53 254.43.247.94.in-addr.arpa udp
US 8.8.8.8:53 156.200.165.188.in-addr.arpa udp
JP 150.249.149.222:53 g2.ex100p.at udp
US 8.8.8.8:53 222.149.249.150.in-addr.arpa udp
US 8.8.8.8:53 g2.ex100p.at udp
US 8.8.8.8:53 g2.ex100p.at udp
IT 192.71.245.208:53 beetfeetlife.bit udp
US 8.8.8.8:53 udp
N/A 152.199.19.161:443 tcp

Files

memory/2892-1-0x0000000000480000-0x0000000000580000-memory.dmp

memory/2892-2-0x0000000000400000-0x0000000000410000-memory.dmp

memory/2892-3-0x00000000020B0000-0x00000000020CB000-memory.dmp

memory/2892-9-0x0000000000400000-0x0000000000410000-memory.dmp

memory/2892-8-0x0000000000480000-0x0000000000580000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-10 07:10

Reported

2024-05-10 07:12

Platform

win7-20240215-en

Max time kernel

145s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2df2ce148f8cadd995b146606ab02fef_JaffaCakes118.exe"

Signatures

Gozi

banker trojan gozi

Unexpected DNS network traffic destination

Description Indicator Process Target
Destination IP 94.247.43.254 N/A N/A
Destination IP 150.249.149.222 N/A N/A
Destination IP 82.196.9.45 N/A N/A
Destination IP 151.80.222.79 N/A N/A
Destination IP 217.144.132.148 N/A N/A
Destination IP 188.165.200.156 N/A N/A
Destination IP 178.17.170.179 N/A N/A
Destination IP 192.71.245.208 N/A N/A
Destination IP 217.144.135.7 N/A N/A
Destination IP 5.189.170.196 N/A N/A
Destination IP 192.71.245.208 N/A N/A
Destination IP 68.183.70.217 N/A N/A
Destination IP 158.69.160.164 N/A N/A
Destination IP 207.148.83.241 N/A N/A
Destination IP 159.89.249.249 N/A N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9B684E31-0E9C-11EF-ADBF-FA30248A334C} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2df2ce148f8cadd995b146606ab02fef_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\2df2ce148f8cadd995b146606ab02fef_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2356 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
IT 192.71.245.208:53 g2.ex100p.at udp
US 8.8.8.8:53 g2.ex100p.at udp
MD 178.17.170.179:53 g2.ex100p.at udp
NL 82.196.9.45:53 g2.ex100p.at udp
FR 151.80.222.79:53 g2.ex100p.at udp
DE 68.183.70.217:53 g2.ex100p.at udp
DE 217.144.135.7:53 g2.ex100p.at udp
CA 158.69.160.164:53 g2.ex100p.at udp
AU 207.148.83.241:53 g2.ex100p.at udp
DE 5.189.170.196:53 g2.ex100p.at udp
DE 217.144.132.148:53 g2.ex100p.at udp
DE 94.247.43.254:53 g2.ex100p.at udp
FR 188.165.200.156:53 g2.ex100p.at udp
GB 159.89.249.249:53 g2.ex100p.at udp
JP 150.249.149.222:53 g2.ex100p.at udp
US 8.8.8.8:53 g2.ex100p.at udp
IT 192.71.245.208:53 beetfeetlife.bit udp

Files

memory/2228-1-0x0000000000230000-0x0000000000330000-memory.dmp

memory/2228-2-0x0000000000400000-0x0000000000410000-memory.dmp

memory/2228-3-0x00000000003E0000-0x00000000003FB000-memory.dmp

memory/2228-9-0x0000000000400000-0x0000000000410000-memory.dmp

memory/2228-8-0x0000000000230000-0x0000000000330000-memory.dmp

memory/2228-19-0x0000000001CE0000-0x0000000001CE2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CabC24.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\CabCE1.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\TarCF6.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 690ae1f45e7c2bec68c3e7d43cd964bb
SHA1 6a46967adf000867525f67959ad2241982b882ea
SHA256 3eb2d4cf2b9f97872262666ef470ce698b2540f561936f64b3b6f2bd23b04f14
SHA512 17df523faa154ef7d1a0fe97771efaa7af9f71cbd67d4f9a436046eda32b1b431fa630945cfc2867aab38a7966ede70194d2ea7b016866637c02226c83a301a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d81fa9ac3983bcb3cc618f1cb7ee24d
SHA1 44ce08b76eae0b23c2ffc05333ad9a40aec97dc1
SHA256 a066ea60231c19590ca6e681d8fa4868d1745fd0f345f3643f844805e7d5b360
SHA512 dba7ff724b5e38724574a65e3f31227385c59018dec9a6d0b3a031ddca3d5f683bcde1e310ff8259f21700b8e0c16830eaac9a5d84de3954a9fdca4b15f9caf0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 79753b6c0593a44302802b8618740897
SHA1 bbbea3b23f6687b2840c3f8120065f8491329300
SHA256 8325f62776457765b0ba2d51eb5d71dfe07726e0397c4e4a7d3ab202ac8be4e7
SHA512 291eead6c5ebcc1ea0456f999639e001be479cf223f43a7c27cd55d18d247230ab17c6e7d621c006f1e832b7e3996f9d82960aaabc035cdbc9500a2b670378a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0754c5ab38821465d2dd94e58f47fbee
SHA1 55e3bb8f6682f23e9238c251cf35e3c8a41da06b
SHA256 ea6c4232af352d24a60fa3564875d51b8316baa5d7a3668a2ad82a99d313e4f6
SHA512 b382805e10a6c84c5a9f30af4ed1b68e9a3a722e20895067cae7ace0c34b676f832eab97c2ce0bf473b87d32c04b6a2001ef360f9cdc97876788cab837e5cfbf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b6b668df35510f168086a18bdbc7e6a7
SHA1 308a7e641a13a987bc0d1dc1fd8350672ceb973a
SHA256 f2820e8b8938a8f3c4112efa4abcb1456e4401d83adb9c80c1caa75321988fee
SHA512 2eda50fa6948b2fe75112db4e845079145f3d333f11b836a6ee7cac62d92450ddd375f5b10f67d2cf2f031c7eef3cddd2daf4bef39a09d5e37de568509fbcd82

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 605da63958bae50f398da9ba9dbc19b9
SHA1 4619c83a34744f9f47aff00a227c7296aa769227
SHA256 3198497855e43aeac3d83e229ab7c8625ccbccabb21885c59885752848fa0822
SHA512 c85a8be5501058a1fb1a7375d19f39072894752f80d81c3e25b797d908f95ff5718b8c2e5aeb463f6f0de11e3f644301cd23eb8dbe48d30658eedfc041f53aba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 faccbcc78cbf0cfaad8943e8895ab0a7
SHA1 b43ad93c6db4342d395a5b22e859b1fb101d707a
SHA256 bde889ac1d1c9fcc85f96394cb3ea56df402d879b1858d90a173cfe224a3e7e6
SHA512 efd4870335a6fd22046761096701029e012c260acbce0a34c2776d8d19e4c49f2b08a8032555c907a77d82201dbe33530a9ccc6ba5c98342c43f2561ce54ac66

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b7d72b236200c807ca1b7af9216a691c
SHA1 d5c48a7785b07247c5325bc260ab2ad6483a1a48
SHA256 d6f85843ebe7e818fcd01b9882a997d6d9d0e86c1af1c0e89b3e69539ec77df6
SHA512 d91bd6df6187233a8a935fc1c68d99584ea29be8cf199f875fd433c64c4edd7acabd95f1214809a47b7dd091a11e374d7c75694f0aa9ed3aee0f075c8a81d6f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e1cc080e06c1b4c79fa3902f35c553c0
SHA1 0f9c972d95b20a473fc46d51b3a1afd4d5227efd
SHA256 36d09097ead97b42f40f391bac7929dc6e05e6460c388285628ef8db3a7cc004
SHA512 6b9a604b7229a287cf1d82c1be64f2cc43a7a454d0cdc4f6622ed7539a225fc15a64921a5982163ccf9eb539d1a181e8a982a627ff5627e95438eaac9e5f0bad