Malware Analysis Report

2025-08-10 21:37

Sample ID 240529-jk74qsfd91
Target 7ffbc810a725e7021aa4a25d9e03c04a_JaffaCakes118
SHA256 233e078b3ae01544a2a6b8785dff8e3d5b6a677ce0f063e9634c30b80690f49f
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

233e078b3ae01544a2a6b8785dff8e3d5b6a677ce0f063e9634c30b80690f49f

Threat Level: No (potentially) malicious behavior was detected

The file 7ffbc810a725e7021aa4a25d9e03c04a_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-29 07:44

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-29 07:44

Reported

2024-05-29 07:47

Platform

win10v2004-20240226-en

Max time kernel

142s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7ffbc810a725e7021aa4a25d9e03c04a_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7ffbc810a725e7021aa4a25d9e03c04a_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5760 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4560 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5860 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5280 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6104 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 23.55.97.181:443 www.microsoft.com tcp
US 8.8.8.8:53 huaijiuyouxi.com udp
US 8.8.8.8:53 huaijiuyouxi.com udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 188.108.11.51.in-addr.arpa udp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
US 8.8.8.8:53 231.170.75.47.in-addr.arpa udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
US 2.22.144.163:443 bzib.nelreports.net tcp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 163.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 99.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.189.173.21:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 21.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
US 13.107.253.67:443 tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
N/A 224.0.0.251:5353 udp
NL 23.62.61.192:443 www.bing.com tcp
US 8.8.8.8:53 192.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
NL 23.62.61.74:443 www.bing.com tcp
US 8.8.8.8:53 74.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 10.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-29 07:44

Reported

2024-05-29 07:47

Platform

win7-20240221-en

Max time kernel

121s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7ffbc810a725e7021aa4a25d9e03c04a_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{51E86BD1-1D8F-11EF-83FC-5267BFD3BAD1} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000039ab2e064113f34fa9228d7ac891201000000000020000000000106600000001000020000000f23504f7d82ef37303a45120612a522a7a1b7bb12e9c1f9970cc149fccce1947000000000e8000000002000020000000be2c9c7f9072344af271669ae59d83a07c630f7dad624d76d7f8fe3fe78f2fd02000000079ac4412839b4339f41eeb3c1a9b5bd004e8ee950f490b386765026f2f99d30c40000000212a8530f5e7e38d238af1ed723bacebaf499e057b018214890e8ce6a0ee10284612eeff814d8f3c11ff6d770c5ccf5f1496c72011e247091e4c4b4d92d85eaf C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423130554" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a05c74289cb1da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000039ab2e064113f34fa9228d7ac89120100000000002000000000010660000000100002000000086feaae11af673b20d855db48af2d1f309a44606639fe2a81c7ac4bba6d3e5ba000000000e8000000002000020000000786c9b0a25fc9e59d296e0bff6ce528662e1b48facba0f34d87c02d897ed50a790000000953e0892fa915a81d232c537d93c0ff0d4a7707a11ee54d987bc98d2d4e029ddd0fd661f6609d940b29c3e722a46ac0d8e357f6bc5660eb5e112e8a05ea2bd17dc2c66a82b41b3261ffbd05dae72b43d719501b4de61cd5c146d8d2a69afd5c5b6db8e03ab6a9321578e9a14d759c5448689f7d7cebdd8b098f0af503c4db7c8e07eb864bced1ad7eb4a96ea5433dbac400000007b0bc154ef5848477d35e0b1da1b37082c1d847006af3eb74c0bbd5faf8276db58b17d60450a30683fc23f0ecf6ce4ea7f1b99198e96175a8358c39a07945d6f C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7ffbc810a725e7021aa4a25d9e03c04a_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2696 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 huaijiuyouxi.com udp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
HK 47.75.170.231:443 huaijiuyouxi.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_D14B79B440CDC26D7D21C81855E2C04D

MD5 3a6e1ba1bc2e223403c345e09be2f6d9
SHA1 36e669dcbc4a14298a6a7618100f1930a3e33261
SHA256 81253846d252b3bfb9b00459b508f65c71c665adf439f2b289624881f6f2268f
SHA512 8461666ad4a0a03aab7628fc0a61898d2377dcda4c0c5df332deac7b5c334fc990c453ee704e44d5ccdb18b34a8ce45848beee25e6e0f3c41bf4bc0007b07c16

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_D14B79B440CDC26D7D21C81855E2C04D

MD5 dfe6f83ab868451e5d5a0a423ae10aef
SHA1 27a633b172cc0d0cf453e9f1d4d54d9efd0dec21
SHA256 c1c3cab4efac73c167cab23220222f55e9c7559e6150014c5033fed4b1865ece
SHA512 8e8746aac428a4918f75a0c33a1ea376d230d61be21c506e61c69c68b323a83231837a0471421a166030bc1e0f36094fb3d5095211b035e8000b32d7864e4c00

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3217AAECE20956500C22BDB70A7D005F

MD5 c05eecc3be7a486bc377b5f2afe9db50
SHA1 3daa6b36b8deae3076f2e15f76efbaba32e921f7
SHA256 61084f42f6f2ea0587acea89cda7f76aab0a24465785c294c2d42c398feb3ed1
SHA512 8c2df16a342fcc6d4db4b492b4e85d03b5072aab41ec8deb7531697c99824ac99b65687f3967cc679e4242936393db50435408e94a3243e01d1fae5ce4befafb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3217AAECE20956500C22BDB70A7D005F

MD5 7f5ad6ad8c97e79785f366d540e379c8
SHA1 65c12529eec0a5e64128e00d81ba1b2cee3d3b7b
SHA256 186a06e51e3114992c0f935fd2c5a66ebb50db079a8d399b3d905f12073a7e34
SHA512 81709f3950e368f8a86f52cc64555f53441840337634a33a2d13d4c21047d1ed9a6106cf80bdb54ca1fda18e70b5f0db1fad1a98b13a61696ee974e6f74456a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d81a7d8de7990fc5e481dd2a65f315b3
SHA1 1b4f491fd55183943d9b61480ecd118196281b7d
SHA256 b76bf2a588ef53ec7c715cfd2e01642330b35d4d1d1e4608077f3e44c6c6a5a7
SHA512 5d2be25f2230086b42b38d77a3079c450b86c224da1ce3db91797561c3c5d54989789e900a60fc7bb687a29d1b66a233159f60ba256aa3774255217de81a33cb

C:\Users\Admin\AppData\Local\Temp\Cab3CE2.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar4062.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 406a12c93264478f5af8b126ac5ea0a7
SHA1 a2f0c1bc852bb915e2910f1ec27ed0a4dc27adad
SHA256 8a3cdce68cdeeb0918e70b2af7fdb56cc8e2ac5cc5f1a7a8fbf6b5c144f1395c
SHA512 355ca1027ae15b896f0d564f30d3ca8da0af0742946272f72170c4c897231784e1a236776805532fcfbc800c48db62617e4347485e8266e58fff977370e8d005

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7bf26fa9123e115ac7af1be9326154c3
SHA1 79fac110f574649ea7bdbb73ea1c50da29d2c874
SHA256 f43dd71e48ba2032872b10d88d8558a75a92055d94e62fccd57c8ea855bae7a1
SHA512 14a69f3acf7c4756c9c5384de699a855b7d0a4e2e11ae0778b7eaba334cd31539d00298300a8e2cbc55290c71b569c9c94c5e5308ece323b7cbb0c31b88d31d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 473b4ae2a7b525ef7c261332e23189e1
SHA1 706a6bd531e0f020b2e6c6575ecf5789a46a694c
SHA256 9c6bbd4a8cc32904ea0c24ac49c4b51d34a822fc94c506da710c90bf31f6c12d
SHA512 2d53f0c078f472783e418459fa93f676fd9c1fc7855f5a18f3c0fc3c469237b43b179ed004ffdbad4c253aa50b83fa0ddfc2b0b60234a8125350985c5b6daa4e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aa8ab369a79f13ea25afe1790492366e
SHA1 f654f60e15e5fb9b490ae0fbf00925261887fce4
SHA256 419bed762130a858022205bf9a0478d3b0b1344a2301759ae89a00be64a85d2f
SHA512 ad8dc8503420b357e319729e215679d573e5b727765c94a94a5fb740a52e0df6e9216a9cd55d8debf7cd8be015e4b660552c7aa7ba2ae5ca46084a26a697cece

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8eced405b9f56c710b97c616093cac14
SHA1 d5d9ee347cabe2b40ed290d0f24d8bf257d90610
SHA256 e5c828ac380be1df367a4ff318efcd75d52fa1e1e70a2a4e7536aef15ecc3a08
SHA512 c4558f28fec3134f8c87716c64bad40dacbe3966a197d7f4741cac65e3a5919f36eed2b3ade3a317f2efb468018ce85007cd16bb3897e0645717ff1c32a1b399

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 8cd9d612f4ecf890b3e95d600a0486b1
SHA1 4ccb46c04738122c2d008152126ce9576bddc6e7
SHA256 d75b1b1af0b797f4975854b4e8db041cbaaa11a4d6643787ccd804df2bf54f2d
SHA512 1ce850bf66114b6cfbca0dd1b5c7026deab9d81b4ab84db40d9774e4de809729588c290f0fb1643f2f9ea042a712bf135eab37797b9bf4a9fdd4945d5a62672a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09cb3a2bae85f93dea9dc024664b87d1
SHA1 6fecee9cb4bfb2b72c543e7f40a6bed55f3f750b
SHA256 63b697f7fd0ebef63144b92cbb4814d166e084210555b996e71429c9abb9d7bc
SHA512 7773d4351e4e0740a0cbcaaf20b605150e8c8a03c3629a14e532a801c3665eb4b89c2f64b3c630297b1ad8006bbe2cbc7a4d345459001f2c7a13a42c59e89ff7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08ca30144aca16265e56e5649bb847be
SHA1 6213074a20a209879564f576ea86fbeb2938ed94
SHA256 be2bb1fe3a14ff2ae89f317ecc356b665063e0037c0ac1d76bf64492578826de
SHA512 029b6a045b3e6809b1d2fd8f6317cc445a731cc52c9ef1edd94dc7a855c63084c4c6e3b5384b52f346ed8d9c6f6a68ac018290ff138cdc427b31dd1f3fdc1595

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6bd5624a3ecea7f8f659b0a13c15003
SHA1 30cb4bf4f7d7713d99bd7db5a1bf67df1cb00c29
SHA256 43ca73ab03d12af09a693f62f783c85ab4c57c953e0a69cb41682116ca807e98
SHA512 55679c8127eb1dee1e367f58bc6ee775c2c772741b8f49f1d5a9ea7162495703b144dc7e193d982272a9f46ff6d1ab94551513fd0fc8bffd3be92157c870e328

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa6e61b0a831bc991a0da692c053f9ee
SHA1 71efb1836ca63afe00860457dd64149018c1b3f9
SHA256 370366998be35da7cc8dc7f308e467380fd36cba85c9548dc2ee056760a37cf1
SHA512 74c2322c1d79d49df56612fb3ded9a4bcd46690ef5b9828b2e638617548c30158bfad05dd2e8fcc4ce0bfdeeb35dcbf27e4fc6e73b17dfed60703a4ea2e912c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d1bc3cf5950d7a5d0e9608b38c257147
SHA1 63f466163e9780eeb58630f19ee63ef96722055a
SHA256 41f11f916f9b9fbc63a5400c5994858006c32da097b0d8a9f519ec73f0496358
SHA512 8e8d59f05837a7568a944f4634ffe815a9285dd8c767cc028dfd57cbcc0a30fa65832c72ba0c3801cd6f3a99208d291eec89a1d976eada35bc7294fe23e7ea45

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7fd4e5a7b36ea93f05257c1b5c294001
SHA1 c023b4af3c86f1bea2d74a6567d24de44f2c377a
SHA256 df7b26eca12d7239b1c0d2a74915d0b3f56d53d76bc1e374c7cac2a822405e08
SHA512 85cad05008dc62f4f9435e2809474af0c8832d81809088fa9849d9a5e20d85004edb814e7d85377447c58757cb0ce5f3183f9eb69e9ca3114bb26e50818908cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f5d6778c4057578970e6848031941af
SHA1 03032c39249955cd8ee5a1e8badb29f1a1a66baa
SHA256 fdce8b242b817f0b0dc21ecdd1ee9af53e2e03bbc3ee440b769c901428979789
SHA512 fc702d4146fa44806fd1cd80ca2a4c5d06422ef79db1428db6b2d451383ae7fd8336b198e7e3d7702a579802ced7d7f94b1452c223fa8e4b58e6414468a2c6e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 a33c78750ca55b9748daf6a4f5acc77b
SHA1 92c727937d131e48421e744887900a1cd64401fe
SHA256 9a6864717f6a30b00d9c7753cd5d0cb3074a2a4e70b98d8e849a04628e82096e
SHA512 9259080c6e925c865ac2a3196f527aff1daf22829f453b37b322f4c587964172175bb1140d2f1895fb91fc3b10cf6790be606f056646ee8f79fcb21f6b61a9ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 35327248bce6e5dbf6e5713b3fe5d9aa
SHA1 91d3ab0f8d9a76fe61affc9e25116a72917a25b0
SHA256 c880a13290d664750587e9fb48bb5cff13c58c34cdca2bfd99f47fcb2f91fb07
SHA512 cc9710901f1488d241455667b259fe4c72e778a4305723b100a815681c1c438007838df71895dc3292a0d62af18eb101f1dc1f969b792ae43296b4dd5bc1d31a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 91fe20f9a03dacb18933d6bd3a8a6d7b
SHA1 0312428986c071f223fe054c191f2845509e5b71
SHA256 0ca43166cac4b67e5513a2c6e1b05cc76e8bf4d20426924a922ea6452dd09c00
SHA512 f3c9169733b01153bb90d7024e5ae1a89b9c8d2f4d649da449a18e55bc172814b772bb223e7414b8ef30cbb368a368cbfb5968c78c7c80cd83a3ec75204c8f52

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1da34e950efd40ea75cef26bdaeb3b28
SHA1 d0eed4b1f2b61ac57f29ac04c983b138a009c7a1
SHA256 5887c3ede5197d568513fa48c62a4c3b61c17faefd14c9083c7c3c12d97d17eb
SHA512 50a40fd45d45e734224ae409a5c77b3518575ef5c719cd103ad21b193b04162a178ae4d426d175a5aa5c28cd694df060f4e760a36a1f75d9b876fea394ccc338

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c549beca77cb555ef417ece712cfc858
SHA1 a08b77abb01b7fef18a6c3c896c72fc2f762cfde
SHA256 37e7e70a8b02bf5dbf3e1511f2c08cf66f4d481efff2b40496a995f1de8f4c68
SHA512 26c10e7ff84025debbf6410d17441db800df878e7d03de01c31d97b5b5498353d98da4df8ce642566b31d2d34abb8c0edc5f91270ca0db132c87d29ada1749fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4570178c6a50f59c6883a9a24bb4f5b9
SHA1 05ccf7eece39292634d425ec3fd624717cc3d7e8
SHA256 22346845740ca4e93e8eb39a545ee7e1614b6c0676e1968f725f85746d3b5023
SHA512 1d901f66c33c8a6db96ac7bf8ef54608eecf4256d3dcbf4831e23f628150a0addb131a2b193e98fecf2cd49105a76a4f6d0cfdf6c60eb0814c253cadb91776c5