Malware Analysis Report

2025-04-14 00:58

Sample ID 240530-q9lelaca57
Target 8462b24b7ae502694c3653c4e35adde3_JaffaCakes118
SHA256 793e5a97992637040f076cd3c2cd1e869652ae4d9a75f9044d4aea6c56c226bb
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

793e5a97992637040f076cd3c2cd1e869652ae4d9a75f9044d4aea6c56c226bb

Threat Level: Shows suspicious behavior

The file 8462b24b7ae502694c3653c4e35adde3_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Checks computer location settings

Deletes itself

Checks installed software on the system

Unsigned PE

Enumerates physical storage devices

Modifies Internet Explorer settings

Modifies Internet Explorer start page

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Runs ping.exe

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-30 13:57

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-30 13:57

Reported

2024-05-30 14:00

Platform

win10v2004-20240426-en

Max time kernel

94s

Max time network

142s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8462b24b7ae502694c3653c4e35adde3_JaffaCakes118.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\8462b24b7ae502694c3653c4e35adde3_JaffaCakes118.exe N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31109785" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AE507F57-DC42-4A91-B3DA-8B1970E9AD8E} C:\Users\Admin\AppData\Local\Temp\8462b24b7ae502694c3653c4e35adde3_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1778614449" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31109785" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{AE507F57-DC42-4A91-B3DA-8B1970E9AD8E}" C:\Users\Admin\AppData\Local\Temp\8462b24b7ae502694c3653c4e35adde3_JaffaCakes118.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{958BA714-1E8C-11EF-A2D1-FE9C19C479B8} = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AE507F57-DC42-4A91-B3DA-8B1970E9AD8E}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}" C:\Users\Admin\AppData\Local\Temp\8462b24b7ae502694c3653c4e35adde3_JaffaCakes118.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1780039243" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423842437" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ C:\Users\Admin\AppData\Local\Temp\8462b24b7ae502694c3653c4e35adde3_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1780039243" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPageShow = "1" C:\Users\Admin\AppData\Local\Temp\8462b24b7ae502694c3653c4e35adde3_JaffaCakes118.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1778614449" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31109785" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AE507F57-DC42-4A91-B3DA-8B1970E9AD8E}\DisplayName = "Search" C:\Users\Admin\AppData\Local\Temp\8462b24b7ae502694c3653c4e35adde3_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AE507F57-DC42-4A91-B3DA-8B1970E9AD8E}\URL = "http://search.searchgmfs.com/s?source=Bing-bb8&uid=45550ee6-1832-4e7d-9c48-3b6a0f8e0f9c&uc=20180118&ap=appfocus396&i_id=maps__1.30&query={searchTerms}" C:\Users\Admin\AppData\Local\Temp\8462b24b7ae502694c3653c4e35adde3_JaffaCakes118.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31109785" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer start page

stealer
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "http://search.searchgmfs.com/?source=Bing-bb8&uid=45550ee6-1832-4e7d-9c48-3b6a0f8e0f9c&uc=20180118&ap=appfocus396&i_id=maps__1.30" C:\Users\Admin\AppData\Local\Temp\8462b24b7ae502694c3653c4e35adde3_JaffaCakes118.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8462b24b7ae502694c3653c4e35adde3_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\8462b24b7ae502694c3653c4e35adde3_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -noframemerging

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1492 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 search.searchgmfs.com udp
US 8.8.8.8:53 ie.search.yahoo.com udp
IE 212.82.100.137:443 ie.search.yahoo.com tcp
IE 212.82.100.137:443 ie.search.yahoo.com tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 137.100.82.212.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 3d6908c3ea7ced33d2696a9ef09f8961
SHA1 a7d4321bbf04cb7335522cfee2cd36edc2d19c80
SHA256 fc0c60c571c30a39ce618b280cdede4a1837d2be33dfe2a4a3413c92a731b6e5
SHA512 071c3fa58a08000ad898384fef6e5fcdcd080ed52b084ec80d19e45f9fb5119557a1dfb42ebba2b22d1c971baa5a852c756c7526010b6b487f3239c8f0df4af1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 b355fe8bad38b8243f7823f23b6cedb5
SHA1 f4923697e824a196b5b9e1195f56dccf0725372a
SHA256 d1184c8136d4d08f4b6154230540c6c236edd9af53975d5c473c00ee9debdb32
SHA512 cd7451d78fbbd5f515955d725f53d4cdc4bea87ff8677bd59f803f9583c461cad91b2ca3c2ed63360fa963370df0cc0b30690513f97d48cd8cdcc944784ebf83

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verA671.tmp

MD5 1a545d0052b581fbb2ab4c52133846bc
SHA1 62f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256 557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512 bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J9NDGDSC\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-30 13:57

Reported

2024-05-30 14:00

Platform

win7-20231129-en

Max time kernel

149s

Max time network

129s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8462b24b7ae502694c3653c4e35adde3_JaffaCakes118.exe"

Signatures

Deletes itself

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000037d8d1d77ffe324aa646462abd12b9a300000000020000000000106600000001000020000000c4f2388728c0bb2f08d66a1e41a3a30714e353fe449d576c4e0fe96c4ec9a270000000000e8000000002000020000000c90bdbc52c8a3c7d9eac4eb1ace0cddbd2e29e0b7a278b24cd2bb1644b7d98d0200000001a559e61fe0a1de557d36106c59e3b58617d4ed83e1c9b9cd9881f83c5ef5e9f40000000c1836a3b16f5a9c3e77faad4fd10b0acf481073379000edb480da54b1a604f92be774970f7b5dd49c2ca0f975f50ad192c6f08782710e91cc1ffd2f37b661ef1 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchgmfs.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D461A085-9A74-4D54-94A9-4E68C3872671} C:\Users\Admin\AppData\Local\Temp\8462b24b7ae502694c3653c4e35adde3_JaffaCakes118.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0c5086e99b2da01 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D461A085-9A74-4D54-94A9-4E68C3872671}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}" C:\Users\Admin\AppData\Local\Temp\8462b24b7ae502694c3653c4e35adde3_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ C:\Users\Admin\AppData\Local\Temp\8462b24b7ae502694c3653c4e35adde3_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423239331" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000037d8d1d77ffe324aa646462abd12b9a30000000002000000000010660000000100002000000049457740aa8c4e59267b5531cd49ce2539595c70285f02360cbbbb4d7ebeff2b000000000e8000000002000020000000fd3c0519cfd1539dfd7b8251d52bc61ec93474200c5ee851c593e65bde5627fb90000000a0f00999cfbe70ef82b5a119e7891149c4f66b798531cd96b4c78cefdcbd201b12190d94d6b0b963f22a688929ea990601c4c546170e378676fb518079dd11e5e61dbdd7f36f27c64f624a17abd735801be2470cc3e98c33a722ebb6e2a997e54760683c972be09ba2e0be80ee65cb2f27fef1b78bd51fb786bdbffeb01a474865aa0972d4a7f168a79ff5cd88d557e240000000897d06d809929348161da5f3622c9987e5776e3744ed0dcbe1da31edadead9d2ba8a29418f635d92b62655528540ca8d3a13719929ee8d13e5789b1b3d360a3f C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{961DE111-1E8C-11EF-932B-4E2C21FEB07B} = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchgmfs.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D461A085-9A74-4D54-94A9-4E68C3872671}\DisplayName = "Search" C:\Users\Admin\AppData\Local\Temp\8462b24b7ae502694c3653c4e35adde3_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D461A085-9A74-4D54-94A9-4E68C3872671}\URL = "http://search.searchgmfs.com/s?source=Bing-bb8&uid=45550ee6-1832-4e7d-9c48-3b6a0f8e0f9c&uc=20180118&ap=appfocus396&i_id=maps__1.30&query={searchTerms}" C:\Users\Admin\AppData\Local\Temp\8462b24b7ae502694c3653c4e35adde3_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer start page

stealer
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://search.searchgmfs.com/?source=Bing-bb8&uid=45550ee6-1832-4e7d-9c48-3b6a0f8e0f9c&uc=20180118&ap=appfocus396&i_id=maps__1.30" C:\Users\Admin\AppData\Local\Temp\8462b24b7ae502694c3653c4e35adde3_JaffaCakes118.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1276 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\8462b24b7ae502694c3653c4e35adde3_JaffaCakes118.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 1276 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\8462b24b7ae502694c3653c4e35adde3_JaffaCakes118.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 1276 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\8462b24b7ae502694c3653c4e35adde3_JaffaCakes118.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 1276 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\8462b24b7ae502694c3653c4e35adde3_JaffaCakes118.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2608 wrote to memory of 2712 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2608 wrote to memory of 2712 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2608 wrote to memory of 2712 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2608 wrote to memory of 2712 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1276 wrote to memory of 1048 N/A C:\Users\Admin\AppData\Local\Temp\8462b24b7ae502694c3653c4e35adde3_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1276 wrote to memory of 1048 N/A C:\Users\Admin\AppData\Local\Temp\8462b24b7ae502694c3653c4e35adde3_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1276 wrote to memory of 1048 N/A C:\Users\Admin\AppData\Local\Temp\8462b24b7ae502694c3653c4e35adde3_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1276 wrote to memory of 1048 N/A C:\Users\Admin\AppData\Local\Temp\8462b24b7ae502694c3653c4e35adde3_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1048 wrote to memory of 2128 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 1048 wrote to memory of 2128 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 1048 wrote to memory of 2128 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 1048 wrote to memory of 2128 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\8462b24b7ae502694c3653c4e35adde3_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\8462b24b7ae502694c3653c4e35adde3_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.searchgmfs.com/?source=Bing-bb8&uid=45550ee6-1832-4e7d-9c48-3b6a0f8e0f9c&uc=20180118&ap=appfocus396&i_id=maps__1.30

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2608 CREDAT:275457 /prefetch:2

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c FOR /L %V IN (1,1,10) DO del /F "C:\Users\Admin\AppData\Local\Temp\8462b24b7ae502694c3653c4e35adde3_JaffaCakes118.exe" >> NUL & PING 1.1.1.1 -n 1 -w 1000 > NUL & IF NOT EXIST "C:\Users\Admin\AppData\Local\Temp\8462b24b7ae502694c3653c4e35adde3_JaffaCakes118.exe" EXIT

C:\Windows\SysWOW64\PING.EXE

PING 1.1.1.1 -n 1 -w 1000

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 search.searchgmfs.com udp
US 54.234.234.179:80 search.searchgmfs.com tcp
US 54.234.234.179:80 search.searchgmfs.com tcp
US 54.234.234.179:80 search.searchgmfs.com tcp
US 54.234.234.179:80 search.searchgmfs.com tcp
US 54.234.234.179:80 search.searchgmfs.com tcp
US 54.234.234.179:80 search.searchgmfs.com tcp
US 8.8.8.8:53 api.tiles.mapbox.com udp
US 8.8.8.8:53 d3ff8olul1r3ot.cloudfront.net udp
US 8.8.8.8:53 api.mapbox.com udp
FR 18.155.129.42:443 api.mapbox.com tcp
FR 18.155.129.42:443 api.mapbox.com tcp
FR 18.244.38.73:443 d3ff8olul1r3ot.cloudfront.net tcp
FR 18.244.38.73:443 d3ff8olul1r3ot.cloudfront.net tcp
FR 18.155.129.17:443 api.mapbox.com tcp
FR 18.155.129.17:443 api.mapbox.com tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:443 connect.facebook.net tcp
GB 163.70.151.21:443 connect.facebook.net tcp
US 8.8.8.8:53 imp.onesearch.org udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 dap2y8k6nefku.cloudfront.net udp
US 54.158.195.25:443 imp.onesearch.org tcp
US 54.158.195.25:443 imp.onesearch.org tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 18.245.200.180:80 dap2y8k6nefku.cloudfront.net tcp
US 18.245.200.180:80 dap2y8k6nefku.cloudfront.net tcp
US 18.245.200.180:80 dap2y8k6nefku.cloudfront.net tcp
US 18.245.200.180:80 dap2y8k6nefku.cloudfront.net tcp
US 18.245.200.180:80 dap2y8k6nefku.cloudfront.net tcp
US 18.245.200.180:80 dap2y8k6nefku.cloudfront.net tcp
US 18.245.200.180:443 dap2y8k6nefku.cloudfront.net tcp
US 18.245.200.180:443 dap2y8k6nefku.cloudfront.net tcp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
GB 142.250.187.206:443 analytics.google.com tcp
GB 142.250.187.206:443 analytics.google.com tcp
BE 64.233.166.156:443 stats.g.doubleclick.net tcp
BE 64.233.166.156:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
BE 64.233.166.156:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
FR 3.162.33.170:80 ocsp.r2m01.amazontrust.com tcp
FR 3.162.33.170:80 ocsp.r2m01.amazontrust.com tcp
US 8.8.8.8:53 api.openweathermap.org udp
US 8.8.8.8:53 internal_tiles.tiles.ampfeed.com udp
US 8.8.8.8:53 internal_banner.tiles.ampfeed.com udp
BE 104.68.91.91:443 internal_banner.tiles.ampfeed.com tcp
BE 104.68.91.91:443 internal_banner.tiles.ampfeed.com tcp
US 209.38.44.97:443 api.openweathermap.org tcp
US 209.38.44.97:443 api.openweathermap.org tcp
BE 104.68.91.91:443 internal_banner.tiles.ampfeed.com tcp
BE 104.68.91.91:443 internal_banner.tiles.ampfeed.com tcp
US 8.8.8.8:53 imp.searchgmfs.com udp
US 8.8.8.8:53 openweathermap.org udp
US 54.158.195.25:443 imp.onesearch.org tcp
US 54.158.195.25:443 imp.onesearch.org tcp
US 8.8.8.8:53 imp.mt48.net udp
US 8.8.8.8:53 cdn.45tu1c0.com udp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
NL 23.62.61.99:80 www.bing.com tcp
NL 23.62.61.99:80 www.bing.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar11D1.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9609dfa6bf6f9e5d74f80d2421edf2fe
SHA1 257c4d5f08e1b3402647ec8cc9d3abc6d4b531b0
SHA256 6efc08d10dca9595c7f9c701184906e1cfeb521be8948e84f4f3ea2d1f3c36aa
SHA512 454860554a8435684a208f81d1be9cb8aae03a76db56e37c302cc90856128d8ad3ee08e0047bf889912e8277443b12de49d6cdb18a3ef262a09d274c96f72fef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 e05ab1e060a869f997ac20d7dcb60db4
SHA1 0acce41865e75a2b27c5e00c67016366800aec97
SHA256 faa5821e7a4c6acd05275ec395b91365963005d82f0b3088dbf61ca1c0585be1
SHA512 92e171d5b21a4913bcd9ebfd2708367bde44b6474da894f429d4bb848364ad55fa83ae802441033edd68476ab4cfb2572199c4c1a5bea38887e568fc2c6932f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5164fde9b7b8e164c192e8ca7640d713
SHA1 572c94dd9243b47eba6a2872333f2f210c5804df
SHA256 5f041dc7f526928b43f5722e60cc23e03386c6726f0727528e4a9554b4712191
SHA512 c6f139e9a808f7032e6ef49d3fda9b925673d7602be94586a4ec6e4a72f4ebbddc265002dace753518867c04ffe8d030965bf5ba09a2815a2e995ef6aa6977e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 294f3451f2338034c3214a0d08484622
SHA1 855728c2420ce54c3beca8a8726b6a6460fee0b5
SHA256 3a972c24db3279b0bf2b13bec12484023bfc6d7d90569f55e2b3a44b9285d180
SHA512 888a565a8a7d9319d42c9f9e0603e5d192ba8305cb2567e3e80683e7d2338e7f585b22ccefb89be8728209f2cc2a88167b1bfc86410ea12858d513c2528f4cdc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f51152100576b047d7a08485b4ae8996
SHA1 1dddbf4a82ad566588a9574aeb2006c113cd7242
SHA256 be2176d4c1688d8f3f6a9b0e31d72a09562d5a663901333ea8ce0f10533c97b9
SHA512 7b0c4f7fcba5a6292f877b98f2b8c1b7255460e9b00dc26141f4c68aa94e6c4824fbbab4f62a98f9ff158feac140f51aece416c48f2d31f49102c9eeefee63e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6e674d6557d14ade908eaa57378f9ef
SHA1 0318be50c0917060cfda40d2c302c0dae2da7eb5
SHA256 9c615ca804008404ba7bac644afcef1766508cdab09354b347f8883683db4c1b
SHA512 4be5fb50e4f2c81a58d6bc59b2986ee9ca205cd71df4177b1576fe60bdc68421b8936a04a92bada8246742562e19a19fc2f8b4d921748d6ebe1e8e5629960d38

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 41eb00615ef8df4f7875ad25549a350a
SHA1 60a9c2f6bc88c6389bbaecf25139aa8002b4d3ae
SHA256 a70f3cb5edf2dfa9786ad91181d187883fc6c30c61d68013fca3cb23bda7d0b6
SHA512 4d7cd50dcbe2778b731dacab60eaab28846061beae43ebcf1efbaf0c2666bf28ffbde1b1c28f772718c54fcc8cd20df007976c28bdd4c4640b5c5856a1425e99

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 30a9388b6bbe6b8ac737ed60a8bc6dd6
SHA1 44b48c6169093344eda69fe4716072bb791e9bf5
SHA256 88e16578112d62f30cf92fb56d39abcf2abd87c2d99644595e6c781a635ec187
SHA512 5e998106b527db88d6f0f2b65a8c4678eaf21781d3dc1a2e30a70f4c9e6bf40231dd53b2c3e7059a9394fe47862c781ef6c90ea0d4c72e4b3394d02e3116f6fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3840bc405460d0eec546e078cd60f1dc
SHA1 7334e6bf85d13b4f89d8d9eb660ac7ddb5b28923
SHA256 1a20513ca8bc5057bb6968008d59afbfae09a088083a84705b58c6437312fe13
SHA512 cffe80502d94bc85ef756640a37e5f23ef9d734deb0bee5aa4b8c9da769fd2356cf08691f792c0de0a747564b579f732a3e208a847f6453d27e0075ec177b104

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e35a7722100e10a758a728cb6a45a025
SHA1 766b10d5c847e0b027b8ae7c66c0cbe2c970d41c
SHA256 29ffccd92e301228b4f03f9ff60f59fd674cb0a52a32514c2a00384594d7fe05
SHA512 76dda73afbba564c41212cf09993b1ea9c27d4d4430fb574f4270d37c891fc46da96321868cedb8ba32e966106cc5d82fee15036623771fc9f27bb5d9c88f128

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d31de87fd049a5d2c2e243961e220117
SHA1 f2ec176a66e199e2e12efe632a9353108cba7f44
SHA256 f65d8bcdb198dd1a323c76ae4c06e1a596019acc7babac4ade4f9833280f43c7
SHA512 ea6674dc20284773917ac4c9b777aef36a08004d2ec39823c31f6aa88d80c751f27d2348ff87dbc3156749513a6ecc2fa059a22a790f907c5923184fa6380234

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G3G0OP4O\js[1].js

MD5 9168b9cc24901603f00d678e520a1fd8
SHA1 6c0fb697d5635dbcfb914435ad233a47d98ca2e4
SHA256 5e84b7bc97402787abdbf24fd958c02971b3ade0ab8fb358e598405450e69f8d
SHA512 426add15f981d3780a2d0ec3cdd4cdfdcc4ed1d7f9add26ad0014839c9529a549077123e3097edcda918618285edfca6e0c6d327207b5dc1110e0b365a80fb6e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d282e3af766d264aac4afad02c7229f
SHA1 1d298e9e6f6d34b21cf7c6bdd86317e713ac7d33
SHA256 d1d037c2195516e83ab3d0655466fe46c7d9362f79a1998c96600d40ecb22a3c
SHA512 58d89f75baea4b1702aa9ac75971c5e268b46b19a3e34ca16ad2969497492da3216d26cb2bede3ce5b5ed7de24a592c2457660f7e2fe26a1b0d400f57b6be497

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b7e6ef1c8d1496a8745f39e43e1377d4
SHA1 ea5e4a9b4aee31cd0f7e35e34172acfdcecbc99f
SHA256 83b7948cf5b573d9119e14a9d4feb0f48681ac1fdbf81bbbaf3e13830067597c
SHA512 97829360b1d451f790a1ecfe449af31d19dc97df6eb5f62aaa651c0927c80dedbce409f1832bfac2de5495725242ca160f1b1d2688d33795ec5ee3228f789305

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 ebf85fab4c16e09bccd1ba00ba0e8e47
SHA1 ed2cd08da34876f5d986a02db96b6eca89fc4fd5
SHA256 fc26dd57330ed7523c41c58a12aaf6ceef40f6a23beb555cdf7262e67885c6e9
SHA512 f31ab644f4f425d9a380395ea48a5e5ef86634aee9257bdaf8f5f795474f9f4237cb48478deee1c96391689210b06bdb0d43ea85b946451de0685bec389cc765

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 89f04292a7d6a508748fe3b0f8201ce3
SHA1 63ad77492e8d211b399a9bd27caf29a9ab9f9fb1
SHA256 8e444c4f90f238854e66dde8a4ae9ec6fd473f0d567053b6293882b7c06ee8d6
SHA512 7381a1ab6b4118c73baeebb3b08ed906366f509d71049b7cf80bb595a9e61578a3f0dd648fa03e9301f0af858b6fd2d432e950405e6d6ee5dc301f60b691f9fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 27ba5f007a6a85beb57be8fdfe8f2141
SHA1 2e1af3e1beeb7a7638ab4cff40c5bc41b0721ee3
SHA256 c9cdad255b18db7109238f70338bfb0fa8a809b826d3e192a9de8cf825f864bc
SHA512 2a15cc534af0795521366cf840cce924f5f9747d619a884d8f0311904cc710e2a6a65dfb70a50a5c10e5dbd9cdceff2d9a0947bee193b69d62fa4d1b0a5c0bc8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8

MD5 6f8eca04429e683345b37db77d573f7f
SHA1 23e2a9f8c16165f28bc0df31cf9db2bf7254232f
SHA256 7d59e5051ae79bb523a72ce5f365a4d678130d2277b15a718937883fd5fe6b3a
SHA512 662f661876ef118bb8b9bc1b903a7b066b48f5b8fbfe6c7511d7b7f563b16b653349888486d7371c38a78cb5e19f00cd4fe2a18b9efe109bc23cb9dc30400bed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 300128f439df42072b2b22157f71d99d
SHA1 58b74fc89b96495638d5bd8f520b44eb0d2ecb11
SHA256 46119ffc7352f4b2b57ef00ba429616751798045dd0c6c95a1e6b3ef221b20ed
SHA512 7a9a19985c97066a2c76d3481d442e9a016b6d3f96b47fe0df2afe58b2ab830d30b5e9bfdea3145f5470623077513b308ffdb702826ece043a439b734f6afbb3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a6f284e0dcd5df1c8d53bfbf86f74352
SHA1 5540cbc916b465dd0d85af0eecbdfb9b8992fef4
SHA256 6d026ece8ce1f933ffdbc747c6e27ee022ed7d772e68a9118519194e9a30ef25
SHA512 e403901b74fe6a3843e56b78ffa3a9543247314ad584bd8d6b4e6cb72556cf2292d80c84bc740e43148de66a145d15346576cf155315bac21331c4e7d208fa44

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1801A0BFF52C676E5F51CA71C5350277

MD5 79e4a9840d7d3a96d7c04fe2434c892e
SHA1 a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c5436
SHA256 4348a0e9444c78cb265e058d5e8944b4d84f9662bd26db257f8934a443c70161
SHA512 53b444e565183201a61eeb461209b2dc30895eeca487238d15a026735f229a819e5b19cbd7e2fa2768ab2a64f6ebcd9d1e721341c9ed5dd09fc0d5e43d68bca7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1801A0BFF52C676E5F51CA71C5350277

MD5 c7788cfa768ca0e6ba97c939dd3072dc
SHA1 9e59b5db7b34006a861fe5c2434b26cb287dc9a8
SHA256 e97bacb40148456a79a0034bb3d9de25edea921fc3dd23552901036d95a3f3db
SHA512 fdc74ed1fffd72f1fbb51ed938aa1b7f13a861f5795d8fe124c67099b6708cbd78fc8b4a528b31816cd850a54efdb4a2e949b72bc0a0a2688cf51846ab3d6c8c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ebacde5eb41d914fb63192ae944ab8cd
SHA1 515d7aee4f93d1ae7c9006976d315fa66ba8ddb4
SHA256 a27f08df7627d23a6e94a5bf1824db26e562261684ff0e7b6520d987a19dfdd0
SHA512 43c3078d3f094823e523fb217d69a0f6400a4cd316f0401ca035ec52fffc63b1065d7ec8d4bfe360a3fb0f43b76578d8effc0d3dc2669e3788bc7ad503fa6322

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 754720790a86b59c7b4ef988598323a1
SHA1 8bb9801b0057f518f043fd5a2db8b081ba9b517c
SHA256 d1d5d38f6e6846ca701116dcc034c2692f98682681ee03ea5fe12501c4736cab
SHA512 a7dd31d5833cc043ba4fc895fd41030e1216912d97804cb00b7770ce4a69fd6d7986c32618c2681df4deab0d3155de06c33ddd9c79564ef07dcbb8e24376e384

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\JU9U81SJ.txt

MD5 3b435382307adee2b664bdecd80e3a77
SHA1 4cd0eb7b0174be217d79b871a3d9013fd928eeb9
SHA256 c12385374d4c8ec81a227730f684be12e46630dd41457d90b07e04fd8d8c3f98
SHA512 bd82647341fdbcd5572802659b3a3b75d35ea5dd53eadc86a82177ea3baf165b43ea2d44d7c673950f067cfbb6c3be7fe83b8b6115e48cd2478cf7f578f40206

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C

MD5 aa5fde61a0c5d6703755fd7f840769f7
SHA1 2a9b8e45a1bb504556410644a1b821431fce1398
SHA256 609254ea20927f8c897d8ae7c3532c214623ca84569d5f07804d097c857ae8af
SHA512 635e8d7be29d49c459b732ac6f50874d7f3c70ccce2193488c2e5a403a614ece01d79b82fcaf7e28a383b810be3a632c63045a854c6f9f1b68283280c2e20152

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6ML2C12\favicon[1].ico

MD5 504432c83a7a355782213f5aa620b13f
SHA1 faba34469d9f116310c066caf098ecf9441147f1
SHA256 df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1
SHA512 314bb976aea202324fcb2769fdd12711501423170d4c19cd9e45a1d12ccb20e5d288bb19e2d9e8fd876916e799839d0bd51df9955d40a0ca07a2b47c2dbefa9c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\s8rbov0\imagestore.dat

MD5 3b00aec29cf6b543c9ac9861d7d6c988
SHA1 1443f0ef11331bbdbc83a2beee6a4f2a52d59603
SHA256 8e1aa16d467f7b61405bb2c4a3eb24b10235c4ed3996702fc6b3fd2f489e3408
SHA512 de659679810515ad53f9af57e9d84a177ee61fe0f26fb69691e35510435c1b4d506c432a9f1410f69ea0e79b2c92bdbdd2e576cd4bf429caa629b29a1bf6b679

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b02dc574e6621b420578806e6945086e
SHA1 6dc7a36436b51d23f709e8e83bfd00d62143c9f7
SHA256 2d704a9b522a817d65a10afe5c67751b181b714d0612ec7d82b86fee8f7c7400
SHA512 a4c8928b46ac1ac7e399df2e28900c02426718caaa6e3bfdca783d142b844d6d663973ad832a94600f3711d641ceafc23501ec3af27605d74379a1c733273fbb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fff0946f503615239aa370a721841fd2
SHA1 ffb645942d0c3e3db4ce6c69ba31eba12043c8ad
SHA256 c5f50bd40e97353b203b432ad505669f758fb89396634dd4cf9fb0bfd8815c69
SHA512 8bfe077ffaf978566e61bbd35e73e448fc59b410d300d9075a98c7c215abd7d6b9054a1c88287e60f3d10d03c5f8e9734b6bb6c3bb669bd719169655649a72f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d7ad4934918e1d0ef02e67de666e010
SHA1 92ce3aba2e401554ebc8cd6e8df43ca7e7c0622b
SHA256 10be862c1df3483c5f0bbe2f25cf996fe2f96abeb802819a690702f0f6d06cec
SHA512 1bcbb072d705583c0495b2ac6b2965d7d3f1385876a938068910fd98208c38b1a2d9d4b082fb04aa7f0435fca3c25dd61638df5dae42dac54584683d807817de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 db461f8614c994165f435b854aa1ce1e
SHA1 c976b60d67b62dd8ce0ade2407e44faccbcf5572
SHA256 20634823525ee5b1b3ce29596a1dc6e6c2e636283ed5d234471d81fa94606203
SHA512 625acb3dd078b3d8deff4a0f8a9b9aee332ea3e9799d9112046dcaacf9993eb0d6906c9b68bc6e0e25fae0408d02aff12325c35e740656cdcc41d48370afdf4e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c054b66bafc3120c439a95dbc876dc4f
SHA1 4d8e566932e5dd2b853c0120792e5a52fb364b5f
SHA256 62e30df0cbd70878cd45b5a48db695a515f66b3aea32bde3499108345748aa9f
SHA512 564057a0496526895a7c4531f48d59b81a9ad3ac0e952e6b679c00c4da6d5d9a31a2bdc4e906a06e8dbfe4f437f931fab62cef6fef27d132cf56375c57bdb872

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36c449dd6f06ef5e9064ee71ab935e01
SHA1 297e8383255ce03c284c441ce2d4130548ffa61c
SHA256 7274044ec81079a5c7c5fc077b5eb35bde2e97a0174b9577212f9a0480b20b0b
SHA512 3c0f48d8d7f198b8b1bfcfd3056c3369e765ab14d598ff2cb98bb696742eb94ac419f47cfe27fcd1e381be17573a84bd49e705fec67d77fa159835948116e51f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e36fef71d0ba1f234983cae43ecf9803
SHA1 0449e568dfb756ca092b7a4ae346e1c7c1b986b1
SHA256 cdf3e6596316b611a5a7b80db15962d2a7101b207e9819d54a0c906c541b75f3
SHA512 70f8fee71692545c0e9c9a2b5d18713692cfed56f0706ff0fe50938642d5e7dfaa0fc724549a4676b4fe2e9b170ef52a4645e55efc0d7f4d1820c7eaf0492a5d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b3c643ec305ff0d3b4ae9a35dd7212f
SHA1 69c70b912df4b5c86e91db5b640261051c91bd7f
SHA256 1e091ad10f68d3864c4803e3515d051ed8361a15c18b409744505c6c26d953fa
SHA512 38e258b16d148ac52b6037b32122460f1a34c2d512d6be77d8b414fee54e4b2545f3b391a1504f044d93b2538c9d11f1d72b140901f7029e37529714f91cb867

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 59780cb124d2469336a1ddd5e5397d7d
SHA1 be7507b2d285066671dcc8cd23b207b398899fef
SHA256 ad356b75572486bde9f2971d7c526b1481fb14c83869c63c40dd638c8af4c4fc
SHA512 9f0243433756360c3b0537bcb0c457418a2f2f7b84ab03ddcfec23fce857c17045124b806af7351a5e3e6abd109903eeb79826865bdac24597e50bfccf6eb9c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4dbb7c32660917abe4f98e11ecff2fcb
SHA1 f1233fded82bb2bdb1aa39bc191e9fc681f3c216
SHA256 c90893caf54f1498b07af4fa14825feaa95ae16e24e12f82a8c114ee1863ccc4
SHA512 c67bbee9a980e0ddfdc3d32c2ca39dc3a125e4b92632dbb8132d654ea3a4352d0ebd8488e477e206329776842ee9abd1c20836db1885cde899f609b8e2ce3bd7

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dcf4bb25d7bdf0ddcdf11d00bef6d54d
SHA1 adf702b011ab243781513f07c3a74d0e07293e0a
SHA256 cc4ead3f058c4f4f54097a3c61185473c623016e855d1c250bbaee1be53405b7
SHA512 bce3443695fd5669596791f7b823e584f10c131be7581e3f2b4e59217e33f3c122eda3008864f891d6a3c2a32352f354f39804d340f0553b4de191a9b2306bee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 526f1447c7ba35d842bec1e8a6c4f307
SHA1 bc4c7fb62431e59b2bea5eb4310279b2d9a4bae2
SHA256 162abc1dcc061c85562b0f894cf8c349a22c52781a26fe5e4d27f1152c9539d0
SHA512 897e91bf5a58fcf556960965adc1f4537f7a11c5ba198fdb8f040fa689eb572a00a21bd6ecc2b36070b8c08e7c1857bd61b1610bb1c547cd4e54e8ac84329cba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3732a967485a71f9e72278d370cd1fb2
SHA1 55d7d985c32481ab49fcd45e783b13753f43d526
SHA256 645bd625238632c37d9fe1f53cd5f19b1e2f9fba129e871ccd9fcc166a746cdf
SHA512 8c87c223c554ece44423b2f4f5658a5a3ac86ec3372729c15d2431f01fa3a05d31099555b7f05721a225d328db603f4143dc6595f2ff4bdc34614c5faf06faaf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 35bcb62f443c6ebd8e04a523621241df
SHA1 293b8a1a88e2732a406befd3a79f9eabdb188103
SHA256 62bf624865edef08bf9e78da414ebfe05d2d90e86ab7d4b119213107019e91f3
SHA512 388e7b173b7010e8c10739ce36c7ffe246c72b44c73e377826f18b4ba57b63b951f8157c407d1c1d0a772bb386ea545c90b59412b46e5f093fa390c520a551ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 99d04277486c0de9b728fe4e46d51ead
SHA1 3bd583dd7150119866136d8a8da4956d904ed7ba
SHA256 69395679f6043671d225d08f9e1472cdc61a267da984faf63b8f02a2ed3f790e
SHA512 7d37946f31fa82ae00eeb8800f0f81c1f67f8103fa919c145d994015eb63ded0573e91c7dc52705362ad2520ab663313936e9ec8646d6dd2d0e81a4eaff368d4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cfa9634b0b90fb824c3c3f19a303c58a
SHA1 ad2d68d91b872088c18a7d961b8f7c640212e1d0
SHA256 5090f24634db212f90a5f159dfb85703e5c92cf99eee7bf6a30c099fef709f27
SHA512 e3941acdb1f781dfb1477088a9f8ef313ec4474a6e9fda5d4c3c3efe9ce299a9a8564b0ea5c6554130b85ed1a0d7f12a878615e3a6425ae61a7745a1af9792ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4c761272715d425b40fec39650a27e9a
SHA1 dd08479e959da54ccd785798fc9694e8a63f98f2
SHA256 0e4f4a27174c061b1bad31f8249d2d6a775c58ae5d2395ae81ce69ba8973eaee
SHA512 4580f96cea9b79968d1f9b819bb46c3c68483faf23e849561bab9e710b546020d96f22b5d30d7dc4e97f92a3aa288c2cf89e08a3afc09cc3ce87d58b836e2ba2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c6395ef3a1b2575a01cd8da47db2d67
SHA1 9fd4691ce6e4c4ce16e9c3f4d0e3011ec4f18cb6
SHA256 9a03d1a92b2f9ab5fdeb17997fa0c7595002588589b4a502ae874a55a54813d0
SHA512 549dfd174b8a9bf617743ef4583bd2efea0e09b51f17e4d6b3a540bc3b120228546e04a964b1df01dd76a344ea68bef860e6b32528ce16a4843da5c5f4b47e34

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 48ef5d3d37cd511853d6ea4047e717b7
SHA1 48f8bee71d4d538e157ebd51aa60b5efc18eff3d
SHA256 5c5fc6383e0c6fbc6593a3b88768b8ba48c1868436b0feb187515f314947fd3b
SHA512 707fcd82f56376a9c116b01ee34f5d2918a258d8889684b9b234c705e8dd59cc538fd5e1aba372286985ae6772c65435aadc6dd04900504df98629e4c3bc67bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 23be23eb2412b2b3a75d6ef75121c7e5
SHA1 488f58e99b45a0f771098067a70dea3e236b4d53
SHA256 05b4f426097029def99c94bfb91ce304bd97dca171e809b1f1607f64507fcaf1
SHA512 ce75c3ee6ca16a47a952159c07d52e9bfc04b1efd20e0db38fdd049c33a801dd8d63a4f198be9a6f3e873c510a82a69b65e8cfabf1f0bc489a1057834c5df185