Malware Analysis Report

2025-01-06 07:47

Sample ID 240530-qehp8ahf7w
Target 844150e835253775a4a6339d6d2f52a5_JaffaCakes118
SHA256 0c4973001a619fa5045019e9c0adada47c6b08b07d58bc61e5273427df0ea4f9
Tags
evasion trojan
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

0c4973001a619fa5045019e9c0adada47c6b08b07d58bc61e5273427df0ea4f9

Threat Level: Shows suspicious behavior

The file 844150e835253775a4a6339d6d2f52a5_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

evasion trojan

Checks whether UAC is enabled

Enumerates physical storage devices

Unsigned PE

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-30 13:10

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-30 13:10

Reported

2024-05-30 13:13

Platform

win10v2004-20240508-en

Max time kernel

133s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\844150e835253775a4a6339d6d2f52a5_JaffaCakes118.exe"

Signatures

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\844150e835253775a4a6339d6d2f52a5_JaffaCakes118.exe N/A

Enumerates physical storage devices

Processes

C:\Users\Admin\AppData\Local\Temp\844150e835253775a4a6339d6d2f52a5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\844150e835253775a4a6339d6d2f52a5_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.fenomen-games.com udp
US 8.8.8.8:53 www.gamecentersolution.com udp
US 159.65.253.100:80 www.fenomen-games.com tcp
US 184.72.55.36:80 www.gamecentersolution.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 100.253.65.159.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.113:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
NL 23.62.61.113:443 www.bing.com tcp
US 8.8.8.8:53 113.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

memory/2700-0-0x0000000000400000-0x000000000055F000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-30 13:10

Reported

2024-05-30 13:12

Platform

win7-20240221-en

Max time kernel

121s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\844150e835253775a4a6339d6d2f52a5_JaffaCakes118.exe"

Signatures

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\844150e835253775a4a6339d6d2f52a5_JaffaCakes118.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{065271A1-1E86-11EF-93CC-729E5AF85804} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423236514" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000096de9f6a57502d46899daa0fb28dad3a00000000020000000000106600000001000020000000db7c48d76cb3309249f63b8972aa0ce70035030c024c5a3388b45726979e8108000000000e80000000020000200000006fe29327f96ab1ba0088e41619c13ca685ed798bb50db1e24adddaee67377ad12000000049cd7ef1c73219ad538ef722a519a74c1975587eaa8480dfb3a224353511921640000000012f8d3ce206f09ffb9869a4de3682f80b6ea839c49cd5c82b131c4bc165a550908d27ff025a2ecc1750ad673ec2fae77ff2bda416b9daf2ebb472a1206d714c C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0e0f0f392b2da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000096de9f6a57502d46899daa0fb28dad3a000000000200000000001066000000010000200000005d7cacb04e5471fae1e8d8b01295edf7fa1b945479ff24328ab2cd76f3a27aa1000000000e8000000002000020000000adce7c1d0f8bcdc280d28f75b5ce68c8ab8c3959977271ea0ccedc563bf7f9d19000000054bac7e64d1f644c9aa847cdc2c6f829fe8531bd77e365987da6806285795ba342f873c623a9e74467c09bd76b070f3314f082a927d60775099f78b00d32752ceb60e039a049a3ef45b677fd7fd087dcff88a3cbb5b1b4465b336801b26c1ad7eab379a08ec77b1c08661c720a8b324794e9f73b5c14b0f9112254ea4ab29fb8fa21519f839487795a558dccaa7b4908400000002649c1a6ceac5927e771a1c00853dc9adfe25895caf0025862a4aa011dad6609b23f3ec719eb618c5d8d2547220ec79aff5095d6ba5443a973b4a0980ff41d25 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\844150e835253775a4a6339d6d2f52a5_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\844150e835253775a4a6339d6d2f52a5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\844150e835253775a4a6339d6d2f52a5_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://www.gamecentersolution.com/downloadgame.aspx?CID=21157&AID=365

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2456 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.fenomen-games.com udp
US 8.8.8.8:53 www.gamecentersolution.com udp
US 159.65.253.100:80 www.fenomen-games.com tcp
US 184.72.55.36:80 www.gamecentersolution.com tcp
US 8.8.8.8:53 www.gamecentersolution.com udp
US 8.8.8.8:53 www.gamecentersolution.com udp
US 184.72.55.36:80 www.gamecentersolution.com tcp
US 184.72.55.36:80 www.gamecentersolution.com tcp
US 184.72.55.36:80 www.gamecentersolution.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

memory/1632-0-0x0000000000400000-0x000000000055F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Cab2A6C.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar2B9D.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 201133013daf693d942139d46a56d356
SHA1 210e04a02d40802bf7663c70f8edc1d23baf2946
SHA256 5acd51759d22d980b5023bc0e7ddc845487d034da5e0d51fe28953ac823351f5
SHA512 1c7ea6316be71f408913eb2a76d436df36b025dd0363b08f73f349e054f90cf2c5cbc76fc18abf5af542e5238f054167accaa6496b5312db4b8969ff55c4f43e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f653787a831e1a7ab0185444ffa9df2d
SHA1 853dfa72b638cfe0d373b9ef50c829b733b583af
SHA256 fd4c8820bbb0a9dc20e1eac6d55bb252364788588c1896583d5e15d733e8a999
SHA512 e471ecd6f752d47759a5ca7eb887afaf5faa6db73e2ca3775bff495fe75c61ac40dc36417b1807bc56336d321ba6b23846bf858c9a76925741727635b048c531

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b5d1bf616c437f6c51a7dc9bfa6b8f3d
SHA1 48744b18e6d3801de1f80e28f31bea3480633239
SHA256 d161dfd3b95bbde73de2a2a6b00ee8a275f8949ef7941af65c5eadc4072aa9e5
SHA512 ff7450a8cc3f59672c94cf51868bb2f9381e08772f0c120114b4eca87ec88d47cbe1e24f3b33a2833f08654ad3c96f5940f8c4a0c084127bf33ea037102ab10c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d28d72bb6cd9bddb89397dfe4b6d3cf8
SHA1 12330c45544dc510d170a05a75105ed7425b73a0
SHA256 9ab12fa81caa05a572f21d20eac204487742a237a4755a50d182eeaa4d82798f
SHA512 537548da621d28d96f3b63ff0ac427b98ae0fc99e19752f8e7c363dc4a261001888013a5eff8efed8cee9c11798e0057bba2c089b9c6949d8629f5c8917606b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a161fb743d325c059229b1419c8eb213
SHA1 ca3a954831382d0b4db19c14a5268154c67a202e
SHA256 48c81271528a90de5a217c2fa4c8b519d4f191576077b32b818bae7207be2347
SHA512 b983c75af1dbd2fa6a09f2cc2e4d64ceb04fc824ad9b49754061e9fb8d837df98a665800c47ab2ae523c4edb20038d56b29cf56a9e46a823efe0aa14a3a87898

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 31cd53ce62f1c4a9cc9c78bf18d83547
SHA1 7c02a308fba3d4ab15e42d020a78b0e1171092b8
SHA256 8eb50e9fe3504329c88a143c0248d1713ba33922f6b67c3101888fd379081b09
SHA512 723bf5bd3e42c1825311445152641a352e339727b9254eacc83e2b648174635e0f93cc2f06cc81ab8d8c5efec4fff40d68dc64494a3a8d093b9efb7271375e20

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 411ea1a2f43d14d1ba92a4099401a25e
SHA1 92d2b25eab24b44da8ff8545593a4312eac9ce7d
SHA256 6e6ca6d8df78c3135ce53cfbe660a93ce421b9bb26ff92a3589d1e3858aa6cf2
SHA512 83c59921f4553517c7434d8498be61a3a036b53b027f677fe58187e59486f03ea14a2ea7b0e0f8938e91443f09847c2b37555efdfa67ea4ac624cdfc40be0fc0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f974f4d64c04595531af3f092f48e3db
SHA1 e7811f858b9467794b95a702169d309b1fab5d10
SHA256 b780a46de37b382aa45805c0bf31c5932c62d0e4fe29821355f8daab37172c8e
SHA512 415637d66f0dc4b053caf2b1bbff2c471db60056073df47eb93bf8fa27ba111afe1d5dace582d29e4769dbb5aa60e194cc67470f6267d2b897831a5afddd6db3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d59dde4e6ea57dcd4edb053f472bfd02
SHA1 a16840a44f88b580e8fc4442a3b07cd4638223c5
SHA256 cc5095c3d7e82810c98e015627423f5ad39f6ce3ccbd1d2c828fa5360a517b92
SHA512 e1ca3d703d60d3f8771cea459a9461b535e7c8ee127b391bb3092214d8200ed99530770399a4795b28e6a030f9dbd2dd0e4addbb5d460136c8bbfc1815163f4f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 afb658d4d563b21a45c4d496f6a00e5f
SHA1 81e7fc388c1a3ee9dce131aff690f7577df90b8b
SHA256 02ffccc47b6b78f750fd1a90f4869a8e396bed0a0b3e00c61c58431a064df7c7
SHA512 a5feedd0e0f0437f72adefd2cbe4b4f5ac17d6002c7228f6aac315b8ebfb12d58ba141a191a90d7333040de79c7f905a4211d5e0681b070349b979733a97dcf8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 61f4a9d479c663fcfeef26a17f7c3ada
SHA1 d71480c355f84c87b6c77ce778c01c9fb4903a06
SHA256 a1971052de45e9ca1167f43ed74e13d6a1553a1855a5f6870445dee384762255
SHA512 b6fbc60b1404418495d5df3df232e5d8bea78e1a4bf74de390305f02052a76b6505a36cc79a7a5df4bccfccc469acc97f154cdd54755ad5f0d3cd4667adeee69

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4f856efa2a43340237939b6b583415c7
SHA1 0087cf804c5f1e9fcfa1e45e55c6e1ef0dfe9587
SHA256 9f41439e8c26c59999c01ecdd02dd9511b4987ecc8ef7486a01fb5d8fd4851e2
SHA512 2e5db09d0c8db0c99ede36ee720cf347d17b23c31e550c11a2357f8c7b28b6da590bd4854962ba9f5b2cf3cc3e96664d11aa37f92235f14caeb233e2f8b106c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 33834c2a811fe7fdca35107574de2b56
SHA1 69c51319eedd3cbe7c9680757a779864fc9f2846
SHA256 ff03fc43edd8c1cf37e9986419a6be2ad38192209ba394e2de232df44347250f
SHA512 e14113bde50ec3de584bd8dbfb4c969e13269c610f7ba3cf37ce94f9ceff2037613233b0a9eb0c16e72e5a65a4472ae19c6ccbad4c712bd78d77cc03f93a2e0c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 801cc9333b2fb69a37bea252fc271dba
SHA1 b691ac4eaa46d6b663af464c949cb4b0085461bf
SHA256 e3d97df7cca1097e8a98abe961e4acb7e839bc6a9606d29537d47dfd092d36d9
SHA512 0a8d209b7d51fa826ffeceee5fdd40ac6d939ab0e5732c6f4ea3323618c3331eaff2de13d9a3b03e1630286ba45916e0d4d9a88d7f83923f8d07c99e80f2d2f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7caa3817d9d70a69ddabe9beacf28364
SHA1 3c69407a1dd5990c0e3b39f3bdaab5ca08456231
SHA256 72f7d3ac5beaec699a84736ef9a48cf6279eabcc63a0032b83a1f30942a7863e
SHA512 4835973f7c4d931d01c84aca618b692995ac50239b77320fc20a87aaae92033effb435ed8974a756ed70d21c189ed1a4b63c0203c7d71472f92e15fa94f0f13b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff9ef281101532a851b556da4c0beacf
SHA1 c5d4693750041f91440441c5d9c756c6c5ce1852
SHA256 11e75ca75f9b61f40ed8cd2b2907c2b59fe85b1e3a19a54773c3a1c79b4fa44e
SHA512 565efdf1817e90179dff05103488a2d5259ea78fe22b330e42611e4540b4ed36a9a1be6987da881a055a77372389e5e8e3375a2e6fa1c6d2216de73a476c4416

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 84fa8a071daa5f3bde2dd73e47f41354
SHA1 cb7e140d133e2044dbce678b6fb9b0b7dc506ce5
SHA256 7a4153e9fa3886929fbf953d6274b5909f7a9eae60822afd312bcfc39e2f0d33
SHA512 d9c8a97d8d1c2634ec10e43e97a7274df18fc7103980522f57b5a35ab8b588ffe974a3fb865ec7be5beed00066a1f98e9dc70a1988dc9ce51c8e1f951fde25e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b118200d8ac0af8f8bf3b7c3539aac9
SHA1 561d8f3de92dd67ce5dd4712de9250b1a043b0c0
SHA256 743c81c5f1a01fdb0d7ccc982b820d5196a51edc3ed0c8468c6bc1abeb859e93
SHA512 d25ddf7dac35711cb95419b4eca5cc1b965b9ca794ebfed75da865f5293f29a7566c68acf917801bffa610e46d3ef040275726eb362c9c506ee4a24ccab84f5d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 89e0570f941adf43ecddade43c0243ad
SHA1 f2858c46996c19fdee91ec6ec4a4e87dd388298c
SHA256 7c3514a3622f9b0d1ce42ddbd81317617ad0242ad700091db8bff890ae8b7363
SHA512 d92d714504907213dfee7931832cb26123d9c23694b49bd2de06884a2d2a93d91e911552d3ca5c8e5f817c9942acf4012417d9b6cc4c03a1bce9651de611137b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dac85e803c00c7f9752e36cdce4a676f
SHA1 42c94df3075a2feb947939ac07c17d12b3475e89
SHA256 f77e1e06d044d4c63943a327c059895f26b7151b888aca23f85eea12dba11696
SHA512 b5baeb7a188b109750707816972048db8b3bb8309c7e1b15ddea3f4dd427de5810f31401ae8eff5f0ec93e221fcc0228ab24332da873de207c00c397aa87a01a