Malware Analysis Report

2025-08-10 21:39

Sample ID 240602-25bv5sbf44
Target 8fc19d954f1ddf68d0788e1e07c2c4cd_JaffaCakes118
SHA256 e6aac2bf5ffb94b47fb3edbe35daa9ebe0440a62667949fffb48adb4f389814c
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

e6aac2bf5ffb94b47fb3edbe35daa9ebe0440a62667949fffb48adb4f389814c

Threat Level: No (potentially) malicious behavior was detected

The file 8fc19d954f1ddf68d0788e1e07c2c4cd_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-02 23:09

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 23:09

Reported

2024-06-02 23:12

Platform

win10v2004-20240508-en

Max time kernel

148s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8fc19d954f1ddf68d0788e1e07c2c4cd_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8fc19d954f1ddf68d0788e1e07c2c4cd_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3816,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=3744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=1284,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=5040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5284,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=5300 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5324,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=5384 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=6140,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=5492 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 t.cn udp
US 8.8.8.8:53 t.cn udp
US 8.8.8.8:53 img1.jiehun.cn udp
US 8.8.8.8:53 img1.jiehun.cn udp
US 8.8.8.8:53 www.googleadsl.com udp
US 8.8.8.8:53 www.googleadsl.com udp
GB 104.91.71.133:443 bzib.nelreports.net tcp
US 170.178.222.41:80 www.googleadsl.com tcp
CN 39.105.18.168:80 t.cn tcp
CN 39.105.18.168:80 t.cn tcp
US 170.178.222.41:80 www.googleadsl.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.71.91.104.in-addr.arpa udp
CN 117.68.52.35:80 img1.jiehun.cn tcp
CN 117.68.52.35:80 img1.jiehun.cn tcp
CN 117.68.52.35:80 img1.jiehun.cn tcp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
CN 117.68.52.35:80 img1.jiehun.cn tcp
CN 117.68.52.35:80 img1.jiehun.cn tcp
US 170.178.222.41:80 www.googleadsl.com tcp
US 8.8.8.8:53 hm.baidu.com udp
US 8.8.8.8:53 hm.baidu.com udp
CN 39.105.18.168:80 t.cn tcp
CN 39.105.18.168:80 t.cn tcp
CN 14.215.182.140:80 hm.baidu.com tcp
CN 111.170.25.35:80 img1.jiehun.cn tcp
CN 111.170.25.35:80 img1.jiehun.cn tcp
CN 14.215.182.140:80 hm.baidu.com tcp
CN 111.170.25.35:80 img1.jiehun.cn tcp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
CN 111.170.25.35:80 img1.jiehun.cn tcp
CN 111.170.25.35:80 img1.jiehun.cn tcp
CN 117.68.52.35:80 img1.jiehun.cn tcp
US 8.8.8.8:53 www.jiehun.cn udp
US 8.8.8.8:53 www.jiehun.cn udp
CN 61.160.251.208:80 www.jiehun.cn tcp
CN 111.177.8.35:80 img1.jiehun.cn tcp
CN 14.215.183.79:80 hm.baidu.com tcp
CN 111.177.8.35:80 img1.jiehun.cn tcp
CN 61.160.251.208:80 www.jiehun.cn tcp
CN 14.215.183.79:80 hm.baidu.com tcp
CN 111.177.8.35:80 img1.jiehun.cn tcp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
CN 111.177.8.35:80 img1.jiehun.cn tcp
CN 111.177.8.35:80 img1.jiehun.cn tcp
CN 111.170.25.35:80 img1.jiehun.cn tcp
CN 111.225.213.35:80 img1.jiehun.cn tcp
CN 111.225.213.35:80 img1.jiehun.cn tcp
CN 111.45.3.198:80 hm.baidu.com tcp
CN 111.45.3.198:80 hm.baidu.com tcp
CN 111.225.213.35:80 img1.jiehun.cn tcp
NL 23.62.61.97:443 www.bing.com tcp
CN 111.225.213.35:80 img1.jiehun.cn tcp
CN 111.225.213.35:80 img1.jiehun.cn tcp
CN 111.177.8.35:80 img1.jiehun.cn tcp
CN 111.45.11.83:80 hm.baidu.com tcp
CN 113.219.142.35:80 img1.jiehun.cn tcp
CN 113.219.142.35:80 img1.jiehun.cn tcp
CN 111.45.11.83:80 hm.baidu.com tcp
CN 113.219.142.35:80 img1.jiehun.cn tcp
CN 113.219.142.35:80 img1.jiehun.cn tcp
CN 113.219.142.35:80 img1.jiehun.cn tcp
CN 111.225.213.35:80 img1.jiehun.cn tcp
CN 113.219.161.35:80 img1.jiehun.cn tcp
CN 113.219.161.35:80 img1.jiehun.cn tcp
CN 183.240.98.228:80 hm.baidu.com tcp
CN 183.240.98.228:80 hm.baidu.com tcp
CN 113.219.161.35:80 img1.jiehun.cn tcp
US 8.8.8.8:53 16.173.189.20.in-addr.arpa udp
CN 113.219.161.35:80 img1.jiehun.cn tcp
CN 113.219.142.35:80 img1.jiehun.cn tcp
CN 113.219.161.35:80 img1.jiehun.cn tcp
CN 117.68.34.35:80 img1.jiehun.cn tcp
CN 117.68.34.35:80 img1.jiehun.cn tcp
CN 117.68.34.35:80 img1.jiehun.cn tcp
CN 117.68.34.35:80 img1.jiehun.cn tcp
CN 117.68.34.35:80 img1.jiehun.cn tcp
CN 113.219.161.35:80 img1.jiehun.cn tcp
CN 111.170.23.35:80 img1.jiehun.cn tcp
CN 111.170.23.35:80 img1.jiehun.cn tcp
CN 111.170.23.35:80 img1.jiehun.cn tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 23:09

Reported

2024-06-02 23:12

Platform

win7-20240221-en

Max time kernel

150s

Max time network

156s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8fc19d954f1ddf68d0788e1e07c2c4cd_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423531641" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2BC181E1-2135-11EF-989B-729E5AF85804} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8fc19d954f1ddf68d0788e1e07c2c4cd_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2888 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 img1.jiehun.cn udp
US 8.8.8.8:53 t.cn udp
US 8.8.8.8:53 www.googleadsl.com udp
CN 121.14.156.35:80 img1.jiehun.cn tcp
CN 121.14.156.35:80 img1.jiehun.cn tcp
CN 121.14.156.35:80 img1.jiehun.cn tcp
US 170.178.222.41:80 www.googleadsl.com tcp
US 170.178.222.41:80 www.googleadsl.com tcp
CN 39.105.18.168:80 t.cn tcp
CN 39.105.18.168:80 t.cn tcp
CN 111.170.25.35:80 img1.jiehun.cn tcp
CN 111.170.25.35:80 img1.jiehun.cn tcp
CN 111.170.25.35:80 img1.jiehun.cn tcp
US 170.178.222.41:80 www.googleadsl.com tcp
CN 39.105.18.168:80 t.cn tcp
CN 111.177.8.35:80 img1.jiehun.cn tcp
CN 111.177.8.35:80 img1.jiehun.cn tcp
CN 111.177.8.35:80 img1.jiehun.cn tcp
US 170.178.222.41:80 www.googleadsl.com tcp
US 170.178.222.41:80 www.googleadsl.com tcp
US 8.8.8.8:53 hm.baidu.com udp
CN 111.45.11.83:80 hm.baidu.com tcp
CN 111.45.11.83:80 hm.baidu.com tcp
CN 111.225.213.35:80 img1.jiehun.cn tcp
CN 111.225.213.35:80 img1.jiehun.cn tcp
CN 111.225.213.35:80 img1.jiehun.cn tcp
US 170.178.222.41:80 www.googleadsl.com tcp
CN 183.240.98.228:80 hm.baidu.com tcp
CN 183.240.98.228:80 hm.baidu.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
CN 113.219.142.35:80 img1.jiehun.cn tcp
CN 113.219.142.35:80 img1.jiehun.cn tcp
CN 113.219.142.35:80 img1.jiehun.cn tcp
CN 113.219.142.35:80 img1.jiehun.cn tcp
US 8.8.8.8:53 www.jiehun.cn udp
CN 61.160.251.208:80 www.jiehun.cn tcp
CN 61.160.251.208:80 www.jiehun.cn tcp
CN 14.215.182.140:80 hm.baidu.com tcp
CN 14.215.182.140:80 hm.baidu.com tcp
CN 113.219.142.35:80 img1.jiehun.cn tcp
CN 113.219.161.35:80 img1.jiehun.cn tcp
CN 14.215.183.79:80 hm.baidu.com tcp
CN 61.160.251.208:80 www.jiehun.cn tcp
CN 14.215.183.79:80 hm.baidu.com tcp
CN 113.219.161.35:80 img1.jiehun.cn tcp
CN 117.68.34.35:80 img1.jiehun.cn tcp
CN 111.45.3.198:80 hm.baidu.com tcp
CN 111.45.3.198:80 hm.baidu.com tcp
CN 117.68.34.35:80 img1.jiehun.cn tcp
CN 117.68.52.35:80 img1.jiehun.cn tcp
CN 117.68.52.35:80 img1.jiehun.cn tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab94EF.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar9602.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 737a1da8cf1609faa6322641ce29ad8e
SHA1 c20abe818acab22c5614c751dbc94177f18b6b16
SHA256 a1767a8d6feb53530f1267fda96c0b41fedaf04b22e9ce8b73f969657c17149a
SHA512 c9607c4c291841280790a962ba0f2d3f2ec6f158ec544f704015cf5bd461e95814125a7baedda49c1466cf6d6b4f5b7a7cd47f3e47aa1508e2d7beb010a151ca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d8d110bd9b03b3aa1faa0b1687878450
SHA1 dfe6967f3a96bd13d097f68f2fcc0a93b0c753cf
SHA256 02796673df499e81f3a80b01becdef4dc249be0c844c78a48b9fd8dabefb9439
SHA512 b04767627f1b134fad1ca517a04dfc6725a19e255fa9bb3fc8f1238c6ec9afce4457d34faf17c79232585a6046ab25c28d1742db8ac2b99de4d2239bdae0811d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b399b4b6865ae34c42dd086874d6d5d
SHA1 566b12797bda2242b68a5cd002f2f7ae8b52d357
SHA256 ff4714c4726987d6c67ebc85078d533baf3981c32396c4383e08f43fb6fed20f
SHA512 c7e1c4828b597d93a4705cd25898e0c9be79632e3c853960cfd7270dd47c3686814af2108eec8ee0f6d586e9610537b42741e0fd18809deed66b705209e4404d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e822c138f77c1c9af3baf9dfe3009c2
SHA1 68d4c9c1de793b2d8cc2b85bca5c18e34a6bead6
SHA256 c35e119e8feceb56fd0c17a1a939c099215e5edecc675f774182d492af84af68
SHA512 b0c2ae9d166ced0a3dc386519ffde66f1b5035354899d311bdc0bce42e3dcd1c4d8b23aabda3825a8aecf83910b8800cbd97ae834c0eebdd470047a25a71bd1e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d25cfa4a7636f9e6dbe7a03d77044370
SHA1 5b356749d86e315524b655e2bafd123a77f0fa67
SHA256 b20944c95fccdb60b49cbfa5e06ba43c6b9d4eb5cef324ee32d5a92f2951dc1e
SHA512 a8c2e906595f813d53a8d24d908a07bcbfc66e7c0adacec69fde370a9bd26d9121c19089dc75ece455da2ec13b5d5378fd1723b7cb55a794bbfbdb248bc17e7f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc3d5bdc41680ee00c230cd58d7482d5
SHA1 4786c3c82b163d5c21f498f4d6d4046719f89f6b
SHA256 0e8d98242b4f52d2af1bf8de902e3824364338e085cdbd3a0a8c5dca875797dd
SHA512 c9a566831d61ab7c41c6456c3da143e714d88b7f46237492499c065f1c26979c2c3f6fe45473c0ce8c01956634aabfd07d23c6982c9c8d5ac143116ae5a0707f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1460650f390fdf256f5cfb52d015676c
SHA1 f4fb04478c167cd78cef787593361a7c0e079c61
SHA256 e9ae2e5fa14aacf99a919fc4ad44148e5903198d254f2da22986acea14e352a9
SHA512 16122b983e7aeba843bf3ad160cf3c6f463fdb5f3e8db3cd07dfbec0b65a7333cfd031d39360dd10b450efaa3cac0953f43fcc720387051b5f0e46a1ca8271e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ce2863422477bed157afb76fa712445f
SHA1 ca224686c6ba67e196a0be82a787b214724fb917
SHA256 3f5921238d2d27994149abef8d57f8d2a858f3a13cdae01b2a3ec6cb1361450e
SHA512 2b1f9e6fb4cc8c197d3bf6b6395855c7c8dc9bd525a7c7543c340828f64e36badec78cd87c8e4f99c7e45c6285741c76dafa2d11f49eaf20709571950d593d19