Malware Analysis Report

2025-04-14 01:41

Sample ID 240602-2f3mkaae75
Target 8faa05fb2876db98cb3f31b373359b9d_JaffaCakes118
SHA256 22e71a77c138de594f57c3bf891eb52035d8dadb90d6dd554b6bf6c3e603b35d
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

22e71a77c138de594f57c3bf891eb52035d8dadb90d6dd554b6bf6c3e603b35d

Threat Level: No (potentially) malicious behavior was detected

The file 8faa05fb2876db98cb3f31b373359b9d_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-02 22:32

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 22:32

Reported

2024-06-02 22:34

Platform

win10v2004-20240226-en

Max time kernel

144s

Max time network

153s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8faa05fb2876db98cb3f31b373359b9d_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8faa05fb2876db98cb3f31b373359b9d_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5984 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=780 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4880 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=6052 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5404 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
GB 13.87.96.169:443 nav-edge.smartscreen.microsoft.com tcp
US 13.107.6.158:443 business.bing.com tcp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 13.87.96.169:443 nav-edge.smartscreen.microsoft.com tcp
BE 23.55.97.181:443 www.microsoft.com tcp
GB 104.91.71.140:443 bzib.nelreports.net tcp
US 8.8.8.8:53 klpuv.cn udp
US 8.8.8.8:53 klpuv.cn udp
US 8.8.8.8:53 klpuv.cn udp
GB 104.91.71.140:443 bzib.nelreports.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 bdimg.share.baidu.com udp
US 8.8.8.8:53 bdimg.share.baidu.com udp
CN 182.61.201.93:80 bdimg.share.baidu.com tcp
CN 182.61.201.93:80 bdimg.share.baidu.com tcp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 104.208.16.94:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 94.16.208.104.in-addr.arpa udp
CN 182.61.201.94:80 bdimg.share.baidu.com tcp
CN 182.61.201.94:80 bdimg.share.baidu.com tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
CN 182.61.244.229:80 bdimg.share.baidu.com tcp
CN 182.61.244.229:80 bdimg.share.baidu.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
CN 14.215.182.161:80 bdimg.share.baidu.com tcp
CN 14.215.182.161:80 bdimg.share.baidu.com tcp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 216.58.213.10:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 10.213.58.216.in-addr.arpa udp
CN 39.156.68.163:80 bdimg.share.baidu.com tcp
CN 39.156.68.163:80 bdimg.share.baidu.com tcp
CN 112.34.113.148:80 bdimg.share.baidu.com tcp
CN 112.34.113.148:80 bdimg.share.baidu.com tcp
NL 23.62.61.97:443 www.bing.com tcp
CN 163.177.17.97:80 bdimg.share.baidu.com tcp
CN 163.177.17.97:80 bdimg.share.baidu.com tcp
US 8.8.8.8:53 4.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 22:32

Reported

2024-06-02 22:34

Platform

win7-20240508-en

Max time kernel

143s

Max time network

124s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8faa05fb2876db98cb3f31b373359b9d_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a23000000000200000000001066000000010000200000004db904358e8c6249dae2fafd1b3a17b4a7c4a036822230873a2e1632afae73e3000000000e8000000002000020000000c7fcdad5db7c5c9c1e20d3e4a0657a49670d03e1f819a31327fe0cfe6e33f98e200000008e0044f854bbec2a70da3f69fa71e20eadec718b124cae35e6e23c6e2f4b5e0c400000008149a1462b4126d8007f3c9d9ae2c41061bde86b9b1801fa39bcd02ce8746654442a2f9c78fb49a138c983798349129daa080f30092b9cf1ea871438f08e3ac1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00aaee103db5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F96FDCA1-212F-11EF-A233-7678A7DAE141} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423529407" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000f9bc34a83eef44e39835fcf1e086b15f102e4a09eab00bbf3247fef360d9bd63000000000e80000000020000200000002eea080275e2d08984ed81ad9ad59d5fb16700b8709ac8fa99665604219f1b0590000000e57f26c6e9e9715dd6477c70c02a4a3eeda5d0bb8be248654f1d5d964bc44539e69aad5ea6fc1cf54fe3743c5d22b1bf9f95df80df786d695af1059455f1cbba15fee283b4e67f7bdb9828279ffc9cbbae79a1a58dde00829e0e005848dca3698e4fe406e546bf327b1fd33355c6fcdcb0f72c245b9dde30eaa324fd3a57090a880e4a58f7c65e353a37ab74d267afda4000000030a4970ac9b122b319c916a14aed3f7921755917e201cf55175c50228ea0ec47af9104cf43646ec48c71e53073bdf032e6df8fc20fba6c3dada8afadd9540417 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8faa05fb2876db98cb3f31b373359b9d_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1300 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 klpuv.cn udp
US 8.8.8.8:53 bdimg.share.baidu.com udp
CN 182.61.201.93:80 bdimg.share.baidu.com tcp
CN 182.61.201.93:80 bdimg.share.baidu.com tcp
CN 182.61.201.94:80 bdimg.share.baidu.com tcp
CN 182.61.201.94:80 bdimg.share.baidu.com tcp
CN 182.61.244.229:80 bdimg.share.baidu.com tcp
CN 182.61.244.229:80 bdimg.share.baidu.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
CN 14.215.182.161:80 bdimg.share.baidu.com tcp
CN 14.215.182.161:80 bdimg.share.baidu.com tcp
CN 39.156.68.163:80 bdimg.share.baidu.com tcp
CN 39.156.68.163:80 bdimg.share.baidu.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab2CCD.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar2D60.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 47341b30239c7e14ce9e48ce78ca209a
SHA1 455f7603adaeb97c16a7628fd659dbcca88c21fe
SHA256 e503548e679169a595723e75396af60af933a973e623098a422c9216decb37ab
SHA512 f083023a5a1287e134fe4c9c0a621b97a3eb02261e5a6005e93263dd7e285e57748838f6566629440c6fef41b8c45a7eab795bb4013b7e666143a722b85d5807

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c1381fc991ac6cd5dd20c6a35477831e
SHA1 a7b9326b1c17395e8ec398b98193469dd81c9620
SHA256 fe4e62e11c0cce7584137bbd2efd9a04c99c83da89f6b680a6e24d13e436c314
SHA512 0180284f038b407d1edd30d577491d6dec3b178d34ad47f49cb9b8f6058e7f2622068b1b1153059754e148401ef074a613e042d47c9b7b97dbf1e34464ffa18a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d7ec69f11369bece7f8c436f92b49e6
SHA1 cc06659d35d5c0b9d22c93e87d6aa14509f70ae8
SHA256 4e40ff3df164f449cd86b71f423dbc3f27f5f9a8cec2f6446649954f56ff582d
SHA512 7a2431dd421b40543519eaa22f532c69c5f2d5a79f4dd8329c4bb965710b7ab82c04346e47737adcd9691a4d1919264206d19eec6ae42c3cbe36a139ced8e986

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2326b4d2a6583287af70631459f943cc
SHA1 e05a4690585c442d04eb18c62c5304a67be0aced
SHA256 e8f56705c176443cb7b350baf1d01a52cb51c197c30d94fb8d9acebe95ad11ec
SHA512 06b798f08eeaa2e07ed905c2b1200a4dbb361b77fe80c108a8f63bd44e66f54207af09d7c366009d367a9b6cd4d1a926c975bd0e78f78536cd265a723bf2820e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b7948cb931b4e1b44788df38a24e83a6
SHA1 3b6aa7f95c61e51347827646016156b8ce309f16
SHA256 ad4b8faf73f4cc8f0af6d794e0b81c09ec769fb09dd929cd7367bc2faada2430
SHA512 f433676e0e3e57f39cbc4723a151f984c5768e4dd10572d93f56ff16e49d49fd9ce70812e664ea9ded5e7e9c61afb360facea83a24e7c8ecd3dc4154bc27f253

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 947337b1fa6968bda118ec5ef34b87d4
SHA1 f2972d461e1f07af3bf88a64c888a5124723f12f
SHA256 d904b31435ec413dbb8ad4a59f4079c4ac6debd3bedf824f933f3e6bdae90bb9
SHA512 52f84ccd3435f1389e478badb5e2a1043eb4667b73062e71714e8826b741e2d7366d46e6173c34f0668ce8e88ea1c9f809931417e1762f48c37af1de5f8b382b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b9bbe40228f3391324342a3cc774a3e
SHA1 55b4462a3c6a4ec7610d37641b164d0949a4e08c
SHA256 76fefc5ab370b7ddeb41f0fa469127580f92b4c62f06578b1e61e8b77e4ea5d9
SHA512 64346c42bbd14e7cf0046c13e21f4f0e8dbce5652197431496cd9b3eb1fba2e3641d05e9275feeb157e8219e40db61a9138f7f9bb76f1ce000527a540dded46a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 948fcfd326ee934da0dd2d091b5dac49
SHA1 c820df85f9f6b4acb31b9e58eb7ecb667b3853ea
SHA256 55f86036b3dc1739bc534075a7e364b655ec50170828343b06ef971f8bf75f13
SHA512 bc1fde82fb7237400a9c78e896683883fa2d81d54d744da73d83dd705bb7181a676c5ffee4287e36c83dadae8d4076c2d2031f19fee2e729e752c2a7991cc7a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 38aecaae8dfa67e058cf08c5173a18cf
SHA1 685ca432dd9e9797c47b1f3eb33d6300a234da6c
SHA256 b907db1a5d9f0015e263cb25fa4f8c39b653b3e45d1d7939eb1e96acc8fd37bc
SHA512 49b6ebe0c28d5413e019851596a120f37df2a5d5d7833e1c4108c4e6a1e3c1281b0e64f5f52367179c237a3a6455accc99951b541b8ef32cb2f4b3e8dfbd58ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 466ea0a37298077ee8da06f07a82fb6e
SHA1 cc056fb60086dda9a192412540ff3d08ee064e1b
SHA256 c37cadd36e9a1fd85759b508a325f2c3f0d451e4c0cbb8f11601877d8b1e10d0
SHA512 5aa2f61bd34d2fffe3cb552d3e4b3b51fcc5ba6b2b8187c4d65c684b6313ed99446ec06a0399706a587d64f4a0bb489e5026257190e3d7aa2d18198e1d99002f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08929f51eaf5b3d07374476d6a4735e0
SHA1 b974d4b3e726446dc90229cfe1194cb53056d2d4
SHA256 eda2491beb17f2a8f1aeeacc5c049a9a9b7b702ce7ab34c41f1404ae27d3d0f3
SHA512 718d4ab639fc87fa3990a12c93c1f34e856489874bfeafa728fa4e0c3d773fcfe435a0ee18ae5bd50c5de7a0ab6132456a5115e785e0c3411a29ad0fef501dfe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5c4bd9cfc5a512d35c2e541a30cae6d1
SHA1 9f8434bde6f5888169a879f68910191f83785b8b
SHA256 dafa518d7cf7ecc952e994ed010052167203ea9e23c50a7a866a59a80c903179
SHA512 433eb024e81cd83f6ba433a4be3f7bfcd41f7a6c707bc3c87501beb51214a7666b3c45ed25ce28743585ff12c30b860b5fa672cb001c55b47c5ddec2be97c077

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 37176b3db39dfa42622482199073e1ae
SHA1 7f09dc0946ada197dc305a7ad0b30fd6c064937d
SHA256 584f7a52370ee6e6aa426a36c1e5f2b2a7b4d9f9ed862ba472d5bdfed7a4ef91
SHA512 820dede8764bccc6114d1ab4445b8184ae557c7d6767af2c43bdfb175e7b27ab053f2ad54fdb0850bc30d35690767bfb7a9f1a514d83acd480fe3c39456abc34

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2d2e1292a5d0905d08f68279344cc82d
SHA1 cb15f851a28d068b036ffc80c9c4efde6c9946f3
SHA256 e32f0fd88d9a6fe14233632d9645c904497f220ccda594ef04b2b11c4b0c5151
SHA512 f90a1116c380b2e04ec22f2017750e9166b6261bf0b64cdcca25f8f95c58fdbb0f3c08d03f753979eb630ebf4b2652f1d89da16c5c37415864184bcf7c36de79

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dfd6a3451fb76763d04e77ec48555a4a
SHA1 da75bb4f6e11053afcc7daafddb6f1ad953a0a1e
SHA256 ec33c84e777a8cf0753561512b0565c3dbce06bbae20b42b92157c3a3020db7c
SHA512 7176df3378815f9fcb3e0872e87f18963a31e91821f79c61364bd1e0ea03a29c64e3697acdc4b80a871ecda3d19fae2442d8b72cdfd5cdd63b89d46d549b08e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b674264f1a5070ca6e0ba9e25ea867ca
SHA1 f25161991968ebc4229b5c32d02294bc6c24b9b4
SHA256 33a1d3259e0771112cc396f71abd93cf65c3bcbcf03be019d27c7e906a4d1343
SHA512 b324af3d16461345b93b1ebc8280ac8817dd0473b716b42f34ead6b8cebd424c79756b4583651ce4343955a8e6c9c5772fdd75109f6f47ae13bd417ad3fb6bfa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 af5e511a5522eee41ea7f752d16fd8ad
SHA1 3148da899785136bc1ec2c8ea4ad90fa9ec09870
SHA256 d7331f1c33655af68bba651e166ac467551b7578d2c9d26bf829908025e931aa
SHA512 6a1200abbc1b16c0ebfec4a158fde5aafe6d230ce51ee32024d079f55957b911da2229020dca49937fa28de963b4f0c42c4cd56f67c9508b27bb74724e4409fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 39f38c726ad7016615c060ed1313357b
SHA1 504274b212e03a16b36523c6d248049bf90d771f
SHA256 0be286d213849aa32961e2150b17e3ffaa1686dbafc85997515a2f12a3e5c769
SHA512 479185322303af51361ba3d73853f8bc09019e5e8ab6bfe6aa93940ee5a9d10d76fd725e95ddc160964ddbb40c02bb5e9db8d4aff0046af33a23762beaad2ffb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 067e617af007a87138f2b454d4773edd
SHA1 9fe9457c85e95570f52074e48a9001db40afba7a
SHA256 ab10897d4c2cc4a76644f5ff12a6ab5971e37cd9973796afc8938bb250d49222
SHA512 6e1745d9459d9eaad7dfd8a68249554b0f03de3ce10c1de413fa159ce0042f012b1e80fc3d06a825233f129d461a92d40edb836d88f7860740be657b3ff3bcdf