Malware Analysis Report

2025-04-14 01:40

Sample ID 240602-2gaceaae83
Target 8faa49c5f46d34ab6dd0c100f6f91af1_JaffaCakes118
SHA256 3fadf01cf2bb5e511bcec8a88c92fb6a3f3934c204390621246ae8d6243c3209
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

3fadf01cf2bb5e511bcec8a88c92fb6a3f3934c204390621246ae8d6243c3209

Threat Level: No (potentially) malicious behavior was detected

The file 8faa49c5f46d34ab6dd0c100f6f91af1_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-02 22:32

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 22:32

Reported

2024-06-02 22:35

Platform

win10v2004-20240226-en

Max time kernel

141s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8faa49c5f46d34ab6dd0c100f6f91af1_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8faa49c5f46d34ab6dd0c100f6f91af1_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5428 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=756 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5320 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5488 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5844 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=5464 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5972 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 23.55.97.181:443 www.microsoft.com tcp
GB 104.91.71.140:443 bzib.nelreports.net tcp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 188.108.11.51.in-addr.arpa udp
US 8.8.8.8:53 158.6.107.13.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.ovh.com udp
US 8.8.8.8:53 www.ovh.com udp
US 8.8.8.8:53 www.ovh.com udp
CA 198.27.92.1:80 www.ovh.com tcp
US 8.8.8.8:53 www.ovh.com udp
US 8.8.8.8:53 www.ovh.com udp
US 8.8.8.8:53 www.ovh.com udp
CA 198.27.92.1:443 www.ovh.com tcp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 1.92.27.198.in-addr.arpa udp
US 8.8.8.8:53 analytics.ovh.com udp
US 8.8.8.8:53 analytics.ovh.com udp
FR 46.105.204.25:443 analytics.ovh.com tcp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 25.204.105.46.in-addr.arpa udp
GB 142.250.200.42:443 tcp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.189.173.21:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 21.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
FR 46.105.204.25:443 analytics.ovh.com tcp
CA 198.27.92.1:443 www.ovh.com tcp
US 8.8.8.8:53 ovh.commander1.com udp
US 8.8.8.8:53 ovh.commander1.com udp
FR 15.188.168.66:443 ovh.commander1.com tcp
US 8.8.8.8:53 logs1406.xiti.com udp
US 8.8.8.8:53 logs1406.xiti.com udp
FR 18.164.48.60:443 logs1406.xiti.com tcp
US 8.8.8.8:53 60.48.164.18.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 107.211.222.173.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 15.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 22:32

Reported

2024-06-02 22:35

Platform

win7-20240508-en

Max time kernel

148s

Max time network

149s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8faa49c5f46d34ab6dd0c100f6f91af1_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c090b4db3cb5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000001b99b3a4b1fd523d4660975bc0839dca4d18386aac586e663c06890e808b4887000000000e80000000020000200000006416e82a78f593014c93a14bceb8733a0f547e270fb5680fb25f7a1e92713f23200000007c8a2938b22ee345a9f5c0c451cc9a5cafea99d9ae6d00aeef5bc89798e0c59f4000000063e70eb31e2252b5609c392da230499be86422fb14e127e5f878bf51f8743de23dca1c59a4b2c081c69a4a4e2d1c5a552a1b19ff5bfe027876a3aa64e681f739 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423529428" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{05F127E1-2130-11EF-9449-6200E4292AD7} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e93610000000002000000000010660000000100002000000072c32e6491f9201b540beece1b9539eae322e9d8dd88ed8431d99f3ab6d1da37000000000e800000000200002000000042e086ef40a4c5bdf423a841307449c0803216557eef4ac7e857b3064efa88d190000000d782b9a2849eceece95b761a9abcc353d2f9081668b38874a612140efb36f394f7a89af09e152ebad8acfe80b6a38cf01ca1fd57d389e06822ab7dc482cf6d64eca41e59fff7598f7a2914e6872174c6ad113516c654720015629d2bd44afcf6e52dbd8994e490a30e3b44af9d03dd6bb282b1adefa57cf5f7147e8052975fc10e11f41662c02fc33a2f4f2fc541b18c4000000074b2004d480010ee82a7bf46d0439078cc83cfef9d3f2d92f19ae5b388aae180993838117e1245a25107cee6f4ce68262baaf3c7c563f6f481374434866d469c C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8faa49c5f46d34ab6dd0c100f6f91af1_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2348 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.ovh.com udp
CA 198.27.92.1:80 www.ovh.com tcp
CA 198.27.92.1:80 www.ovh.com tcp
CA 198.27.92.1:443 www.ovh.com tcp
CA 198.27.92.1:443 www.ovh.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar1E8F.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 697aa700c9317adfa206d51b8fe0d6f0
SHA1 ae1f0fee36b1d233f52e44f2986a33395470ed8b
SHA256 6ed26a41cb3ac823f03864ea640d605899878d3ae9b1b51e0759c2cfa6ae806b
SHA512 dc1f9bfec09738e0d57bf5ef56e94d029c77bc17e8235320cb0e582f90029c5bdb501e08a7e9e45faadf3cd55361ee4bee8184247e671a445761a29aa9d778df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dfd0cb319a11da7ab5143b391ed7f120
SHA1 b54be4a004f0eec369d8b12ac67c11096c567bb6
SHA256 5d88a95852af3023e4264d829086568a6a5ea73ed4af6216f50a6414cfcbe831
SHA512 b2ce2bcc72462e4551bc2a2e239cb4b1b0b38d9e3eea2a87ad701abcad7a4f9399877586c3c3533a00793565b6fe82d31ca98a0b8bb86636c4d8cdd1ad782464

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 007652bbe0a8ceea9dbc756bd73df1c9
SHA1 16ef2dcd41ec38057073bc536cf59e436b2f734a
SHA256 2ae9d2a0ca4c2fe2f6410ef704652c7b03ff2e7f32487d5d8fbdefafe8ebf709
SHA512 32894db0f411181669e237e551ec43712a036c78fc90d3aa541151567ebf2fc70e6cd4fdd0bc3d931429c5daf37fe2745313f4cb91fcfaacd24975eabaf4880a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e21f33430ef976b185a972e012affda2
SHA1 55b6e119cb7b55739c4172cc24f8eb2ad546c6d3
SHA256 1c56fd8448e6f15b7e832f7c33cd51186d1ba6074e0bdc22be6ffc5f426dd892
SHA512 6dc683a5a112a4f8e14e47b0ab1e24bf5085f8815b241a9a242baeafcd897a035d8b331df011b1f7a06e1642b2cd43a5c55715bc5ae1e333634cc03e093f6880

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 566aaba88a8ab3dd5b134d60ba1d22b3
SHA1 f669b57aa1f7c865ab0ad4aad62fb56aa2835e0e
SHA256 731669c2269f23e9a2bdb3707e6b2f885708b187a7a938cf29cc300f88fed1c3
SHA512 cc300fb842c2e5464688274d9dceac1e8e95a653b3be2e48f202d68f4126e7ba4a53e2865a3b82a260f098804583041d2da51bb4da0476949ecd0a3d0a2df7b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c60527315673a004b00f0e2ac800d26
SHA1 9f198fdb43f3e7223f228410f8a85b20a2a87bf5
SHA256 3a8e6bb3ca9e7d4ab20af5d336539519b689feb76d394bd46a73959cf285c83b
SHA512 90561186517217b3740a56efa9e95dfd4479f1445ce01ddc8d2969a8df0ee703f3731a8a97bff3a30b5092a5a5d13597644d76726aa951516ec9f4fb4a9368b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a72b2828a4202e6d4adaf4b8eae1db82
SHA1 fa2c82d564fd7950a374e595882f8223694a6956
SHA256 3ebcf4d69b61b1435909792245aef5a10d912017d57edfadc98eb9cd1f5fef06
SHA512 b18e5b98a57eb86816f4fb8cb6c11f1ddfe4c2d95fa566e1208244ecc9511252c20e9840424d77aeda5304f19e6705e8c77e50a6341a2c6bfcda5addefe0bfee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0969fca2bdf4ac355cf424c21a31cea2
SHA1 17e85c18bd22b29ee087a8066507cb39a4a59b8f
SHA256 7ef9498ab37de01c3985e2c7d24e6f41b65a33bf5adbd9e8690d18bef8f66821
SHA512 421d07bba35a8e2f7de1a1fa99bfa8070665a1ad086f718e2dcee2e0b62327129e61af623e15d74f68e2dddedd2f00840cf3b12aa4292619f734b4366958f76c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f476acd95c5106f1a047ebfdc20b535
SHA1 e5aa5b05385128ec77a38d6129d4ed02dbcb03fc
SHA256 27bfa7424d60e1aa2b2d333cd3c7fdb15fbbe738342ebfd692582d8c18f0373d
SHA512 b955c31a76648898b08f31888a78f45cca6442d8c1bddfb96aa3a99e57c73f379418c6eaa43d7f945bbcea0ae3d6cfe830b6194ab4e2f725bf73b3331fbca0d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca04c069eb39d3b5f34b90d349910d77
SHA1 6b79d34c4dbc451ce3be94753409aba7cda20b8e
SHA256 1c2c24b3cfa2b77e76e43b4785dce1ddede4e574530a40950be9d98ddf6d18c3
SHA512 889c38c3b58f4653f1ae87f030f41e66e10857fc0e8dac51a0b205fd0e94d3581152bfe1e5733150398100bab74d0a22bf361bb8a046e513340337b39b6ffff8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6bc9d7bcdc5465a7db01ac57b452619
SHA1 1f13c382d41df2a49fcb62e1523b40c132f1394a
SHA256 d0b54b31746e76ccd12154485566f38cc88b5c4644b1158df26545fd852f0118
SHA512 05f4f53d41b13f2698638898e34e1a00edc54386baebd937a03a7c79b2e3314efdf493c750d1d38dbae584ca8c41345678820c5bd6e95086adcc5039e929277b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 034e0bd40f571bc6278fc42c4f3c9b11
SHA1 f6916d45eb8017006a1dc3ed75c7d58fdbde6f64
SHA256 06989d3b657d80bd5d2a77398ced6454fb69fb90e1fa42f4d7593e8a617d5f1f
SHA512 ae324bc1e63db9888d5eea629debec8debabf46175ca99bb602a508a6bed07f92c195f56323011914d66080a16c34c4bfb966127586f4597a1056daab23d055a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b3f52ac28821f0873ad936fe65d1e0fa
SHA1 babfa72aa4ee786676ab609edc456bed6f2b55a8
SHA256 104fbc24357d7ab200c2e4059acffbe226d2dc56601111f1e0b62c44a20cba51
SHA512 6ff8e2604678ce92fe6b6f14b5629c0ad4b2d349528a025c176d6c533c043c667fe08a54fe16d91043d7d442ac586973bb4254ce648aeea40fff513f18df8488

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ce3da114ebc852168ef8456af084c556
SHA1 f67f602de3d557f4181c6286e3efd8e0d80618a8
SHA256 8d5bd07dd1a334cdab950641a333bc9166cb7a355ac17c4ad2c0d79de9cc0638
SHA512 3607c0ecc22884367d1621966a3e6c9226c4d64c82f062a60b9707c097e7696551383c52d0d272037d9bfc1f1816c2b0498631651d3f80fc40459611bf9f99f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dd2e00f70c9283cfa45ee9ab9309a404
SHA1 bd984410ebdb77e995ee9be6030b4df0bd33b5ed
SHA256 c3e98fda38a782513131fec1aa4491c2687bf1c9d761d54ce19f1172e7477734
SHA512 a36432c2b8963d12dbceccd30c59514ab0d16875249bac83018ccc144d305a06f26c4b29089551ae2e9bb004a053c75c4280bd2eeab7e731797a8dbb827bd1f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ced54ee99bba249e32f2566d86725a2e
SHA1 b0f632653cb0c8f9e8b001a8616fe21b25682f51
SHA256 15894dbf1bd5a9d9334b913708db97b6658018a63bd08f1a0d2ba9405473d04d
SHA512 ee3cc0f5d2f7afcf3f55622c5e9bb62e92d194d92167f10c4e3ebbfd146c1c1412867b046c56b44cc4ffb018e6caff308b2770af9501a2a297974b4a8464b337

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 abb2558995d38e45309659631ec8c335
SHA1 d2a76e0bed7a141995cc3018e85ec86c4ed8cbcc
SHA256 f05782df047c509d928fc9c00064f4dbd9b633b8d16fa97fe1303e8f7723d7f0
SHA512 9ef54011ba0cf3b23f4e9574efcc99812d568dcd79580dc7c9f55481cc29b2971fd1db65ff23679142fa8cf839ac52974a986b193c64da686ba9ca02d86f461e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 03b2889dd793f7f8e50c3b598b4c766c
SHA1 036d0ac20390f2e529fe48aaa3cd78c0c372ac5e
SHA256 7f97fd13396cb9022ff5b1f71e7daa7a3008cffbcce5a521d309e214be51a540
SHA512 9e0753969d1d17b069bbdc2a065e9aa9af34d79e8070c5f3a60fc660c92b46da8fdc77c976a044e5f994c1b48c1a963e9847379a51b3fdc4176f93388ecca10e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a1b6ca561f92cb3f8327270c66a6f93a
SHA1 969bdbe88808dc6c17957c5086d53c3f5dc853cf
SHA256 82be591f1adb8d1cb58c1f7c54071588ad79af3c6f600d282e7d5b667eedced8
SHA512 599333a29afdc727fb49706eaddc70808096d218408aa143e2accbbf39567fe4f4b808c9433a151c28f0951be957ec4456a58c476e05e12ef67108201ef33140