Malware Analysis Report

2025-04-14 03:55

Sample ID 240612-wye2bsydmj
Target a1b4db7d2e2007c229ac7d7c9f29bf53_JaffaCakes118
SHA256 2241bbd6c002e9f26a7ad54aff2cfd6d59e3e7d06f0755e8201ba401143bf328
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

2241bbd6c002e9f26a7ad54aff2cfd6d59e3e7d06f0755e8201ba401143bf328

Threat Level: No (potentially) malicious behavior was detected

The file a1b4db7d2e2007c229ac7d7c9f29bf53_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 18:19

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 18:19

Reported

2024-06-12 18:22

Platform

win10v2004-20240226-en

Max time kernel

142s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1b4db7d2e2007c229ac7d7c9f29bf53_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1b4db7d2e2007c229ac7d7c9f29bf53_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4952 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4064 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4080 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5420 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5904 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
BE 92.123.52.36:443 www.microsoft.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 2.20.12.101:443 bzib.nelreports.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 36.52.123.92.in-addr.arpa udp
US 8.8.8.8:53 101.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 200.197.17.2.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
GB 172.217.169.74:443 tcp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 52.168.117.173:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 173.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 13.107.253.64:443 tcp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
BE 88.221.83.202:443 www.bing.com tcp
US 8.8.8.8:53 202.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 211.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
BE 2.17.107.114:443 www.bing.com tcp
US 8.8.8.8:53 114.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 31.73.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 18:19

Reported

2024-06-12 18:22

Platform

win7-20240611-en

Max time kernel

133s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1b4db7d2e2007c229ac7d7c9f29bf53_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{50B0C321-28E8-11EF-8E7F-CE8752B95906} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424378239" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 903c2025f5bcda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000008d3be734c5583be0ed75c370ac11d9aac8765761663bcf9eacce135e2d03c409000000000e80000000020000200000007cab3ff4c3e89fa4cd258b36560ca9be445b0481f74d8683bc90848c1712ae6420000000f97133bfbaa2f92ab9ab52110d3706c2ab84ed9157f3fbfabb769b4804ab6d36400000008b4fbc3a0cd9867ab506c077c2f5bc33283232fbb9a256ef5028477858c1b505a7dfa26584892ae8dc68022af57bbeb53dea9912b12468ebe6f5511ca145fbae C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000c30f211824294deb607be4457fd31b315a58d99e16e601c2f0fc27b5847c3db6000000000e8000000002000020000000b61ebacbceaa499efe20aa190f6315c772efcdcdc33d27065a6bafa3fb1c6aef90000000bf017ef7c3f29fad82d2b223a405b0ae3a6ec030db0aa34cda2e9ed3e0f2c0aef0a509ff453f73e8ca1ba87164da2d37ccbd4e16c825e113f54ec0f5757cad48ab811d1b4252276a64911d1eafd539a63afeee1e16b4cdc8c7c631e8d539d3a67cd012a1746089c3c5bce68e2cd0211754f328eea90561d44205fbd193db85cc8668b0ec30b6f66cac561e0f9ced84e6400000003a67fedd216dde1f0c33d998e5c13a4ac2feafe15611515aeabd36486601f4d7d303b9a682aef7922203f91ea401045e868dfe44ecea4c6376a0dc4251ea3a7c C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1b4db7d2e2007c229ac7d7c9f29bf53_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1124 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab2916.tmp

MD5 2d3dcf90f6c99f47e7593ea250c9e749
SHA1 51be82be4a272669983313565b4940d4b1385237
SHA256 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA512 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

C:\Users\Admin\AppData\Local\Temp\Tar29D8.tmp

MD5 7186ad693b8ad9444401bd9bcd2217c2
SHA1 5c28ca10a650f6026b0df4737078fa4197f3bac1
SHA256 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 190e9c94386d9c2baeecfe0c041792ca
SHA1 2b0b13de3fc03cc8a473c05c5f107c41076faad8
SHA256 df9d3fdba14295ec9487b6ec177457e3658150cca60e1d06323e423a8ebaa54a
SHA512 2cb7d0b43c766a1688842bee689d3fb391db9078d792fd97675a1c0de453c22d6bd7714e38f14b65cee9829b29d797d9dec7f48e4bee4de789b9ea1eb5cd421d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7471d59434e468e45c229c4ad217de30
SHA1 627ef8b369c7b8d20ecd696653a70552d5e84e59
SHA256 43350f9e26f28c2302e0dc593c8868ecad5e7f2d2f7733097bd9c421c18d3909
SHA512 def9569d3216afa604193d13a126d545736a9c48c1f8f291ffc8e3ff91be36d09df4fec73883ddd54448cc27b99f98ab083d87fc40433bafd0e6bcc80140207f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc3a7af15de591cccbd9293b01c38343
SHA1 5af7ee55403bbd627c452ba692b487f6e48d46eb
SHA256 dadc72a020ce89398270ff687ee9143c615af63d30eac4aa3e535fdcad7a378a
SHA512 cded82f036adcf95b3d216464c79473e2f0df5f3040dbdfb1f20692e017ade19668628f3c3ae6901a5ad13ace1cbe1439588827dc62dc9e7f0df63bcf267c82a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c9395d12633114b97613d14a92cdbc30
SHA1 c0dc8ef648ce2a210b33c9550dd8b8ad557ab469
SHA256 c96e891c20ae4a27d9389236f848cc17df2b0e911e764dd48b30063fdd72d354
SHA512 aa10cd2d545654ca213368eab96cc8133ad4af88bad65b77418d7fbfffa04da1758c0e9fcb9ba18a549acd72a132b4620ee3e39d7d7e4559811a304ad1b66a73

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d6713b915cdf333a6f84cb7c90b2374b
SHA1 eb570502b9bca1b07007fa9080b8efe05d170afa
SHA256 370fead9bd4974849608a19c48e855d4071be231cc6654e4ec1ad632d32dbace
SHA512 6198d768bc9c52394317655317a36328e4d7da7bc1636415db7e32c3b373b619cd57ddb511c96f697bf2d26bbd378b0eb11c91ffc9f4264662fe75eb7767a9fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 115e1fc75dd93b1584d1ef77d3ca8e7f
SHA1 f3f669f2032262255b5e1a86fc3be98fd835d696
SHA256 2d47549e60eb1c472a43c63c0b2c850aa02c8912a66380a5e833944fd63620ef
SHA512 e94975c97c0c2ae7a0f7183ff9bb89864525d0dccc9b2b8091a87896a684642b6da31b9cf1495f9de650d97214aeebea7d13623b02b870ebe0905b6c24c752c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 341a05415784d4b11f8af8b2834171cc
SHA1 e02ab2fdb9ba7436fce13e152ef72b28445b9d19
SHA256 b77cd2cd77136c650124b70c0ebf5dc49b45c2b887b8a7408b67d809875a653d
SHA512 6b1d987aaeb0d4c518757217ec011293d53ea0f44d937956391d42a70bba02c36e415d269be203c4b36e77f3f728c11bbc596628a874dfe9ed064cee854620d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 556abc2cda0bb87cf671fa299e50ded7
SHA1 996beac1b4f35dcd917b0614b467dffabb9ec49e
SHA256 0d2676e69aaa266ecadebaf38da4ef44cb846ad2fa0e26db1aa5a5c032336dbb
SHA512 22b6f84bb526348097ba30527a43af69a11b32b304304da530c2a087b18e6607c67f8030390a4f2cf5d88ff7528ee957ef67f37a40e73648c644ed623a0b596f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 86078879f6d3edf7f9a2b9bc6fe08f7d
SHA1 3c552d648d24eaadf8652a154bc5e9e2a1ac43d8
SHA256 33cc11c0eb53b57e89ba0378a9331b901caf481d644c49e950b4d344215a5169
SHA512 148556a735b97a3058248d212b570c69ab01e3110f5ffcd7d022ad11222f26aa49d21e9c8189514d2e8f7c80597c33673114c60f0372656811840131b302c4d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1d4794e6f21666e77d3874070a4acb68
SHA1 5d5b54bb876543b7b5c57cb021a2b472674cffe8
SHA256 585742db85458ab4179a21b6dc67fc4c39e1fa6bfa2802e90303b18e6e8625c4
SHA512 2797698b52e5f56b027e7070a33497b7cbe3901f4de3d199ff9f45611eb3aad54730c6726ead7312678a32fdd8f0931cb831e7eeb61cd1e19078da61fcf42823

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca73dfee5bcb338ab93b3d14d4a9e2da
SHA1 465417c8bccf833918c84d82e6e483688bc9d93e
SHA256 7abfa65a7d308fdbb71fd91c4cd6676e5baa4800b4cde73a7240c23db7d99fc3
SHA512 254c7b658c1587215078e8def1ea448158fe2438e5d13d0c55fab54aeaf8f5c30485026591bc44738fb86e078f5629fb675850e4d00b981a4bfaa5a51b86a957

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 87c101beb16577aef41bcc92dc1dbdbd
SHA1 5d96ed63a5070f67308b9f13ccd0a63dbc6f37c8
SHA256 3a90f96b8cdef79fefcf7285cacb95e6865eadfbda198ccd1a18471670276633
SHA512 b3677169cd580d40f73bffcb707a10228594a609ed1abcbb9acc724e8527bc454833a98e8d0c98d6a0325c5123493b66a170c0f4ff737e51922f8ab2650f3b13

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b80bd4466a90f83f0f914c3d951566c3
SHA1 fac54ba3b2803a553268afd2a767f44e4da13e81
SHA256 6234d376d3e0bdf8e02c6257d5b6934438f56e207dbb9f3d5cb48b4c63d37671
SHA512 09d4e5813b1749196d8398a9f86ecf2b356140feec47ab5101e936e82c5555c8e04ae70306f30979e90c5984cbe3b1e239aca5862e6f973e8055c0d5f27e9098

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3813805dbea6952b1cc7e00789e456d1
SHA1 e6cb532851b8292f01feffc7deb4e800d4a227c8
SHA256 460715fe08bcf18c23ad4c64c34ba86df6dc972fa1c16ff1256b30b522d46de6
SHA512 e25647e5eb825cb9e33d8f0afc2400f80e5084e373eb1856c5f48c1740b7641ac03028577d959340919e093db9ec53f395ee0fb596d0036bf5bba84faa744ed8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06de4d209afc0495059a1cbf4a66b150
SHA1 2908064f9a6f70c3161c0e3eeb87e33f8b6f62da
SHA256 e5708e0b1ef3dcd92eb15495ebb23798d9f4190a2558ed938d266250c66bfa33
SHA512 06afc8e6e01d5ac686cb368b065058c5747f31c2b023d9cb42a6db73c8ab39871173b713ced9ff9640c0998bf46653ffb501121176e66d86687e1fc01f2067c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e27e0b122f9a695c0c598c38ab0b983b
SHA1 30f29a13457aae33cfa14423ccd1ce0a2a34b2f8
SHA256 d4d8df17eb6d55a8c6cb59b8bd4c2cb5ed732fb281f86ff02d81383dcb923466
SHA512 bf0b536c89dbdd6dc454406212eeb9ecb237db16f64bce03daf3ee7d353c122cf86c2c3abd9b96dcb9314a34418822948b28ae40f4fbb583c6cf7e1348c08220

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 873b2194f5f32d3e8d7bb52562c6c6b6
SHA1 98d19485311bac874c5fd322255c0f7f371e2950
SHA256 5d8461bb005ca42dd9af05f0f68abded31255f5e1f52c0b852c655d83357b270
SHA512 f75fd9147fba7a0c58030f55b6c3beecbb61e94d171b7a64ee76a2f5f7c1dd598a3a76cb831ac13779945487142e16c3d9a73a9b0af05cd530504649432631e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 32f2d8a0eff6393f50d378ba485ae3c1
SHA1 7f9b7afb716c9c07a0c2a7fc5b8845bfa203ec4e
SHA256 d8dacf5c33870b2a689dbe45217ddeaa564b6240cd561fc69176e97f05323c2f
SHA512 abe5f22ce85d0da4c3d518f4cbf9ae8308534c8ef1144ac0063e550ac40f2daf2eca9beb8db908c979a50384cda8ec24b49ab08281184080ae84f094b7fe1c25

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 817f1a95c1ed209fa761acd2a7e85b9d
SHA1 6240bb5543c83d6cafc8145c9d4e21a133d13891
SHA256 36fb1639bc9cc8670f4ef944e6483d9ef3c5eaaf3c3c792b45c8902f2a68cff0
SHA512 0023e804ded92c6c537f1ad5e3f632c1b87bb9fd484ecd2a8c249304bdd5f489a9c83a1d22e6de2eeb138bf6994b774351e8142972f75d28378619298e377a03