Analysis Overview
SHA256
2241bbd6c002e9f26a7ad54aff2cfd6d59e3e7d06f0755e8201ba401143bf328
Threat Level: No (potentially) malicious behavior was detected
The file a1b4db7d2e2007c229ac7d7c9f29bf53_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 18:19
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 18:19
Reported
2024-06-12 18:22
Platform
win10v2004-20240226-en
Max time kernel
142s
Max time network
151s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1b4db7d2e2007c229ac7d7c9f29bf53_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4952 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4064 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4080 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5420 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5904 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.244.186:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| BE | 92.123.52.36:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 2.20.12.101:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 36.52.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.17.2.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| GB | 172.217.169.74:443 | tcp | |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 52.168.117.173:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 173.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 13.107.253.64:443 | tcp | |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| BE | 88.221.83.202:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 202.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| BE | 2.17.107.114:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 114.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.73.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 18:19
Reported
2024-06-12 18:22
Platform
win7-20240611-en
Max time kernel
133s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{50B0C321-28E8-11EF-8E7F-CE8752B95906} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424378239" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 903c2025f5bcda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000008d3be734c5583be0ed75c370ac11d9aac8765761663bcf9eacce135e2d03c409000000000e80000000020000200000007cab3ff4c3e89fa4cd258b36560ca9be445b0481f74d8683bc90848c1712ae6420000000f97133bfbaa2f92ab9ab52110d3706c2ab84ed9157f3fbfabb769b4804ab6d36400000008b4fbc3a0cd9867ab506c077c2f5bc33283232fbb9a256ef5028477858c1b505a7dfa26584892ae8dc68022af57bbeb53dea9912b12468ebe6f5511ca145fbae | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000c30f211824294deb607be4457fd31b315a58d99e16e601c2f0fc27b5847c3db6000000000e8000000002000020000000b61ebacbceaa499efe20aa190f6315c772efcdcdc33d27065a6bafa3fb1c6aef90000000bf017ef7c3f29fad82d2b223a405b0ae3a6ec030db0aa34cda2e9ed3e0f2c0aef0a509ff453f73e8ca1ba87164da2d37ccbd4e16c825e113f54ec0f5757cad48ab811d1b4252276a64911d1eafd539a63afeee1e16b4cdc8c7c631e8d539d3a67cd012a1746089c3c5bce68e2cd0211754f328eea90561d44205fbd193db85cc8668b0ec30b6f66cac561e0f9ced84e6400000003a67fedd216dde1f0c33d998e5c13a4ac2feafe15611515aeabd36486601f4d7d303b9a682aef7922203f91ea401045e868dfe44ecea4c6376a0dc4251ea3a7c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1124 wrote to memory of 2716 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1124 wrote to memory of 2716 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1124 wrote to memory of 2716 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1124 wrote to memory of 2716 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1b4db7d2e2007c229ac7d7c9f29bf53_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1124 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2916.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\Local\Temp\Tar29D8.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 190e9c94386d9c2baeecfe0c041792ca |
| SHA1 | 2b0b13de3fc03cc8a473c05c5f107c41076faad8 |
| SHA256 | df9d3fdba14295ec9487b6ec177457e3658150cca60e1d06323e423a8ebaa54a |
| SHA512 | 2cb7d0b43c766a1688842bee689d3fb391db9078d792fd97675a1c0de453c22d6bd7714e38f14b65cee9829b29d797d9dec7f48e4bee4de789b9ea1eb5cd421d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7471d59434e468e45c229c4ad217de30 |
| SHA1 | 627ef8b369c7b8d20ecd696653a70552d5e84e59 |
| SHA256 | 43350f9e26f28c2302e0dc593c8868ecad5e7f2d2f7733097bd9c421c18d3909 |
| SHA512 | def9569d3216afa604193d13a126d545736a9c48c1f8f291ffc8e3ff91be36d09df4fec73883ddd54448cc27b99f98ab083d87fc40433bafd0e6bcc80140207f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc3a7af15de591cccbd9293b01c38343 |
| SHA1 | 5af7ee55403bbd627c452ba692b487f6e48d46eb |
| SHA256 | dadc72a020ce89398270ff687ee9143c615af63d30eac4aa3e535fdcad7a378a |
| SHA512 | cded82f036adcf95b3d216464c79473e2f0df5f3040dbdfb1f20692e017ade19668628f3c3ae6901a5ad13ace1cbe1439588827dc62dc9e7f0df63bcf267c82a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c9395d12633114b97613d14a92cdbc30 |
| SHA1 | c0dc8ef648ce2a210b33c9550dd8b8ad557ab469 |
| SHA256 | c96e891c20ae4a27d9389236f848cc17df2b0e911e764dd48b30063fdd72d354 |
| SHA512 | aa10cd2d545654ca213368eab96cc8133ad4af88bad65b77418d7fbfffa04da1758c0e9fcb9ba18a549acd72a132b4620ee3e39d7d7e4559811a304ad1b66a73 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d6713b915cdf333a6f84cb7c90b2374b |
| SHA1 | eb570502b9bca1b07007fa9080b8efe05d170afa |
| SHA256 | 370fead9bd4974849608a19c48e855d4071be231cc6654e4ec1ad632d32dbace |
| SHA512 | 6198d768bc9c52394317655317a36328e4d7da7bc1636415db7e32c3b373b619cd57ddb511c96f697bf2d26bbd378b0eb11c91ffc9f4264662fe75eb7767a9fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 115e1fc75dd93b1584d1ef77d3ca8e7f |
| SHA1 | f3f669f2032262255b5e1a86fc3be98fd835d696 |
| SHA256 | 2d47549e60eb1c472a43c63c0b2c850aa02c8912a66380a5e833944fd63620ef |
| SHA512 | e94975c97c0c2ae7a0f7183ff9bb89864525d0dccc9b2b8091a87896a684642b6da31b9cf1495f9de650d97214aeebea7d13623b02b870ebe0905b6c24c752c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 341a05415784d4b11f8af8b2834171cc |
| SHA1 | e02ab2fdb9ba7436fce13e152ef72b28445b9d19 |
| SHA256 | b77cd2cd77136c650124b70c0ebf5dc49b45c2b887b8a7408b67d809875a653d |
| SHA512 | 6b1d987aaeb0d4c518757217ec011293d53ea0f44d937956391d42a70bba02c36e415d269be203c4b36e77f3f728c11bbc596628a874dfe9ed064cee854620d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 556abc2cda0bb87cf671fa299e50ded7 |
| SHA1 | 996beac1b4f35dcd917b0614b467dffabb9ec49e |
| SHA256 | 0d2676e69aaa266ecadebaf38da4ef44cb846ad2fa0e26db1aa5a5c032336dbb |
| SHA512 | 22b6f84bb526348097ba30527a43af69a11b32b304304da530c2a087b18e6607c67f8030390a4f2cf5d88ff7528ee957ef67f37a40e73648c644ed623a0b596f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 86078879f6d3edf7f9a2b9bc6fe08f7d |
| SHA1 | 3c552d648d24eaadf8652a154bc5e9e2a1ac43d8 |
| SHA256 | 33cc11c0eb53b57e89ba0378a9331b901caf481d644c49e950b4d344215a5169 |
| SHA512 | 148556a735b97a3058248d212b570c69ab01e3110f5ffcd7d022ad11222f26aa49d21e9c8189514d2e8f7c80597c33673114c60f0372656811840131b302c4d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1d4794e6f21666e77d3874070a4acb68 |
| SHA1 | 5d5b54bb876543b7b5c57cb021a2b472674cffe8 |
| SHA256 | 585742db85458ab4179a21b6dc67fc4c39e1fa6bfa2802e90303b18e6e8625c4 |
| SHA512 | 2797698b52e5f56b027e7070a33497b7cbe3901f4de3d199ff9f45611eb3aad54730c6726ead7312678a32fdd8f0931cb831e7eeb61cd1e19078da61fcf42823 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca73dfee5bcb338ab93b3d14d4a9e2da |
| SHA1 | 465417c8bccf833918c84d82e6e483688bc9d93e |
| SHA256 | 7abfa65a7d308fdbb71fd91c4cd6676e5baa4800b4cde73a7240c23db7d99fc3 |
| SHA512 | 254c7b658c1587215078e8def1ea448158fe2438e5d13d0c55fab54aeaf8f5c30485026591bc44738fb86e078f5629fb675850e4d00b981a4bfaa5a51b86a957 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 87c101beb16577aef41bcc92dc1dbdbd |
| SHA1 | 5d96ed63a5070f67308b9f13ccd0a63dbc6f37c8 |
| SHA256 | 3a90f96b8cdef79fefcf7285cacb95e6865eadfbda198ccd1a18471670276633 |
| SHA512 | b3677169cd580d40f73bffcb707a10228594a609ed1abcbb9acc724e8527bc454833a98e8d0c98d6a0325c5123493b66a170c0f4ff737e51922f8ab2650f3b13 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b80bd4466a90f83f0f914c3d951566c3 |
| SHA1 | fac54ba3b2803a553268afd2a767f44e4da13e81 |
| SHA256 | 6234d376d3e0bdf8e02c6257d5b6934438f56e207dbb9f3d5cb48b4c63d37671 |
| SHA512 | 09d4e5813b1749196d8398a9f86ecf2b356140feec47ab5101e936e82c5555c8e04ae70306f30979e90c5984cbe3b1e239aca5862e6f973e8055c0d5f27e9098 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3813805dbea6952b1cc7e00789e456d1 |
| SHA1 | e6cb532851b8292f01feffc7deb4e800d4a227c8 |
| SHA256 | 460715fe08bcf18c23ad4c64c34ba86df6dc972fa1c16ff1256b30b522d46de6 |
| SHA512 | e25647e5eb825cb9e33d8f0afc2400f80e5084e373eb1856c5f48c1740b7641ac03028577d959340919e093db9ec53f395ee0fb596d0036bf5bba84faa744ed8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06de4d209afc0495059a1cbf4a66b150 |
| SHA1 | 2908064f9a6f70c3161c0e3eeb87e33f8b6f62da |
| SHA256 | e5708e0b1ef3dcd92eb15495ebb23798d9f4190a2558ed938d266250c66bfa33 |
| SHA512 | 06afc8e6e01d5ac686cb368b065058c5747f31c2b023d9cb42a6db73c8ab39871173b713ced9ff9640c0998bf46653ffb501121176e66d86687e1fc01f2067c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e27e0b122f9a695c0c598c38ab0b983b |
| SHA1 | 30f29a13457aae33cfa14423ccd1ce0a2a34b2f8 |
| SHA256 | d4d8df17eb6d55a8c6cb59b8bd4c2cb5ed732fb281f86ff02d81383dcb923466 |
| SHA512 | bf0b536c89dbdd6dc454406212eeb9ecb237db16f64bce03daf3ee7d353c122cf86c2c3abd9b96dcb9314a34418822948b28ae40f4fbb583c6cf7e1348c08220 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 873b2194f5f32d3e8d7bb52562c6c6b6 |
| SHA1 | 98d19485311bac874c5fd322255c0f7f371e2950 |
| SHA256 | 5d8461bb005ca42dd9af05f0f68abded31255f5e1f52c0b852c655d83357b270 |
| SHA512 | f75fd9147fba7a0c58030f55b6c3beecbb61e94d171b7a64ee76a2f5f7c1dd598a3a76cb831ac13779945487142e16c3d9a73a9b0af05cd530504649432631e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32f2d8a0eff6393f50d378ba485ae3c1 |
| SHA1 | 7f9b7afb716c9c07a0c2a7fc5b8845bfa203ec4e |
| SHA256 | d8dacf5c33870b2a689dbe45217ddeaa564b6240cd561fc69176e97f05323c2f |
| SHA512 | abe5f22ce85d0da4c3d518f4cbf9ae8308534c8ef1144ac0063e550ac40f2daf2eca9beb8db908c979a50384cda8ec24b49ab08281184080ae84f094b7fe1c25 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 817f1a95c1ed209fa761acd2a7e85b9d |
| SHA1 | 6240bb5543c83d6cafc8145c9d4e21a133d13891 |
| SHA256 | 36fb1639bc9cc8670f4ef944e6483d9ef3c5eaaf3c3c792b45c8902f2a68cff0 |
| SHA512 | 0023e804ded92c6c537f1ad5e3f632c1b87bb9fd484ecd2a8c249304bdd5f489a9c83a1d22e6de2eeb138bf6994b774351e8142972f75d28378619298e377a03 |