Malware Analysis Report

2025-04-14 03:14

Sample ID 240612-y4apxaydrb
Target a22d41176912f050704164372564dce2_JaffaCakes118
SHA256 13c5e678d6a2f9bb4b7e7afd9fe91d5c5a09c2e209d00cb3cc60616685d04a7d
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

13c5e678d6a2f9bb4b7e7afd9fe91d5c5a09c2e209d00cb3cc60616685d04a7d

Threat Level: No (potentially) malicious behavior was detected

The file a22d41176912f050704164372564dce2_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 20:19

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 20:19

Reported

2024-06-12 20:22

Platform

win10v2004-20240611-en

Max time kernel

128s

Max time network

138s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a22d41176912f050704164372564dce2_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a22d41176912f050704164372564dce2_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=1432,i,3671441404766730751,12082497324212183132,262144 --variations-seed-version --mojo-platform-channel-handle=3996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3496,i,3671441404766730751,12082497324212183132,262144 --variations-seed-version --mojo-platform-channel-handle=4300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5268,i,3671441404766730751,12082497324212183132,262144 --variations-seed-version --mojo-platform-channel-handle=5308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5448,i,3671441404766730751,12082497324212183132,262144 --variations-seed-version --mojo-platform-channel-handle=5324 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5336,i,3671441404766730751,12082497324212183132,262144 --variations-seed-version --mojo-platform-channel-handle=5548 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5292,i,3671441404766730751,12082497324212183132,262144 --variations-seed-version --mojo-platform-channel-handle=5972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5648,i,3671441404766730751,12082497324212183132,262144 --variations-seed-version --mojo-platform-channel-handle=5512 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4040,i,3671441404766730751,12082497324212183132,262144 --variations-seed-version --mojo-platform-channel-handle=5836 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 s.gstat.orange.fr udp
US 8.8.8.8:53 s.gstat.orange.fr udp
FR 193.252.121.221:80 s.gstat.orange.fr tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 2.17.251.4:443 bzib.nelreports.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 104.90.25.175:443 www.microsoft.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 221.121.252.193.in-addr.arpa udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 4.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 175.25.90.104.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
NL 23.62.61.129:443 www.bing.com udp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
NL 23.62.61.72:443 www.bing.com udp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 224.162.46.104.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 20:19

Reported

2024-06-12 20:22

Platform

win7-20240611-en

Max time kernel

139s

Max time network

141s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a22d41176912f050704164372564dce2_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb810000000002000000000010660000000100002000000075753ce36836282b41c884d8e70661b4f4d559ac649a31ccaae4581d7147f0e1000000000e8000000002000020000000d579a3d9e3dc321e0c19dfb446048c6de36c5465f812d8afc55fb403d4311cf020000000ca7f48deaac6fc3f616fc6dfc378bb5bf2b0739fb40bd695e2dd8935fc6bcdbb4000000038135b22ef79ca301f01449df948b162f6fab96b4757e55af12889eedb5d54e6e1b6ea3e8e7fd9614717013dcc81b9a6b8cc2be08a1c0da7c6d403d3882a9125 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424385460" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{20BDC491-28F9-11EF-91CF-DA79F2D4D836} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000008c3baa04c81a80252c5bc927fc68cefbc889b1ab38b709d9d1644ba9b5ea4c60000000000e800000000200002000000068a241a680c2edf0fcbbfde7862a701c107d689e40230a1437df06847ce76609900000005c06e0973e658106b67e4e24adfec956766680bc005b955df05dc5a286384820dd220cabec3b8a46b14d0e3570d1b375549183cfd9efff81e895224f6ff6fb837661e22d6a4898d9233ae3f995f39177bff52a3848a1550b6bd0c74f933779ce2df23939dbc93db82ee1ada1c17b256d86ab4874fe978f34cd80bb44e7f3e173d72fa2d7d3f535a2b5c233d66dc2e0f54000000082505715740d57f5ee59446a31644df19a30b6a48bc828433bbe1d057124148440c6f40d08edd3a757abb92589f6742694ccf35963b20bf5cbcb63eca6f88089 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00048af505bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a22d41176912f050704164372564dce2_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2808 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 s.gstat.orange.fr udp
FR 193.252.121.221:80 s.gstat.orange.fr tcp
FR 193.252.121.221:80 s.gstat.orange.fr tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab2CFB.tmp

MD5 2d3dcf90f6c99f47e7593ea250c9e749
SHA1 51be82be4a272669983313565b4940d4b1385237
SHA256 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA512 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

C:\Users\Admin\AppData\Local\Temp\Tar2DAF.tmp

MD5 7186ad693b8ad9444401bd9bcd2217c2
SHA1 5c28ca10a650f6026b0df4737078fa4197f3bac1
SHA256 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b257deec879bc3f3bed195bee8bfcbc8
SHA1 ddd1840dd34564272ab8c81d9966920717bc4cd7
SHA256 78c02ff2cb21ad2fd1d31405221dd3b4445e8f656608300f18fbc8e7683aa659
SHA512 bea2e4ffe332f901fb717a4c2a48c5351dcf8f9491bb3bbb89e62cfcda164e91da37a1169298894556cd93472580e4fe12064570c8dd42940fbfe3a8bf5626c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d8ec6d4334acf10d5d195634d271df4
SHA1 19bdcb3d7f258144f272732669aff58d0e06c3fa
SHA256 2410506f99cd1e0ea8eef9a9e5e2794b78fa86a51f1cadd5c9347ad0782ae4ea
SHA512 7f13ca35c60f488193dbb4d7c17752fba67624b8c083b3387818b5e40b4a58f2d2d019531675728402e463c8d9e1b935b902a079d126dbabcc8e6684c8276ef6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 17f69251dac662092015f9ed2adb92ce
SHA1 999b25345c3a0101a44f30a0b22a31c6a987ff3d
SHA256 882ebf908a9c35b193eb86c7abce70964224b41e49fc39d5f688d389d13bd2c8
SHA512 d86d5318fdcc23dc1fec5b55b276518b9fd0b11dadc9192d95a83d1705bb530c4979a02d68320422736ccb57de97430f0780be33dbdbe2000f4de116d13f6c43

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 12c9e4a083aa00c34ba33fb0409f7f80
SHA1 2a868aa4e779aa668ba0a9556e75d8a4a9c99b7d
SHA256 e95e4ab4fc44bbaf8b6f234cdb2e3e7b6fa144746d2570c119f39040d388db10
SHA512 15a8da03384abb9a05e3d025575d427ec362d559658a5535c0869cd138db6171218950bec45547628d18c2ee2f461cd7c24859367c553e4bee1f638fbc6f4f0f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3240565a2c1a03c4ad5c68eb2f22cf54
SHA1 597ba6fa1dd6c1f759db4102adc496b4f67d30b6
SHA256 88c98f7abab042e33bb3fd131c70bcbd0e3ec5b024ec67370d75f9b73a6613b6
SHA512 c88c2cacea5ab59bf5aaeae90f0a44e099267ba1bc18dcee386c8bd6bf568f6b024be5e649c6ddc96a9f59b21e7604bfa3ff3bf9e71fdfc456fab5540a8edb6d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 159d65017caaf8845a1ca92a8447646b
SHA1 3a2a286ba3a15322204911281fc1b9f138fdaf7e
SHA256 d306b0d51a6c8cdcb835823f6507441d954f4e60309a65e2bc515b6d68397741
SHA512 ae88cfbe72a7363533a697b322ccd8c79d54b09f747e3727eb771133060e7ec495c877592cdc929dbd1f8bdd18869f8b6156091600e82264c275777d2aca93c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ebea075477c3267d73b529f010660d24
SHA1 060839072df1c5973c9cce5dad1ca417b235faa1
SHA256 d19012186bf86108fdbb81dbaaa25d1f3686308959f8ee0af9e87714217ffbba
SHA512 51530749779b38b3f9dcb560994852157ceaa22d242b0363edf9ad0924c16709785ca34fc08d66ccf4df732ee5db5e1de6056a5794345932ce1afb3d28b62421

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a36d44b62f2224888d58d92c0be42d91
SHA1 b815640fd42871feb84dffcdbb0b28c374c8341d
SHA256 a7e9bcb87577f65c530950877d25255d35abd451353e4e75cf325ee0caf459db
SHA512 0a0cb62e40c7b4bb23438401059fc55a80a058c4788277cb0f4cdcc7fe705c16c4c714ea6a6206f5a8f157d614d04bc8095c19bafd4f1aedf3281d9328de8efd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e859a87de5406f5a7c3a29daef4162f1
SHA1 779dbf1ecda9683eeb173109727002f490e6970d
SHA256 15a4703b2314986c94f7a694713236f4f13b178355c85ff2bba73b58bba4f747
SHA512 b5f9605913903e6679d317a7ef78f35210361f4e98c68ee4c618c7c939a9a333d7ec39e78dd00dc7c2f8a41ebb310949eebcf178d6fea88d7e0c9faeded5da6b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6b758faed59a7ed2f45047c4111a255a
SHA1 ce5feb0a75c64c1bf3d6a1dee9f0fc3dc2e7f5fe
SHA256 d6e8dcff77db736e41944876ac2585f495276f9b4d099017fffdd18eaac194be
SHA512 1e6e765678882a7626e0847d0a491e7cf9db900c5f16d88c0d42fcc130b5f01f626c58c34e101f0c463374b1cc13a9d0b59bbd1274e69b2416d9b98aaa1c3727

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 39c250a106b54473c2f1bccc21353290
SHA1 453c6ab08188840d6bb6871c21fbd7b10893c359
SHA256 172c0c2e950925d30d1a98afbef828144046e61bcb5831ecc0da5ebc14f16a39
SHA512 1ee56ff9a3105fbe4dad2b3a1f47514af6dcc2b83e84787106444d48d82567f3c98106520142ce5ece618987ff6ae1ad75fd86926499d48837579a28bbd2e21f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a9294dab061637588c988b494cd0d412
SHA1 be3ddc929f54a8c84d787558c8bf7184140ed9ea
SHA256 985ea9a9967183e6fa1a2e64c854f205cef2613e1591f9208f8b3ff4d94def79
SHA512 811101de6cc1b0c029bd3e80e792c057524f8e535b2ba37c32b48cec75624fd836648242e5ff0d32213fcdfed3fc62b16ebf4d72bc052118eb885d8b0ce30947

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d3c6d378205163dd84187205b7ef8df7
SHA1 bbae87b32734a0c9b95dc80cd0bbf28100fa126b
SHA256 f2ccbb8323455cac610c6b2ec21deb7cd6cf4d2accdcc1a25c13b9fec3585ffb
SHA512 5bfb22388d490b38dd30bb31124bd3190c8ce30087cff0901ad7f95a35c6b17d27916f375c58482b3dc956f52a7d3f4d70af5b75d665f9f0c0683cf7638920d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb54c95c6ee33934ae7e886f39eb5ea3
SHA1 8217c507724746d6667ec96fec26c2d3d1971c84
SHA256 5a114e056267b4ab1b4ce5b7d4ad87722b4697a7536c63aaf0ab64aace9f3e27
SHA512 a7d44228ac4a0c50acbe72cf4d351bf6db9fa73f781688fb1afe2f525ee745deb59f0212a4ce6d9c9e0f68d727e7008cb4fece4ddd1af4ab920f936a865d4977

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0cf92edc7b74b00ff4c5afb5aa27664a
SHA1 4e3702f48ad34884b4422857ec1b5ae9e67da922
SHA256 514f5177185736cb86ef88692bcb3b6effc5e62397ce5d6a5bfe1b17fbf41904
SHA512 34282ed432de792d0ff61ac0c6b6d11e6f4fada3d2155a61041db09bd62650a815d2627f6531f69e9708aa7e0883e4fcaa6727476ee00c65ee9bceaf69e31d09

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 134b79d5671b846b9fa74f585696fd17
SHA1 51c6ac50d6a357490b8e494e859fd7a315588940
SHA256 c234fd99166c4b815a97b567cb602eb6c1e25957088db176517bd5f4f3a18f5e
SHA512 a57b369b3f6f31e15d9644a9b662bef44a309211d9c7d0cea7f74fe439201e7f1f5b99662ff54f873441ae0bb8e25bf615c27681703b2eec6c3ab48eee239128

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ab594d32aa133a7d5bd51051fd8be1a5
SHA1 46dc371514f42cf588125b28fabce4fac2369604
SHA256 0029671a805c7208e9b0fc67751bc481f5004c9aa3de4b95d0eed6e6b5450842
SHA512 ca98e6645ce1c26810bbb33b37e7a30fb5a5c083477c8a1ea1e8ebbe0f50c6cc1dbebda4940fbda048325b20ef3812c78a7c7a429eb71b162ebf85fc0cf9e343

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cfea01dbee928a418197c360a6051742
SHA1 53f3c51e70870bbedddb5ac5906d25a9fdec9bd4
SHA256 6ba248a29c0b9964669e84fefec2d81bf67c8e9d6a88746196d2542aebacf5bd
SHA512 37b296b4aa48be990140c548cdf71bcfae10ffbcc132c95fa45b6a6679284078e3ea5fe865d6b910e61a90ea448ebc32542a3e3da055a33f45186d32e685d0ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 51a5bcd69505e65f8777fcc1dad20f85
SHA1 6cccee5dd856ff7cc34df8448fbca39981a27f40
SHA256 d48f4dcb4d0241e3f60343dbb8e7e9209047b34cbc9c56bfd6caed2398e6ba34
SHA512 1e3dde610dd1be14d1389a69a5d4668191fb97a886dd79ac1f3dbeba7dca1ce3b6101de6622a3a1cd824bf87312b21f9af383cf4883ece782f8679f507f557df