Malware Analysis Report

2025-04-14 00:00

Sample ID 240613-crgrssvbrq
Target a3837acdfab845de4186571e77044d04_JaffaCakes118
SHA256 39de382c09eb57486cfc082fee6562b5cfc212574e8bcdf8f42b4332617908a1
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

39de382c09eb57486cfc082fee6562b5cfc212574e8bcdf8f42b4332617908a1

Threat Level: No (potentially) malicious behavior was detected

The file a3837acdfab845de4186571e77044d04_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 02:18

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 02:18

Reported

2024-06-13 02:21

Platform

win10v2004-20240508-en

Max time kernel

133s

Max time network

143s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3837acdfab845de4186571e77044d04_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3837acdfab845de4186571e77044d04_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=1304,i,4686244434963378549,11462511444150484980,262144 --variations-seed-version --mojo-platform-channel-handle=4328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3896,i,4686244434963378549,11462511444150484980,262144 --variations-seed-version --mojo-platform-channel-handle=5096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5260,i,4686244434963378549,11462511444150484980,262144 --variations-seed-version --mojo-platform-channel-handle=5284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5424,i,4686244434963378549,11462511444150484980,262144 --variations-seed-version --mojo-platform-channel-handle=5492 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5288,i,4686244434963378549,11462511444150484980,262144 --variations-seed-version --mojo-platform-channel-handle=5528 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5904,i,4686244434963378549,11462511444150484980,262144 --variations-seed-version --mojo-platform-channel-handle=5636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5944,i,4686244434963378549,11462511444150484980,262144 --variations-seed-version --mojo-platform-channel-handle=6984 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 trumpix.com udp
US 8.8.8.8:53 trumpix.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 trumpix.com udp
US 8.8.8.8:53 trumpix.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 trumpix.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 trumpix.com udp
US 8.8.8.8:53 trumpix.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 trumpix.com udp
US 8.8.8.8:53 trumpix.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 trumpix.com udp
US 8.8.8.8:53 trumpix.com udp
US 8.8.8.8:53 trumpix.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 trumpix.com udp
US 8.8.8.8:53 trumpix.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 trumpix.com udp
US 8.8.8.8:53 trumpix.com udp
US 8.8.8.8:53 trumpix.com udp
US 8.8.8.8:53 trumpix.com udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 edge-http.microsoft.com udp
US 8.8.8.8:53 edge-http.microsoft.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 trumpix.com udp
US 8.8.8.8:53 trumpix.com udp
US 8.8.8.8:53 trumpix.com udp
US 8.8.8.8:53 edge-http.microsoft.com udp
US 8.8.8.8:53 edge-http.microsoft.com udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 trumpix.com udp
US 8.8.8.8:53 trumpix.com udp
US 8.8.8.8:53 trumpix.com udp
US 8.8.8.8:53 trumpix.com udp
US 8.8.8.8:53 trumpix.com udp
US 8.8.8.8:53 trumpix.com udp
US 8.8.8.8:53 trumpix.com udp
US 8.8.8.8:53 trumpix.com udp
US 8.8.8.8:53 trumpix.com udp
US 8.8.8.8:53 trumpix.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 178.223.142.52.in-addr.arpa udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 02:18

Reported

2024-06-13 02:21

Platform

win7-20240611-en

Max time kernel

119s

Max time network

134s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3837acdfab845de4186571e77044d04_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000ed0f645844a0623ff50c26a9ca40d285a1028d142ddd649f2ff1106e4488ae21000000000e8000000002000020000000d60689bf44014c256882e94bd278700aa551b1ad9be87f27d80bb3dd6125c771900000007161710d4efdd97a73b4efab7c50fe1391c588a1e7fcd631dd4b2c2cd883d43bb92dfed75f593bc14bfd737dd387ecf8d87ca4d089f598d230ab4277fa5fc83fdbaa29a274d966834e9b30b51fd4d2ff99a5fa45d26627fea284adf4126d11befb5013ee11e75ad1af81ee5c169622d3924982505ebf052999bdf1f93cf065949330a2816350251dedca7088afc04d0b400000005d61722757127782a648e71f5372f68f73ddd05c76d1d02286ac7ccc48ca390ab951b2e16459624588521011593b01a55fc9316799dfa803c6a7be8e24e2e48b C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3A558371-292B-11EF-B3FC-D2ACEE0A983D} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a005881e38bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424406999" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000af2f0d401474835ace7f446cee7bbe0efa834365645b8b222ebc623c048f43e1000000000e800000000200002000000058c3f68c5a977ddd7d56ec9efd73d8ff384b90d077f7dcf3cdee67b592e852932000000095d795288f003011ba1bcdc678adb0e7989eab0d6124796dd342d0f100ac8d9340000000335171acf5efb87095d6423abb089470fb09d9280a71dc8f7cff4fad2565562329b52a06a75e689b42403c854d9d027f4f6186913cefbac3f0581611ae8031c8 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3837acdfab845de4186571e77044d04_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1876 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 trumpix.com udp
DE 178.20.102.89:80 trumpix.com tcp
DE 178.20.102.89:80 trumpix.com tcp
DE 178.20.102.89:80 trumpix.com tcp
DE 178.20.102.89:80 trumpix.com tcp
DE 178.20.102.89:80 trumpix.com tcp
DE 178.20.102.89:80 trumpix.com tcp
DE 178.20.102.89:443 trumpix.com tcp
DE 178.20.102.89:443 trumpix.com tcp
DE 178.20.102.89:443 trumpix.com tcp
DE 178.20.102.89:443 trumpix.com tcp
DE 178.20.102.89:443 trumpix.com tcp
DE 178.20.102.89:443 trumpix.com tcp
DE 178.20.102.89:443 trumpix.com tcp
DE 178.20.102.89:80 trumpix.com tcp
DE 178.20.102.89:80 trumpix.com tcp
DE 178.20.102.89:80 trumpix.com tcp
DE 178.20.102.89:80 trumpix.com tcp
DE 178.20.102.89:80 trumpix.com tcp
DE 178.20.102.89:443 trumpix.com tcp
DE 178.20.102.89:443 trumpix.com tcp
DE 178.20.102.89:443 trumpix.com tcp
DE 178.20.102.89:443 trumpix.com tcp
DE 178.20.102.89:443 trumpix.com tcp
DE 178.20.102.89:443 trumpix.com tcp
DE 178.20.102.89:80 trumpix.com tcp
DE 178.20.102.89:80 trumpix.com tcp
DE 178.20.102.89:80 trumpix.com tcp
DE 178.20.102.89:80 trumpix.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8DU897P\menu.min[1].htm

MD5 4f8e702cc244ec5d4de32740c0ecbd97
SHA1 3adb1f02d5b6054de0046e367c1d687b6cdf7aff
SHA256 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
SHA512 21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1A09941071BB40771F697A914CAEFFD1

MD5 f31f6fd0d0a88e39b78d65ea9679fbb9
SHA1 f4d4075bb1b2aa2b446eb9c654de191cd768c7d0
SHA256 2cb544dc0ef352fc2820cc9aa8a9870e15cfe5af144bf4fae4d0540948637706
SHA512 4673d55c152835bfa37920c46e8d8ae6a4b0078661185c05ae96fcd5ea917356f19fa047961193e67797983cd2b0c090346d771840bd512cd3cb4e8de06f51ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ac85dbd0a60536c3092c0a60ce6d574e
SHA1 d8ab93324d798cc9c54c4dba35c1cb208ad66b98
SHA256 efd7d20acdd2788d0f383137dbe83c5b3ea8b5b3ab96c01a8fd3ead2781005bd
SHA512 d91410e45f9740531bf9d39a0beee3cef204f2977ff902b8fd9898a895db66ba53e680b4a5ef6bbecb4648df15af3378c79c6314e40ddb06f8dd3ac55b6a6648

C:\Users\Admin\AppData\Local\Temp\CabD78C.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarD78E.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cb31b1e80d91425b0ced51f2292209fc
SHA1 d1f2d6c630e0cb53675592cc843b39bcc9832ed8
SHA256 17c716739aff418932c27f5f7794a23821189c6a4324b0a8b70811ff29fe66b4
SHA512 4e1603fb15ba77cf90a6c119ef6b84c7246e37c13504b06e1270b9e60790c820f8ee7a6329787c31f39caca94ba22583075cec162db72244dc3d544d27c307fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d627f3ff23182e21c6ca92a1211b0da2
SHA1 e237f5de4aafb4f29a33f9145e3d308874757b14
SHA256 ec10cea1a408603e5cbe63af311860a4532dfae14e2c268e8f782b5db9c1cb28
SHA512 65ebc7feadb13ca46ffa2159c32ee6abd824a8aa79a988dad13e6139e4a65f9d58fb3c5836690d58a5454f62f246e1d0dcea034b835ead0ac8e1b07bcc7cf1a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9472a2f4ec9db9a0a6a8fdeee38b0557
SHA1 9bfa457ca21b89026a57a201c254684ef1f9f898
SHA256 8ca1f136cf7a88c3986fe115660ddc4896ac1f843210e0420d2b42fae4916075
SHA512 e5aa8d48c409b12059ae7e2180a6abc7f3899275fdef8e589d9bbe2912b218d9a698d87b84f77a71c79edf1546df138724a5ba386230e591b72b5e1e0ac68076

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e441d2f69cb491d452f3379b2430f4a4
SHA1 3f9f91c75a556aa483a885c880d6b24b84da60f8
SHA256 ca05d7c5b33f0104c380cb60b713a6a585a7bcc4bf9d4b5e5554e33d9ba9e63c
SHA512 c6865163306dd14ce07497d6cd50fbbb1dbc39d75a07440f067d4de7652e9e831241a8d24b291e3dc18b7c6eff5390457d5957a68e3f9064ef231343bd374702

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d094da23abfe78377a4fe1b533e9618c
SHA1 090e5f18387ad4d7da8cc8c5e6dc4331ef34c926
SHA256 8ed639605df5adc38e2aede643537bd758258f51a65a80ac9f6c9c69ad74d7bc
SHA512 7932b85a8eb56e0aad98d30dd8f58a0e86dc47e4aa47c2eab4eacdde539d699d38b7304564d58a4b05f2a00c438e89afaf448845d909b5b2065ce06fdd5cf2d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7953ed5bda3419d3f9f77bbae0e88220
SHA1 e31724eee3acf74eacea2119a1407f93cb656212
SHA256 7b6012cac6e72ab85874c0e90b55b0eb097d9f258ae0ed40ef2f1aa0932ab632
SHA512 ba4f3739a830e19f1b10cd6b0823a8382ba34b816bd9dc172b96e6e41e039a3914f4247e6a10e477783b759e83e238fc9800af3be8c73af2936dee44877face1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 733267294356bec8470d5b9e50b7df78
SHA1 7974122bdd8b301afecdc92ae5780a77864e00d3
SHA256 faf5480cd93bcaedb90cde71680b44e616c019a9f84de256e67f14d431e042a7
SHA512 1d8eab8b3229230a1f9d56f0773c1f78f36c416b933435a426218de8058aaca9595af2c69e94361725c781a3e38ab958eb617a76c35cd798a66b5ff495bd1fe6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4539df2221cff27a17af7731f2d73c77
SHA1 77b8b007265bd107d7261fb99b43ff0355e46a27
SHA256 e6e720a444f8f2647478c7ad3eca562b36745c891a69d6e5a2c1ec2738a4b376
SHA512 d4799f331028893d57a355319e54cce4887857c550e0c5d67c9a746442e7bbcfa805ee8aaa4ea1c44e0cec402019fc331c906a146c20f6a760708f1acd834803

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88d36ac9ecc50d38d186d0a421c62bcf
SHA1 dfd2ffc743d4e17a5bbe813b49fbfe7d18113bd4
SHA256 5f27f36377459afabee527cb7e6b45fdf9eecbd46acd8d560929ac5859283350
SHA512 a6dcf8c3c25b0c55134e3a42470005ca06160ac2bb68fd24cb7aebd4b9769eb113651816137c7d1b49bf38b4bec323253dfbe27a0192075be67709654f826715

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a55ad7a3365729ca7203ab1c8157d6b4
SHA1 edebcd15d0595b29a403d8bf9aa0ca14b36cf024
SHA256 3d8ac76baa46c81ca9803e33131c1788f941c64952f2454c76d9be44135a42d1
SHA512 056b1cbc6be05a1a729d41c2df8fadc4b9d03a0aafdb544503093aa90118dcc0aa34c9a6b7094f3963d497d05af4ec64ba42bc38517b5e8dc2b5678b75f894f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fcd0079415d95796a6df3e7e2d1187da
SHA1 7041bfff1579ae6e3b139a8cee0ca5a941006519
SHA256 2f48f857fde169cb60f98135f486631dd698a5a1473684923a55943c70427435
SHA512 2cd6be72a481fd888326616fa2fd39542850a3ee1272d28cc9ea591831febc26e8296ab83a7ef843c76aba76a7d4ad9d4c037c99af77e99938dc2c0d5733b80f