Malware Analysis Report

2025-01-18 01:06

Sample ID 240613-g7j93s1fpk
Target a431b09287b84c09f558e5d6bbf10153_JaffaCakes118
SHA256 6e0ef4494372cbe5d807d4ed2b43abf26ed6d815ccbe3c5356bb9f8da9ee36fa
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

6e0ef4494372cbe5d807d4ed2b43abf26ed6d815ccbe3c5356bb9f8da9ee36fa

Threat Level: No (potentially) malicious behavior was detected

The file a431b09287b84c09f558e5d6bbf10153_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 06:26

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 06:26

Reported

2024-06-13 06:29

Platform

win10v2004-20240611-en

Max time kernel

128s

Max time network

139s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a431b09287b84c09f558e5d6bbf10153_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a431b09287b84c09f558e5d6bbf10153_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4416,i,1400471177590024469,587385956640537806,262144 --variations-seed-version --mojo-platform-channel-handle=4732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4260,i,1400471177590024469,587385956640537806,262144 --variations-seed-version --mojo-platform-channel-handle=4372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5392,i,1400471177590024469,587385956640537806,262144 --variations-seed-version --mojo-platform-channel-handle=5412 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5420,i,1400471177590024469,587385956640537806,262144 --variations-seed-version --mojo-platform-channel-handle=5488 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=1032,i,1400471177590024469,587385956640537806,262144 --variations-seed-version --mojo-platform-channel-handle=1432 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
NL 2.18.121.23:443 bzib.nelreports.net tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 23.121.18.2.in-addr.arpa udp
NL 23.62.61.162:443 www.bing.com tcp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 162.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
NL 23.62.61.153:443 www.bing.com tcp
US 8.8.8.8:53 153.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
NL 23.62.61.90:443 www.bing.com tcp
US 8.8.8.8:53 90.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 25.73.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 06:26

Reported

2024-06-13 06:29

Platform

win7-20240221-en

Max time kernel

122s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a431b09287b84c09f558e5d6bbf10153_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006772d6fc928493469250ae415e087bdf000000000200000000001066000000010000200000002131b6ab7386f6e74f01bb4221d40992f0e365fa1b0de9ebfeee6de3f1773767000000000e8000000002000020000000adab6b872fc420b2ca8ab368efe70bb848392b6039a61b85045917d35fe1b74390000000160177d8fa5fb10bcdd3800b069e2b9eecf7c9886a48d121eddb320d07933ff8bd5c577b2f767770064869891bd0ed70aa9d7601945c093a9908dbff78c716b425bbbba5480e86c71bc7fc03175f11cb911f8731e3d6c86937f13242a5a797e7810363cf15c0f9f8c9e08836137e795f6c61a040a09dbf3419a53d3707c98258b37d2cfff870c4eedcf9a7c1e7c45e7d40000000d2b96af3e999b8fb519904d7a2d8e86af5fb780f54406316a7e0adc6ac2eb8789a6634d9804e9df5bd2896eabb8ed649500f2f05858ac4f374661a7059d75408 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421871" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 909156bb5abdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006772d6fc928493469250ae415e087bdf000000000200000000001066000000010000200000002f4d80c533335c4667307226e7c0c0752c53388aa4fc249e44f9018b15483849000000000e8000000002000020000000f24a2f73279718b9f599dca06e0399e67d6c8834a36bff0f7665b0a280ae3e01200000000af4f9763051f926e2609d99d517fee67472ef32cd4666075950bfa2cde7901440000000439b7691f493aa1f1b5524135320f2966fd16d45deee53585e2a8e51a2c2b3aef7875c2983a2621f1c229581c6043c95d326d7d3b6f01b17c8dc19e51ed30726 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E6D1DAA1-294D-11EF-BAF4-4AADDC6219DF} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a431b09287b84c09f558e5d6bbf10153_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2856 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab3C38.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar3D2A.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5ddf1954e30fb55cf32d43962b23c56a
SHA1 1b29f5e7164ae3fa4107d1ef0702a7839b1afe9d
SHA256 781fd04871f2e8d88af473b5a801fdf49d0064bd522fba520a8144f2aff69dca
SHA512 1134a6088f2bcdd6185a36c94b837d82f499a275fad1102de5035eb4425c3e23247645e0049ec282b6925f4367a2365e4bdc4683b0f248183b015c11ecce41c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 987e5b08aed8bdb796e4cbe56bea751d
SHA1 33bc53323427fec97a9439b04783e692ba148803
SHA256 5f397547f188fd5e77fd36e6fa81cdbe160334c2b39ec0ee1e7d1ff3dee7e397
SHA512 2a15122678dc4a107f36ac263b9132c0fc38500d728b5259a709381278295207aad818c1d76fc9f1ce64b949bda4f5644d062f1fd71bb90f9782dcc6361f346c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b0c55f1500d6430e8a0e72737c9a3cb8
SHA1 f9fed0706a51af00ece76249ca35f63c7cf64311
SHA256 3644a97a23c0e1e1f47a6ebd3f275aefaf0e0236e0e4d619dac8b8e73e2be0cc
SHA512 8254ae17babad95c4f5063fe279b753edce1f94481a18aacac3d622302a1e21647929a44c98b2594aa48de3a43985f53a59ae7764c167d8c7777a0570ab7243b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a7e540f30d15c7e16859a58545f01323
SHA1 36c690f5d24c0f9bbc997988b4848fbf1407fc22
SHA256 dad8e4514e822f47c5cc131ad8d4c47e7c1f877dada79adadeff221f773e4857
SHA512 f16d6d22a337f3d22aad5ab25208d7787db9f8ba1fb9fbbd5c2ec6be08e0c2009ca54be562ac54198abd1a3504c369033a8d2ef0437494a9be566382d10f7c4e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cfb7fcdbe96c3fdd0d008f1d5973c283
SHA1 b98c9e05a499156e841378ec50aedbab53ce6c71
SHA256 3953b86efd747352282d01a05365775977666539b7e3d0e7b0fef16441f9b5cd
SHA512 4fc1906ec0fd1e682b243e426214031111f9e5d827e9f790cbf734f9a6e84f26d56d55814267be208fff5e42e475b2c70f410ba83a949f0bf4de457bd531b0e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a9d939890cad12b28bdcd962aed42c7
SHA1 fdec2e5034f0efe88200dc106027bec76eaf1fb8
SHA256 e8f1fd781a9d750caca68c2d503d85bfe8fe9c79edca362fd24315bfa1305781
SHA512 f767ddcb11364530a4a374b7657665a8d3a5bc309027443470cd0d95222a3315f448a542c47fcfdde7433e1c401456756214d42d744df25992aed6a788713f96

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d3060322e94ec1055a0bab328d46112
SHA1 d4730948154d2d429b6f81527b1bd4f8080dcb6e
SHA256 abc0d7f16dceaadc0d9fa76e33ceba24c6a76b4e64e0287be3196f35e638c216
SHA512 8ee9bf316268c01fde36a77cdf6596507e56550bfc1dfac97596af0647e886211c16a69cd0f267e1c260b602efedc6363288229466f7151d53cbbf16141a18f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a62c342e723ea6e149d71ccff61297ae
SHA1 7eb932107628b472498c15a0ae9a61fc4e063b1d
SHA256 e195653941b394f0a0a6d99215d6b274927943fec56102a1aad7c8e10294e073
SHA512 723b0a6e282ae85768f07162e5b5a9f72882538f2a66988bee4000dabe14c45b3a440053f011a8461d20c935b2549863a0a80ae34242782863695ad6c2d0098e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 346598671c58415bc5a7a099b0915395
SHA1 1b78c72b8b45f8b58bb91b62bfe89d123edc772f
SHA256 01baacc740e2914f2dc06ebc1d478fe90d41f43dd57c20bd7514392ebccf843a
SHA512 c32fdb2e1c27214e25a07c48b438deddc44ca6960ea4f93f88400a6cda99b9cfbf82e2d6f99300f42652703cbdfed7f142f6a82e121b1e797866dde50de28bd4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 77b264886f4988e0ba7718c3af58d7a7
SHA1 32afd5ca1c262d4ca7ab94ad3b8c20b1af4bbce3
SHA256 67a0ed4e4ddd5e04262ec69c219bb650ad9130dff5530522d69c0851c555e4e6
SHA512 871b76b30a783a6bd4192f7c5fb1fd5beecfde35b33d9a318ee3ca6769c272f6cc3f595809d82b60336d8aeabd2c8be60d4b75d95ebc8244d25df614bb5db397

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 13cfd86f9c3497badd25a13f2dcebb31
SHA1 407f52a8a934de54e280c5345288c6dbfb9ac8be
SHA256 a934e48d9af88f5eae1e44c5f17a1a8591842b5b3bdf2a0d5f8ee26dcddf79ce
SHA512 694fe8a5447f34c992dbe7aaf3a03e4cb769a273a590b6c5794fa86da896d4b536148664249a8739be9db76eca847a5072c06e07202dee2e0af80e71e45f35c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 741c6c4adde990307a3e0be53197932a
SHA1 a235153568486365cd68135488814b106bba45ba
SHA256 a1a4af4bf789077db99ca6607008d37758de4c664f259d9b9cc7b4089f0114ac
SHA512 49253eead2f6df4d25955e86e0adc76a238e21914ffd2e927f0d9d902e18c799cc8d0f13db07dfea268a14c2ea905df9dd74be8b90178e363087406fca7f9ac9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 744f3b5fb72aaa4d2bd1fd3d0f0c28bd
SHA1 8c4b9d4a65c5d1c4987759d4fe081df012f838c9
SHA256 8a62a035be1c275db3eb38b7e74e900111ed028a832cac922e7bb80ef2dd9cf2
SHA512 cd5bd62cef8442e730975b3488eddd210b64672279c1bb87abee15046b1ba1285c106ad03b65b36248de7478197f944710672818fa9c2fcdc9153358265d2024

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7bf3dd2b5ddca25f456d4526e89e0a8a
SHA1 27581301e0992e6d490d88beb26aca60d3c372d9
SHA256 094e97577b57a668815d089169e17adde3c7ec07ac93bf949aab7f2935230ad2
SHA512 a9930731427e8ec6e70ae8d0f4c8a46f32961fba3ac73dd28b84256e0bc429089d8d30ce78e2a93f8428758aba20e366e5a87e55522a71dd80114a81135393e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 75170c8d989a0e40b71108c68d9d708d
SHA1 3d79d6cfc4a2bfcabb34e777ab2c35caca4e3cf2
SHA256 f77aa9ca15beb8eefa7a9b72f041a143f5cf86acd0ff033c12bf2899643f0298
SHA512 1a73c1dbf089c8736813a02dc739e6ff783b623dfff64a4c5aaa5886d42c7d773f51e895210519851f5fa600fd5c46b258ebfafc37a614f2bb596e0a82abdd6b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 acdc3b5da817946a5bfc3ef8866336d8
SHA1 7a5180f15d2ff422bdf632e3a13a773193c002d2
SHA256 25edfa6bd45f9e7b4f532f3d76601c87d645eeac59a2d74f4783b828208ef016
SHA512 ad226355d01cafc62c5e2a07db8467b7e4f1dc6f24a84683a08a80901c7fa3a3e29ad17d8cbc128603e9e661de91b2517b1816eec9ca71842606595e9fed1b40

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e2124ec3e1fd90c008a2fc9aa0efc8b0
SHA1 3c50242e6c0cf45b94924964a85a6b843373d848
SHA256 80a7d353666aed62d377ca4707ac015e9c36ec00dcb3736f802a1936993a134d
SHA512 3c17d071fb1fccdb96a57591f98b9b346278c5af037c7ad72904540954c4603bc3383a2a056214938b66a77cff815367b69e93b9d1aea67797d10124810dc328

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c88f9217d2ae1dee7b4e2b461276522e
SHA1 69098b72ec6bb63666fee6c81f6c1db922c4c1c7
SHA256 035a701e6e82c4aae00bf495afe7ddb9b1f4dc1a29a244002c7e4787783b62fb
SHA512 306b9d879297023dd3d9f576097bc3544b105222fb2597aa33961785989d6a82e7ecf81187162d8d609f50bfb5d7c3c6191d686744d6456dfaa42ec0907bb446

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 137c035c5350fc1a91573aed9c06bcce
SHA1 a12339380fcfb6c5059cee3981a4bb6360158bf1
SHA256 d42ddba5c4f68ac3f8a7729a4ee88fcf517877c08c55b34da339b9dfd80cd839
SHA512 bdf5a63d88e0d9d4480d6bde0110a48877c063122d6bd4da3ec03139e7e26b071422bb3698f93d0bf64ef7e7c1bbb4b71ef0e9539075991b8fff67044b42eba4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 93caecc8667a784db5ac09b094e47360
SHA1 59fe24d59484455758de60cec123dd0d4f127005
SHA256 7f2ed2011a32c16d888a6351c102b415dfd38260248bbe4f57a0b2da3f016ff9
SHA512 aabf0d4276f075b494acfd021a41fbd7785e4a1e0d409c397e11d682fe6123f02258c7dc25b9eeee325c7b24434b09dc4cc9fda20ec0e96d0248f7e69c1c7607