Analysis Overview
SHA256
23fd8d6f1193e1ed35959497244835843a9d893824b7bcd2ae07bfddb9a9cf92
Threat Level: No (potentially) malicious behavior was detected
The file a5cd35490061ea47372ca3158ac64e18_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 13:31
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 13:31
Reported
2024-06-13 13:34
Platform
win10v2004-20240226-en
Max time kernel
142s
Max time network
150s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5cd35490061ea47372ca3158ac64e18_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4588 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4660 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4128 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5308 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=1320 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4656 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2200 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| SE | 184.31.15.35:443 | bzib.nelreports.net | tcp |
| BE | 92.123.52.36:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 93.61.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 36.52.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| GB | 23.44.234.16:80 | tcp | |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.42.65.92:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 92.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | wcpstatic.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 13.107.253.64:443 | wcpstatic.microsoft.com | tcp |
| BE | 23.41.178.128:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 128.178.41.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| BE | 23.41.178.83:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 83.178.41.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.117.168.52.in-addr.arpa | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 13:31
Reported
2024-06-13 13:34
Platform
win7-20240221-en
Max time kernel
117s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b623e9b7128144fac96f874944a227b0000000002000000000010660000000100002000000054fb959cf9e84a874297b369e118277b0c4d67ed5275e4ee5ff9b3f3662aa931000000000e800000000200002000000099e950cf111fa4f210fabc0ac9132e52729517d33428c2ed0dd71d4dd0fa1dfa900000001407057b55887cc3a74a25d984cdf8266d0a743440be1e814ab9f16079d113abacd31e96b6410df3d091d0d4b82ae101552fbff05bdde1591c1919f5f8e6d06fc2ca9f780e55edc6a9235136e3e37266771b079873b0f688b7031772cb9280d5242db62eafb1c97511914c9993b41e6f2975e5a00d63f823de9f10407cb72274c6fc95998d9126a400a020f40dbab69e40000000611e3a13f5264ea8d0ef719dc6b0c48ee74cba4527ec6b0e115f991a99340689bedeac8482559b2495ad8bc147a86619349c4762f97d4bb5babca0a06f3e9d71 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4D289BA1-2989-11EF-87AA-FA8378BF1C4A} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424447383" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50b4be2596bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b623e9b7128144fac96f874944a227b00000000020000000000106600000001000020000000e1b6819c18427f784665fbb8f6c925f776777a666fc911001457a14ce74bf017000000000e8000000002000020000000db3dfc1f7e20660ce5a8b867326ce0da63aa945c049d36a5009ac9773b9be70420000000838aa34c867baa9ba3a900dc7935ba57cd748cd959abbe8bcc93daafbf3a5ea2400000005c031b96340b596b113c4e0fc8aa467999f1b1730f7756192a3875300911e505d1b65c1224700f4561981f23970d529fbd158c23ccd31940ef2870c2ef266700 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1688 wrote to memory of 2732 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1688 wrote to memory of 2732 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1688 wrote to memory of 2732 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1688 wrote to memory of 2732 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5cd35490061ea47372ca3158ac64e18_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1688 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab4E90.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Cab4F7C.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar4FA0.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9fdbd92fc0795f4e9547be1b50b8567c |
| SHA1 | 79157b5d0d67f5b6c04ac7af3db5a96d4b47f01b |
| SHA256 | f5ed460f258471a52ece533653bc21247d485507fb4878dc88de7024bb92b07c |
| SHA512 | 485422a3770e00b586770da96084630ee92de1db7eca12140f55948add9338ca010350ed84f4c1419229c489d7feb5f6e2a174eb4a2863aa6988c6e780e4e64d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7557cf80c9cf46519cfb414a3f0e6830 |
| SHA1 | 3a331038cbd2a4d3762d77fc10f1dfb2479c82ec |
| SHA256 | 7178137ef2d6c3a9ffb48e7092b588cb7fcec8040c7a1c85aab9fb0438d914a6 |
| SHA512 | 9315dcfc8049c05b7299db263f89874b90b0f5a88706576e0269e481fee195be1cef17a23b823701f8c0d188bff0544f1668f68a9130565b58977ec188025abf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c12585e5444d1ad1666694529fdbdcb |
| SHA1 | feefbb7ee5ea9eafd7b9dde6cb77e7d3ff5170e3 |
| SHA256 | 0384c25d3f6f9514d033e1e879dc3d38330694247fcdeff19870a01d94307dfc |
| SHA512 | 52450648a0c5270e5efab59c537b54651c51241b57767bcfa940fa68f731568bfae314c578ff00fe52a145c4d4e381a25b9bbd9bf355eb5dca845ad1090f8b07 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 33a9eaa0f982d5b1c40b7ca158470668 |
| SHA1 | 3a67db48b2c3e095c3b95dfed8f7c677fb40017f |
| SHA256 | ccacb024998c21d6d5715d35db4dd333b12892542654f1b973a575c2004e1af4 |
| SHA512 | 002bab581cbb092c173a603b299c34cce1ab9bc096bf052f1efe0730b3565ca8db14f1ee8ff0fa03918224414ccf01dca496a504e7b853da29b5eac5735f364a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f2110f69a732096f7af17fe066264e8 |
| SHA1 | 334289e3b2e9e8c5875f83fc62e3943d375d7c49 |
| SHA256 | 89f9ea0669e5a43acf83ee81847045266ac94372ddac45ce9d637959c213cc2c |
| SHA512 | 10f2d81bc01ec220d163c437a6687bc6847474ebbb63ca68a5cae67254f776c60a15b947e8e732f71f628207c2a6d0e4621ca61d9690a910d3b766510bed4b62 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b9540be28ef82d1fc519edf57b08ab14 |
| SHA1 | 09e033c40f9a887250d9ed88634b8690ad08a1ae |
| SHA256 | 4f1c60dfe57374259323bbdd30508e9b1b4411569f92c49796f088bfc9f6c0d7 |
| SHA512 | 10f6cc30e328ae7fc8b2555d45e61155b4926c600533d0cceae58e645d5ba3010812557eb4b636ebde6899812a8deda312e1e5fd828531c218bc05c7f4e13a22 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 218bb09df749beb9527413b2bf256d71 |
| SHA1 | 256e731ec4d03024c977b3df3faf9d71890f4a0c |
| SHA256 | 001dba7d4ee45d84f335e49524b26cdee6ca1b6e358ac2ba9a1dab59d3cfb39e |
| SHA512 | 8d82222d60610f8352bc6d28fd6de714b6b21049678f2ca1d08f87196a235550cc702e94bf1b9d830967d71a3163bd0806cc4b5f5ed2dacdbbb607677981e4ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a90dbe5c695ba9346108651188593e7 |
| SHA1 | 16efa0076017345cfb8ebd1741d5c6a396ec733d |
| SHA256 | 9149013661ed1a5d63a0074ea96a2bbb51bfc037922654930fb028d74bc7047e |
| SHA512 | 1948feeba898a956f970b175e9bcfc4692580bff64eaebce3940d2d44460671b9435a913964df16dfcf6fe54455bfbf5d996e2dfaaf2168df044f24a1fbfe664 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aae155e353b97ddf0ad3351352361835 |
| SHA1 | 42cf976b418cf4aa807f44b74f3344413f285068 |
| SHA256 | e3ebff7fe2db029d8a7de3d0a782359703ad96751b14dbf3f7ed0ddcd4050f44 |
| SHA512 | 5f992bec608eb65c0ad4f90d34f264724d91f536b68c5149866fd52a318d87471248b78012febfdbc1651c12ff8ab85251f7f7d3aac9986f7ed2b3e829c624f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b8c5da4a1053076db9dbc059199dd4a |
| SHA1 | 02ffb67220028d720d497adaa678f9b1abf50e27 |
| SHA256 | c713d8a003048a14f74e4201588dcfd93e53143f470ce521eb53cb7a9703ffa3 |
| SHA512 | 514be9e6e002e6770e6a4b1281bf7dc8c0b83fd179644217177738ce75088a3eb1d8cf8ed221cd0830857c8c669b5df370139836abd2d89b64bc246f124cf38f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b67d2a124e748e0c15e307f11e98eb98 |
| SHA1 | a192041032983d54d1950c137c8c257dcfceed94 |
| SHA256 | b9d4c048f7639647fbd0934a1758be02974eac23069318fec34fb5fba9f1ccbf |
| SHA512 | 038ef75660aee7420c25d31d585918622a231f6f5b993283c5c6e2ec5e9d20b8823aea130d95aa3a056b473057908368433184a8b9ee45c927a3528fa426a6f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df3d7a98616c8f63987907c4d1c684f6 |
| SHA1 | e8caecbb0e35262a22b631a18eba90342004e38a |
| SHA256 | 708eea16d8a202b21acc25364860cbb8cd5a2e7d260e999346dd0d86c7f45e32 |
| SHA512 | 5959f0032bbc7b761c085b1915cde81ebcbaf54e8412d63cf413aac9221714c440ccfe366ab446cd624aabfe0953285eb707011fdcd2b93a8293c13574c95927 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 21a7cb52932bef90774fcb5302f6822b |
| SHA1 | 8faa0cd5fa7ced9b6e7b011ac201dd312e6f0341 |
| SHA256 | cf3b913ece9927dc0f7906995730fd2c3b24636c7e54b2c2e730ce7c3273c35a |
| SHA512 | 10db3b4eb561689d45b59583233a1a709f7392c318bcbe161b91a247422e0744bb38635dbabf49d07096e6c55baa04eb1eeb7924bf01403353a3ab694e351f81 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e963bee7a2b17f8c5f406518bf13adb8 |
| SHA1 | cc90ab5112576abef6fb4c359338465654fb1ab8 |
| SHA256 | a2af5c3a913d1a0a9b1f7d819dc9d7ab3b3483de4fa92b13cd17d4c4491607b2 |
| SHA512 | f3fd4c20fa9c76e6aa4ce09f8e4c1b5d67c1712865721722a5b51d7c5c5560760b5dbc2ca2b3884ab8cf83fecd6317dc1d329b438ebd87982279756c94612bb2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 160ccc9ecb9fd9cafe7387ebdb942f51 |
| SHA1 | e937c9d7da4d07a437c661707f23eed7e3213bfb |
| SHA256 | 75809980e4dabb3cb5cd0a08a28fe0e8351c7ebf20f120b895fcce21da15431b |
| SHA512 | 5376cd0a8e4475cda2aedacc97ecdd832044acbe3453c9ce27b39e2cefa1f7a96450032bd3dc1c6c250704b3db09f1fefed49f536fa1bb956e150069599517a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ac4fa0130a909a7349f9033f2f8216f |
| SHA1 | d8171473b318a67726fbdb7e914913c21d7d67c9 |
| SHA256 | 909d788dbee6fd2a3f6e158ee608b1a6056aac09052be99c957216a0f57e4984 |
| SHA512 | 56ac409640958eee1b238ce55e27290b232abbed1afac3633eaaaeaa3b430ddc70c71cbb2ea6a4ff7a351e1f9c8ae94a432573b78a45794b1d10168b76d4e541 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3094f8762d0a4cc4a23758fd7181d574 |
| SHA1 | 301c7a35ccf0fec9ac305fe56a439889df79c9af |
| SHA256 | 7a3dfbc13f11a968c3a800dec911e77f32735fce6a5ce9eebde7ad8bd8439c0d |
| SHA512 | 4dbb70b6047ef1b451f1dab72c4fcc24eea59244b1efdf223ce78343e54c71f3ffb336a21b03db1bf91df3b22b6a1900be096e1f45cd1f1495fcc2e217359a5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 641e468b70abbe45538e929842fc4511 |
| SHA1 | 45b685b159a5bce7583038dd06008195f7ee8f5e |
| SHA256 | 7559eee45f707a43db765a086415ebbde1264115ed7e03a00a6c00d8a8906612 |
| SHA512 | a04702b37d960edceec9cf45e23c7b4c0533f98b64a94ed7b803134fc7891e9cd020fce662c619448ef9f303e599bba115cbdf4ca1c1d5cfcfcd6a65b8057648 |