Malware Analysis Report

2025-01-18 00:11

Sample ID 240613-qsvlya1bpg
Target a5cd35490061ea47372ca3158ac64e18_JaffaCakes118
SHA256 23fd8d6f1193e1ed35959497244835843a9d893824b7bcd2ae07bfddb9a9cf92
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

23fd8d6f1193e1ed35959497244835843a9d893824b7bcd2ae07bfddb9a9cf92

Threat Level: No (potentially) malicious behavior was detected

The file a5cd35490061ea47372ca3158ac64e18_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 13:31

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 13:31

Reported

2024-06-13 13:34

Platform

win10v2004-20240226-en

Max time kernel

142s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5cd35490061ea47372ca3158ac64e18_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5cd35490061ea47372ca3158ac64e18_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4588 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4660 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4128 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5308 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=1320 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4656 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2200 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 ag8aq.cn udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
SE 184.31.15.35:443 bzib.nelreports.net tcp
BE 92.123.52.36:443 www.microsoft.com tcp
US 8.8.8.8:53 93.61.165.172.in-addr.arpa udp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 36.52.123.92.in-addr.arpa udp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
GB 23.44.234.16:80 tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.42.65.92:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 92.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
BE 23.41.178.128:443 www.bing.com tcp
US 8.8.8.8:53 128.178.41.23.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
BE 23.41.178.83:443 www.bing.com tcp
US 8.8.8.8:53 83.178.41.23.in-addr.arpa udp
US 8.8.8.8:53 168.117.168.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 13:31

Reported

2024-06-13 13:34

Platform

win7-20240221-en

Max time kernel

117s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5cd35490061ea47372ca3158ac64e18_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b623e9b7128144fac96f874944a227b0000000002000000000010660000000100002000000054fb959cf9e84a874297b369e118277b0c4d67ed5275e4ee5ff9b3f3662aa931000000000e800000000200002000000099e950cf111fa4f210fabc0ac9132e52729517d33428c2ed0dd71d4dd0fa1dfa900000001407057b55887cc3a74a25d984cdf8266d0a743440be1e814ab9f16079d113abacd31e96b6410df3d091d0d4b82ae101552fbff05bdde1591c1919f5f8e6d06fc2ca9f780e55edc6a9235136e3e37266771b079873b0f688b7031772cb9280d5242db62eafb1c97511914c9993b41e6f2975e5a00d63f823de9f10407cb72274c6fc95998d9126a400a020f40dbab69e40000000611e3a13f5264ea8d0ef719dc6b0c48ee74cba4527ec6b0e115f991a99340689bedeac8482559b2495ad8bc147a86619349c4762f97d4bb5babca0a06f3e9d71 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4D289BA1-2989-11EF-87AA-FA8378BF1C4A} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424447383" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50b4be2596bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b623e9b7128144fac96f874944a227b00000000020000000000106600000001000020000000e1b6819c18427f784665fbb8f6c925f776777a666fc911001457a14ce74bf017000000000e8000000002000020000000db3dfc1f7e20660ce5a8b867326ce0da63aa945c049d36a5009ac9773b9be70420000000838aa34c867baa9ba3a900dc7935ba57cd748cd959abbe8bcc93daafbf3a5ea2400000005c031b96340b596b113c4e0fc8aa467999f1b1730f7756192a3875300911e505d1b65c1224700f4561981f23970d529fbd158c23ccd31940ef2870c2ef266700 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5cd35490061ea47372ca3158ac64e18_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1688 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ag8aq.cn udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab4E90.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Cab4F7C.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar4FA0.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9fdbd92fc0795f4e9547be1b50b8567c
SHA1 79157b5d0d67f5b6c04ac7af3db5a96d4b47f01b
SHA256 f5ed460f258471a52ece533653bc21247d485507fb4878dc88de7024bb92b07c
SHA512 485422a3770e00b586770da96084630ee92de1db7eca12140f55948add9338ca010350ed84f4c1419229c489d7feb5f6e2a174eb4a2863aa6988c6e780e4e64d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7557cf80c9cf46519cfb414a3f0e6830
SHA1 3a331038cbd2a4d3762d77fc10f1dfb2479c82ec
SHA256 7178137ef2d6c3a9ffb48e7092b588cb7fcec8040c7a1c85aab9fb0438d914a6
SHA512 9315dcfc8049c05b7299db263f89874b90b0f5a88706576e0269e481fee195be1cef17a23b823701f8c0d188bff0544f1668f68a9130565b58977ec188025abf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4c12585e5444d1ad1666694529fdbdcb
SHA1 feefbb7ee5ea9eafd7b9dde6cb77e7d3ff5170e3
SHA256 0384c25d3f6f9514d033e1e879dc3d38330694247fcdeff19870a01d94307dfc
SHA512 52450648a0c5270e5efab59c537b54651c51241b57767bcfa940fa68f731568bfae314c578ff00fe52a145c4d4e381a25b9bbd9bf355eb5dca845ad1090f8b07

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 33a9eaa0f982d5b1c40b7ca158470668
SHA1 3a67db48b2c3e095c3b95dfed8f7c677fb40017f
SHA256 ccacb024998c21d6d5715d35db4dd333b12892542654f1b973a575c2004e1af4
SHA512 002bab581cbb092c173a603b299c34cce1ab9bc096bf052f1efe0730b3565ca8db14f1ee8ff0fa03918224414ccf01dca496a504e7b853da29b5eac5735f364a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f2110f69a732096f7af17fe066264e8
SHA1 334289e3b2e9e8c5875f83fc62e3943d375d7c49
SHA256 89f9ea0669e5a43acf83ee81847045266ac94372ddac45ce9d637959c213cc2c
SHA512 10f2d81bc01ec220d163c437a6687bc6847474ebbb63ca68a5cae67254f776c60a15b947e8e732f71f628207c2a6d0e4621ca61d9690a910d3b766510bed4b62

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b9540be28ef82d1fc519edf57b08ab14
SHA1 09e033c40f9a887250d9ed88634b8690ad08a1ae
SHA256 4f1c60dfe57374259323bbdd30508e9b1b4411569f92c49796f088bfc9f6c0d7
SHA512 10f6cc30e328ae7fc8b2555d45e61155b4926c600533d0cceae58e645d5ba3010812557eb4b636ebde6899812a8deda312e1e5fd828531c218bc05c7f4e13a22

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 218bb09df749beb9527413b2bf256d71
SHA1 256e731ec4d03024c977b3df3faf9d71890f4a0c
SHA256 001dba7d4ee45d84f335e49524b26cdee6ca1b6e358ac2ba9a1dab59d3cfb39e
SHA512 8d82222d60610f8352bc6d28fd6de714b6b21049678f2ca1d08f87196a235550cc702e94bf1b9d830967d71a3163bd0806cc4b5f5ed2dacdbbb607677981e4ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9a90dbe5c695ba9346108651188593e7
SHA1 16efa0076017345cfb8ebd1741d5c6a396ec733d
SHA256 9149013661ed1a5d63a0074ea96a2bbb51bfc037922654930fb028d74bc7047e
SHA512 1948feeba898a956f970b175e9bcfc4692580bff64eaebce3940d2d44460671b9435a913964df16dfcf6fe54455bfbf5d996e2dfaaf2168df044f24a1fbfe664

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aae155e353b97ddf0ad3351352361835
SHA1 42cf976b418cf4aa807f44b74f3344413f285068
SHA256 e3ebff7fe2db029d8a7de3d0a782359703ad96751b14dbf3f7ed0ddcd4050f44
SHA512 5f992bec608eb65c0ad4f90d34f264724d91f536b68c5149866fd52a318d87471248b78012febfdbc1651c12ff8ab85251f7f7d3aac9986f7ed2b3e829c624f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b8c5da4a1053076db9dbc059199dd4a
SHA1 02ffb67220028d720d497adaa678f9b1abf50e27
SHA256 c713d8a003048a14f74e4201588dcfd93e53143f470ce521eb53cb7a9703ffa3
SHA512 514be9e6e002e6770e6a4b1281bf7dc8c0b83fd179644217177738ce75088a3eb1d8cf8ed221cd0830857c8c669b5df370139836abd2d89b64bc246f124cf38f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b67d2a124e748e0c15e307f11e98eb98
SHA1 a192041032983d54d1950c137c8c257dcfceed94
SHA256 b9d4c048f7639647fbd0934a1758be02974eac23069318fec34fb5fba9f1ccbf
SHA512 038ef75660aee7420c25d31d585918622a231f6f5b993283c5c6e2ec5e9d20b8823aea130d95aa3a056b473057908368433184a8b9ee45c927a3528fa426a6f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df3d7a98616c8f63987907c4d1c684f6
SHA1 e8caecbb0e35262a22b631a18eba90342004e38a
SHA256 708eea16d8a202b21acc25364860cbb8cd5a2e7d260e999346dd0d86c7f45e32
SHA512 5959f0032bbc7b761c085b1915cde81ebcbaf54e8412d63cf413aac9221714c440ccfe366ab446cd624aabfe0953285eb707011fdcd2b93a8293c13574c95927

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 21a7cb52932bef90774fcb5302f6822b
SHA1 8faa0cd5fa7ced9b6e7b011ac201dd312e6f0341
SHA256 cf3b913ece9927dc0f7906995730fd2c3b24636c7e54b2c2e730ce7c3273c35a
SHA512 10db3b4eb561689d45b59583233a1a709f7392c318bcbe161b91a247422e0744bb38635dbabf49d07096e6c55baa04eb1eeb7924bf01403353a3ab694e351f81

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e963bee7a2b17f8c5f406518bf13adb8
SHA1 cc90ab5112576abef6fb4c359338465654fb1ab8
SHA256 a2af5c3a913d1a0a9b1f7d819dc9d7ab3b3483de4fa92b13cd17d4c4491607b2
SHA512 f3fd4c20fa9c76e6aa4ce09f8e4c1b5d67c1712865721722a5b51d7c5c5560760b5dbc2ca2b3884ab8cf83fecd6317dc1d329b438ebd87982279756c94612bb2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 160ccc9ecb9fd9cafe7387ebdb942f51
SHA1 e937c9d7da4d07a437c661707f23eed7e3213bfb
SHA256 75809980e4dabb3cb5cd0a08a28fe0e8351c7ebf20f120b895fcce21da15431b
SHA512 5376cd0a8e4475cda2aedacc97ecdd832044acbe3453c9ce27b39e2cefa1f7a96450032bd3dc1c6c250704b3db09f1fefed49f536fa1bb956e150069599517a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ac4fa0130a909a7349f9033f2f8216f
SHA1 d8171473b318a67726fbdb7e914913c21d7d67c9
SHA256 909d788dbee6fd2a3f6e158ee608b1a6056aac09052be99c957216a0f57e4984
SHA512 56ac409640958eee1b238ce55e27290b232abbed1afac3633eaaaeaa3b430ddc70c71cbb2ea6a4ff7a351e1f9c8ae94a432573b78a45794b1d10168b76d4e541

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3094f8762d0a4cc4a23758fd7181d574
SHA1 301c7a35ccf0fec9ac305fe56a439889df79c9af
SHA256 7a3dfbc13f11a968c3a800dec911e77f32735fce6a5ce9eebde7ad8bd8439c0d
SHA512 4dbb70b6047ef1b451f1dab72c4fcc24eea59244b1efdf223ce78343e54c71f3ffb336a21b03db1bf91df3b22b6a1900be096e1f45cd1f1495fcc2e217359a5c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 641e468b70abbe45538e929842fc4511
SHA1 45b685b159a5bce7583038dd06008195f7ee8f5e
SHA256 7559eee45f707a43db765a086415ebbde1264115ed7e03a00a6c00d8a8906612
SHA512 a04702b37d960edceec9cf45e23c7b4c0533f98b64a94ed7b803134fc7891e9cd020fce662c619448ef9f303e599bba115cbdf4ca1c1d5cfcfcd6a65b8057648