Malware Analysis Report

2025-01-18 01:02

Sample ID 240613-rcw1hawdpj
Target a5ecd04657a37392f11065b778459a96_JaffaCakes118
SHA256 4a4a73ea4c1ee25e53d2ffdf2aa4c178887d6b4f8d716a288b6e68ef10767460
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

4a4a73ea4c1ee25e53d2ffdf2aa4c178887d6b4f8d716a288b6e68ef10767460

Threat Level: No (potentially) malicious behavior was detected

The file a5ecd04657a37392f11065b778459a96_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 14:03

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 14:03

Reported

2024-06-13 14:06

Platform

win10v2004-20240611-en

Max time kernel

130s

Max time network

141s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5ecd04657a37392f11065b778459a96_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5ecd04657a37392f11065b778459a96_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4144,i,5229431749694857451,16836185654682871752,262144 --variations-seed-version --mojo-platform-channel-handle=4064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4084,i,5229431749694857451,16836185654682871752,262144 --variations-seed-version --mojo-platform-channel-handle=4928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5272,i,5229431749694857451,16836185654682871752,262144 --variations-seed-version --mojo-platform-channel-handle=5292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5328,i,5229431749694857451,16836185654682871752,262144 --variations-seed-version --mojo-platform-channel-handle=5448 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5308,i,5229431749694857451,16836185654682871752,262144 --variations-seed-version --mojo-platform-channel-handle=5512 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5956,i,5229431749694857451,16836185654682871752,262144 --variations-seed-version --mojo-platform-channel-handle=6012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=4840,i,5229431749694857451,16836185654682871752,262144 --variations-seed-version --mojo-platform-channel-handle=6880 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 www.calabriapnea.com udp
US 8.8.8.8:53 www.calabriapnea.com udp
US 8.8.8.8:53 www.calabriapnea.com udp
US 8.8.8.8:53 www.calabriapnea.com udp
US 8.8.8.8:53 www.calabriapnea.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.calabriapnea.com udp
US 8.8.8.8:53 www.calabriapnea.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 www.calabriapnea.com udp
US 8.8.8.8:53 www.calabriapnea.com udp
SE 23.34.233.128:443 www.microsoft.com tcp
SE 184.31.15.35:443 bzib.nelreports.net tcp
US 8.8.8.8:53 www.calabriapnea.com udp
US 8.8.8.8:53 www.calabriapnea.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:445 www.youtube.com tcp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 128.233.34.23.in-addr.arpa udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 13.87.96.169:443 nav-edge.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 nav-edge.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 13.87.96.169:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
NL 23.62.61.105:443 www.bing.com tcp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 169.96.87.13.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
GB 142.250.180.14:445 www.youtube.com tcp
GB 142.250.187.206:445 www.youtube.com tcp
GB 142.250.187.238:445 www.youtube.com tcp
GB 142.250.178.14:445 www.youtube.com tcp
GB 172.217.16.238:445 www.youtube.com tcp
GB 142.250.200.14:445 www.youtube.com tcp
GB 142.250.200.46:445 www.youtube.com tcp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 105.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
NL 23.62.61.72:443 www.bing.com udp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
GB 216.58.201.110:445 www.youtube.com tcp
GB 216.58.204.78:445 www.youtube.com tcp
GB 216.58.213.14:445 www.youtube.com tcp
GB 216.58.212.206:445 www.youtube.com tcp
GB 172.217.169.46:445 www.youtube.com tcp
GB 172.217.169.78:445 www.youtube.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
NL 23.62.61.57:443 www.bing.com tcp
NL 23.62.61.72:443 www.bing.com tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 14:03

Reported

2024-06-13 14:06

Platform

win7-20240611-en

Max time kernel

119s

Max time network

133s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5ecd04657a37392f11065b778459a96_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c022e38c9abdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000016bbf37c993afb068d829ae5e5d0f72ecc725ae38cf6332707636790d0e59566000000000e800000000200002000000008a97d587f0a99e71ec994dbc8eaf20e2e9fe05c2e692795b07adcead47a0d9c2000000040917a638061ad0d9311df06652a7fb582de1725c655fed7d90116a591bbeec9400000001c6de1fdb6b05b6b559135f651912639ed80fba810d32b1a5d55dc76beffa0736d9e7d065c0a35b9abc087d0418ee971fc5254e6d8fa756006134799b8fefcf0 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424449281" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000002789437e5fffbaeab166c5ca0013645a75a7ff7292b67a1aad169954b142b95f000000000e80000000020000200000005556f3828b8ef0444a5618a2a48b2c670ad87639fc00858ae6b91ad9d3447b4790000000c04ce0d9a75aa6f3965353bef49d9a8406f220590d68a04fde43799ddf56f0d29ea36b576b8cc4b78c4402be1a6919cb70dd6e46eeb772972d13951095ef0f0dc11fb57371a4fae0e38c4a06960db125fff3e48e753bb1ed4cc9455ab91fb411b23dc49bfdab1c6f067bc41530c16efa72e7cef0577f53d1daf7077fa29c7b348d968977b5862b815f0e2a61216e63294000000097e816959c8241e2e2649ae5f4caf161c7c6ba0c0d198223f166f70c523f136c2ec010b9f11db022e9e0298c05f4f48c41f261a04d6e0a7e1f00729b7c79984b C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B7A76841-298D-11EF-9266-767D26DA5D32} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5ecd04657a37392f11065b778459a96_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2968 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.calabriapnea.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab780E.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar78DE.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dfaf800bb03d0e2eccf62c734c644456
SHA1 00137581e072b9fc7a7369af6a511a33fbcdf54c
SHA256 c8f856869a1819c4f3933ff67ecb020f9d42c02f7e383fc4da9be7b96552d08f
SHA512 36ecc6abdb64e6c20a2ae2cfeffbf6e201904e8e2a2ab53ffc55ec871e9659534dcf5c6d788d8292306ffc4d0635d974f047b20c81431326c6b4253dc4493424

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4280a846b236e3573a9428bc31ecfce0
SHA1 6251d17cfa9c76ba21f0469fcc44243e2c4b5a59
SHA256 e5582d85bb6d844a124a4873cc827cd20913b8c0a181f819e0077c8d2862b98e
SHA512 ac0a1f05f74cf0ae898839b8980f32b46035c55380870aa303f127ed7d364311eec98e7257dbc564d7c0519ccfbaaa499456f1085c266e150fd47d1b68b724e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e1dd29c7290ead46e9b899ed04a760aa
SHA1 4990dc7eac91ad8d9ef82ce3098a8835206c1442
SHA256 ecbda318900384269d8c95228aa76a028b625d7ad36c56f26f78989f7c6f6028
SHA512 25dbdda6c8c4593f925ca6af4923712bf9de5ca65a45a5553ba5383d711e7a767a1dc68f0bc16394464c6adb67a9e7324a6459a698c98e7569a4bc2384b15e11

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 445387251e643ff09b8c3642ef8b3f10
SHA1 79d6aab641f7e3fe1afca12d22e781f2b9c3048e
SHA256 620df60f0a8cac8b4782dc44ca9eb68c64c0c8d47a0a1945c834ae79906a1974
SHA512 e71ceab61c25991bb17c0f4f71c397dccb7482a8371ff5ae18561f80cebfe89106b6aa913694278105f6af73e0b774a8450880dc032dae11bd8ecbf85f3b939f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d073453268cf87b37124d13510b2926c
SHA1 fefd7c0e48802dcf080e14478df4951502b4d9df
SHA256 c2ea80391c495e477428dd25d11d7c0d384848576648f4d2017bf40a1a4bef13
SHA512 bbe27c62fff6f288e966dd0d336330b372f9322f901bf0d140d0b33f25b2fca1e03e3318c25a8c1a2d621f484bd2a7c291cedcadccf82f7e3c6d50d1dbf7cf92

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 afa0646b7c9ccc644720b8caf9832588
SHA1 73ba82bf25ced0e93a885c9c663ddf245c92c228
SHA256 e5f663167c8b687d011ec8e0794c0a70f0fb2fc02972b1e9e3c60ba6769ce78a
SHA512 edf3a1d10ce4507fbf16a1f8a920986b38df4a5807c3f42b5405ed5afe49ac9a5d7da2663df9513cae272bd7b0021333cc70c45cbaba7b04e3b38e2accbdbb5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b85f7b0efb7f327bc3024bdec527c85
SHA1 54b20e360076a6d71da52ae88d470cddd332b2f5
SHA256 5e43f15abe5b0d20ae22ac8228b3ecc6303a31b072d8fa7f4dd7be4a968fffa6
SHA512 08bb0116ba3160a464ff239fefa5569683ef1eb65b0dee0f4ddae6725ed04d73f42eacb96fb9c989999c120444c04f5bc5bb8ce40bff2fd9f7375b8acaa7a800

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6b84eb5bf9403a005a78bc929905dd5c
SHA1 1b3045a2086dc186ab96a6f66deb28cd0fabbe43
SHA256 eab0ed1cac07c6b4bf3eb154a20841a78485cd52dd0ad3416c0aa2b3999644aa
SHA512 f137391154281a8e9edcb42488235da9159c909acc9dcbe3660fb70da3895842a817d86a1ee4f50303e6943d54889d92a2bda7b37eb97165e3d7f5a63925c3af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b635ce2a2bd4aaaea38d87561d5b9a54
SHA1 084b59c22e7893e6cfaf00496c52ae177ecb6669
SHA256 2781ae577346d41b7d1d8b6d5f22eb534d770fffbc9af154e42de95be3135ce9
SHA512 48a35bcac21e7ac87d2e77a40183b36a8c5122798dc3b5fa5dade7c6c53d6ecf72b997304d5dbb3ab7d723c350be5798b8ea6eaa9c35890b9aff41515b42a39b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a477b4005bd965d44ccff6a99df1c85e
SHA1 f37de2a9fb02a1909c840ded0ea2ff322a589d8b
SHA256 89e54e3f6b5a5b4b4721d1ad3feac5fae2cfed746a7228fea6892992c30da639
SHA512 413de42c9ce82a365908b66907d14bbd6d4fb8f389a65fca259cee91efbeb0f6efc3a9f96d4b4d3588f260d9c542f65bcf4b2051bd74d4b99d5af295faf47d6c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 263f53702035e40aaed9b38b68260cfc
SHA1 5868c5acea0f228d589f5be6658a5cee9ebcc53f
SHA256 d52980c1663ebe106ef9d7d3d0bbbc69ff6a83cfe3143b7e035da9e46bce5ca7
SHA512 97cf390d68ad1886215c792fed690261e5d0faae4f25462543a3f85abc78f466c073263f0acf3861fe31a45a150ece7adc6fc14ed8a53c55a81a6df5b4d0cdcc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0e4908321459f64520b50201a852d4e1
SHA1 015bbd4c6c307e0da3fe3a7489ef04c308ae3b75
SHA256 8c7266e6f143e5b89371b436a1dd6aac602351b27ce94a18e22d593475de29b1
SHA512 f824c82c6f69d9de8489292748c2d75b5e9714ee3f3da92c17766ac7ac16413bf4418a70962d4347126c71516f5b045aa20eec3da8e9864d27dd953cbda2ab7f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 822278ef3e3ee8508b57eeffff700fb7
SHA1 b132268be0e5848ed61cdccc59a759ec1cc77e38
SHA256 81b68b0804976d1f735cb59d870b82e3e89011c13761dfeb27c49ce53b8366e7
SHA512 a2ebf6db540a5b4a1f76422ac808edd8a74741d4d7be36b43313a6b3753b5f83a5f4785b106f518d0d923e109ae63d579d191a2b98d20a8a92e319729055e628

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5f67403680091f4263200016fa565dba
SHA1 522f7ec0a18a203f25b4fd789404d2f6c87ed4bc
SHA256 50931c78ec16e2cc6f5c604e4334adaac6527c03f0f6d607e01dac224c2c5ef4
SHA512 6e912f2cf84b8867adfe34f4452b9961c2decba41c8ba613c5c684438417bf8214e0f152b82b22d3824a9fe638314a379014b0f8374d2f5a84cbabb265b09246

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 862f1f948ea682ca2e0f4dabba24f485
SHA1 a527e3bed9bbc936799ea22d038059259e43954f
SHA256 1b7cf7ff79e3d89e3572111e449af46312e5a337c220681b6e1dc7fbc68109e2
SHA512 8e2d5fb8e9ae4b89d88493e25aad6746ca03fd038464c67b1868cd1538033696f39569d1e324258921675aaa08fe0bbe3cc46cc296b7d71228d1c5a38a72b20d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76e9526b6f0c2f715fa91b5fedbefd2d
SHA1 337444b6e5bb07ef49cfcfe6d1e286d37c9f61b8
SHA256 2817ea4f6d87cb26ea3db684dab531d9e05223f8785c0b41d9499099dd3d4c23
SHA512 2b984a7cbe1d17464e800622823a7db041c36fe1a6f612b637a1566c4dd9a7d1f6b605b3b477702f2521da4ca0072947bf02622fd95a440eb3a52c8d4fcd76b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d4c4a84eb9488c6a6dd4410644267486
SHA1 3c667714205312b696ea9437ed4cc1a4d59281d3
SHA256 f68fb190da5e88dcd73f9dae280efe19c70573f990300b36bf741f08699527f6
SHA512 274a163ce22e8cbbc5a33280557e7396340b9bcebfdc55099c2dcd50196cadf9f8811e9a1b209c0b982c73546e2ea6f0db722257a246d3af9f82197501f91c9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 49d4eab5f588c8046a5fbf0bc28e5bb7
SHA1 1324d267fe679e574ea7ea4ae14f91917372178e
SHA256 0c7eb36f4c37118f4d38287284cdff16e92a9980e96d8427e76fccfc9fe95152
SHA512 414b3e11dfdfa07b23488e6d31c999b1dabc126ae6fcd93ffb88240484fcb7f40b3ebd82cc02e4ff7019b137d12715025faf3c72ea1093870914891cbfa1f0bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 04f4a04111798c4b55bcce533c44f188
SHA1 1a4669cb17f4f77b48974c4fcf2188660b39f215
SHA256 50554e01c9c76687c7b04c3b8842803531e9a326f0044afb88d048951d1d4ccb
SHA512 92f6f02799aa6acd712f8a8190795259956ca1cec1f3dcd1980fd6fa8b5f4d8c3f8705a03c702d266217e1957a4d4df2b7e497a8347b10524c1e1bc63ab2bc73

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9414a97cda85ee238c1d154785acaf51
SHA1 1bebc174a3b224732c54104ffd6597387dfe1a59
SHA256 3f8595dfb0759f9e25a54d815b22b32bb789c1da6761e6146814c0e952ac2b70
SHA512 8f1c4b12e92cfc096f4dfd9782313ecb407ac0c0c61c609fea935e8942126a02910ce32bca0a874057ae15afe95b48c86dab884e9843b734cb00b5da28a4ecfe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ac4c1b3f9d4079f7d9a85da117302f39
SHA1 52bbaae1f400b1335fc4db4076d62bb3f2dbda9e
SHA256 a5abf560cda50d17d40bd9bcd85f440c548a8939874582ef642e34ba1982da3e
SHA512 5795c16e9871a67db653acea6ec8eb8d2f13be41982ca4d597d572b40eedd69478dd58e53401dc8f29e8683b032b3718d96b884c5c7b7c067f04bf97f9379b22

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 19095e2d4c52127351da1281d8f9ec73
SHA1 784e134a278961f1feb6bbdacc86619d8e5190d4
SHA256 53619dbcd0edbda8691f83aa338059a1f60e8aaf718b1f03fed06cde59597991
SHA512 34e67f5261f41e9f16b16648efe600ecfb7b7418842d7ed1940a41a8fc137679dd62cf2c8b8ea5a13361b04eafa5c064dcd644d3f09449a6d91007385fc97c31