Malware Analysis Report

2025-08-10 22:13

Sample ID 240614-blk2lashqj
Target a77b4d2dbceec33ffe42930017e61811_JaffaCakes118
SHA256 01993a82b4ff333fc33d11b5d4c3dffc47d0a33f2d8c9176b4a25b3d924851d7
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

01993a82b4ff333fc33d11b5d4c3dffc47d0a33f2d8c9176b4a25b3d924851d7

Threat Level: No (potentially) malicious behavior was detected

The file a77b4d2dbceec33ffe42930017e61811_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-14 01:13

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 01:13

Reported

2024-06-14 01:16

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a77b4d2dbceec33ffe42930017e61811_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a77b4d2dbceec33ffe42930017e61811_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3516,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4016,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=3884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5288,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=4644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5372,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5428 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5332,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5420 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5780,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=6120,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5096 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 js.users.51.la udp
US 8.8.8.8:53 js.users.51.la udp
US 8.8.8.8:53 pet.zoosnet.net udp
US 8.8.8.8:53 pet.zoosnet.net udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 js.users.51.la udp
US 8.8.8.8:53 js.users.51.la udp
US 8.8.8.8:53 pet.zoosnet.net udp
US 8.8.8.8:53 pet.zoosnet.net udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 js.users.51.la udp
US 8.8.8.8:53 pet.zoosnet.net udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 js.users.51.la udp
US 8.8.8.8:53 js.users.51.la udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 js.users.51.la udp
US 8.8.8.8:53 js.users.51.la udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 js.users.51.la udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 edge-http.microsoft.com udp
US 8.8.8.8:53 edge-http.microsoft.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 edge-http.microsoft.com udp
US 8.8.8.8:53 edge-http.microsoft.com udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 edge-http.microsoft.com udp
US 8.8.8.8:53 239.249.30.184.in-addr.arpa udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 01:13

Reported

2024-06-14 01:16

Platform

win7-20231129-en

Max time kernel

118s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a77b4d2dbceec33ffe42930017e61811_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5FD20EF1-29EB-11EF-B9A1-EE87AAC3DDB6} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ae39184af82cda4e8be9bd3d5439afa000000000020000000000106600000001000020000000d3cd197c17d39596a58b036ec80be99491c891e45dd5d071dc5e13a36dda2b79000000000e8000000002000020000000699bb1d636227ebea5a5424d9a252f8168b4f3f93ea2db72d69239b0045213b2200000007c72106a18c809642d4b6771fa477684d05936aca5a708415d0d3a0b669c80774000000013f719451e232fd66207fa3b4b26fb4661275290023a721e447d8a4b38cc8ac64ea8def46bfeb19af9ab3e22c635bc5ea4d8a241670e8fc70525632aedfae448 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424489505" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ae39184af82cda4e8be9bd3d5439afa000000000020000000000106600000001000020000000b01025c952a9f66c355490bd82a944b304a3b5de0a54d003afab427e1e5ed662000000000e8000000002000020000000043f0c87cf70c47579cc20ada9fa4292cb1cfa6f2a4a9a350d2de9c81788310a9000000065937b690062847abbbbefc71b8cb6055b13dc4f5619f5e5a54bd0f9e6d289ac7e8eabed5e9402248ce14e35c709a3c21d7f553915c83080e5a86a12cf7181fb64bb7cb7f4156a4defb2e15a9bb28140820871047d74dc3b186512c6478285f41de068952c8c76f5a717ad1f3539ad92fb22e3d3d3b7bf0ccde45946d8a5f3afc3d65171c5d80b70846ff2caab55aa2f4000000030e0e64d582cf70a91d83b900fc06a86a67ad5f2054b7106b6996c3504b68e5266bf2879fc0e5c81e835e48bba6c167e3430d7e4bcda654fe461a32613e3dfdf C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90c55b4df8bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a77b4d2dbceec33ffe42930017e61811_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:624 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 pet.zoosnet.net udp
US 8.8.8.8:53 js.users.51.la udp
CN 114.215.252.118:80 pet.zoosnet.net tcp
CN 114.215.252.118:80 pet.zoosnet.net tcp
US 163.181.154.232:443 js.users.51.la tcp
US 163.181.154.232:443 js.users.51.la tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 163.181.154.232:443 js.users.51.la tcp
CN 114.215.252.118:80 pet.zoosnet.net tcp
NL 23.62.61.97:80 www.bing.com tcp
NL 23.62.61.97:80 www.bing.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab1390.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 20c10464377a14e459d46c2b75023a79
SHA1 43b158c0e398286633277566bc5f902bfaaa6115
SHA256 7f7c3968ca7eb7647e9e49abdf99f3d90a8448011127e6f6abe859f97cdf2a50
SHA512 d86e94e69209d9fd76578e24693f7b3ff998be7808549cfe0ce07a139149159213f52dd7fa6445c831018e46559f83f06316c055799c5d43d123751fd8e65247

C:\Users\Admin\AppData\Local\Temp\Tar14FC.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 320ef096654bb7565618d5c22701b511
SHA1 a4427615982830d99835c1b657c087fe9edadc88
SHA256 3f0d87fca8d012b850b12373a88f71dcd9ecfffe6be54f1d655ff9f4f31214e8
SHA512 511e4b939da6fe3c06f0271f8b1339726194a639eadd229f7af6d08a6bb590d020498e3dff98f85940e42b959311edd3d038228ba34fe16e105f08792be9ef7c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7bd06dd7b1ddf8972197208f1a54e07d
SHA1 ef8a73605ac88c7251f691ecfc12ced247231940
SHA256 b69e386c62269e1969f2da9ee0274781df06c0998aaf82945a13b66610e08b58
SHA512 62506ea491dc40cf52f1ecca5638b4741c930125c4a1fb0052c3fc389f53beed7a83c16fdbed94cab7c826362e2f019b7d8b4fc2a243140f3379bef58fad9cec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3da9c60b73df5b1fef1efbe092badbf7
SHA1 10960dc62eca4e1920c3bfae5fb5fd4166b28faa
SHA256 6de719c5194b316896990117465ac3d34f2edcda7c9d2dbe6d557a775fc6412e
SHA512 9fae7ce44eb4151576c76fde4b0b8283772dd4b019137b70d511570eeb48e8b3e973e141aa6118472287dd396840cff6d4c8a054caa5372f4519d62fedc2b84e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5178742b1494a2951f371a393dfd1186
SHA1 c785b102dce1b1b00e333b9270a0198ef5c61a66
SHA256 08cee9f5712f3817f5d4982d34dd334aa5df96f58c3941896135dd4d067d2734
SHA512 2d57cb3e865d43559508cef6d0309d7283da7de1168978a1a0f36035dce444ab226ae3ef475a4a3147e022af6977f2604214c8c574460dbe09864f425557639b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4355b3209018d2f9f3c17aedffc4e38e
SHA1 24e7df64abe8bba906238635120305b6eff9176e
SHA256 eb815a72c903a0692733d85a7394d65ad4a04252192b506e51cedb46955a636a
SHA512 165278189cc4a6a3e76d95ac6ad8f8931e39dde87d4fbc6d26127b1c261f42e50ebcecd0f2d2307a517403e61039ab57ecb0e3855306bd110d994a0e4216b672

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5fc41e83ec9b764fdd0577927ff89902
SHA1 8f32d4b6dd8d7864189ce9345fb7c3fedb94d0a4
SHA256 401df56335911c3531d496b408cf92c27bf55d1451abc62daffb3a2a2d9f2617
SHA512 2c452f25301dbec2af261b5b2948445cadc278b4d391ae936c822501f20cf73c6ec2d4dd072bf04da9f01953ece912ceb2b4f320dfa2c7303efa021f8a11fc68

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b916a44398ad77828460dbf080f3c68d
SHA1 2e18f4b11cc81728bdd922ee4acff0d6da29ad66
SHA256 79e316b626ea0b08996dd1b3efec793feb24761f067c956d51bddf9adef2dc82
SHA512 503198d2eb17f4e694f48f08ca785a27743e28cf7b3b4313069e5619326cbc0ff1fe4b84c042b44b01b3fccf568f19381ae0a8bb2f984a60d892d8d41fff2791

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 02fda60f22b1a4c987c6f80a120583dd
SHA1 17aa67533559052aac07d8aed95279012828d47b
SHA256 0c2455bab2749693b3b3b5bffd99b8a5ff7ce4bb9b000e2371afa67a4c6d17ac
SHA512 b6fff17fe2ba303d4716fb0657a303087a7948c910d40fa3c0c7d2bc090c4df46a82571c0f42006d27dd72525285fd0053a07645d6a6c9ba0b93d82145109f12

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b154ef6440a1149f97b6aa65988b3e45
SHA1 3bd68da32732baa48a4601f17658e04262fe9150
SHA256 6744827a21a025f46b689b5467d5bee375afff5f5808cfba43da67d8f3c4bd41
SHA512 fe90623c71001445b54280bb3aefb4dd37cc39b651f469e69531511403655612b006b3c08187fd6a6e9e9e6612e698b5097d212a4b163fbb7114b6b54dd8d3ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 12afd6b2786b039c9837107d302f188c
SHA1 4c48171a3410c3062e272642788775eafcb691d5
SHA256 f518078cc8c7928c39a606f9362658cfe49273a76bbe28e89b363f94760ed37c
SHA512 1d0a99dbb7ab550dce987ed114c6ee796725fb92c8b4570eaed69880cc327ae1a6053e5b151e4b930b37d287b5cc39aaf3d105ca275b9959b001ef2ce82ab729

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ebfa341b664ee70d72dafd9a65c4b39
SHA1 d166cbfa9dd30b2e8f61c1a471ae12df42084d4c
SHA256 699e50494be78d0395cec6d86d331725ccbdc0786061b2f6449d7f5e2b691cd6
SHA512 9d0f7849126a61888a2d23d5ae3af21acef2df8dafdbee9a328847309c5054da5136c843996d59314428aa67e57baf73e61b3d23081572fc73910cb632c90aa1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a2a284b7003f0de228c8428842355079
SHA1 9d4c5f1ba1987d8f810ed08d59f60eec60d69c92
SHA256 80a46d6903967df4ecd736207d0181a21c88b2118813aded5027a151abff48ae
SHA512 6e9d8f5c0f5ce68e88681f2ff169d59beec2f70a0ec33f77332cd1ea5312213f63bdbd45768f2fefe423bd6b40f840adcabfb17f34728c2ea1c4c04bdc095211

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e531045e9e6cdf0a2d68d342feaba00b
SHA1 c4455a55224e9be378b45e6a5772b7980f73151a
SHA256 61e61e593c94c1d87d4b89a82a64b322e9d6170f9880aacc5bf62ff6a5fa6a1e
SHA512 f599de1a8a57da046fb4b2377c523ee22826f617e45ce7f38af63a9407c51880571cc68dcd30cc0259c7152898329df40cf143d5bffed6ccf6db718e82211b9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 66e509341f97fa854d9ff557fae537dd
SHA1 e1b816c668674f71f9989a56cbf4872944913892
SHA256 ffe6b2ad71fc6991fdb192858890ff62817f05cef774a80b56c1d729caa522b9
SHA512 2a088c8d813f6582a23ddede11757260a722ac0d261e6cc50cb4ddf57e5f9a10bf9489a192f44f03007205566d488e3ef3d568dcd8f839997884eb994a0ac074

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 9f416a5758b6796c93cc0fe3df7e461c
SHA1 2defa2be626fca1a36d60a7df51bfb95f6796997
SHA256 ec60360fad826c499b51c0475e70ae172cc285ebb9910ece861dbec539902c29
SHA512 40ec835194e8265f4030f41bd7bf2db08b26448c0a3fd091219a8ec299cba1644746b68dec6fdf074a4b0bd68c8b676914158d923f086d2e84cae275ebcada16

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 47e079f6557b27f15d2f80da07d8cdb1
SHA1 3c627448cd3adeca1fe99e50b4a09c43d73a346d
SHA256 9ae1180d420f312958218e49779c70035a0a4779abb610817f2885cb87bd9e88
SHA512 0d1db0365eea66014c04102f81b5e8ca420ad9855a01da5ea3d37f2df3dcf4dbcfb34396c73e32bc03be64b1f260b2addbff34a41769fef5702601ab5d557b27

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9fb68ee7e3d622a6727be886e80a0fd9
SHA1 2f2c12171e3182f15680254082faaf4046d2addb
SHA256 928764bf713bda2576a38220359367176c9d22bcfb299169503e5ffe48b2b014
SHA512 5ee95085e008a59a66243c5ce38a1c1a3c903076525929296eb9056aa7453b4ebec7167887a0d1febcec06f5fe50d1c5e46d761524f29e68de8aac0699debed0

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 58b8d401db858f3b147f94f8449008a5
SHA1 e39d52650038f7095c6fec6af95991160b974ef4
SHA256 e362e88db1027452448c44fa97c8207aec2243d5e553694c108a21f7998211d3
SHA512 9d3dae187e12d50e4fec922eeff72723130ed885cb6524154974f4a7ccab5f4b9e39362bff8b97993815734e88aec47e76dd388e155ae3531e3159570ff07765

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5fc2327076fff99ab97b06b9ff910995
SHA1 1948ca963d6b13eaa4c3c59f424d8f7b36326774
SHA256 dbc097eff8e17f6eb3a8292f47ffe75661215ef3a7b96f088ef6ed462615813f
SHA512 3385820b54409f1d5dbc90377e261a3cc0326d750f853fe8d1b010aaec29b8c826bd1803ab84bf9dbf1f81e8555f9bace4d34e53832ae7807bfc72065c7ece58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 af892a4da2b8fc57eae3e63586c24242
SHA1 dc55e35aaf3832411e4bd0beb41a229c723b2064
SHA256 270f27556f14580215e9ac9b12a931207446a1f2bc2da9d448100452923517da
SHA512 4f09b93c6578a5ff5c9f13576c53f16de4f4ecab4d3958b37cc7027a959a3c3102707c549d4e15b6996a9f5ce99d97080fd1dc708c842d1e211ff92b6cea5ca2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b95ae9e5f9c5bb1d86aaedb37b867f95
SHA1 dd01984dc5ec99fef8951a580b9ca7584edaa5d6
SHA256 995f6adb9bc2f8f98714d81232425de396cdf2d6665a3d624893587fe10380e8
SHA512 21d60272ba22af7cb2d052530490bcf5ca01e5eebf48b45c6efec963c77457835b771d14dbbf40087aa128b3677ec66512a9a2da1ae1f5d07a01dac790bd3819

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c1aac49df0df790f3ff743d6aaaf020
SHA1 9d7f76b0cacc66c7f2016e66486c441cfccce418
SHA256 8806a66646c43beb0c0e8e4e919113ec49fcc07298006035d085967a37898192
SHA512 bb2f9b7ea325eb4a27f64de2510ca4a87db0cbe5052573de4df88d61e9811214775ee50e9bcdba3bd3263604a7bd4878893dc63796aed9f25bcd9130dc935bd8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa40bea1e8b776a818a60afa251b551e
SHA1 ffdf80c437532be4248e98a4e24d41335ff303a1
SHA256 98cec491ee1055f3410b31eec2e4b6fb60d66a69bade64ecf1b944bfc7f3b5d0
SHA512 5c1f9f2a641c3b667cc365e35e08a430cc8ca28dd9e04002ae4c102dc10a29e914179aab66a3aef9e49aa399177119f139636ae4be56551683606d660315e0a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b7da017b34ce4b84af5c42927fde82b9
SHA1 4edd0fb067a65814fc3435290a237501dcbd3c34
SHA256 d4c939f9313250347b77b4f69c2f993a341d5e0f9ff80c7f13a46701d59f3982
SHA512 2c6676fd1560dba7db1fc70bc79276ada8b388fffbecf70c2a834cfc22a76c8807253d941fa770e6673bfdb2abd2a4a05da8ecada87e8be46a31bb66d046eb26

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3aead20c81c07905427c1299f84171ab
SHA1 40601624d0b5131553a3fcf7dee631f73447048c
SHA256 e61206c0472b7c98763a5f42c5318b01b4ab8191eefb01ba4ca3e3e9b67c977e
SHA512 087b38e981a01111bd414331a7cd00ce815a7e8f9b6c320d6e4e1ba4a1c80b48fe75c6f6ef1f109ad028cdaa1c5ccc15a3203517642c3525c106ed8df59e11b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b05abe9b4629ca9373f8b1d75fc1f586
SHA1 a06d20852d099fc7f8555d555fcea2d3783e8cfe
SHA256 808bbf630d9992e34607a833e7b3f84ecc733c0500a8f8ed4cb8b8e1df22781d
SHA512 307fdbef3bf098314293449c478af7a9398921ef260375d5389d01560cde6b0baa25ace80d165a4c8428d57ffb9e40bdee3d2d1a8991baedb097243d022d69e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e1c21da80989af772290bebfe8b2b944
SHA1 a3ed80d2acb65932f01ecb6d38733e57be51599a
SHA256 2dc29d8b98d293cc6d7182d3fad4820bbd01c3414fb15aa0173e030bc8b67632
SHA512 eb6c8402242310dd1aaaf9dc7e7b12f79a6dba3ad394ad696a05d0e1794be6ea0a2512ebc14f89bd4c5f4c9dc928c781ab0d61c8eccd87c7782d97fc6d42a846