Malware Analysis Report

2024-10-24 21:18

Sample ID 240725-pdgabs1dja
Target https://graven.my.canva.site/
Tags
discovery
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

Threat Level: Likely benign

The file https://graven.my.canva.site/ was found to be: Likely benign.

Malicious Activity Summary

discovery

System Location Discovery: System Language Discovery

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-25 12:12

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-25 12:12

Reported

2024-07-25 12:28

Platform

win7-20240704-en

Max time kernel

361s

Max time network

368s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" https://graven.my.canva.site/

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000e39a87b4e99764195df71bf067d2c3c63f7c10b1527cf1b8ad3199498b8bc0d3000000000e8000000002000020000000c67ee4e0ed072e566deb5668a33ea52f06ec87bbe8f2f626acb64fc97b2652d390000000225b1bad3ca1cc99bafc21e3ec01755e3a217086f5926f02322d3e01d185fe617ef04f37808eb59410848e4463eb0690ac294e33279d17f36b6873294d2fa23bc1875ed4e72751a35933156941d9eae072f6ee03f17bb801e3f11cf073162e12663ec1113ee22f8bf6d0db6f430c07283704b158f7c04de17061d5774b1cb51f57fa309f23456ea567838496a47e7384400000003bbb14cee68f6387ef52594a9b188ef111152aefc1bc20620d3252770194862dd8983ba360f71c9331bf1a2c0d1a0638f56bb274205c5a71a25cdf24de7aa44d C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0e140cd8cdeda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F27F6541-4A7F-11EF-BD32-F6C828CC4EA3} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b700000000002000000000010660000000100002000000059ca1fa34f4c7591031cada094845e43cc5373cf29065e0e68e4dd6e3832a524000000000e800000000200002000000046462cd25f33a414dc5132986c86aedbf1cfa3194fcab582fe658a7819d569c2200000003f55da4e90cb941886f95a7093b651e504decd2a5dea4841b98cda5272fc4d7f4000000002d271895d3c388be42c0c1f781dcd6facc5a5e25b7e66adcaa5947440a91347bea52f40f16fbfae99d01f2fa4390facb8b29fb86e9a1919e87adcbc070aa308 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "428071756" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://graven.my.canva.site/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2336 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 graven.my.canva.site udp
AU 103.169.142.250:443 graven.my.canva.site tcp
AU 103.169.142.250:443 graven.my.canva.site tcp
AU 103.169.142.250:443 graven.my.canva.site tcp
AU 103.169.142.250:443 graven.my.canva.site tcp
AU 103.169.142.250:443 graven.my.canva.site tcp
AU 103.169.142.250:443 graven.my.canva.site tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 173.222.211.58:80 crl.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z7V06J7Q\9340013c7d177c83df1edab0cf96ac10[1].woff2

MD5 27449286fd05812a3f253c751e54d3bd
SHA1 9c1d8ad51644e23bcde89bbe7403f779dc132a3f
SHA256 23d7912e30cca1831cdf2e9270ba71f9a540e37f3dd989585df54e7906537e97
SHA512 8f31aa202971f4267304ab3f50828c81b9810dfbb002864ddafe39827500b83623e6e6eedd2b69791cc17dd5a3bb1e16aed0bc9cb0272b752c17511c1635e25f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VOGNAB2O\8f7934b3d45567e9cf1f541e008969a9[1].woff2

MD5 3807552d3159af9d0cced5dbfd5dfa15
SHA1 da28bd845851f7f4d30764e5b511239c8eac5451
SHA256 3bda2b2d1219e31125f948d0e43e3d45980db9184b1224e08c9ac0fcc871dfbc
SHA512 dc8b17543e692661f132726d3c50a64dc428cb032f0632c504048883c9146ef6486f2650601e69ff0564f3b2ab36a9408cc87b0847b4db011447dde29ae323ba

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XWMUP5AI\e005df7c7c34fefde116ba9b5a0e51e1[1].woff2

MD5 07b6d4465fb65a1099c92b098e81b4b0
SHA1 43a55f18b46a3496db09089a70a4bd008d90c650
SHA256 0155463e0fb522eea924d82d910e9e0aacd52bc0626daa8ed56b43ab7cfba87f
SHA512 826603101ba79a9fe33198ef57d951b829fd8adbb8d44520c712b4b01efad66ebf2026666609fd02556198276d88de8cd17bcba0379fea3c98099554de2fdc2a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VOGNAB2O\83b37f2dcbb18c810da7cfa915708210[1].woff2

MD5 a6d71302d385f7136d0a273e2a238aa7
SHA1 da008a4702d5ca562520197c1f8532e7f23a4cf8
SHA256 37a4c2a2e673c942a26562923f2e8463660defaa568b06973d73ee2512189205
SHA512 874bc23755d6c43d08c7baef7eb964112fa93944793c99dc49b6d89ad838678dc62b18446f69bbf264173ed11f76fb02ae9d8e1c63a122cf546823372f79f9c0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XWMUP5AI\26387fa4f5b1e3f7b6217b27d79bf264[1].png

MD5 bd1067168105225d34d0569ad3650ac7
SHA1 0100f6ef1570d2dbb0edc42597289d3f79e9be65
SHA256 05a74cdbeb505ef24a44d7fcb2dc421a7cb67c2eb1af71d06fe015493cb996e2
SHA512 9772aa6b8ba1ca8ead077c32c29e8d2bda6b415ecf87e37fc3e8d073e515c659af7e5acaaa3e20c8a7787fd0c90bb1a6d1e5494e2398f4a87e235384c795d7b0

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ljg9kkp\imagestore.dat

MD5 e7085e982f59cc8d744af0ebb9eca2d6
SHA1 1e6ff8f39858fc849f0aef1f400ce6ad913176e0
SHA256 89cdb894260f008ce5eaddff824899f9e7320e0a3a77e18c8c869f0af79022b9
SHA512 0a74cddd7cd0da6df80430ebf432970837c1158748214569cd6844f5202879875a452cd0fae435801ac8a70fb73cce0675f53f5b57f551c545f68d80a387d20f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 306e671f7bb1849b35eb51a9b74cf610
SHA1 8035b3b0d05f5ef09be93f206ed2d547649caf98
SHA256 eccbe998656f77eb7afa320afe59dcc1e04d53ec20d5eb1ba4e1b762a66fb94e
SHA512 d767fe34abcede9d81ff5bc579f1fa8baf8eec31d4edb1fc288016e117c24a8c9adf6d95ab2adb9ddc309ff7903fe8d33960d10f3a18badcf8dfa09a30efe1fa

C:\Users\Admin\AppData\Local\Temp\TarE3BE.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Temp\CabE3AC.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 17a69c3287a5f83e045e96c98b7914f6
SHA1 930b538a425b3325a7b8b3dda815c21145a07925
SHA256 53df2d85ab992087d210e1189993f6db13ca48f4bd7a519e6baefb658e4a0d1a
SHA512 c149134cc18f9df9db485e55438e4f41bd3b8ee12e0e96ce9525928d07fd6e6ae41a74b94c5f35b7e53f4cd718b05977ae6e2039db833650b61d35e06d3e827e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b2b06817240ef1a9fa34989731c70278
SHA1 cda00e4dce6bd7808333dbe5f54e5b7a0e9e326a
SHA256 80a877b12942b8d39682b3d5485ab7c7f5e4cdb5592f0bc7c0f984dcc15c6b94
SHA512 5136dd59060327bf6941f3db57b584f672fd4bb6bf9b70097d2ee9415750c8b5f6dcd8ba93733aa2cff7c836080cfe432d4d1e5f54908b29ffff557367e6b16e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1dd0c509343f7aeeee6c3ac475786edc
SHA1 2011d7cc0997eb104245dfba528b43acc9124be0
SHA256 2751035e3c1f6e359f9cf973f2ec26cb762c96ab0de564b56458f226440a1d9c
SHA512 9071d00901dbd4b360b053436773c9e0c108858a0a9b29e57ef0983f97e82475a406b38bc4fc9f146b329f8a0842d4dafdf6c86da901dfa72530ebedb2093c20

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0be170b3e458bce969eda190ce8098e2
SHA1 e28f0279f55a61a72c56c9703ec0ea27e01740d9
SHA256 66838471a49381b1d1ae629de037f5990bc41160e47ffa7215ce9f221d2c1126
SHA512 9cc1ec013ebc80fa6e0122a37f55e3d9acdb7cc21d7d1d42e713c819ee7b2d337dc2107d13b6f54e36c36cad1b5497ef040e68e09f65debb1b090d5f288835f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a1f38c0c67c5864d414f1b8aa976d2b
SHA1 ba5d3ea39045e410515824166df786a9df2d350b
SHA256 a19c4165087471859d71311769b0b17c93b41368539faf58eaccf32970f9b183
SHA512 83b478c2574834ab53ba11bd6ab187ac45d8ed364b8c0f1ce7103edb87cc9eb65b5d16780c9773c57deda809383b5f5ff2c03e94d33e6943d5dd6b5ebb1d2755

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dd432114b816bf363a3b8556c412b74d
SHA1 0ffa6c952e469548e8ecbd5195133f6b9bef7c29
SHA256 2b5aa303e0b8bc108fea75c0c577ebfd7bf2ebbc4c8e38bcdb4b550bccbc550c
SHA512 cd878c44396004b400792b9e4c45881de6645e6e6fd531d857bb2b2c9af58f14b8723b5245dfa524e3dd39fc55a14222d34b872cb22a85e7c93890054b55b346

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f55a06bb55bd3c5c53a299608d5eba8
SHA1 bbc9b5a3cfd75c1edfa97dfee4807eb2651bc7c2
SHA256 203b1f3f3304d99b1f303bdd594c7952192bccfafbbe2d3200a701a298b191cd
SHA512 028ae8908b5183c55be2bad92ba3e53143c61f568ff43d85e7c018c6e78dc5c686c654b97e101bfcf36691833f183738b94072cb1ea3da49ee6040947e4779c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e1b8a60a294b16f96557cb924f040cff
SHA1 4c1129df51d40737a526c76ded3c79936f36dcad
SHA256 723ab740f22b765ee1f0b9cec202fb3318d9b29ddf8e8c653c6355348ce4e9e3
SHA512 d2ba4de3c2f3bb58d0a1722144c185ff0a265a9abdfaf6e89c82ba70f0d547be8fd218afb35773e23d20fc3ca6cc07a0fbacab2c5240133bda6e9db590806939

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6e37f800c4e4fdf0aef85e98ddd51fed
SHA1 d4f249ef9d66809c2f3ab32ee700c4817a27a720
SHA256 eda2404f46e879702905b4a01d27326ed963479b3c7fcb3cd2fecf2a4e381a7b
SHA512 18895eb44f257599945406169878b8890630a1cd9321a17fc020a3af02985191c13b6e36269aafd70ee13f32a8c7489af1dea725194fd74705866c834063f80f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b8fda377929b078736ec040dd64401ac
SHA1 3225471b017a27a6e59e6a092c1c3d86ce8e2371
SHA256 5d9781933c6827e08703f2a815927bf6e3c780d31aea235106370685dd117a3c
SHA512 b77132a9dce78de61e9539a4b965923b79b1eb1c0158a6b0f87f6f1b6d9f4f8419c7a8415031f4b0be7f83d7aff83c90a3eea063e66fe8a65bca7104296b026a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 61880e554a9ca0db55a8bae9dc2b9ca6
SHA1 712306602fdf86f7d84356da87fcdf7a472429aa
SHA256 c744d6d4faedc07283b56bf68a40eaf63c85c0e62063ad1ab02648109bfbd7a4
SHA512 e8830c66f2e03dc74e731fbbc93dc76f2c31eb7f1d4d78aff07e8136edf9ba7c82e4315be3c1eb2b89421835d52eeebc0adbaace06029c058187c2eb7e71411f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 671c6b85602f37b7cff3ae077c135c4e
SHA1 b94bd5e5d47c8676bc02d9a05777751f1d849cda
SHA256 6b1007cc7ffc06e858a87ec80b9f92d90a5c3b56321bf261be8ab190d085073b
SHA512 73674fe518c1142e9621a17714944cce61ba311e56f5e874f4ca833cd6c1649f1d35b2fea364f8b89bf0b9459b2fff092bff3693478c9662c877b50bf2bbbda6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 62f002d30573c7f0578fed696b90bc98
SHA1 6e07f0e64510121bbb0aaef6beb590da3cc0cb81
SHA256 39a520fbc86fdd35e2ff49c7b13d5694dbeb3be5e484103c66e8963055d3b97f
SHA512 52819c6008408fdea94b76358f814eac1eed84a9fd601145977294f481ea9dce3688a2f76ce8c8fa8da7e3b92b96c918fcd4637b1194a7c0a516772d8f04dbbf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 081f7dfb011d1dc32a2a82c111b42cd6
SHA1 55169ec942b89f7a90ac420c77dda4f3f60ce66e
SHA256 41a1ae8e1836348b8f85b47e2eba7d86f3a333698b10da2c9ffb30798ec12fd5
SHA512 33288795c0ae6155f577de41b0702cfcc1f284d9beb3391558072bd8970e8228a490564c73348882908cbc180ba9b1b0255b29aa04ff3897970882a1de53c9b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a8e4c1149872b71d135def6add52d6c
SHA1 877997eef42866253b8e49b2a7868ff24c409546
SHA256 0d07add13858310b15b4c8b24551e9019b472556b04d0bf8d52b9a55ba754e3c
SHA512 828b9230446ff6a51624f6ed84e0385372e15b652811c3bce6e143ce39cb30cc8888656833ae970df2a320b3cd96f389b650bc2f1e6901342bb556bc4da91202

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1881b9e6c523140de86eafccda4a04d
SHA1 599779fa7324e344bf2ac8343a666e677c6f940b
SHA256 d50a1758377c4e4e75d5d73552c555fad48aa77edaabeab599ca93e3bd1d296f
SHA512 a5b6e58839c9ae19d855f93862e39260afcd7ee31a8308e867c8a2b15a7339bd42e6d9a54467169d4b5fb853d1878ca92f3bdcf9ffac18a86b772560fa12c714

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c782dba666481f252f22e54264a53e3
SHA1 03d522fcc9cfca6a91e48bdc6b0aed29f07ac5d7
SHA256 1a97b2f65ad52cf881dde5cdb47587ad29247796a70c8d1d67e2fb82b262a066
SHA512 52229090cd0a40edfd745e4e2074dc326802eaa6c0b114a4b1b60a8994ed657cb2ef2976cfd8ea0134aa0065fe24fb2cd986aaf7fdaaf529080c7602f4d77dee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 109441a8363e354839bd6483a8b2f310
SHA1 00a76af8d208a2ca354129613a42cc82cfccb912
SHA256 d86c14db490a31d35dffed6fd16f0e82a2fa9660c06bed6f5d98dca94cc1b76b
SHA512 8df5919791a6fd538656b95e12c22957403e387802d8a2f49b28c49b5adb412304daf55b9951ac616877eb97b0c5e7e67eb9b08c28ea5e1d65acfb1a7318226e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74977871ea2a08a91eca82a6883a1603
SHA1 5557cc3c3f319a7836e54c31dfe33b843f8d7b90
SHA256 924f28abe225e895e332b0b4a7a39afaa221a3df5641e1cb6ef2a188cbdf469e
SHA512 9af1da2a8447d73fc2cc66b33879dd90d8a5ba86552c3029152c19ebea3f07b0bc9c50f67c14d25bbe0c4165831ae238e5eff10502adff8bcce2149a627c4034